apiVersion: apps/v1 kind: StatefulSet metadata: name: vaultwarden spec: selector: matchLabels: app: vaultwarden serviceName: vaultwarden replicas: 1 template: metadata: labels: app: vaultwarden spec: volumes: - name: litestream configMap: name: vaultwarden-litestream - name: config configMap: name: vaultwarden initContainers: - name: init-litestream image: litestream/litestream:sha-749bc0d args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/data/db.sqlite3'] volumeMounts: - name: data mountPath: /data - name: litestream mountPath: /etc/litestream.yml subPath: vaultwarden.yml envFrom: - secretRef: name: vaultwarden-litestream-s3 containers: - name: vaultwarden image: docker.io/vaultwarden/server resources: limits: memory: "128Mi" cpu: "500m" requests: memory: "64Mi" cpu: "100m" ports: - containerPort: 80 name: web volumeMounts: - name: data mountPath: /data - name: config mountPath: /data/config.json subPath: vaultwarden.json - name: litestream image: litestream/litestream:sha-749bc0d args: ['replicate'] volumeMounts: - name: data mountPath: /data - name: litestream mountPath: /etc/litestream.yml subPath: vaultwarden.yml envFrom: - secretRef: name: vaultwarden-litestream-s3 ports: - name: metrics containerPort: 9090 resources: limits: memory: "128Mi" cpu: "300m" requests: memory: "64Mi" cpu: "100m" volumeClaimTemplates: - metadata: name: data spec: storageClassName: nfs-client accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi --- apiVersion: v1 kind: Service metadata: name: vaultwarden spec: selector: app: vaultwarden ports: - port: 80 targetPort: 80