giteaadmin/kube-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial git commit saving configs

Browse Source
This commit is contained in:
Adrien
2026-03-31 15:30:40 +00:00
commit 7770e9859c
64 changed files with 2866 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vaultwarden/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 15.5.29
digest: sha256:e02780f5fb6cf25d49477b43986ea907d96df3167f5a398a34eedad988c841e7
generated: "2025-12-21T17:14:41.412181861Z"

11
vaultwarden/Chart.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v2
name: vaultwarden
description: Vaultwarden with Bitnami PostgreSQL subchart
type: application
version: 0.1.0
appVersion: "1.32.0"
dependencies:
- name: postgresql
version: 15.5.29
repository: https://charts.bitnami.com/bitnami

BIN
vaultwarden/charts/postgresql-15.5.29.tgz Normal file
View File

Binary file not shown.

32
vaultwarden/notes.md Normal file
View File

@@ -0,0 +1,32 @@
# vaultwarden lite
https://vaultwarden.com/help/install-and-deploy
https://github.com/dani-garcia/vaultwarden/wiki/Using-the-PostgreSQL-Backend
```
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm dependency build
helm upgrade --install vaultwarden . -f values.yaml -n vaultwarden
helm delete vaultwarden -n vaultwarden
kubectl -n vaultwarden rollout restart deploy/vaultwarden
kubectl -n vaultwarden create secret generic vaultwarden-postgresql-auth \
--from-literal=postgres-password='pwdvaultwardenSqlStorage' \
--from-literal=password='pwdvaultwardenStorage'
kubectl -n vaultwarden create secret generic vaultwarden-db-url \
--from-literal=DATABASE_URL='postgresql://vaultwarden:pwdvaultwardenStorage@vaultwarden-postgresql:5432/vaultwarden'
kubectl -n vaultwarden create secret generic vaultwarden-smtp \
--from-literal=SMTP_HOST='ssl0.ovh.net' \
--from-literal=SMTP_PORT='587' \
--from-literal=SMTP_SECURITY='starttls' \
--from-literal=SMTP_USERNAME='admin@immich-ad.ovh' \
--from-literal=SMTP_PASSWORD=',3FV\]Knv_AqC' \
--from-literal=SMTP_FROM='admin@immich-ad.ovh'
kubectl -n vaultwarden get pods
```

22
vaultwarden/pv-vaultwarden.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-vaultwarden-data
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: vaultwarden-data
local:
path: /storage/vaultwarden
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- master

12
vaultwarden/pvc-vaultwarden.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-vaultwarden-data
namespace: vaultwarden
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: vaultwarden-data

30
vaultwarden/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,30 @@
{{- define "vaultwarden.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "vaultwarden.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" (include "vaultwarden.name" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "vaultwarden.labels" -}}
app.kubernetes.io/name: {{ include "vaultwarden.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | quote }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "vaultwarden.selectorLabels" -}}
app.kubernetes.io/name: {{ include "vaultwarden.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

38
vaultwarden/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "vaultwarden.fullname" . }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ include "vaultwarden.fullname" . }}
template:
metadata:
labels:
app: {{ include "vaultwarden.fullname" . }}
spec:
containers:
- name: vaultwarden
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
env:
- name: ADMIN_TOKEN
value: {{ .Values.vaultwarden.adminToken | quote }}
- name: SIGNUPS_ALLOWED
value: {{ .Values.vaultwarden.signupAllowed | quote }}
envFrom:
- secretRef:
name: vaultwarden-smtp # SMTP secret
- secretRef:
name: vaultwarden-db-url # Database URL secret
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ default (printf "%s-data" (include "vaultwarden.fullname" .)) .Values.persistence.existingClaim }}

55
vaultwarden/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "vaultwarden.fullname" . }}
labels:
{{- include "vaultwarden.labels" . | nindent 4 }}
{{- if .Values.ingress.annotations }}
annotations:
{{- toYaml .Values.ingress.annotations | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
- host: {{ .Values.vaultwarden.domain | quote }}
http:
paths:
- path: /
{{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
{{- end }}
backend:
service:
name: {{ include "vaultwarden.fullname" . }}
port:
number: {{ .Values.service.port }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ include "vaultwarden.fullname" . }}
port:
number: {{ .Values.service.port }}
{{- end }}
{{- end }}
{{- end }}

12
vaultwarden/templates/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "vaultwarden.fullname" . }}
spec:
type: {{ .Values.service.type }}
selector:
app: {{ include "vaultwarden.fullname" . }}
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: 80

65
vaultwarden/values.yaml Normal file
View File

@@ -0,0 +1,65 @@
image:
repository: docker.io/vaultwarden/server
tag: 1.35.3
pullPolicy: IfNotPresent
replicaCount: 1
service:
type: ClusterIP
port: 8080
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: vaultwarden.immich-ad.ovh
paths:
- path: /
pathType: Prefix
tls:
- secretName: vaultwarden-tls
hosts:
- vaultwarden.immich-ad.ovh
# Persist vaultwarden data (attachments, icon cache, etc.)
persistence:
enabled: true
existingClaim: pvc-vaultwarden-data
vaultwarden:
# REQUIRED for secure cookies, web vault, etc.
domain: "vaultwarden.immich-ad.ovh"
signupAllowed: false
adminToken: "x4FBfkK4f1wDCuXWQdX9"
# Database config
database:
name: vaultwarden
user: vaultwarden
# Bitnami PostgreSQL subchart values
postgresql:
enabled: true
image:
registry: docker.io
repository: bitnami/postgresql
tag: latest
auth:
username: vaultwarden
database: vaultwarden
# Upgrade-safe: point to an existing secret you create once
existingSecret: vaultwarden-postgresql-auth
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
primary:
persistence:
enabled: true
existingClaim: pvc-vaultwarden-data # bind to precreated PVC if you want