From 6ab1c9c751f38956576653eeb5c37f9744afd7b8 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Thu, 11 Jul 2024 19:28:22 +1000 Subject: [PATCH] add app vaultwarden --- kubernetes/apps/kustomization.yaml | 1 + .../apps/vaultwarden/app/deployment.yaml | 49 +++++++++++++++++++ kubernetes/apps/vaultwarden/app/ingress.yaml | 21 ++++++++ kubernetes/apps/vaultwarden/app/service.yaml | 17 +++++++ kubernetes/apps/vaultwarden/vaultwarden.yaml | 46 +++++++++++++++++ .../namespaces/namespaces/vaultwarden.yaml | 4 ++ 6 files changed, 138 insertions(+) create mode 100644 kubernetes/apps/vaultwarden/app/deployment.yaml create mode 100644 kubernetes/apps/vaultwarden/app/ingress.yaml create mode 100644 kubernetes/apps/vaultwarden/app/service.yaml create mode 100644 kubernetes/apps/vaultwarden/vaultwarden.yaml create mode 100644 kubernetes/infrastructure/namespaces/namespaces/vaultwarden.yaml diff --git a/kubernetes/apps/kustomization.yaml b/kubernetes/apps/kustomization.yaml index 9de1004..b4ca342 100644 --- a/kubernetes/apps/kustomization.yaml +++ b/kubernetes/apps/kustomization.yaml @@ -15,4 +15,5 @@ resources: - ./snippet-box/snippet-box.yaml - ./sonarqube/sonarqube.yaml - ./uptime-kuma/uptime-kuma.yaml + - ./vaultwarden/vaultwarden.yaml - ./weave-gitops/weave-gitops.yaml \ No newline at end of file diff --git a/kubernetes/apps/vaultwarden/app/deployment.yaml b/kubernetes/apps/vaultwarden/app/deployment.yaml new file mode 100644 index 0000000..2f15193 --- /dev/null +++ b/kubernetes/apps/vaultwarden/app/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden +spec: + selector: + matchLabels: + app.kubernetes.io/name: vaultwarden + template: + metadata: + labels: + app.kubernetes.io/name: vaultwarden + rpi5.cluster.policy/egress-world: "true" + rpi5.cluster.policy/ingress-world: "true" + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - securityContext: + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + restartPolicy: Always + name: vaultwarden + image: vaultwarden/server:1.31.0 + env: + - name: DOMAIN + value: vaultwarden.cluster.edward.sydney + - name: SIGNUPS_ALLOWED + value: "true" + - name: DATABASE_URL + value: postgresql://${db_username}:${db_password}@${db_host}:5432/${db_name} + ports: + - protocol: TCP + containerPort: 80 + name: http + volumeMounts: + - name: vaultwarden-data + mountPath: /data + volumes: + - name: vaultwarden-data + hostPath: + path: /mnt/nfs/AppData/vaultwarden/data + type: Directory + diff --git a/kubernetes/apps/vaultwarden/app/ingress.yaml b/kubernetes/apps/vaultwarden/app/ingress.yaml new file mode 100644 index 0000000..46fcb71 --- /dev/null +++ b/kubernetes/apps/vaultwarden/app/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden-ingress + namespace: vaultwarden + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: vaultwarden + rules: + - host: "vaultwarden.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: vaultwarden + port: + number: 11080 \ No newline at end of file diff --git a/kubernetes/apps/vaultwarden/app/service.yaml b/kubernetes/apps/vaultwarden/app/service.yaml new file mode 100644 index 0000000..936074f --- /dev/null +++ b/kubernetes/apps/vaultwarden/app/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden +spec: + selector: + app.kubernetes.io/name: vaultwarden + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 11080 + targetPort: 80 + name: http diff --git a/kubernetes/apps/vaultwarden/vaultwarden.yaml b/kubernetes/apps/vaultwarden/vaultwarden.yaml new file mode 100644 index 0000000..00dce44 --- /dev/null +++ b/kubernetes/apps/vaultwarden/vaultwarden.yaml @@ -0,0 +1,46 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: vaultwarden-secrets + namespace: flux-system +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + targetNamespace: vaultwarden + path: ./vaultwarden + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops-secrets + dependsOn: + - name: repositories + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: vaultwarden + namespace: vaultwarden +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/apps/vaultwarden/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: vaultwarden-secrets + namespace: flux-system + postBuild: + substituteFrom: + - kind: Secret + name: vaultwarden-secrets diff --git a/kubernetes/infrastructure/namespaces/namespaces/vaultwarden.yaml b/kubernetes/infrastructure/namespaces/namespaces/vaultwarden.yaml new file mode 100644 index 0000000..6fc17a5 --- /dev/null +++ b/kubernetes/infrastructure/namespaces/namespaces/vaultwarden.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden