apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden-svc namespace: vaultwarden --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden rules: - apiGroups: - extensions - apps resources: - deployments verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - pods verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods/exec verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods/log verbs: - get - list - watch - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: vaultwarden subjects: - kind: ServiceAccount name: vaultwarden-svc --- apiVersion: v1 data: ADMIN_RATELIMIT_MAX_BURST: "3" ADMIN_RATELIMIT_SECONDS: "300" DATA_FOLDER: /data DATABASE_MAX_CONNS: "10" DB_CONNECTION_RETRIES: "15" DOMAIN: https://vault.borninpain.de EMAIL_CHANGE_ALLOWED: "true" EMERGENCY_ACCESS_ALLOWED: "true" EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * * EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * * EXPERIMENTAL_CLIENT_FEATURE_FLAGS: ssh-key-vault-item,ssh-agent EXTENDED_LOGGING: "true" ICON_BLACKLIST_NON_GLOBAL_IPS: "true" ICON_REDIRECT_CODE: "302" ICON_SERVICE: internal INVITATION_EXPIRATION_HOURS: "120" INVITATION_ORG_NAME: Vaultwarden INVITATIONS_ALLOWED: "true" IP_HEADER: X-Real-IP LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f' ORG_EVENTS_ENABLED: "false" ORG_GROUPS_ENABLED: "false" REQUIRE_DEVICE_EMAIL: "false" ROCKET_ADDRESS: 0.0.0.0 ROCKET_PORT: "8080" ROCKET_WORKERS: "10" SENDS_ALLOWED: "true" SHOW_PASSWORD_HINT: "false" SIGNUPS_ALLOWED: "true" SIGNUPS_VERIFY: "true" SMTP_ACCEPT_INVALID_CERTS: "false" SMTP_ACCEPT_INVALID_HOSTNAMES: "false" SMTP_AUTH_MECHANISM: Plain SMTP_DEBUG: "false" SMTP_FROM: noreply@borninpain.de SMTP_FROM_NAME: Vaultwarden SMTP_HOST: mxe965.netcup.net SMTP_PORT: "587" SMTP_SECURITY: starttls TRASH_AUTO_DELETE_DAYS: "" TZ: Europe/Berlin WEB_VAULT_ENABLED: "true" kind: ConfigMap metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden spec: ipFamilyPolicy: SingleStack ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden type: ClusterIP --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain replicas: 1 selector: matchLabels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden serviceName: vaultwarden template: metadata: annotations: checksum/config: 43e8689608a3dc84803c911f22965468d480cd42 checksum/secret: 2418f09fc13833ef715af34ed14ffc1fe7335532 labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden spec: containers: - env: - name: SMTP_USERNAME valueFrom: secretKeyRef: key: SMTP_USERNAME name: vaultwarden - name: SMTP_PASSWORD valueFrom: secretKeyRef: key: SMTP_PASSWORD name: vaultwarden - name: ADMIN_TOKEN valueFrom: secretKeyRef: key: ADMIN_TOKEN name: vaultwarden - name: PUSH_INSTALLATION_ID valueFrom: secretKeyRef: key: PUSH_INSTALLATION_ID name: vaultwarden - name: PUSH_INSTALLATION_KEY valueFrom: secretKeyRef: key: PUSH_INSTALLATION_KEY name: vaultwarden envFrom: - configMapRef: name: vaultwarden image: docker.io/vaultwarden/server:1.34.3-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 10 httpGet: path: /alive port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: vaultwarden ports: - containerPort: 8080 name: http protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /alive port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} volumeMounts: - mountPath: /data name: vaultwarden-data serviceAccountName: vaultwarden-svc volumeClaimTemplates: - metadata: annotations: meta.helm.sh/release-name: vaultwarden meta.helm.sh/release-namespace: vaultwarden labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden name: vaultwarden-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: openebs-3-replicas