feat: migrate bitwardenrs helm chart to vaultwarden

2025-09-30 15:37:44 +02:00 · 2021-05-06 23:57:28 +02:00
parent 79481fb5d0
commit f1f5b27dd0
7 changed files with 77 additions and 64 deletions
--- a/cluster/apps/data/bitwardenrs/helm-release.yaml
+++ b/cluster/apps/data/bitwardenrs/helm-release.yaml
@@ -1,58 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: bitwardenrs
-  namespace: data
-spec:
-  interval: 5m
-  chart:
-    spec:
-      # renovate: registryUrl=https://k8s-at-home.com/charts/
-      chart: bitwardenrs
-      version: 2.1.10
-      sourceRef:
-        kind: HelmRepository
-        name: k8s-at-home-charts
-        namespace: flux-system
-      interval: 5m
-  values:
-    image:
-      repository: vaultwarden/server
-      tag: 1.21.0
-      pullPolicy: IfNotPresent
-    env:
-      SIGNUPS_ALLOWED: "false"
-      DOMAIN: "https://bitwarden.${SECRET_CLUSTER_DOMAIN}/"
-      DATABASE_URL: ${SECRET_BITWARDENRS_DB_URL}
-    bitwardenrs:
-      domain: ""
-      signupsAllowed: false
-      websockets:
-        enabled: false
-      admin:
-        enabled: true
-        disableAdminToken: false
-        existingSecret:
-          enabled: false
-          name: ""
-          tokenKey: ""
-    service:
-      port: 80
-      annotations:
-        prometheus.io/probe: "true"
-        prometheus.io/protocol: http
-    ingress:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: "nginx"
-      hosts:
-        - host: bitwarden.${SECRET_CLUSTER_DOMAIN}
-          paths:
-            - /
-      tls:
-        - hosts:
-            - "bitwarden.${SECRET_CLUSTER_DOMAIN}"
-    persistence:
-      enabled: true
-      existingClaim: bitwardenrs-config
--- a/cluster/apps/data/kustomization.yaml
+++ b/cluster/apps/data/kustomization.yaml
@@ -1,7 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - bitwardenrs
  - bookstack
  - forecastle
  - freshrss
@@ -14,6 +13,7 @@ resources:
  - resilio-sync
  - searx
  - sharry
+  - vaultwarden
  - vikunja
  - volumes
  - wallabag
--- a/cluster/apps/data/pgbackups/deployment.yaml
+++ b/cluster/apps/data/pgbackups/deployment.yaml
@@ -29,7 +29,7 @@ spec:
            - name: POSTGRES_HOST
              value: postgresql-kube.data.svc.cluster.local.
            - name: POSTGRES_DB
-              value: authelia,bitwarden,drone,freshrss,gitea,hass,healthchecks,joplin,lychee,postgres,recipes,sharry,vikunja,wallabag
+              value: authelia,drone,freshrss,gitea,hass,healthchecks,joplin,lychee,postgres,recipes,sharry,vaultwarden,vikunja,wallabag
            - name: POSTGRES_USER
              value: postgres
            - name: POSTGRES_PASSWORD
--- a/cluster/apps/data/vaultwarden/helm-release.yaml
+++ b/cluster/apps/data/vaultwarden/helm-release.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: vaultwarden
+  namespace: data
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://k8s-at-home.com/charts/
+      chart: vaultwarden
+      version: 1.0.0
+      sourceRef:
+        kind: HelmRepository
+        name: k8s-at-home-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    image:
+      repository: vaultwarden/server
+      tag: 1.21.0
+      pullPolicy: IfNotPresent
+    env:
+      DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}/"
+      ADMIN_TOKEN: ${SECRET_VAULTWARDEN_ADMIN_TOKEN}
+      DATABASE_URL: ${SECRET_VAULTWARDEN_DB_URL}
+      TZ: "Europe/Paris"
+      DATA_FOLDER: "data"
+      SIGNUPS_ALLOWED: "false"
+      WEBSOCKET_ENABLED: "true"
+      SMTP_HOST: smtp.fastmail.com
+      SMTP_FROM: vaultwarden@${SECRET_CLUSTER_DOMAIN_ROOT}
+      SMTP_FROM_NAME: vaultwarden
+      SMTP_PORT: 587
+      SMTP_SSL: "true"
+      SMTP_USERNAME: ${SECRET_SMTP_USERNAME}
+      SMTP_PASSWORD: ${SECRET_VAULTWARDEN_SMTP_PASSWORD}
+    service:
+      annotations:
+        prometheus.io/probe: "true"
+        prometheus.io/protocol: tcp
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: "nginx"
+      hosts:
+        - host: vaultwarden.${SECRET_CLUSTER_DOMAIN}
+          paths:
+            - path: /
+              pathType: Prefix
+            - path: /notifications/hub/negotiate
+              pathType: Prefix
+            - path: /notifications/hub
+              pathType: Prefix
+              servicePort: 3012
+        - host: bitwarden.${SECRET_CLUSTER_DOMAIN}
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - hosts:
+            - "vaultwarden.${SECRET_CLUSTER_DOMAIN}"
+            - "bitwarden.${SECRET_CLUSTER_DOMAIN}"
+    persistence:
+      config:
+        enabled: true
+        existingClaim: vaultwarden-data
--- a/cluster/apps/data/vaultwarden/kustomization.yaml
+++ b/cluster/apps/data/vaultwarden/kustomization.yaml
--- a/cluster/apps/data/vaultwarden/volume.yaml
+++ b/cluster/apps/data/vaultwarden/volume.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: bitwardenrs-config
+  name: vaultwarden-data
  namespace: data
  labels:
    kasten-io-snapshots: "enable"