300 lines
7.3 KiB
YAML
300 lines
7.3 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: vaultwarden
|
|
app.kubernetes.io/version: 1.33.2
|
|
helm.sh/chart: vaultwarden-0.31.8
|
|
name: vaultwarden-svc
|
|
namespace: vaultwarden
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: vaultwarden
|
|
app.kubernetes.io/version: 1.33.2
|
|
helm.sh/chart: vaultwarden-0.31.8
|
|
name: vaultwarden
|
|
namespace: vaultwarden
|
|
rules:
|
|
- apiGroups:
|
|
- extensions
|
|
- apps
|
|
resources:
|
|
- deployments
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods/exec
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods/log
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: vaultwarden
|
|
app.kubernetes.io/version: 1.33.2
|
|
helm.sh/chart: vaultwarden-0.31.8
|
|
name: vaultwarden
|
|
namespace: vaultwarden
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: vaultwarden
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: vaultwarden-svc
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
ADMIN_RATELIMIT_MAX_BURST: "3"
|
|
ADMIN_RATELIMIT_SECONDS: "300"
|
|
DATA_FOLDER: /data
|
|
DATABASE_MAX_CONNS: "10"
|
|
DB_CONNECTION_RETRIES: "15"
|
|
DOMAIN: https://vault.borninpain.de
|
|
EMAIL_CHANGE_ALLOWED: "true"
|
|
EMERGENCY_ACCESS_ALLOWED: "true"
|
|
EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * *
|
|
EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * *
|
|
EXPERIMENTAL_CLIENT_FEATURE_FLAGS: ssh-key-vault-item,ssh-agent
|
|
EXTENDED_LOGGING: "true"
|
|
ICON_BLACKLIST_NON_GLOBAL_IPS: "true"
|
|
ICON_REDIRECT_CODE: "302"
|
|
ICON_SERVICE: internal
|
|
INVITATION_EXPIRATION_HOURS: "120"
|
|
INVITATION_ORG_NAME: Vaultwarden
|
|
INVITATIONS_ALLOWED: "true"
|
|
IP_HEADER: X-Real-IP
|
|
LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f'
|
|
ORG_EVENTS_ENABLED: "false"
|
|
ORG_GROUPS_ENABLED: "false"
|
|
REQUIRE_DEVICE_EMAIL: "false"
|
|
ROCKET_ADDRESS: 0.0.0.0
|
|
ROCKET_PORT: "8080"
|
|
ROCKET_WORKERS: "10"
|
|
SENDS_ALLOWED: "true"
|
|
SHOW_PASSWORD_HINT: "false"
|
|
SIGNUPS_ALLOWED: "true"
|
|
SIGNUPS_VERIFY: "true"
|
|
SMTP_ACCEPT_INVALID_CERTS: "false"
|
|
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
|
|
SMTP_AUTH_MECHANISM: Plain
|
|
SMTP_DEBUG: "false"
|
|
SMTP_FROM: noreply@borninpain.de
|
|
SMTP_FROM_NAME: Vaultwarden
|
|
SMTP_HOST: mxe965.netcup.net
|
|
SMTP_PORT: "587"
|
|
SMTP_SECURITY: starttls
|
|
TRASH_AUTO_DELETE_DAYS: ""
|
|
TZ: Europe/Berlin
|
|
WEB_VAULT_ENABLED: "true"
|
|
kind: ConfigMap
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: vaultwarden
|
|
app.kubernetes.io/version: 1.33.2
|
|
helm.sh/chart: vaultwarden-0.31.8
|
|
name: vaultwarden
|
|
namespace: vaultwarden
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: vaultwarden
|
|
app.kubernetes.io/version: 1.33.2
|
|
helm.sh/chart: vaultwarden-0.31.8
|
|
name: vaultwarden
|
|
namespace: vaultwarden
|
|
spec:
|
|
ipFamilyPolicy: SingleStack
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
selector:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/name: vaultwarden
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: vaultwarden
|
|
app.kubernetes.io/version: 1.33.2
|
|
helm.sh/chart: vaultwarden-0.31.8
|
|
name: vaultwarden
|
|
namespace: vaultwarden
|
|
spec:
|
|
persistentVolumeClaimRetentionPolicy:
|
|
whenDeleted: Retain
|
|
whenScaled: Retain
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/name: vaultwarden
|
|
serviceName: vaultwarden
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/config: 43e8689608a3dc84803c911f22965468d480cd42
|
|
checksum/secret: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/name: vaultwarden
|
|
spec:
|
|
containers:
|
|
- env:
|
|
- name: YUBICO_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: YUBICO_SECRET_KEY
|
|
name: vaultwarden
|
|
- name: DUO_SKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: DUO_SKEY
|
|
name: vaultwarden
|
|
- name: SMTP_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: SMTP_USERNAME
|
|
name: vaultwarden
|
|
- name: SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: SMTP_PASSWORD
|
|
name: vaultwarden
|
|
- name: ADMIN_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: ADMIN_TOKEN
|
|
name: vaultwarden
|
|
- name: PUSH_INSTALLATION_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: PUSH_INSTALLATION_ID
|
|
name: vaultwarden
|
|
- name: PUSH_INSTALLATION_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: PUSH_INSTALLATION_KEY
|
|
name: vaultwarden
|
|
envFrom:
|
|
- configMapRef:
|
|
name: vaultwarden
|
|
image: docker.io/vaultwarden/server:1.34.3-alpine
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
failureThreshold: 10
|
|
httpGet:
|
|
path: /alive
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
name: vaultwarden
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /alive
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources: {}
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: vaultwarden-data
|
|
serviceAccountName: vaultwarden-svc
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
annotations:
|
|
meta.helm.sh/release-name: vaultwarden
|
|
meta.helm.sh/release-namespace: vaultwarden
|
|
labels:
|
|
app.kubernetes.io/component: vaultwarden
|
|
app.kubernetes.io/instance: vaultwarden
|
|
app.kubernetes.io/name: vaultwarden
|
|
name: vaultwarden-data
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: openebs-3-replicas
|