feat: deploy Bitwarden vault to security namespace

2026-05-19 08:46:45 +00:00 · 2026-05-19 08:46:45 +00:00 · 2026-05-19 08:46:45 +00:00 · 2026-05-19 08:46:44 +00:00
4 changed files with 40 additions and 35 deletions
@@ -17,26 +17,26 @@ spec:
    spec:
      containers:
        - name: bitwarden
-          image: bitwarden/server:1.30.1
+          image: bitwarden/server:latest
          ports:
            - containerPort: 80
              name: http
          env:
            - name: WEBSOCKET_ENABLED
              value: "true"
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: DATABASE_TYPE
              value: sqlite
            - name: DATABASE_FILE
              value: /bitwarden/data/bitwarden.db
            - name: WEB_VAULT_ENABLE
              value: "true"
            - name: API_ENABLED
              value: "true"
            - name: IDENTITY_ENABLED
              value: "true"
            - name: ADMIN_TOKEN
              valueFrom:
                secretKeyRef:
                  name: bitwarden-secret
                  key: admin-token
            - name: DB_CERT_FORMAT
              value: "pem"
            - name: SIGNUP_ORIGINS
              value: "https://bitwarden.khalisio.com"
          volumeMounts:
            - name: bitwarden-data
-              mountPath: /data
+              mountPath: /bitwarden/data
          resources:
            requests:
              cpu: 100m
@@ -1,21 +1,24 @@
-apiVersion: traefik.io/v1alpha1
+apiVersion: networking.k8s.io/v1
-kind: IngressRoute
+kind: Ingress
 metadata:
  name: bitwarden
  namespace: security
  annotations:
-    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
-  entryPoints:
+  ingressClassName: traefik
    - websecure
  routes:
    - match: Host(`bitwarden.khalisio.com`)
      kind: Rule
      services:
        - name: bitwarden
          port: 80
  tls:
-    secretName: bitwarden-tls
+    - hosts:
-    options:
+        - bitwarden.khalisio.com
-      name: default
+      secretName: bitwarden-tls
-      kind: ClusterEntrypoint
+  rules:
    - host: bitwarden.khalisio.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: bitwarden
                port:
                  number: 80
@@ -3,9 +3,10 @@ kind: PersistentVolumeClaim
 metadata:
  name: bitwarden-data
  namespace: security
  labels:
    app: bitwarden
 spec:
-  accessModes:
+  accessModes: [ReadWriteOnce]
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
@@ -6,10 +6,11 @@ metadata:
  labels:
    app: bitwarden
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: bitwarden
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
Author	SHA1	Message	Date
gitea-admin	163823b6b4	feat: deploy Bitwarden vault to security namespace Validate Manifests / validate (pull_request) Has been cancelled Details	2026-05-19 08:46:45 +00:00
gitea-admin	c2a7260e18	feat: deploy Bitwarden vault to security namespace	2026-05-19 08:46:45 +00:00
gitea-admin	80b021426a	feat: deploy Bitwarden vault to security namespace	2026-05-19 08:46:45 +00:00
gitea-admin	d994cb4134	feat: deploy Bitwarden vault to security namespace	2026-05-19 08:46:44 +00:00