eemoore/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Vaultwarden configuration with Crossplane Objects

Browse source 
- Namespace, ConfigMap, PVC, Deployment, Service
- SSL certificate via cert-manager
- Ambassador Host and Mapping with Pomerium integration
- Uses SQLite for data persistence

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Infrastructure Admin 2025-09-27 00:05:33 -04:00
parent 81a2e96de1
commit 5154306148
1 changed files with 241 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

241
vaultwarden.yaml Normal file
View file

@ -0,0 +1,241 @@
# Vaultwarden namespace
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-namespace
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden
---
# Vaultwarden ConfigMap
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-config
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: v1
kind: ConfigMap
metadata:
name: vaultwarden-config
namespace: vaultwarden
data:
DOMAIN: "https://vault.nge6.com"
WEBSOCKET_ENABLED: "true"
ROCKET_PORT: "8080"
ROCKET_WORKERS: "10"
# Security settings
INVITATIONS_ALLOWED: "true"
SIGNUPS_ALLOWED: "false"
SHOW_PASSWORD_HINT: "false"
# Email configuration (disable for now)
SMTP_HOST: ""
SMTP_FROM: ""
SMTP_FROM_NAME: "Vaultwarden"
# Admin settings
ADMIN_TOKEN: "vaultwarden-admin-token-change-in-production"
# Database (using SQLite for simplicity)
DATABASE_URL: "sqlite:///data/db.sqlite3"
# File attachments
ATTACHMENTS_FOLDER: "/data/attachments"
# Icons
ICON_CACHE_FOLDER: "/data/icon_cache"
---
# Vaultwarden PVC for data persistence
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-data-pvc
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data
namespace: vaultwarden
spec:
accessModes:
- ReadWriteOnce
storageClassName: civo-volume
resources:
requests:
storage: 10Gi
---
# Vaultwarden Deployment
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-deployment
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: vaultwarden
labels:
app: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
containers:
- name: vaultwarden
image: vaultwarden/server:1.30.5
ports:
- containerPort: 8080
name: http
- containerPort: 3012
name: websocket
envFrom:
- configMapRef:
name: vaultwarden-config
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: data
mountPath: /data
readinessProbe:
httpGet:
path: /alive
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /alive
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
volumes:
- name: data
persistentVolumeClaim:
claimName: vaultwarden-data
---
# Vaultwarden Service
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-service
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: v1
kind: Service
metadata:
name: vaultwarden-http
namespace: vaultwarden
labels:
app: vaultwarden
spec:
selector:
app: vaultwarden
ports:
- name: http
port: 8080
targetPort: 8080
- name: websocket
port: 3012
targetPort: 3012
type: ClusterIP
---
# SSL Certificate for Vaultwarden
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-certificate
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: vaultwarden-tls
namespace: emissary
spec:
secretName: vaultwarden-tls
issuerRef:
name: letsencrypt-dns
kind: ClusterIssuer
dnsNames:
- vault.nge6.com
---
# Ambassador Host for Vaultwarden
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-host
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
name: vaultwarden-host
namespace: emissary
spec:
hostname: vault.nge6.com
tlsSecret:
name: vaultwarden-tls
---
# Ambassador Mapping for Vaultwarden
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: vaultwarden-mapping
namespace: crossplane-system
spec:
providerConfigRef:
name: kubernetes-provider
forProvider:
manifest:
apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
name: vaultwarden-mapping
namespace: emissary
spec:
hostname: vault.nge6.com
prefix: /
service: https://pomerium-proxy.pomerium:443
timeout_ms: 30000
connect_timeout_ms: 10000