diff --git a/infra/bitwarden/Chart.yaml b/infra/bitwarden/Chart.yaml new file mode 100644 index 0000000..cfdd821 --- /dev/null +++ b/infra/bitwarden/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: bitwarden +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" diff --git a/infra/bitwarden/templates/bitwarden-pvc.yaml b/infra/bitwarden/templates/bitwarden-pvc.yaml new file mode 100644 index 0000000..333af4d --- /dev/null +++ b/infra/bitwarden/templates/bitwarden-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitwarden-pvc +spec: + storageClassName: longhorn + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi diff --git a/infra/bitwarden/templates/deployment.yaml b/infra/bitwarden/templates/deployment.yaml new file mode 100644 index 0000000..f787ba1 --- /dev/null +++ b/infra/bitwarden/templates/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: bitwarden + name: bitwarden + labels: + app: bitwarden +spec: + selector: + matchLabels: + app: bitwarden + replicas: 1 + template: + metadata: + labels: + app: bitwarden + spec: + containers: + - name: bitwarden + image: registry.durp.info/vaultwarden/server:1.32.7 + imagePullPolicy: Always + volumeMounts: + - name: bitwarden-pvc + mountPath: /data + subPath: bitwaren-data + ports: + - name: http + containerPort: 80 + env: + - name: SIGNUPS_ALLOWED + value: "FALSE" + - name: INVITATIONS_ALLOWED + value: "FALSE" + - name: WEBSOCKET_ENABLED + value: "TRUE" + - name: ROCKET_ENV + value: "staging" + - name: ROCKET_PORT + value: "80" + - name: ROCKET_WORKERS + value: "10" + - name: SECRET_USERNAME + valueFrom: + secretKeyRef: + name: bitwarden-secret + key: ADMIN_TOKEN + volumes: + - name: bitwarden-pvc + persistentVolumeClaim: + claimName: bitwarden-pvc diff --git a/infra/bitwarden/templates/ingress.yaml b/infra/bitwarden/templates/ingress.yaml new file mode 100644 index 0000000..8a9a628 --- /dev/null +++ b/infra/bitwarden/templates/ingress.yaml @@ -0,0 +1,42 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: bitwarden-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`) + kind: Rule + services: + - name: bitwarden + port: 80 + tls: + secretName: bitwarden-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: bitwarden-tls +spec: + secretName: bitwarden-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "bitwarden.durp.info" + dnsNames: + - "bitwarden.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: bitwarden-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info +spec: + type: ExternalName + externalName: durp.info \ No newline at end of file diff --git a/infra/bitwarden/templates/secrets.yaml b/infra/bitwarden/templates/secrets.yaml new file mode 100644 index 0000000..a9c9829 --- /dev/null +++ b/infra/bitwarden/templates/secrets.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: bitwarden-secret +spec: + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: bitwarden-secret + data: + - secretKey: ADMIN_TOKEN + remoteRef: + key: kv/bitwarden + property: admin_token + diff --git a/infra/bitwarden/templates/service.yaml b/infra/bitwarden/templates/service.yaml new file mode 100644 index 0000000..df30857 --- /dev/null +++ b/infra/bitwarden/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitwarden +spec: + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + selector: + app: bitwarden \ No newline at end of file