diff --git a/vaultwarden.yaml b/vaultwarden.yaml new file mode 100644 index 0000000..0d6d648 --- /dev/null +++ b/vaultwarden.yaml @@ -0,0 +1,241 @@ +# Vaultwarden namespace +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-namespace + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: v1 + kind: Namespace + metadata: + name: vaultwarden +--- +# Vaultwarden ConfigMap +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-config + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: v1 + kind: ConfigMap + metadata: + name: vaultwarden-config + namespace: vaultwarden + data: + DOMAIN: "https://vault.nge6.com" + WEBSOCKET_ENABLED: "true" + ROCKET_PORT: "8080" + ROCKET_WORKERS: "10" + # Security settings + INVITATIONS_ALLOWED: "true" + SIGNUPS_ALLOWED: "false" + SHOW_PASSWORD_HINT: "false" + # Email configuration (disable for now) + SMTP_HOST: "" + SMTP_FROM: "" + SMTP_FROM_NAME: "Vaultwarden" + # Admin settings + ADMIN_TOKEN: "vaultwarden-admin-token-change-in-production" + # Database (using SQLite for simplicity) + DATABASE_URL: "sqlite:///data/db.sqlite3" + # File attachments + ATTACHMENTS_FOLDER: "/data/attachments" + # Icons + ICON_CACHE_FOLDER: "/data/icon_cache" +--- +# Vaultwarden PVC for data persistence +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-data-pvc + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: vaultwarden-data + namespace: vaultwarden + spec: + accessModes: + - ReadWriteOnce + storageClassName: civo-volume + resources: + requests: + storage: 10Gi +--- +# Vaultwarden Deployment +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-deployment + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: apps/v1 + kind: Deployment + metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app: vaultwarden + spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + containers: + - name: vaultwarden + image: vaultwarden/server:1.30.5 + ports: + - containerPort: 8080 + name: http + - containerPort: 3012 + name: websocket + envFrom: + - configMapRef: + name: vaultwarden-config + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: data + mountPath: /data + readinessProbe: + httpGet: + path: /alive + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /alive + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: vaultwarden-data +--- +# Vaultwarden Service +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-service + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: v1 + kind: Service + metadata: + name: vaultwarden-http + namespace: vaultwarden + labels: + app: vaultwarden + spec: + selector: + app: vaultwarden + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: websocket + port: 3012 + targetPort: 3012 + type: ClusterIP +--- +# SSL Certificate for Vaultwarden +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-certificate + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: vaultwarden-tls + namespace: emissary + spec: + secretName: vaultwarden-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + dnsNames: + - vault.nge6.com +--- +# Ambassador Host for Vaultwarden +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-host + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: getambassador.io/v3alpha1 + kind: Host + metadata: + name: vaultwarden-host + namespace: emissary + spec: + hostname: vault.nge6.com + tlsSecret: + name: vaultwarden-tls +--- +# Ambassador Mapping for Vaultwarden +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: vaultwarden-mapping + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: getambassador.io/v3alpha1 + kind: Mapping + metadata: + name: vaultwarden-mapping + namespace: emissary + spec: + hostname: vault.nge6.com + prefix: / + service: https://pomerium-proxy.pomerium:443 + timeout_ms: 30000 + connect_timeout_ms: 10000