From 4c00fb145059590c0226d4325745134a4a964dbc Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 19 Jul 2024 15:54:42 +1000 Subject: [PATCH 1/2] add app vaultwarden --- .../{development.yaml => deployment.yaml} | 0 apps/homer/base/kustomization.yaml | 2 +- apps/vaultwarden/base/deployment.yaml | 66 +++++++++++++++++++ apps/vaultwarden/base/kustomization.yaml | 5 ++ apps/vaultwarden/base/service.yaml | 17 +++++ apps/vaultwarden/env/k3s-cluster/config.json | 12 ++++ apps/vaultwarden/env/k3s-cluster/ingress.yaml | 21 ++++++ .../env/k3s-cluster/kustomization.yaml | 5 ++ .../k3s-cluster/templates/vaultwarden.yaml | 16 +++++ 9 files changed, 143 insertions(+), 1 deletion(-) rename apps/homer/base/{development.yaml => deployment.yaml} (100%) create mode 100644 apps/vaultwarden/base/deployment.yaml create mode 100644 apps/vaultwarden/base/kustomization.yaml create mode 100644 apps/vaultwarden/base/service.yaml create mode 100644 apps/vaultwarden/env/k3s-cluster/config.json create mode 100644 apps/vaultwarden/env/k3s-cluster/ingress.yaml create mode 100644 apps/vaultwarden/env/k3s-cluster/kustomization.yaml create mode 100644 resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml diff --git a/apps/homer/base/development.yaml b/apps/homer/base/deployment.yaml similarity index 100% rename from apps/homer/base/development.yaml rename to apps/homer/base/deployment.yaml diff --git a/apps/homer/base/kustomization.yaml b/apps/homer/base/kustomization.yaml index 01a493e..5635793 100644 --- a/apps/homer/base/kustomization.yaml +++ b/apps/homer/base/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./development.yaml + - deployment.yaml - ./service.yaml - ./ingress.yaml \ No newline at end of file diff --git a/apps/vaultwarden/base/deployment.yaml b/apps/vaultwarden/base/deployment.yaml new file mode 100644 index 0000000..d77678e --- /dev/null +++ b/apps/vaultwarden/base/deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden +spec: + selector: + matchLabels: + app.kubernetes.io/name: vaultwarden + template: + metadata: + labels: + app.kubernetes.io/name: vaultwarden + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - securityContext: + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + name: vaultwarden + image: vaultwarden/server:1.31.0 + env: + - name: DOMAIN + value: https://vaultwarden.cluster.edward.sydney + - name: SIGNUPS_ALLOWED + value: "true" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_password + - name: DB_HOST + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_host + - name: DB_NAME + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_name + - name: DATABASE_URL + value: postgresql://$DB_USERNAME:$DB_PASSWORD@$DB_HOST:5432/$DB_NAME + ports: + - protocol: TCP + containerPort: 80 + name: http + volumeMounts: + - name: vaultwarden-data + mountPath: /data + volumes: + - name: vaultwarden-data + hostPath: + path: /mnt/nfs/AppData/vaultwarden/data + type: Directory + diff --git a/apps/vaultwarden/base/kustomization.yaml b/apps/vaultwarden/base/kustomization.yaml new file mode 100644 index 0000000..87b09a3 --- /dev/null +++ b/apps/vaultwarden/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml \ No newline at end of file diff --git a/apps/vaultwarden/base/service.yaml b/apps/vaultwarden/base/service.yaml new file mode 100644 index 0000000..936074f --- /dev/null +++ b/apps/vaultwarden/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden +spec: + selector: + app.kubernetes.io/name: vaultwarden + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 11080 + targetPort: 80 + name: http diff --git a/apps/vaultwarden/env/k3s-cluster/config.json b/apps/vaultwarden/env/k3s-cluster/config.json new file mode 100644 index 0000000..c86ab8d --- /dev/null +++ b/apps/vaultwarden/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "vaultwarden", + "userGivenName": "vaultwarden", + "namespace": "vaultwarden", + "destNamespace": "vaultwarden", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/vaultwarden/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/vaultwarden/env/k3s-cluster/ingress.yaml b/apps/vaultwarden/env/k3s-cluster/ingress.yaml new file mode 100644 index 0000000..2602de2 --- /dev/null +++ b/apps/vaultwarden/env/k3s-cluster/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden-ingress + namespace: vaultwarden + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "vaultwarden.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: vaultwarden + port: + number: 11080 \ No newline at end of file diff --git a/apps/vaultwarden/env/k3s-cluster/kustomization.yaml b/apps/vaultwarden/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..3ea3085 --- /dev/null +++ b/apps/vaultwarden/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base + - ./ingress.yaml \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml b/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml new file mode 100644 index 0000000..87ca602 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: vaultwarden-secrets + namespace: vaultwarden +type: Opaque +stringData: + db_host: "postgresql-primary.postgresql.svc.cluster.local" + db_name: "vaultwarden" + db_username: "vaultwarden_user" + db_password: "ZBNNFohNbMajoV.Cojthxvf2" \ No newline at end of file From f5a6bec3f285f49ecb35030c76c5f0dabe2b3643 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 19 Jul 2024 16:06:28 +1000 Subject: [PATCH 2/2] add app vaultwarden --- apps/vaultwarden/base/deployment.yaml | 25 +++------------- .../k3s-cluster/templates/vaultwarden.yaml | 30 ++++++++++++------- 2 files changed, 24 insertions(+), 31 deletions(-) diff --git a/apps/vaultwarden/base/deployment.yaml b/apps/vaultwarden/base/deployment.yaml index d77678e..6bde2fc 100644 --- a/apps/vaultwarden/base/deployment.yaml +++ b/apps/vaultwarden/base/deployment.yaml @@ -29,28 +29,11 @@ spec: value: https://vaultwarden.cluster.edward.sydney - name: SIGNUPS_ALLOWED value: "true" - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: vaultwarden-secrets - key: db_username - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: vaultwarden-secrets - key: db_password - - name: DB_HOST - valueFrom: - secretKeyRef: - name: vaultwarden-secrets - key: db_host - - name: DB_NAME - valueFrom: - secretKeyRef: - name: vaultwarden-secrets - key: db_name - name: DATABASE_URL - value: postgresql://$DB_USERNAME:$DB_PASSWORD@$DB_HOST:5432/$DB_NAME + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: db_url ports: - protocol: TCP containerPort: 80 diff --git a/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml b/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml index 87ca602..2db5cea 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/vaultwarden.yaml @@ -1,16 +1,26 @@ -apiVersion: v1 -kind: Secret +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret metadata: annotations: - argocd.argoproj.io/sync-options: Prune=false sealedsecrets.bitnami.com/cluster-wide: "true" - sealedsecrets.bitnami.com/managed: "true" creationTimestamp: null name: vaultwarden-secrets namespace: vaultwarden -type: Opaque -stringData: - db_host: "postgresql-primary.postgresql.svc.cluster.local" - db_name: "vaultwarden" - db_username: "vaultwarden_user" - db_password: "ZBNNFohNbMajoV.Cojthxvf2" \ No newline at end of file +spec: + encryptedData: + db_host: AgAU/TG2d3KsOyghK/buhGEUoADufbw8GhZ8S3PGLM1AXvH8y8RnmVaVhwlirMWr+YmseXfmeJdkIGRqsQawTNx47kINweu/1DAWYaYuy+2DZwu1tdFWOehioT3iz2ULRItrRLrhFvdUv0nLxc8wXwP4z9HVb9ttKau/09rhBQqWHL5Mo4bivz1tm9RX7QzFCTicCsi586O5fdOn6ZCzxD1Kp/Bc0nV31iN8PGP/m1VNilQuQp6xnU14Pg6gd2rQ/g37iv6ndK4DrmhHNx2O1y0+cnvhgBpaBhlAPWyIJ3gOMs/775BSXpfJY9bAwO0JSWMtxadhVlWJiVg81YhydstZkpHF8Lv5oV9Bn/EF937PiMpL0mf7BIxbxjWKVmnOLnTtfWHzQRAoj6UzY9pMwRMY2UXHo1TMeodSru0lzhKL1/65bO5kpx/TC74zsk9bwhcT5FiBKPT0/j2g/A0DGRJYvHEE+ml25635oASPqcIb0iWD9AOxevprxXtC4GEkz/WfEk1WcVkrjbXWERSVereatLOa1oTNFfLKnomv1xpju3rN6KWaU7moLj4sB+6SWIwpPYz8qoIDnfeyq2cEy/KtqES6kF7pOm+3s4YbKmR7cGtHOFSYIidJYfWQw6/y8e4D/YtWsK90xJXXty7CEk40qpYr483QQVK6tO2J41NFuIpuFKefe9Vc09uc5fw5RLk14Sni6ZQyiAxzB2DE2jRmj2wz65oUc6YhuFcFI+BXoqvB5YNOdUp9PZhx0q7X4w== + db_name: AgBuSXLjCkX/acXfcnetongwEs60IhGBUSSjpPbo0ypHJDyqrmvxXOIwAZJrKtTzEl7+1hemKf4Ky01ABCnOrmg98j9PoFvKNn6hHplm3oBvOJdGyRqwI37+L01tzY3ESNXb+d6XnbpyfSwPSOAHR6m/RbtDQjSsdu9wx2m3pAEHHa8Z+sZJQugHqpfHL1PJPNcs03m0Ys9sChb9usG40sauotE0AfFQRf+dhUjDYiIWd2RAGbuSEcEuYyDTyZFd0x42ez8kpUN1ue6wj2H1wcyPmEj6OE8FoBilEusoSIutSuD7fwpTv3hgBQunywWWCJdCoJ8W3OuZ+UqG+i/sj5p3ffNiG2wvVLexaJg9HTcujeIVFT6vw6/kD16JgxCjWoPfy/CdTzkNfxXpDmkSlwzLzngUwRdvxwaV1ZKm97pnjrkdpPVkezQVcSaO+86jkYVvgQT6j2EEwScRQ772ZKHXvOgV8XUYM0Xs/ttbKxFZvp6SKdDo/ez3FEgaV/Qo5L3KLfj0lxRRKVJr2OlHD/HWOLLLDyrn8DoXGGQN7fm1u7pwRfa0i4rfLruTToSUgNN+OGaUzd8fPBUwdINI5TnfZy+CI0su5GJl2fmEHwvzuHXwb2Fnovmm9L5L2M2zx/3avZRnaFP+Hq6C9YS/18QKvzOpCz4ErXj8RofkR/C0QqjvyKbYAjJrlIZAmWqbybz3nai29fj8mx1OcQ== + db_password: AgCNGZ2Q1sFF2rVx1k+RPGZTAZu5NgPY0gf7MkwDnT7gaom1OZoetX8Fw9vQMQXla6vqK8gXLUOQaQPYPJejL5/QuyIpWOXodoRFHrWIgDpDVVLHX5L9apLvZiPCh7CGVG6e5x0iSJmR3zMEhjI3SiFaqnAf/a6w2Y3UptalfU8LdS6ggGD+g5Qp6X5Dh29deIz4noy8p3IFAF+RKMY/pzGHxOyR8a4B1Zv0iC22a6MA9K2gYS5affPAtGEjrFJ0/Hpn41toPQmHuNVh+SlpPtOLPG7Ol6qbvzG82U3GSbEx2OpEne0Kudb+LPoRGp7JmWLIiMkEBxXViuflBdUuyCTb8r4H6+KVnneLU9MQ3rVQ0TwYwe0JgKc1s7Gj8C9teR/x0bXVKzG7/I/P8YzWIED3eSHg6CKTUzo5lVgPRWYZ8hzsoKYn8g2n9azsiJrpKkVHTV9E9sJOi1rHwEH4gaBOMRPz5VFzRsXKWryY7fPaDBSYkISi4w3F0Po7q3ajIJ8b3wcO9YwwySxg2HAYwycZybTp4HLwfQYnacaG+WkCli4ycOziHiR2D+9sE41KaIa3qWPEJtxkLElizyhuer9tybXACkJPfBrUz05MKj615jQhXNAZN4z4Og1HuckCa0L8rGdzhG0AOnouz9rXlhpBuKgp02uyLU0Fl1AAbbsIxzJgh7pavlFrmD/E1mvT7N1v41jLV+ZbCUWjwSvNPASVh1gD9cH4JdE= + db_url: AgCym27CGiaU1kRRFWOmUFqbZBWLAzFINas016KQ2rSfzgMQl1EhLTjbD719/DrWomYKk3dUBJ0wP57A0e8ATwCttNJWq9AUJe1aXYUagOvzv+YF8QoG5y3lyS45tA2xbpxQv3a+AGtu4jgUrTiD9LlN8VtZLVikkx5i+uXdGZsqwmMm83o7ugqER2/kJhPmkWPWRnpaLhUyNlLYYNy+74tn6pKtJK4QGMxzQefU9i8m7wjOvPA22oeuuHwEpOEs6iPO9gQNCLaU73BDAEd1WU7aVNY0AF9+XYBrOhE9gPRLEWjX8YMHtkrm14qwPorPiU6NWujweJWFpoAycSfB9gb/07hAQlL2p+uTHjMtduhXsX8CSXEU3bUh9ZfE+9YkMDeW3o3FOBt4wS1SmwtSQkOXHQitqu0MkFY4VIFVczTaCkWuhoEV2/q1lECterGgoa3VvCzusKZSn+M2eDLE1kno5OX0t/HAZ8pLj26LSiMzLzoakXpl5EQGFZjsxJuSRbhk10LHXyWNgDOOwAbXmdxx8iWcP0FfKKo3nXshdwLGDq0F9rQQhac6G0MdJcTRMDHF1lE+CWIytHV1coYXpqNAgpr2/uX/xFFYg9K/Ypb0dXWJF57wULpPXd4oqWNQNxw7uq7UpO7ricdoVE+RUvoLfCj/79ZjavwNNP169Thyuq0TgJxWi+IDM6YEPNfI8B6WK92WnODjBPnTMxuEPUaXjt4lsMRd7noL1kNFTCeNQguFYP+aJ/T9WFm055k7F1PsNpsTjFY3yiELiOwmufDxNZcTUTv2drOuGMx31/2GquBEqis2xq2x3SywcNMcSDS5t7voHAyk9SgiPHdKGJ0kM0aTApxSLQ== + db_username: AgBdtZM8JndYydTgxap7BTVLGezRWLK68X6XXOXAdIqKjctTXmiUxxCkKbHLi/GmmsEWV2So9FbMHUieT4tn68JczZM0/CmQlOlimBL0Mdq/FaUAeMGGjHtY4LPzb9Fmusp7YOJwXN/7mUQykT6DmTIGpxM6rK03AE68xtuP8qKx1Y1BBTGc1XE9wzPWyPwf8Kvk/v/xcTtrspQrvX60RO2pOIKSqSN+c/d5nPDjaJwvs3+Wc7Wip4IOyGaXmItvXUPso+C4rgTJzdfwmnseOANZpCA4lQoDjkYd+f/dO5C9vbRTBosc2ri85QOQAIjVjW5NfSjOdzaGHy47ZzcexRVZiKvP3yp6wIuhYZOGWYnYy7iGcgvbIkbJsb3SHMIYleAV13weG1dzBI2yevZfCjeR6qObze2MGdCepNvYQ2Tfg1hFI1sOba+TrToys8Fi0AYJauJWmnYWjT/NXFCdTegv/F98L8A2BYAxBHmQA/qaU6YGwgzkTKCpkN/B3DEl3OXVsXvMFdHnNgyEi7p5R4NaAkqLg62vNheb6wmlijMPBbBiUZohqsC3OS6+z/tmtujDE/NSpaiSBU45nD/3RXHAqoe5HsggH1STVLCjXmNt7e16w3IjO4pWWG5Nt5zReRwbQt8UyjtgKwO5snkTV7phVcFqYEcMN7XFqu3++gofUOEKC4YXR4DI2YFcswd7rG1hPmtUTqErAhg7T6DyuXcL + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: vaultwarden-secrets + namespace: vaultwarden + type: Opaque