apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  template:
    spec:
      containers:
        - name: vaultwarden
          image: vaultwarden/server:1.33.2
          imagePullPolicy: IfNotPresent
          envFrom:
            - configMapRef:
                name: vaultwarden-config
          env:
            # Consume the secret
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secrets
                  key: DATABASE_URL
                  optional: false
            - name: PUSH_INSTALLATION_ID
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secrets
                  key: PUSH_ID
                  optional: false
            - name: PUSH_INSTALLATION_KEY
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secrets
                  key: PUSH_KEY
                  optional: false
            - name: SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: smtp-secrets
                  key: SMTP_PASSWORD
                  optional: false
            - name: ADMIN_TOKEN
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secrets
                  key: ADMIN_TOKEN
                  optional: false
          ports:
            - containerPort: 80
              protocol: TCP
              name: vaultwarden
          resources:
            requests:
              cpu: 250m
              memory: 512Mi
          # Mount the volume
          volumeMounts:
            - mountPath: /data
              name: vaultwarden
              subPath: "data"
      volumes:
        - name: vaultwarden
          persistentVolumeClaim:
            claimName: vaultwarden-pvc