initial checkin

2021-09-13 18:55:16 -04:00 · 2021-09-13 18:55:16 -04:00 · a1280ee704
commit a1280ee704
6 changed files with 133 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,12 @@
+# vaultwarden k8s manifest
+
+## Introduction
+
+This deploys a vaultwarden server.
+
+## Links
+
+* https://hub.docker.com/r/vaultwarden/server
+* https://github.com/dani-garcia/vaultwarden
+* https://github.com/dani-garcia/vaultwarden/wiki
+
--- a/vaultwarden_deployment.yml
+++ b/vaultwarden_deployment.yml
@ -0,0 +1,48 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: beta.kubernetes.io/arch
+                operator: In
+                values:
+                - arm64
+      containers:
+        - name: vaultwarden
+          image: vaultwarden/server
+          env:
+          - name: PUID
+            value: "1000"
+          - name: PGID
+            value: "1000"
+          - name: TZ
+            value: "America/Toronto"
+          ports:
+            - containerPort: 80
+              name: "vaultwarden"
+          volumeMounts:
+            - name: vaultwarden
+              mountPath: "/data"
+      volumes:
+        - name: vaultwarden
+          persistentVolumeClaim:
+            claimName: vaultwarden-pvc
+
+# EOF
--- a/vaultwarden_ingress.yml
+++ b/vaultwarden_ingress.yml
@ -0,0 +1,19 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  annotations:
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+  - host: vaultwarden.lan
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          serviceName: vaultwarden
+          servicePort: 80
+
+# EOF
--- a/vaultwarden_pv.yml
+++ b/vaultwarden_pv.yml
@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: vaultwarden-pv
+  labels:
+    name: vaultwarden-pv
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  mountOptions:
+    - hard
+    - nfsvers=4.0
+  nfs:
+    server: 192.168.7.11
+    path: "/volume1/k8s-storage/vaultwarden-data"
+
+# EOF
--- a/vaultwarden_pvc.yml
+++ b/vaultwarden_pvc.yml
@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-pvc
+  labels:
+    app: vaultwarden
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: "manual"
+  resources:
+    requests:
+      storage: 1Gi
+  selector:
+    matchLabels:
+      name: vaultwarden-pv
+
+# EOF
--- a/vaultwarden_service.yml
+++ b/vaultwarden_service.yml
@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden
+spec:
+  ports:
+    - name: http80
+      port: 80
+  selector:
+    # apply service to any pod with label app: nginx
+    app: vaultwarden
+
+# EOF