--- apiVersion: v1 kind: Namespace metadata: name: vaultwarden-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.34.3 name: vaultwarden namespace: vaultwarden-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.34.3 spec: containers: - name: vaultwarden image: vaultwarden/server:1.34.3 imagePullPolicy: IfNotPresent env: - name: TZ value: Europe/Budapest - name: DOMAIN value: https://vaultwarden.dooplex.hu - name: SIGNUPS_ALLOWED value: "false" - name: INVITATIONS_ALLOWED value: "true" - name: ADMIN_TOKEN valueFrom: secretKeyRef: name: vaultwarden-admin key: admin-token - name: WEBSOCKET_ENABLED value: "true" - name: SMTP_HOST valueFrom: secretKeyRef: name: smtp-credentials key: host - name: SMTP_PORT valueFrom: secretKeyRef: name: smtp-credentials key: port - name: SMTP_SECURITY value: starttls - name: SMTP_USERNAME valueFrom: secretKeyRef: name: smtp-credentials key: username - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: smtp-credentials key: password - name: SMTP_FROM valueFrom: secretKeyRef: name: smtp-credentials key: from-address - name: SMTP_FROM_NAME value: Vaultwarden ports: - containerPort: 80 name: http protocol: TCP livenessProbe: httpGet: path: /alive port: http initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /alive port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 50m memory: 128Mi volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: vaultwarden-data --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden app.kubernetes.io/version: 1.34.3 name: vaultwarden namespace: vaultwarden-system spec: type: ClusterIP ports: - name: http port: 80 protocol: TCP targetPort: http selector: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: vaultwarden.dooplex.hu,vaultwarden.home nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/ssl-redirect: "true" labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden name: vaultwarden namespace: vaultwarden-system spec: ingressClassName: nginx-internal rules: - host: vaultwarden.dooplex.hu http: paths: - backend: service: name: vaultwarden port: number: 80 path: / pathType: Prefix - host: vaultwarden.home http: paths: - backend: service: name: vaultwarden port: number: 80 path: / pathType: Prefix tls: - hosts: - vaultwarden.dooplex.hu secretName: vaultwarden-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden name: vaultwarden-data namespace: vaultwarden-system spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: longhorn ---