Refactor Gitea,Guacamole,Vaultwarden
This commit is contained in:
4
services/Vaultwarden/_namespace-vaultwarden.yml
Normal file
4
services/Vaultwarden/_namespace-vaultwarden.yml
Normal file
@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: vaultwarden
|
52
services/Vaultwarden/deployment-vaultwarden.yaml
Normal file
52
services/Vaultwarden/deployment-vaultwarden.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
labels:
|
||||
app: vaultwarden
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vaultwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: vaultwarden
|
||||
spec:
|
||||
serviceAccountName: vaultwarden
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
# image: bv11-cr01.bessems.eu/proxy/vaultwarden/server
|
||||
image: vaultwarden/server
|
||||
env:
|
||||
- name: ENABLE_DB_WAL
|
||||
value: "false"
|
||||
- name: ROCKET_PORT
|
||||
value: "8080"
|
||||
- name: SIGNUPS_ALLOWED
|
||||
value: "false"
|
||||
- name: WEBSOCKET_ENABLED
|
||||
value: "true"
|
||||
- name: WEBSOCKET_PORT
|
||||
value: "3012"
|
||||
- name: LOG_LEVEL
|
||||
value: "debug"
|
||||
- name: EXTENDED_LOGGING
|
||||
value: "true"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: vaultwarden
|
||||
ports:
|
||||
- name: ui
|
||||
containerPort: 8080
|
||||
- name: websocket
|
||||
containerPort: 3012
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: flexvolsmb-vaultwarden-data
|
||||
volumes:
|
||||
- name: flexvolsmb-vaultwarden-data
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-vaultwarden-data
|
25
services/Vaultwarden/ingressroute-vaultwarden.yaml
Normal file
25
services/Vaultwarden/ingressroute-vaultwarden.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`vault.spamasaurus.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: vaultwarden
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
- match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: vaultwarden
|
||||
port: 3012
|
||||
# middlewares:
|
||||
# - name: security-headers@file
|
||||
# - name: compression@file
|
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-vaultwarden-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-vaultwarden-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/vaultwarden/data
|
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-vaultwarden-data
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-vaultwarden-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAFSxyvsZICWKYR0ZY7tNH17VP2XPrOIA//MldFVwm4f7npDiclcO/buJE8k/S4iWx5VA9mPXwboZOzUJOakL/6G5rhQ0VxpkaQXDHOqv5412NA0j9lc+ZvB3WD32AvujNUOXgPj4PenmUKe1SX4LT8p3QXbC/3Cpl9YmgsB7c7T3TNg9NGtztbPibwHPUn/wc9wcGbyZQVN7JUd0U9eayifucGxdzjVQtNx9khHerCHDdEJ9AzM4YDPAUwLrkML3KaKO4Kr7XhNRDYV1eGNWBTFbM1O/kISJmt2TBXDe+cQjcygznmybcs8lhX3nHSjJ27SzheBtnD26SwcZ5UqihExK6m1qvl62ePwtztUlHFJeCSTfwWZHigVFwi7TIw6xaXvdDX6Th4/KN403hh0EkxHvlvcHOLsI3eu8predUf3ZyqpZex6fB+c9CBrCRMQzoMXeSBntC+59NxfH7tDLthAS+nHMrBEJDvpckPFd/SZe2xA6nBZngaA0NZewWwBgMVhyjp9/zvHyLwfItb0IgVIN7sfK58BKDT40JdbdwwpvB1xdZ8IktAoUpMc+pSI+ZrVtQwrPYR6g09QzMV6qqTfz/V34zkScaK/E5vLr4hhUv2gjJeqWKc+xg7vrLg3z6K2Ssys21o+UyzOlm3tPl+LPTMFor1B8QrPLX/hFQX2kzG7wblWt1PHA7PoYLby/VEXRiOeDv3Aq30+TyF8RaH
|
||||
username: AgAErKLnO4ikMdR2PSkFdBIFY3deVh1dcpe6+bbOoXCSfqThLnXlszT5xyfgicwYH21MkTjaGovX63CPNva7SgN430nJHZ6v0TbSRwABVFvyXQJxFGTKe+9Bv6+FF76de/qZyhdgXFkX9Wseh1YdEhKmzopUYLtFjArYOGkGE8antUDs448OALwT73ZoRUFnUVfDxdAinKwdzcGQFr6zbK7LeflhX6buCC/+arJxoG3lDDjiuz00bliZf6+Fa5N0JohaUrWp2vOU25IHnVD7GawLWP6Eihb7GbM4BK9/h4oLcyUr9mD5DP/NsNeDe023mbrsog0vcyAG+y1oxYmknB5JKhTbdkwOEubmoQFLvF8qqARsZSg22twWTHayGZrK9Egj1N+kkQyiHLFJCCAu5YDzBLfBRgH1GIQNVFiFi1BDHS/3X+LJpSW5RhHhN7StfDUL81ej9heFbpvwVo8FwcT1Z0sSJ6OIEgIKmg0XVy7NCFdsiUkIwA1dndbHBFtlmrmUaTxnxKS7H73RI1v9OO7FLtX3RYgiKflR+rmggn2M1vaIS+FrgAdowQyDToxlRV2uMpiPJAlaURb/0GnNjN/7UaLtyM42DSBbKs7TO+vQ0UI6WjsZoEGPhJb8pN9LdUpUS0g6QRSCxHTDykEy4b2bmVqlf44bbTDBl0HzbmQXPkHKympQb6otIUy5m61Iy0XNjrCDyJw=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: vaultwarden
|
||||
type: mount/smb
|
19
services/Vaultwarden/sealedsecret-vaultwarden.yaml
Normal file
19
services/Vaultwarden/sealedsecret-vaultwarden.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
encryptedData:
|
||||
ADMIN_TOKEN: AgCTXDX4Dan6UyXd8CK4VB5LG6ReeDOD8Pz/9DYMzaDsTOEw5CUXZ09TkNxB89f6yKHcrjpOA0YOSFs3pF532bw643pY5PrK3rVjRNNxTc9OlvHa/+iv/piiKCzowiq2Bv7tCVJ3UUPlaB3DgLTZxRfobqyryi8CE8ybMSGXkGA7X9hqYKbu2izFOLcQPFbUEqBkqQoh4Di94D6CO+aTuBo3irOypmOa3RG/ELk6DVYsRZG1FLBitI554pRfcxCnO2loQsSSKX5npC1PwpPJCjSgKS1UTC5zqMSLAyXG6RNtnP1zVDM55+Xc/TZ1i0luT5ED6KltigU4ugEuBN7wx/TICzWB9HI9eCaZ33KERMiOx1sn5W4PE3/3qOaLjUJDEW1wbW3j9whm1xMm1Mt5UqwVONUEwoEAg1TMkDGP/1+C230hZ8JNa31f2XfjTgmroApbK9mPEwa020EoqFzBNCznsEv0x3FYkcRhMZ5Cbefc4ZHNZzMpBcEEtoXtGBgRVHaHsi1ftq402w9LNqbBE87JLV55aSy6cyseZL56gqSlu7tRdCr0EDndHn7hE+yT1EwYudmfW1B4AaHSw+FcI5l6IeR1UNkNSKg5h0d+p2kEdXdO1w5mpa7XXiu8bob5xJPiz0siD/WjhjZbMXzdWs8D7y7gJlaCIx8NW7+wirEZEtef8Hd0Cd/GiZ8mU/ODAVENPir/mwlT/5a04TaFzKCrXgIrwSzagMw632C9olWUHfDZKsJMBkCDeR7LDwfIIos=
|
||||
YUBICO_CLIENT_ID: AgCTwkK6e5gMpl9yquaCDadFTlBa8LqWGOaadEqG8801+z66LiUptoPKxl7+j22Zg44w4kdcv/HAIEzjkVvOs+iC5PhGLO389GcpPaNvwuqxcKqraU2CSNbANByB+vFyy1zO1NgmE68PMC2/siZIF/NP58j6Ca6JJTzy9Pm+m2/YhqdlnBdlGopzpbIf9PSpNaZUQSowpySBtlWOVcVNxRgOCbkLxYnb3Ykq3+gYFcbSi3HWVAz3Kb4LbypqOV0Kt8kkf6Jy5kjQAIowuooVyUZI4ZKWpgGwvseJBfEqjhoNkaR6UduL6gnwfNcA8e09q+HsbnLOsLOVAFxrPRxcOOKy4UNi1q66K4bXIR+kN4auvKIzJIW4oJUzKqNpHZ5RPFaLrfEOQEL/H37hd4KpqRPHP3fPw/DKlXWLYlYpzR4tSab9csw9o/lkfN5sQQXPIIUuYdAURLlLI/kX2rnbkHx8HhjveeIW9qQx0bkcJN5lOUwyhCt4pXmNXUyVP1ydqRZ2SBtAbfxIZGdTEnFGEAk6H5cw6i7RCFfgfWp9MUbIWmmjwK4RQe3dVs000+6gTUVfYBOa755GMdR0ODxRcghfT8+e/NpXHbn1Dhuc5kcc1oRbGGOdu/F22b5j6tCdrbdLbUUsxugpzxidohVBRhrDfTETB1HkZM9LrlN5EXElfsEKhRTr0XP9O+rtkaraedOOj935Zg==
|
||||
YUBICO_SECRET_KEY: AgAsQmn/4Z9C/Edo6UEnTSdJ2X55vf+aPt7vzattekf48Xc9fXZ9uN7B/3rA1Dg9HhuBWVQc8SaN3sJqRP0c4tzl5zYUZqgf9ZXZ53ZkXRI2yqcud8bCyHsbvJKXerOHpkkTjLyZjuj6f5I5rBQr12PYejcqGir+wdV7fgzJ//ArTLXlevWsrpA5amzYjqk59rCsw6BxIkFev1vux7Xes1/ODB8Hr40bhq5h0eeIwmK/d8xI0LSn79qP6S1SnWWyMAJ49Lnp90kBPBDzSftjT47KHaZBuVq5gol7Fk0Pb1pI0XipSy5S+hKkAMDcRuUVMY42y64J5Zvc938NU0zwv7ITyl8J+FIeMknLqy30p5a6j0F6/O0a+zTw+uXZzg2a68YnSCgclAp4mCF1C+Q8rnTVGNETwefsbXQtLUvyqJJ0l893u+TcE0Wr5WJsOimfRU2r2KSg6H89/pulm6wNkerbl7xireJCMP+syxw7qntRueLtmUkZ7E9tJnKWCLjr6jxasm51RLZO3DUAPyMs2CB5G1iLCHvkwpU9MW+tf43DOQ+IX1MC893OQugeXW+tAKtqcF5oaIXVt56383CnalKUdCyddy67YQ7hpuA1L14varLRf3VhSpNtGdzZshhmbFx2Msd4gtwW+3xB9ODbKtiI3pHBA8NnlFJ8mTo6SI31VfBc7N/IGlu+yqOLy371culfG5QvXleQv4bD2namOSM8+84SlfewxQTxFWVV
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: vaultwarden
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
type: Opaque
|
15
services/Vaultwarden/service-vaultwarden.yaml
Normal file
15
services/Vaultwarden/service-vaultwarden.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: ui
|
||||
port: 8080
|
||||
- protocol: TCP
|
||||
name: websocket
|
||||
port: 3012
|
||||
selector:
|
||||
app: vaultwarden
|
7
services/Vaultwarden/serviceaccount-vaultwarden.yaml
Normal file
7
services/Vaultwarden/serviceaccount-vaultwarden.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
labels:
|
||||
app: vaultwarden
|
Reference in New Issue
Block a user