--- apiVersion: v1 kind: Namespace metadata: name: vaultwarden --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: vaultwarden-data-pvc namespace: vaultwarden spec: accessModes: - ReadWriteMany storageClassName: nfs-storage resources: requests: storage: 5Gi --- apiVersion: v1 kind: Secret metadata: name: vaultwarden-auth namespace: vaultwarden type: Opaque data: admin-token: N2YyZmE1NjY4ZTViZGE0OGQxZTIzODcyMzEzOTBlNGM= --- apiVersion: v1 kind: ConfigMap metadata: name: vaultwarden-config namespace: vaultwarden data: SIGNUPS_ALLOWED: "false" DOMAIN: "https://vault.khongisa.co.za" ROCKET_PROFILE: "release" ROCKET_ADDRESS: "0.0.0.0" ROCKET_PORT: "80" --- apiVersion: apps/v1 kind: Deployment metadata: name: vaultwarden namespace: vaultwarden labels: app: vaultwarden spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: vaultwarden template: metadata: labels: app: vaultwarden spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist containers: - name: vaultwarden image: vaultwarden/server:latest ports: - containerPort: 80 name: http env: - name: ADMIN_TOKEN valueFrom: secretKeyRef: name: vaultwarden-auth key: admin-token - name: SIGNUPS_ALLOWED valueFrom: configMapKeyRef: name: vaultwarden-config key: SIGNUPS_ALLOWED - name: DOMAIN valueFrom: configMapKeyRef: name: vaultwarden-config key: DOMAIN - name: ROCKET_PORT valueFrom: configMapKeyRef: name: vaultwarden-config key: ROCKET_PORT resources: requests: cpu: "100m" memory: "256Mi" limits: cpu: "500m" memory: "512Mi" volumeMounts: - name: vaultwarden-storage mountPath: /data volumes: - name: vaultwarden-storage persistentVolumeClaim: claimName: vaultwarden-data-pvc --- apiVersion: v1 kind: Service metadata: name: vaultwarden-service namespace: vaultwarden spec: type: NodePort selector: app: vaultwarden ports: - name: http protocol: TCP port: 80 targetPort: 80 nodePort: 32085