Reset git history for making manifests public
This commit is contained in:
46
deprecated/vaultwarden/httproute.yaml
Normal file
46
deprecated/vaultwarden/httproute.yaml
Normal file
@@ -0,0 +1,46 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: vaultwarden-route
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: gateway-internal
|
||||
namespace: envoy-gateway
|
||||
sectionName: vaultwarden
|
||||
hostnames:
|
||||
- "vault.jsme.be"
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
filters:
|
||||
- type: RequestHeaderModifier
|
||||
requestHeaderModifier:
|
||||
set:
|
||||
- name: X-Forwarded-Host
|
||||
value: "vault.jsme.be"
|
||||
- name: X-Forwarded-Proto
|
||||
value: https
|
||||
- type: ResponseHeaderModifier
|
||||
responseHeaderModifier:
|
||||
set:
|
||||
- name: Strict-Transport-Security
|
||||
value: "max-age=31536000; includeSubDomains"
|
||||
- name: X-Content-Type-Options
|
||||
value: nosniff
|
||||
- name: X-Frame-Options
|
||||
value: SAMEORIGIN
|
||||
- name: Referrer-Policy
|
||||
value: strict-origin-when-cross-origin
|
||||
- name: Permissions-Policy
|
||||
value: "camera=(), microphone=(), geolocation=(), payment=()"
|
||||
backendRefs:
|
||||
- name: vaultwarden
|
||||
port: 80
|
||||
kind: Service
|
||||
group: ""
|
||||
weight: 1
|
||||
4
deprecated/vaultwarden/namespace.yaml
Normal file
4
deprecated/vaultwarden/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
12
deprecated/vaultwarden/pvc.yaml
Normal file
12
deprecated/vaultwarden/pvc.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: vaultwarden-data
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
120
deprecated/vaultwarden/statefulset.yaml
Normal file
120
deprecated/vaultwarden/statefulset.yaml
Normal file
@@ -0,0 +1,120 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
selector:
|
||||
app: vaultwarden
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
serviceName: vaultwarden
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vaultwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: vaultwarden
|
||||
spec:
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
image: vaultwarden/server:1.35.6-alpine
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
env:
|
||||
- name: DOMAIN
|
||||
value: "https://vault.jsme.be"
|
||||
- name: SIGNUPS_ALLOWED
|
||||
value: "false"
|
||||
- name: ADMIN_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: admin_token
|
||||
- name: SMTP_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: smtp_host
|
||||
- name: SMTP_FROM
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: smtp_from
|
||||
- name: SMTP_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: smtp_port
|
||||
- name: SSO_ENABLED
|
||||
value: "true"
|
||||
- name: SSO_AUTHORITY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: sso_authority
|
||||
- name: SSO_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: sso_client_id
|
||||
- name: SSO_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: sso_client_secret
|
||||
- name: SSO_SCOPES
|
||||
value: "email profile offline_access"
|
||||
- name: SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION
|
||||
value: "false"
|
||||
- name: SSO_CLIENT_CACHE_EXPIRATION
|
||||
value: "0"
|
||||
- name: SSO_ONLY
|
||||
value: "true"
|
||||
- name: SSO_SIGNUPS_MATCH_EMAIL
|
||||
value: "true"
|
||||
- name: SMTP_SECURITY
|
||||
value: "starttls"
|
||||
- name: SMTP_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: smtp_username
|
||||
- name: SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: vaultwarden-secrets
|
||||
key: smtp_password
|
||||
volumeMounts:
|
||||
- name: vaultwarden-data
|
||||
mountPath: /data
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /alive
|
||||
port: 80
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /alive
|
||||
port: 80
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
failureThreshold: 3
|
||||
volumes:
|
||||
- name: vaultwarden-data
|
||||
persistentVolumeClaim:
|
||||
claimName: vaultwarden-data
|
||||
Reference in New Issue
Block a user