From b03242120ed8cf11ebb08c67cb5cfef22e967112 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:48:13 +0000 Subject: [PATCH 1/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/pvc.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 deployments/bitwarden/pvc.yaml diff --git a/deployments/bitwarden/pvc.yaml b/deployments/bitwarden/pvc.yaml new file mode 100644 index 0000000..a95af8b --- /dev/null +++ b/deployments/bitwarden/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitwarden-data + namespace: security +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi -- 2.52.0 From 808f2aff062890ecc69ccae030e92b5f36b94928 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:48:13 +0000 Subject: [PATCH 2/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/deployment.yaml | 50 +++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 deployments/bitwarden/deployment.yaml diff --git a/deployments/bitwarden/deployment.yaml b/deployments/bitwarden/deployment.yaml new file mode 100644 index 0000000..3931fe2 --- /dev/null +++ b/deployments/bitwarden/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bitwarden + namespace: security + labels: + app: bitwarden +spec: + replicas: 1 + selector: + matchLabels: + app: bitwarden + template: + metadata: + labels: + app: bitwarden + spec: + containers: + - name: bitwarden + image: bitwarden/server:1.30.1 + ports: + - containerPort: 80 + env: + - name: WEBSOCKET_ENABLED + value: "true" + - name: SIGNUPS_ALLOWED + value: "true" + - name: ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: bitwarden-secret + key: admin-token + - name: DB_CERT_FORMAT + value: "pem" + - name: SIGNUP_ORIGINS + value: "https://bitwarden.khalisio.com" + volumeMounts: + - name: bitwarden-data + mountPath: /data + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + - name: bitwarden-data + persistentVolumeClaim: + claimName: bitwarden-data -- 2.52.0 From 56141866cb988166cea45e218fbb9415a93a1f47 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:48:14 +0000 Subject: [PATCH 3/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/service.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 deployments/bitwarden/service.yaml diff --git a/deployments/bitwarden/service.yaml b/deployments/bitwarden/service.yaml new file mode 100644 index 0000000..7e07252 --- /dev/null +++ b/deployments/bitwarden/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitwarden + namespace: security + labels: + app: bitwarden +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + selector: + app: bitwarden -- 2.52.0 From e44858053c6aee30d37d00379cc5dbf888385148 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 19 May 2026 08:48:14 +0000 Subject: [PATCH 4/4] feat: deploy Bitwarden vault to security namespace --- deployments/bitwarden/ingress.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 deployments/bitwarden/ingress.yaml diff --git a/deployments/bitwarden/ingress.yaml b/deployments/bitwarden/ingress.yaml new file mode 100644 index 0000000..1976d66 --- /dev/null +++ b/deployments/bitwarden/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: bitwarden + namespace: security + annotations: + kubernetes.io/ingress.class: traefik +spec: + entryPoints: + - websecure + routes: + - match: Host(`bitwarden.khalisio.com`) + kind: Rule + services: + - name: bitwarden + port: 80 + tls: + secretName: bitwarden-tls + options: + name: default + kind: ClusterEntrypoint -- 2.52.0