Added Vaultwarden

k8s/apps/vaultwarden/app.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vaultwarden
+  namespace: argocd
+spec:
+  project: homelab
+  destination:
+    namespace: vaultwarden
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/apps/vaultwarden
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+

k8s/apps/vaultwarden/deployment.yaml

@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+  labels:
+    app: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      volumes:
+        - name: storage
+          hostPath:
+            path: /k8s/vaultwarden
+            type: Directory
+      containers:
+        - name: vaultwarden
+          image: 'vaultwarden/server:latest'
+          imagePullPolicy: Always
+          env:
+            - name: DOMAIN
+              value: https://vw.hexor.cy
+            - name: ORG_GROUPS_ENABLED
+              value: 'true'
+            - name: WEBSOCKET_ENABLED
+              value: 'true'
+            - name: ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: admin-token
+                  key: ADMIN_TOKEN
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          volumeMounts:
+            - name: storage
+              mountPath: /data
+

k8s/apps/vaultwarden/external-secrets.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: admin-token
+  namespace: vaultwarden
+spec:
+  target:
+    name: admin-token
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        ADMIN_TOKEN: |-
+          {{ .token }}
+  data:
+    - secretKey: token
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 0d7a022f-d821-4819-9935-841126c39150
+        property: fields[0].value

k8s/apps/vaultwarden/ingress.yaml

@@ -0,0 +1,39 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden-tls-ingress
+  namespace: vaultwarden
+  annotations:
+    ingressClassName: traefik
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  rules:
+    - host: vw.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vaultwarden
+                port:
+                  number: 80
+    - host: vw.hexor.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vaultwarden
+                port:
+                  number: 80
+  tls:
+    - secretName: vaultwarden-tls
+      hosts:
+        - vw.hexor.cy
+        - vw.hexor.ru
+

k8s/apps/vaultwarden/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app.yaml
+  - external-secrets.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml

k8s/apps/vaultwarden/service.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  selector:
+    app: vaultwarden
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80