diff --git a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml index 04f881008..fb1e91010 100644 --- a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml +++ b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 sourceRef: kind: HelmRepository name: bjw-s @@ -27,35 +27,55 @@ spec: uninstall: keepHistory: false values: - initContainers: - 01-init-db: - image: ghcr.io/auricom/postgres-init:15.4 - imagePullPolicy: IfNotPresent - envFrom: &envFrom - - secretRef: - name: &secret vaultwarden-secret - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - repository: vaultwarden/server - tag: 1.29.2 - env: - DATA_FOLDER: "data" - ICON_CACHE_FOLDER: "data/icon_cache" - ATTACHMENTS_FOLDER: "data/attachments" - DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}" - TZ: "${TIMEZONE}" - SIGNUPS_ALLOWED: "false" - WEBSOCKET_ENABLED: "true" - WEBSOCKET_ADDRESS: 0.0.0.0 - WEBSOCKET_PORT: 3012 - SMTP_HOST: smtp-relay.default.svc.cluster.local. - SMTP_FROM: vaultwarden@${SECRET_DOMAIN} - SMTP_FROM_NAME: vaultwarden - SMTP_PORT: 2525 - SMTP_SECURITY: "off" - envFrom: *envFrom + controllers: + main: + type: statefulset + annotations: + reloader.stakater.com/auto: "true" + initContainers: + init-db: + image: + repository: ghcr.io/auricom/postgres-init + tag: 15.4@sha256:83e1abf06be5741bdfb8cb53fc03a1ade6e6b5ec7b92a8aac0c69ba5dc7e51f0 + pullPolicy: IfNotPresent + envFrom: &envFrom + - secretRef: + name: vaultwarden-secret + containers: + main: + image: + repository: vaultwarden/server + tag: 1.29.2 + env: + DATA_FOLDER: "data" + ICON_CACHE_FOLDER: "data/icon_cache" + ATTACHMENTS_FOLDER: "data/attachments" + DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}" + TZ: "${TIMEZONE}" + SIGNUPS_ALLOWED: "false" + WEBSOCKET_ENABLED: "true" + WEBSOCKET_ADDRESS: 0.0.0.0 + WEBSOCKET_PORT: 3012 + SMTP_HOST: smtp-relay.default.svc.cluster.local. + SMTP_FROM: vaultwarden@${SECRET_DOMAIN} + SMTP_FROM_NAME: vaultwarden + SMTP_PORT: 2525 + SMTP_SECURITY: "off" + envFrom: *envFrom + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 2Gi + statefulset: + volumeClaimTemplates: + - name: config + accessMode: ReadWriteOnce + size: 10Gi + storageClass: rook-ceph-block + globalMounts: + - path: /data service: main: ports: @@ -64,39 +84,28 @@ spec: websocket: enabled: true port: &websocket-port 3012 - persistence: - data: - enabled: true - existingClaim: vaultwarden-data - mountPath: /data ingress: main: enabled: true - ingressClassName: "nginx" - annotations: + className: "nginx" + anotations: external-dns.home.arpa/enabled: "true" hajimari.io/icon: mdi:lock hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" paths: - path: / - pathType: Prefix service: + name: main port: *port - path: /notifications/hub/negotiate - pathType: Prefix service: + name: main port: *port - path: /notifications/hub - pathType: Prefix service: + name: main port: *websocket-port tls: - hosts: - *host - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - memory: 2Gi diff --git a/kubernetes/apps/default/vaultwarden/app/kustomization.yaml b/kubernetes/apps/default/vaultwarden/app/kustomization.yaml index 1ac8f8607..c254171ab 100644 --- a/kubernetes/apps/default/vaultwarden/app/kustomization.yaml +++ b/kubernetes/apps/default/vaultwarden/app/kustomization.yaml @@ -8,4 +8,3 @@ resources: - ./gatus.yaml - ./helmrelease.yaml - ./volsync.yaml - - ./volume.yaml diff --git a/kubernetes/apps/default/vaultwarden/app/volsync.yaml b/kubernetes/apps/default/vaultwarden/app/volsync.yaml index a38c82967..2d98e0914 100644 --- a/kubernetes/apps/default/vaultwarden/app/volsync.yaml +++ b/kubernetes/apps/default/vaultwarden/app/volsync.yaml @@ -3,19 +3,19 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: lychee-restic + name: vaultwarden-restic namespace: default spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: - name: lychee-restic-secret + name: vaultwarden-restic-secret creationPolicy: Owner template: engineVersion: v2 data: - RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/lychee' + RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/vaultwarden' RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' @@ -27,16 +27,16 @@ spec: apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: - name: lychee + name: vaultwarden namespace: default spec: - sourcePVC: lychee-files + sourcePVC: config-vaultwarden-0 trigger: schedule: "0 7 * * *" restic: copyMethod: Snapshot pruneIntervalDays: 7 - repository: lychee-restic-secret + repository: vaultwarden-restic-secret cacheCapacity: 20Gi volumeSnapshotClassName: csi-ceph-blockpool storageClassName: rook-ceph-block diff --git a/kubernetes/apps/default/vaultwarden/app/volume.yaml b/kubernetes/apps/default/vaultwarden/app/volume.yaml deleted file mode 100644 index 6ce9c3045..000000000 --- a/kubernetes/apps/default/vaultwarden/app/volume.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: vaultwarden-data - namespace: default - labels: - app.kubernetes.io/name: &name vaultwarden - app.kubernetes.io/instance: *name - snapshot.home.arpa/enabled: "true" -spec: - accessModes: - - ReadWriteOnce - storageClassName: rook-ceph-block - resources: - requests: - storage: 1Gi