ba3ffa2568
- Remove invalid SQLite URL format - Disable SMTP configuration to prevent startup errors - Vaultwarden now running successfully 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
238 lines
5.8 KiB
YAML
238 lines
5.8 KiB
YAML
# Vaultwarden namespace
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-namespace
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: vaultwarden
|
|
---
|
|
# Vaultwarden ConfigMap
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-config
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: vaultwarden-config
|
|
namespace: vaultwarden
|
|
data:
|
|
DOMAIN: "https://vault.nge6.com"
|
|
WEBSOCKET_ENABLED: "true"
|
|
ROCKET_PORT: "8080"
|
|
ROCKET_WORKERS: "10"
|
|
# Security settings
|
|
INVITATIONS_ALLOWED: "true"
|
|
SIGNUPS_ALLOWED: "false"
|
|
SHOW_PASSWORD_HINT: "false"
|
|
# Email configuration (disabled)
|
|
# Admin settings
|
|
ADMIN_TOKEN: "vaultwarden-admin-token-change-in-production"
|
|
# Database (using SQLite for simplicity)
|
|
DATABASE_URL: "/data/db.sqlite3"
|
|
# File attachments
|
|
ATTACHMENTS_FOLDER: "/data/attachments"
|
|
# Icons
|
|
ICON_CACHE_FOLDER: "/data/icon_cache"
|
|
---
|
|
# Vaultwarden PVC for data persistence
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-data-pvc
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: vaultwarden-data
|
|
namespace: vaultwarden
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: civo-volume
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
---
|
|
# Vaultwarden Deployment
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-deployment
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: vaultwarden
|
|
namespace: vaultwarden
|
|
labels:
|
|
app: vaultwarden
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: vaultwarden
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: vaultwarden
|
|
spec:
|
|
containers:
|
|
- name: vaultwarden
|
|
image: vaultwarden/server:1.30.5
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
- containerPort: 3012
|
|
name: websocket
|
|
envFrom:
|
|
- configMapRef:
|
|
name: vaultwarden-config
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /alive
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /alive
|
|
port: 8080
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: vaultwarden-data
|
|
---
|
|
# Vaultwarden Service
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-service
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: vaultwarden-http
|
|
namespace: vaultwarden
|
|
labels:
|
|
app: vaultwarden
|
|
spec:
|
|
selector:
|
|
app: vaultwarden
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|
|
- name: websocket
|
|
port: 3012
|
|
targetPort: 3012
|
|
type: ClusterIP
|
|
---
|
|
# SSL Certificate for Vaultwarden
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-certificate
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: vaultwarden-tls
|
|
namespace: emissary
|
|
spec:
|
|
secretName: vaultwarden-tls
|
|
issuerRef:
|
|
name: letsencrypt-dns
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- vault.nge6.com
|
|
---
|
|
# Ambassador Host for Vaultwarden
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-host
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: getambassador.io/v3alpha1
|
|
kind: Host
|
|
metadata:
|
|
name: vaultwarden-host
|
|
namespace: emissary
|
|
spec:
|
|
hostname: vault.nge6.com
|
|
tlsSecret:
|
|
name: vaultwarden-tls
|
|
---
|
|
# Ambassador Mapping for Vaultwarden
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: vaultwarden-mapping
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: getambassador.io/v3alpha1
|
|
kind: Mapping
|
|
metadata:
|
|
name: vaultwarden-mapping
|
|
namespace: emissary
|
|
spec:
|
|
hostname: vault.nge6.com
|
|
prefix: /
|
|
service: https://pomerium-proxy.pomerium:443
|
|
timeout_ms: 30000
|
|
connect_timeout_ms: 10000
|