83 lines
1.9 KiB
YAML
83 lines
1.9 KiB
YAML
# Vaultwarden — self-hosted Bitwarden-compatible password manager
|
|
# SQLite backend — data persisted in local-path PVC
|
|
# Unpinned — scheduler places freely
|
|
# NodePort 32377
|
|
# Signups disabled — use admin panel to invite users
|
|
#
|
|
# Deploy:
|
|
# kubectl create secret generic vaultwarden-secret \
|
|
# --namespace <ns> \
|
|
# --from-literal=admin-token='<token>'
|
|
# kubectl apply -f vaultwarden.yaml -n <ns>
|
|
#
|
|
# Generate admin token with: openssl rand -base64 48
|
|
# Admin panel: http://<any-node-mesh-ip>:32377/admin
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: vaultwarden-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: local-path
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: vaultwarden
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: vaultwarden
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: vaultwarden
|
|
spec:
|
|
containers:
|
|
- name: vaultwarden
|
|
image: vaultwarden/server:latest
|
|
env:
|
|
- name: SIGNUPS_ALLOWED
|
|
value: "false"
|
|
- name: INVITATIONS_ALLOWED
|
|
value: "true"
|
|
- name: SHOW_PASSWORD_HINT
|
|
value: "false"
|
|
- name: ROCKET_PORT
|
|
value: "8222"
|
|
- name: ADMIN_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: vaultwarden-secret
|
|
key: admin-token
|
|
ports:
|
|
- containerPort: 8222
|
|
volumeMounts:
|
|
- name: vaultwarden-data
|
|
mountPath: /data
|
|
volumes:
|
|
- name: vaultwarden-data
|
|
persistentVolumeClaim:
|
|
claimName: vaultwarden-pvc
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: vaultwarden
|
|
spec:
|
|
selector:
|
|
app: vaultwarden
|
|
ports:
|
|
- port: 8222
|
|
targetPort: 8222
|
|
nodePort: 32377
|
|
type: NodePort
|