apiVersion: apps/v1 kind: Deployment metadata: name: vaultwarden namespace: vaultwarden spec: replicas: 2 selector: matchLabels: app: vaultwarden template: metadata: labels: app: vaultwarden spec: volumes: - name: data-dir emptyDir: {} - name: rsa-key secret: secretName: vaultwarden-keys containers: - name: vaultwarden image: vaultwarden/server:testing imagePullPolicy: Always resources: limits: memory: "256Mi" requests: memory: "32Mi" envFrom: - secretRef: name: vaultwarden - secretRef: name: postgres-vaultwarden - configMapRef: name: vaultwarden env: - name: LOG_LEVEL value: debug - name: ROCKET_ADDRESS value: "::" - name: RSA_KEY_FILENAME value: /keys/rsa_key ports: - containerPort: 80 name: web livenessProbe: httpGet: path: /alive port: 80 failureThreshold: 1 initialDelaySeconds: 2 periodSeconds: 10 readinessProbe: httpGet: path: /alive port: 80 failureThreshold: 1 initialDelaySeconds: 2 periodSeconds: 10 volumeMounts: - name: rsa-key mountPath: /keys --- apiVersion: v1 kind: Service metadata: name: vaultwarden namespace: vaultwarden labels: app: vaultwarden spec: ipFamilyPolicy: PreferDualStack selector: app: vaultwarden ports: - port: 80 targetPort: 80 name: web --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: vaultwarden namespace: vaultwarden annotations: cert-manager.io/cluser-issuer: "le-issuer" spec: tls: - hosts: - pw.gmem.ca secretName: gmem-ca-wildcard rules: - host: pw.gmem.ca http: paths: - path: / pathType: Prefix backend: service: name: vaultwarden port: number: 80