feat: deploy Bitwarden vault to security namespace

2026-05-19 08:46:45 +00:00 · 2026-05-19 08:46:45 +00:00 · 2026-05-19 08:46:45 +00:00 · 2026-05-19 08:46:44 +00:00
4 changed files with 40 additions and 35 deletions
@@ -17,26 +17,26 @@ spec:
    spec:
      containers:
        - name: bitwarden
-          image: bitwarden/server:1.30.1
+          image: bitwarden/server:latest
          ports:
            - containerPort: 80
+              name: http
          env:
-            - name: WEBSOCKET_ENABLED
-              value: "true"
            - name: SIGNUPS_ALLOWED
+              value: "false"
+            - name: DATABASE_TYPE
+              value: sqlite
+            - name: DATABASE_FILE
+              value: /bitwarden/data/bitwarden.db
+            - name: WEB_VAULT_ENABLE
+              value: "true"
+            - name: API_ENABLED
+              value: "true"
+            - name: IDENTITY_ENABLED
              value: "true"
-            - name: ADMIN_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-secret
-                  key: admin-token
-            - name: DB_CERT_FORMAT
-              value: "pem"
-            - name: SIGNUP_ORIGINS
-              value: "https://bitwarden.khalisio.com"
          volumeMounts:
            - name: bitwarden-data
-              mountPath: /data
+              mountPath: /bitwarden/data
          resources:
            requests:
              cpu: 100m
@@ -1,21 +1,24 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
+apiVersion: networking.k8s.io/v1
+kind: Ingress
 metadata:
  name: bitwarden
  namespace: security
  annotations:
-    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`bitwarden.khalisio.com`)
-      kind: Rule
-      services:
-        - name: bitwarden
-          port: 80
+  ingressClassName: traefik
  tls:
+    - hosts:
+        - bitwarden.khalisio.com
      secretName: bitwarden-tls
-    options:
-      name: default
-      kind: ClusterEntrypoint
+  rules:
+    - host: bitwarden.khalisio.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: bitwarden
+                port:
+                  number: 80
@@ -3,9 +3,10 @@ kind: PersistentVolumeClaim
 metadata:
  name: bitwarden-data
  namespace: security
+  labels:
+    app: bitwarden
 spec:
-  accessModes:
-    - ReadWriteOnce
+  accessModes: [ReadWriteOnce]
  storageClassName: longhorn
  resources:
    requests:
@@ -6,10 +6,11 @@ metadata:
  labels:
    app: bitwarden
 spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
  selector:
    app: bitwarden
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
+  type: ClusterIP
Author	SHA1	Message	Date
gitea-admin	163823b6b4	feat: deploy Bitwarden vault to security namespace Validate Manifests / validate (pull_request) Has been cancelled Details	2026-05-19 08:46:45 +00:00
gitea-admin	c2a7260e18	feat: deploy Bitwarden vault to security namespace	2026-05-19 08:46:45 +00:00
gitea-admin	80b021426a	feat: deploy Bitwarden vault to security namespace	2026-05-19 08:46:45 +00:00
gitea-admin	d994cb4134	feat: deploy Bitwarden vault to security namespace	2026-05-19 08:46:44 +00:00