From 4c00fb145059590c0226d4325745134a4a964dbc Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 19 Jul 2024 15:54:42 +1000 Subject: [PATCH] add app vaultwarden --- .../{development.yaml => deployment.yaml} | 0 apps/homer/base/kustomization.yaml | 2 +- apps/vaultwarden/base/deployment.yaml | 66 +++++++++++++++++++ apps/vaultwarden/base/kustomization.yaml | 5 ++ apps/vaultwarden/base/service.yaml | 17 +++++ apps/vaultwarden/env/k3s-cluster/config.json | 12 ++++ apps/vaultwarden/env/k3s-cluster/ingress.yaml | 21 ++++++ .../env/k3s-cluster/kustomization.yaml | 5 ++ .../k3s-cluster/templates/vaultwarden.yaml | 16 +++++ 9 files changed, 143 insertions(+), 1 deletion(-) rename apps/homer/base/{development.yaml => deployment.yaml} (100%) create mode 100644 apps/vaultwarden/base/deployment.yaml create mode 100644 apps/vaultwarden/base/kustomization.yaml create mode 100644 apps/vaultwarden/base/service.yaml create mode 100644 apps/vaultwarden/env/k3s-cluster/config.json create mode 100644 apps/vaultwarden/env/k3s-cluster/ingress.yaml create mode 100644 apps/vaultwarden/env/k3s-cluster/kustomization.yaml create mode 100644 resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml diff --git a/apps/homer/base/development.yaml b/apps/homer/base/deployment.yaml similarity index 100% rename from apps/homer/base/development.yaml rename to apps/homer/base/deployment.yaml diff --git a/apps/homer/base/kustomization.yaml b/apps/homer/base/kustomization.yaml index 01a493e..5635793 100644 --- a/apps/homer/base/kustomization.yaml +++ b/apps/homer/base/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./development.yaml + - deployment.yaml - ./service.yaml - ./ingress.yaml \ No newline at end of file diff --git a/apps/vaultwarden/base/deployment.yaml b/apps/vaultwarden/base/deployment.yaml new file mode 100644 index 0000000..d77678e --- /dev/null +++ b/apps/vaultwarden/base/deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden +spec: + selector: + matchLabels: + app.kubernetes.io/name: vaultwarden + template: + metadata: + labels: + app.kubernetes.io/name: vaultwarden + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - securityContext: + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + name: vaultwarden + image: vaultwarden/server:1.31.0 + env: + - name: DOMAIN + value: https://vaultwarden.cluster.edward.sydney + - name: SIGNUPS_ALLOWED + value: "true" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_password + - name: DB_HOST + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_host + - name: DB_NAME + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_name + - name: DATABASE_URL + value: postgresql://$DB_USERNAME:$DB_PASSWORD@$DB_HOST:5432/$DB_NAME + ports: + - protocol: TCP + containerPort: 80 + name: http + volumeMounts: + - name: vaultwarden-data + mountPath: /data + volumes: + - name: vaultwarden-data + hostPath: + path: /mnt/nfs/AppData/vaultwarden/data + type: Directory + diff --git a/apps/vaultwarden/base/kustomization.yaml b/apps/vaultwarden/base/kustomization.yaml new file mode 100644 index 0000000..87b09a3 --- /dev/null +++ b/apps/vaultwarden/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml \ No newline at end of file diff --git a/apps/vaultwarden/base/service.yaml b/apps/vaultwarden/base/service.yaml new file mode 100644 index 0000000..936074f --- /dev/null +++ b/apps/vaultwarden/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden +spec: + selector: + app.kubernetes.io/name: vaultwarden + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 11080 + targetPort: 80 + name: http diff --git a/apps/vaultwarden/env/k3s-cluster/config.json b/apps/vaultwarden/env/k3s-cluster/config.json new file mode 100644 index 0000000..c86ab8d --- /dev/null +++ b/apps/vaultwarden/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "vaultwarden", + "userGivenName": "vaultwarden", + "namespace": "vaultwarden", + "destNamespace": "vaultwarden", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/vaultwarden/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/vaultwarden/env/k3s-cluster/ingress.yaml b/apps/vaultwarden/env/k3s-cluster/ingress.yaml new file mode 100644 index 0000000..2602de2 --- /dev/null +++ b/apps/vaultwarden/env/k3s-cluster/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden-ingress + namespace: vaultwarden + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "vaultwarden.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: vaultwarden + port: + number: 11080 \ No newline at end of file diff --git a/apps/vaultwarden/env/k3s-cluster/kustomization.yaml b/apps/vaultwarden/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..3ea3085 --- /dev/null +++ b/apps/vaultwarden/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base + - ./ingress.yaml \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml b/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml new file mode 100644 index 0000000..87ca602 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: vaultwarden-secrets + namespace: vaultwarden +type: Opaque +stringData: + db_host: "postgresql-primary.postgresql.svc.cluster.local" + db_name: "vaultwarden" + db_username: "vaultwarden_user" + db_password: "ZBNNFohNbMajoV.Cojthxvf2" \ No newline at end of file