diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml new file mode 100644 index 0000000..c2b3a57 --- /dev/null +++ b/vaultwarden/kustomization.yaml @@ -0,0 +1,7 @@ +# argocd/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - vaultwarden.yaml + \ No newline at end of file diff --git a/vaultwarden/src/kustomization.yaml b/vaultwarden/src/kustomization.yaml new file mode 100644 index 0000000..afe481f --- /dev/null +++ b/vaultwarden/src/kustomization.yaml @@ -0,0 +1,10 @@ +# argocd/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: vaultwarden + repo: https://guerzon.github.io/vaultwarden + version: 0.31.8 + releaseName: vaultwarden + namespace: vaultwarden diff --git a/vaultwarden/vaultwarden.yaml b/vaultwarden/vaultwarden.yaml new file mode 100644 index 0000000..8908b72 --- /dev/null +++ b/vaultwarden/vaultwarden.yaml @@ -0,0 +1,259 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden-svc + namespace: vaultwarden +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +rules: +- apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: vaultwarden +subjects: +- kind: ServiceAccount + name: vaultwarden-svc +--- +apiVersion: v1 +data: + ADMIN_RATELIMIT_MAX_BURST: "3" + ADMIN_RATELIMIT_SECONDS: "300" + DATABASE_MAX_CONNS: "10" + DB_CONNECTION_RETRIES: "15" + DOMAIN: "" + EMAIL_CHANGE_ALLOWED: "true" + EMERGENCY_ACCESS_ALLOWED: "true" + EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * * + EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * * + EXTENDED_LOGGING: "true" + ICON_BLACKLIST_NON_GLOBAL_IPS: "true" + ICON_REDIRECT_CODE: "302" + ICON_SERVICE: internal + INVITATION_EXPIRATION_HOURS: "120" + INVITATION_ORG_NAME: Vaultwarden + INVITATIONS_ALLOWED: "true" + IP_HEADER: X-Real-IP + LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f' + ORG_EVENTS_ENABLED: "false" + ORG_GROUPS_ENABLED: "false" + REQUIRE_DEVICE_EMAIL: "false" + ROCKET_ADDRESS: 0.0.0.0 + ROCKET_PORT: "8080" + ROCKET_WORKERS: "10" + SENDS_ALLOWED: "true" + SHOW_PASSWORD_HINT: "false" + SIGNUPS_ALLOWED: "true" + SIGNUPS_VERIFY: "true" + TRASH_AUTO_DELETE_DAYS: "" + WEB_VAULT_ENABLED: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +--- +apiVersion: v1 +data: + ADMIN_TOKEN: JGFyZ29uMmlkJHY9MTkkbT0xOTQ1Nix0PTIscD0xJFZreDFWa0U0Um1oRE1VaHdObTlZVmxoUFFrVk9aazFZYzFkdVNEZEdSVll6ZDBZNVprZ3dhVmcwWXowJFBLK2gxQU5DYnp6bUVLYWlRZkNqV3craFdGYU1LdkxoRzJQalJhbkg1S2s= + DUO_SKEY: "" + PUSH_INSTALLATION_ID: "" + PUSH_INSTALLATION_KEY: "" + SMTP_PASSWORD: "" + SMTP_USERNAME: "" + YUBICO_SECRET_KEY: "" +kind: Secret +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +spec: + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + serviceName: vaultwarden + template: + metadata: + annotations: + checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f + checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4 + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + spec: + containers: + - env: + - name: ADMIN_TOKEN + valueFrom: + secretKeyRef: + key: ADMIN_TOKEN + name: vaultwarden + envFrom: + - configMapRef: + name: vaultwarden + image: docker.io/vaultwarden/server:1.33.2-alpine + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /alive + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: vaultwarden + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /alive + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + serviceAccountName: vaultwarden-svc