add

vaultwarden/deployment.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: vaultwarden
+      containers:
+      - name: vaultwarden
+        image: vaultwarden
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            configMapKeyRef:
+              key: database-url
+              name: vaultwarden
+        - name: ADMIN_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: admin-token
+              name: vaultwarden
+        - name: DOMAIN
+          valueFrom:
+            configMapKeyRef:
+              key: domain
+              name: vaultwarden
+        - name: PASSWORD_HINTS_ALLOWED
+          valueFrom:
+            configMapKeyRef:
+              key: password-hints-allowed
+              name: vaultwarden
+        - name: SIGNUPS_ALLOWED
+          valueFrom:
+            configMapKeyRef:
+              key: signups-allowed
+              name: vaultwarden
+        - name: WEBSOCKET_ENABLED
+          valueFrom:
+            configMapKeyRef:
+              key: websocket-enabled
+              name: vaultwarden
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+          requests:
+            memory: "32Mi"
+            cpu: "100m"
+        ports:
+        - containerPort: 80
+          name: http
+        - containerPort: 3012
+          name: ws
+        volumeMounts:
+          - mountPath: /data
+            name: data

vaultwarden/ingress.yaml

@@ -0,0 +1,32 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  labels:
+    name: vaultwarden
+spec:
+  rules:
+  - host: pass.sense-t.eu.org
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/notifications/hub/negotiate"
+        backend:
+          service:
+            name: vaultwarden
+            port: 
+              number: 80
+      - pathType: Prefix
+        path: "/notifications/hub"
+        backend:
+          service:
+            name: vaultwarden
+            port:
+              number: 3012
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: vaultwarden
+            port: 
+              number: 80

vaultwarden/kustomization.yaml

@@ -0,0 +1,27 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - deployment.yaml
+  - pvc.yaml
+  - services.yaml
+  - ingress.yaml
+configMapGenerator:
+  - name: vaultwarden
+    files:
+      - config/database-url
+      - config/domain
+      - config/password-hints-allowed
+      - config/signups-allowed
+      - config/websocket-enabled
+secretGenerator:
+  - name: vaultwarden
+    files:
+      - config/admin-token
+images:
+  - name: vaultwarden
+    newName: vaultwarden/server
+    newTag: 1.28.1-alpine
+    

vaultwarden/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  volumeMode: Filesystem
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteOnce

vaultwarden/services.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden
+spec:
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+    - IPv4
+    - IPv6
+  selector:
+    app: vaultwarden
+  ports:
+  - port: 80
+    targetPort: http
+    name: http
+  - port: 3012
+    targetPort: ws
+    name: ws