apps/vaultwarden/resources/deployment.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vaultwarden
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: vaultwarden
      app.kubernetes.io/part-of: vaultwarden
  template:
    metadata:
      labels:
        app.kubernetes.io/name: vaultwarden
        app.kubernetes.io/part-of: vaultwarden
    spec:
      containers:
      - name: vaultwarden
        image: vaultwarden
        envFrom:
          - secretRef:
              name: vaultwarden-api-config
        env:
          - name: DATABASE_URL
            valueFrom:
              secretKeyRef:
                name: vaultwarden-db-credentials-vaultwarden
                key: PQ_URL
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 8080
        volumeMounts:
          - name: data
            mountPath: /data
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
          capabilities:
            drop:
              - ALL
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              preference:
                matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - arm64
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: vaultwarden-data
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        runAsNonRoot: true
feat: deploy vaultwarden and s3-csi 2023-11-21 21:32:09 +00:00			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: vaultwarden`
			`spec:`
			`selector:`
			`matchLabels:`
			`app.kubernetes.io/name: vaultwarden`
			`app.kubernetes.io/part-of: vaultwarden`
			`template:`
			`metadata:`
			`labels:`
			`app.kubernetes.io/name: vaultwarden`
			`app.kubernetes.io/part-of: vaultwarden`
			`spec:`
			`containers:`
			`- name: vaultwarden`
			`image: vaultwarden`
			`envFrom:`
			`- secretRef:`
			`name: vaultwarden-api-config`
			`env:`
			`- name: DATABASE_URL`
			`valueFrom:`
			`secretKeyRef:`
refactor(vaultwarden): move to new DB 2024-08-15 12:32:06 +00:00			`name: vaultwarden-db-credentials-vaultwarden`
			`key: PQ_URL`
feat: deploy vaultwarden and s3-csi 2023-11-21 21:32:09 +00:00			`resources:`
			`limits:`
			`memory: "128Mi"`
			`cpu: "500m"`
			`ports:`
			`- containerPort: 8080`
			`volumeMounts:`
			`- name: data`
			`mountPath: /data`
feat(vaultwarden): configure security context 2024-05-07 15:43:21 +00:00			`securityContext:`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`capabilities:`
			`drop:`
			`- ALL`
feat: add linkwarden 2023-12-21 13:56:26 +00:00			`affinity:`
			`nodeAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 1`
			`preference:`
			`matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values:`
			`- arm64`
feat: deploy vaultwarden and s3-csi 2023-11-21 21:32:09 +00:00			`volumes:`
			`- name: data`
			`persistentVolumeClaim:`
			`claimName: vaultwarden-data`
feat(vaultwarden): configure security context 2024-05-07 15:43:21 +00:00			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`runAsNonRoot: true`