From d994cb4134168b03fe9f49b01ba85ea25cc73e69 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:46:44 +0000 Subject: [PATCH 1/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/pvc.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 deployments/bitwarden/pvc.yaml diff --git a/deployments/bitwarden/pvc.yaml b/deployments/bitwarden/pvc.yaml new file mode 100644 index 0000000..3cd2a15 --- /dev/null +++ b/deployments/bitwarden/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitwarden-data + namespace: security + labels: + app: bitwarden +spec: + accessModes: [ReadWriteOnce] + storageClassName: longhorn + resources: + requests: + storage: 5Gi -- 2.52.0 From 80b021426a21ea0464063f9a03e43e55168a7928 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:46:45 +0000 Subject: [PATCH 2/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/deployment.yaml | 50 +++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 deployments/bitwarden/deployment.yaml diff --git a/deployments/bitwarden/deployment.yaml b/deployments/bitwarden/deployment.yaml new file mode 100644 index 0000000..23447db --- /dev/null +++ b/deployments/bitwarden/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bitwarden + namespace: security + labels: + app: bitwarden +spec: + replicas: 1 + selector: + matchLabels: + app: bitwarden + template: + metadata: + labels: + app: bitwarden + spec: + containers: + - name: bitwarden + image: bitwarden/server:latest + ports: + - containerPort: 80 + name: http + env: + - name: SIGNUPS_ALLOWED + value: "false" + - name: DATABASE_TYPE + value: sqlite + - name: DATABASE_FILE + value: /bitwarden/data/bitwarden.db + - name: WEB_VAULT_ENABLE + value: "true" + - name: API_ENABLED + value: "true" + - name: IDENTITY_ENABLED + value: "true" + volumeMounts: + - name: bitwarden-data + mountPath: /bitwarden/data + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + - name: bitwarden-data + persistentVolumeClaim: + claimName: bitwarden-data -- 2.52.0 From c2a7260e18b96f2c2e63aaca2dec87672e915ce8 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:46:45 +0000 Subject: [PATCH 3/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/service.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 deployments/bitwarden/service.yaml diff --git a/deployments/bitwarden/service.yaml b/deployments/bitwarden/service.yaml new file mode 100644 index 0000000..152af99 --- /dev/null +++ b/deployments/bitwarden/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitwarden + namespace: security + labels: + app: bitwarden +spec: + selector: + app: bitwarden + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + type: ClusterIP -- 2.52.0 From 163823b6b4c9621748e212ec11f11c2c230bf2fb Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:46:45 +0000 Subject: [PATCH 4/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/ingress.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 deployments/bitwarden/ingress.yaml diff --git a/deployments/bitwarden/ingress.yaml b/deployments/bitwarden/ingress.yaml new file mode 100644 index 0000000..dfa36e2 --- /dev/null +++ b/deployments/bitwarden/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bitwarden + namespace: security + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - bitwarden.khalisio.com + secretName: bitwarden-tls + rules: + - host: bitwarden.khalisio.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: bitwarden + port: + number: 80 -- 2.52.0