apiVersion: apps/v1
kind: Deployment
metadata:
  name: vaultwarden
  namespace: vaultwarden
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vaultwarden
  template:
    metadata:
      labels:
        app: vaultwarden
    spec:
      volumes:
        - name: data-dir
          emptyDir: {}
      containers:
        - name: vaultwarden
          image: vaultwarden/server:1.31.0
          resources:
            limits:
              memory: "128Mi"
              cpu: "500m"
            requests:
              memory: "64Mi"
              cpu: "100m"
          envFrom:
            - secretRef:
                name: vaultwarden
            - secretRef:
                name: postgres-vaultwarden
            - configMapRef:
                name: vaultwarden
          env:
            - name: LOG_LEVEL
              value: debug
            - name: ROCKET_ADDRESS
              value: "::"
          ports:
            - containerPort: 80
              name: web
          volumeMounts:
            - name: data-dir
              mountPath: /data
---
apiVersion: v1
kind: Service
metadata:
  name: vaultwarden
  namespace: vaultwarden
  labels:
    app: vaultwarden
spec:
  selector:
    app: vaultwarden
  ports:
  - port: 80
    targetPort: 80
    name: web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vaultwarden
  namespace: vaultwarden
  annotations:
    cert-manager.io/cluser-issuer: "le-issuer"
spec:
  tls:
  - hosts:
    - pw.gmem.ca
    secretName: gmem-ca-wildcard
  rules:
    - host: pw.gmem.ca
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name:  vaultwarden
                port:
                  number: 80