feat(deployment): Add k3s manifests for argocd

This commit is contained in:
Tanguy Herbron 2023-03-19 19:16:42 +01:00
parent 0de24867a8
commit 20e10c255e
7 changed files with 116 additions and 1 deletions

View File

@ -1,4 +1,4 @@
# Torrent stack # Bitwarden server (Vaultwarden)
## Usage ## Usage
Self-hosted password manager, giving individual the insurance that data is not used by unkown entity, with the drawback of having to take care of the security yourself. Self-hosted password manager, giving individual the insurance that data is not used by unkown entity, with the drawback of having to take care of the security yourself.

30
manifests/database.yaml Normal file
View File

@ -0,0 +1,30 @@
kind: "postgresql"
apiVersion: "acid.zalan.do/v1"
metadata:
name: "vaultwarden"
namespace: "vaultwarden"
labels:
team: acid
spec:
teamId: "acid"
postgresql:
version: "15"
numberOfInstances: 1
volume:
size: "1Gi"
storageClass: "flat-storage-class"
users:
vaultwarden: []
databases:
vaultwarden: vaultwarden
allowedSourceRanges:
# IP ranges to access your cluster go here
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi

36
manifests/deployment.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
hostname: vaultwarden
subdomain: vaultwarden
containers:
- name: vaultwarden
image: vaultwarden/server
ports:
- containerPort: 80
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: vaultwarden.vaultwarden.credentials.postgresql.acid.zalan.do
key: password
- name: SIGNUPS_ALLOWED
value: "true"
- name: DATABASE_URL
value: "postgresql://vaultwarden:$(DB_PASSWORD)@vaultwarden.vaultwarden.svc.cluster.local:5432/vaultwarden"
volumes:
- name: vaultwarden-pv
hostPath:
path: "/mnt/vaultwarden"

23
manifests/ingress.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden-ingress
namespace: vaultwarden
annotations:
kubernetes.io/ingress.class: "traefik"
spec:
tls:
- secretName: vaultwarden-beta-tls
hosts:
- bitwarden.beta.halia.dev
rules:
- host: bitwarden.beta.halia.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden-svc
port:
number: 80

View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- database.yaml
- service.yaml
- ingress.yaml
- deployment.yaml

4
manifests/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden

13
manifests/service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden-svc
namespace: vaultwarden
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: vaultwarden