From a6ae20c52c7bc8bd95deb96cd1f814bd6e9b61af Mon Sep 17 00:00:00 2001 From: Jonathan Leech-Pepin Date: Fri, 31 Jan 2025 11:35:34 -0500 Subject: [PATCH] Deployed vaultwarden --- .../apps/vaultwarden/kustomization.yaml | 85 +++++++++++++++++++ .../apps/vaultwarden/patches/deployment.yaml | 62 ++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 namespaces/apps/vaultwarden/kustomization.yaml create mode 100644 namespaces/apps/vaultwarden/patches/deployment.yaml diff --git a/namespaces/apps/vaultwarden/kustomization.yaml b/namespaces/apps/vaultwarden/kustomization.yaml new file mode 100644 index 0000000..aa52202 --- /dev/null +++ b/namespaces/apps/vaultwarden/kustomization.yaml @@ -0,0 +1,85 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: apps + unsetOnly: true + +namePrefix: vaultwarden- +resources: + - ../../../kustomize/deployment/ + +replacements: + - source: + kind: Service + name: svc + targets: + - select: + kind: HTTPRoute + options: + create: true + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: Service + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + +patches: + - path: patches/deployment.yaml + target: + kind: Deployment + name: app + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: vaultwarden + - pairs: + app.kubernetes.io/appNamespace: apps + +configMapGenerator: + - name: config + literals: diff --git a/namespaces/apps/vaultwarden/patches/deployment.yaml b/namespaces/apps/vaultwarden/patches/deployment.yaml new file mode 100644 index 0000000..7f50c89 --- /dev/null +++ b/namespaces/apps/vaultwarden/patches/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app +spec: + template: + spec: + containers: + - name: vaultwarden + image: vaultwarden/server:latest + envFrom: + - configMapRef: + name: vaultwarden-config + env: + # Consume the secret + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: DATABASE_URL + optional: false + - name: PUSH_INSTALLATION_ID + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: PUSH_ID + optional: false + - name: PUSH_INSTALLATION_KEY + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: PUSH_KEY + optional: false + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: smtp-secrets + key: SMTP_PASSWORD + optional: false + - name: ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: vaultwarden-secrets + key: ADMIN_TOKEN + optional: false + ports: + - containerPort: 80 + protocol: TCP + name: vaultwarden + resources: + requests: + cpu: 250m + memory: 512Mi + # Mount the volume + volumeMounts: + - mountPath: /data + name: vaultwarden + subPath: "data" + volumes: + - name: vaultwarden + persistentVolumeClaim: + claimName: vaultwarden-pvc