--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app vaultwarden spec: interval: 1h chartRef: kind: OCIRepository name: app-template install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: strategy: rollback retries: 3 values: controllers: vaultwarden: annotations: reloader.stakater.com/auto: "true" secret.reloader.stakater.com/reload: vaultwarden-db-secret containers: app: image: repository: vaultwarden/server tag: 1.34.1@sha256:48267ea14d8649b2e553a5fe290c40b5dd94d54e9a24b26ae7134a75a659695f env: DATA_FOLDER: data ICON_CACHE_FOLDER: data/icon_cache ATTACHMENTS_FOLDER: data/attachments DOMAIN: "https://vaultwarden.${SECRET_EXTERNAL_DOMAIN}" TZ: "${TIMEZONE}" SIGNUPS_ALLOWED: "false" WEBSOCKET_ENABLED: "true" WEBSOCKET_ADDRESS: 0.0.0.0 WEBSOCKET_PORT: 3012 SMTP_HOST: smtp-relay.default.svc.cluster.local. SMTP_FROM: vaultwarden@${SECRET_DOMAIN} SMTP_FROM_NAME: vaultwarden SMTP_PORT: 2525 SMTP_SECURITY: "off" envFrom: - secretRef: name: vaultwarden-secret - secretRef: name: vaultwarden-db-secret resources: requests: cpu: 100m memory: 100Mi limits: memory: 2Gi service: app: controller: *app ports: http: port: &port 80 ingress: app: enabled: true className: external annotations: gethomepage.dev/enabled: "true" gethomepage.dev/name: Vaultwarden gethomepage.dev/description: Open-source password manager compatible with Bitwarden clients. gethomepage.dev/group: Applications gethomepage.dev/icon: vaultwarden.png gethomepage.dev/pod-selector: >- app in ( vaultwarden ) hosts: - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: identifier: app port: *port tls: - hosts: - *host persistence: config: enabled: true existingClaim: *app globalMounts: - path: /data