apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden-svc namespace: vaultwarden --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden rules: - apiGroups: - extensions - apps resources: - deployments verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - pods verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods/exec verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods/log verbs: - get - list - watch - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: vaultwarden subjects: - kind: ServiceAccount name: vaultwarden-svc --- apiVersion: v1 data: ADMIN_RATELIMIT_MAX_BURST: "3" ADMIN_RATELIMIT_SECONDS: "300" DATABASE_MAX_CONNS: "10" DB_CONNECTION_RETRIES: "15" DOMAIN: "" EMAIL_CHANGE_ALLOWED: "true" EMERGENCY_ACCESS_ALLOWED: "true" EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * * EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * * EXTENDED_LOGGING: "true" ICON_BLACKLIST_NON_GLOBAL_IPS: "true" ICON_REDIRECT_CODE: "302" ICON_SERVICE: internal INVITATION_EXPIRATION_HOURS: "120" INVITATION_ORG_NAME: Vaultwarden INVITATIONS_ALLOWED: "true" IP_HEADER: X-Real-IP LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f' ORG_EVENTS_ENABLED: "false" ORG_GROUPS_ENABLED: "false" REQUIRE_DEVICE_EMAIL: "false" ROCKET_ADDRESS: 0.0.0.0 ROCKET_PORT: "8080" ROCKET_WORKERS: "10" SENDS_ALLOWED: "true" SHOW_PASSWORD_HINT: "false" SIGNUPS_ALLOWED: "true" SIGNUPS_VERIFY: "true" TRASH_AUTO_DELETE_DAYS: "" WEB_VAULT_ENABLED: "true" kind: ConfigMap metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden --- apiVersion: v1 data: ADMIN_TOKEN: JGFyZ29uMmlkJHY9MTkkbT0xOTQ1Nix0PTIscD0xJFZreDFWa0U0Um1oRE1VaHdObTlZVmxoUFFrVk9aazFZYzFkdVNEZEdSVll6ZDBZNVprZ3dhVmcwWXowJFBLK2gxQU5DYnp6bUVLYWlRZkNqV3craFdGYU1LdkxoRzJQalJhbkg1S2s= DUO_SKEY: "" PUSH_INSTALLATION_ID: "" PUSH_INSTALLATION_KEY: "" SMTP_PASSWORD: "" SMTP_USERNAME: "" YUBICO_SECRET_KEY: "" kind: Secret metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden type: Opaque --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden spec: ipFamilyPolicy: SingleStack ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden type: ClusterIP --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.33.2 helm.sh/chart: vaultwarden-0.31.8 name: vaultwarden namespace: vaultwarden spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain replicas: 1 selector: matchLabels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden serviceName: vaultwarden template: metadata: annotations: checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4 labels: app.kubernetes.io/component: vaultwarden app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden spec: containers: - env: - name: ADMIN_TOKEN valueFrom: secretKeyRef: key: ADMIN_TOKEN name: vaultwarden envFrom: - configMapRef: name: vaultwarden image: docker.io/vaultwarden/server:1.33.2-alpine imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 10 httpGet: path: /alive port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: vaultwarden ports: - containerPort: 8080 name: http protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /alive port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} serviceAccountName: vaultwarden-svc