Added vaultwarden template

2026-04-16 12:11:36 +00:00
parent b45b72de38
commit 26a1ba2ea2
1 changed files with 123 additions and 0 deletions
--- a/kubernetes-templates/vaultwarden.yml
+++ b/kubernetes-templates/vaultwarden.yml
@@ -0,0 +1,123 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vaultwarden
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-data-pvc
+  namespace: vaultwarden
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: nfs-storage
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vaultwarden-auth
+  namespace: vaultwarden
+type: Opaque
+data:
+  admin-token: N2YyZmE1NjY4ZTViZGE0OGQxZTIzODcyMzEzOTBlNGM=
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vaultwarden-config
+  namespace: vaultwarden
+data:
+  SIGNUPS_ALLOWED: "false"
+  DOMAIN: "https://vault.khongisa.co.za"
+  ROCKET_PROFILE: "release"
+  ROCKET_ADDRESS: "0.0.0.0"
+  ROCKET_PORT: "80"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+  labels:
+    app: vaultwarden
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: vaultwarden
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: DoesNotExist
+      containers:
+        - name: vaultwarden
+          image: vaultwarden/server:latest
+          ports:
+            - containerPort: 80
+              name: http
+          env:
+            - name: ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-auth
+                  key: admin-token
+            - name: SIGNUPS_ALLOWED
+              valueFrom:
+                configMapKeyRef:
+                  name: vaultwarden-config
+                  key: SIGNUPS_ALLOWED
+            - name: DOMAIN
+              valueFrom:
+                configMapKeyRef:
+                  name: vaultwarden-config
+                  key: DOMAIN
+            - name: ROCKET_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: vaultwarden-config
+                  key: ROCKET_PORT
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+          volumeMounts:
+            - name: vaultwarden-storage
+              mountPath: /data
+      volumes:
+        - name: vaultwarden-storage
+          persistentVolumeClaim:
+            claimName: vaultwarden-data-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden-service
+  namespace: vaultwarden
+spec:
+  type: NodePort
+  selector:
+    app: vaultwarden
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 80
+      nodePort: 32085