add app vaultwarden
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./development.yaml
|
||||
- deployment.yaml
|
||||
- ./service.yaml
|
||||
- ./ingress.yaml
|
||||
66
apps/vaultwarden/base/deployment.yaml
Normal file
66
apps/vaultwarden/base/deployment.yaml
Normal file
@@ -0,0 +1,66 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
labels:
|
||||
app.kubernetes.io/name: vaultwarden
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: vaultwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: vaultwarden
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
containers:
|
||||
- securityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
runAsGroup: 1000
|
||||
name: vaultwarden
|
||||
image: vaultwarden/server:1.31.0
|
||||
env:
|
||||
- name: DOMAIN
|
||||
value: https://vaultwarden.cluster.edward.sydney
|
||||
- name: SIGNUPS_ALLOWED
|
||||
value: "true"
|
||||
- name: DB_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: db_username
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: db_password
|
||||
- name: DB_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: db_host
|
||||
- name: DB_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: db_name
|
||||
- name: DATABASE_URL
|
||||
value: postgresql://$DB_USERNAME:$DB_PASSWORD@$DB_HOST:5432/$DB_NAME
|
||||
ports:
|
||||
- protocol: TCP
|
||||
containerPort: 80
|
||||
name: http
|
||||
volumeMounts:
|
||||
- name: vaultwarden-data
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: vaultwarden-data
|
||||
hostPath:
|
||||
path: /mnt/nfs/AppData/vaultwarden/data
|
||||
type: Directory
|
||||
|
||||
5
apps/vaultwarden/base/kustomization.yaml
Normal file
5
apps/vaultwarden/base/kustomization.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./deployment.yaml
|
||||
- ./service.yaml
|
||||
17
apps/vaultwarden/base/service.yaml
Normal file
17
apps/vaultwarden/base/service.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
labels:
|
||||
app.kubernetes.io/name: vaultwarden
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: vaultwarden
|
||||
type: ClusterIP
|
||||
internalTrafficPolicy: Cluster
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 11080
|
||||
targetPort: 80
|
||||
name: http
|
||||
12
apps/vaultwarden/env/k3s-cluster/config.json
vendored
Normal file
12
apps/vaultwarden/env/k3s-cluster/config.json
vendored
Normal file
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"appName": "vaultwarden",
|
||||
"userGivenName": "vaultwarden",
|
||||
"namespace": "vaultwarden",
|
||||
"destNamespace": "vaultwarden",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "apps/vaultwarden/env/k3s-cluster",
|
||||
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
|
||||
"srcTargetRevision": "",
|
||||
"labels": null,
|
||||
"annotations": null
|
||||
}
|
||||
21
apps/vaultwarden/env/k3s-cluster/ingress.yaml
vendored
Normal file
21
apps/vaultwarden/env/k3s-cluster/ingress.yaml
vendored
Normal file
@@ -0,0 +1,21 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: vaultwarden-ingress
|
||||
namespace: vaultwarden
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: "vaultwarden.cluster.edward.sydney"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: vaultwarden
|
||||
port:
|
||||
number: 11080
|
||||
5
apps/vaultwarden/env/k3s-cluster/kustomization.yaml
vendored
Normal file
5
apps/vaultwarden/env/k3s-cluster/kustomization.yaml
vendored
Normal file
@@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../base
|
||||
- ./ingress.yaml
|
||||
16
resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml
vendored
Normal file
16
resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Prune=false
|
||||
sealedsecrets.bitnami.com/cluster-wide: "true"
|
||||
sealedsecrets.bitnami.com/managed: "true"
|
||||
creationTimestamp: null
|
||||
name: vaultwarden-secrets
|
||||
namespace: vaultwarden
|
||||
type: Opaque
|
||||
stringData:
|
||||
db_host: "postgresql-primary.postgresql.svc.cluster.local"
|
||||
db_name: "vaultwarden"
|
||||
db_username: "vaultwarden_user"
|
||||
db_password: "ZBNNFohNbMajoV.Cojthxvf2"
|
||||
Reference in New Issue
Block a user