add bitwarden to infra

infra/bitwarden/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: bitwarden
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"

infra/bitwarden/templates/bitwarden-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bitwarden-pvc
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi

infra/bitwarden/templates/deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: bitwarden
+  name: bitwarden
+  labels:
+    app: bitwarden
+spec:
+  selector:
+    matchLabels:
+      app: bitwarden
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: bitwarden
+    spec:
+      containers:
+      - name: bitwarden
+        image: registry.durp.info/vaultwarden/server:1.32.7
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: bitwarden-pvc
+          mountPath: /data
+          subPath: bitwaren-data              
+        ports:
+        - name: http
+          containerPort: 80
+        env:
+          - name: SIGNUPS_ALLOWED
+            value: "FALSE"
+          - name: INVITATIONS_ALLOWED
+            value: "FALSE"                      
+          - name: WEBSOCKET_ENABLED
+            value: "TRUE"          
+          - name: ROCKET_ENV
+            value: "staging"              
+          - name: ROCKET_PORT
+            value: "80"            
+          - name: ROCKET_WORKERS
+            value: "10"
+          - name: SECRET_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: bitwarden-secret
+                key: ADMIN_TOKEN
+      volumes:
+      - name: bitwarden-pvc
+        persistentVolumeClaim:
+          claimName: bitwarden-pvc             

infra/bitwarden/templates/ingress.yaml

@@ -0,0 +1,42 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bitwarden-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: bitwarden
+      port: 80
+  tls:
+    secretName: bitwarden-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: bitwarden-tls
+spec:
+  secretName: bitwarden-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "bitwarden.durp.info"
+  dnsNames:
+  - "bitwarden.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: bitwarden-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

infra/bitwarden/templates/secrets.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: bitwarden-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: bitwarden-secret
+  data:
+  - secretKey: ADMIN_TOKEN
+    remoteRef:
+      key: kv/bitwarden
+      property: admin_token
+

infra/bitwarden/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+    protocol: TCP
+  selector:
+    app: bitwarden