vaultwarden

2025-12-14 19:52:17 +01:00 · 2025-12-14 19:52:17 +01:00 · 6f5d415cc4
commit 6f5d415cc4
parent ba5da72631
4 changed files with 67 additions and 4 deletions
--- a/apps/vaultwarden/deployment.yaml
+++ b/apps/vaultwarden/deployment.yaml
@ -31,6 +31,22 @@ spec:
            - name: DATA_FOLDER
              value: /data

+            - name: SMTP_HOST
+              value: "smtp.gmail.com"
+            - name: SMTP_PORT
+              value: "587"
+            - name: SMTP_SECURITY
+              value: "starttls"
+            - name: SMTP_USERNAME
+              value: "sebastiansrasppi@gmail.com"
+            - name: SMTP_FROM
+              value: "sebastiansrasppi@gmail.com"
+            - name: SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-smtp-secret
+                  key: SMTP_PASSWORD
+
            # Optional but recommended
            - name: WEBSOCKET_ENABLED
              value: "true"
--- a/apps/vaultwarden/secret.yaml
+++ b/apps/vaultwarden/secret.yaml
@ -6,3 +6,11 @@ metadata:
 type: Opaque
 stringData:
  ADMIN_TOKEN: "LDJMnr80lwRBDIbKBPiz1O7vTRkmupCAcMvAr+bR+L3E1Cz2UmrPgJAHWesi3i1M"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vaultwarden-smtp-secret
+type: Opaque
+stringData:
+  SMTP_PASSWORD: "oobylstuekxjdixd"
--- a/apps/vaultwarden/service.yaml
+++ b/apps/vaultwarden/service.yaml
@ -1,13 +1,14 @@
-
 apiVersion: v1
 kind: Service
 metadata:
  name: vaultwarden
+  namespace: default
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: vaultwarden
  ports:
-    - port: 80
+    - name: http
+      port: 80
      targetPort: 80
-      nodePort: 30084
+      protocol: TCP
--- a/apps/vaultwarden/vaultwarden-ingress.yaml
+++ b/apps/vaultwarden/vaultwarden-ingress.yaml
@ -0,0 +1,38 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  namespace: default
+  annotations:
+    # 1. Enable cert-manager to automatically get a TLS certificate
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+
+    # 2. NGINX annotations crucial for Vaultwarden/Bitwarden:
+    #    WebSockets (ws://) and WebSocket Secure (wss://) support.
+    nginx.ingress.kubernetes.io/websocket-services: "vaultwarden"
+    
+    # 3. Increase timeouts for long-lived WebSocket connections (optional, but recommended)
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+spec:
+  # Ensure this matches the ingress class name of your running NGINX controller
+  ingressClassName: nginx 
+  
+  # TLS configuration: Instruct NGINX to use the secret created by cert-manager
+  tls:
+    - hosts:
+        - vaultwarden.sebastians-co.de
+      secretName: vaultwarden-tls # cert-manager will create this secret
+  
+  # Routing rules
+  rules:
+    - host: vaultwarden.sebastians-co.de
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vaultwarden # Name of the Service above
+                port:
+                  number: 80 # The port the Service exposes (targetPort 80 to the pod)