--- apiVersion: v1 kind: Namespace metadata: name: vaultwarden --- apiVersion: apps/v1 kind: Deployment metadata: name: vaultwarden namespace: vaultwarden spec: selector: matchLabels: app: vaultwarden replicas: 1 template: metadata: labels: app: vaultwarden spec: containers: - name: vaultwarden image: vaultwarden/server:1.28.1 ports: - containerPort: 80 name: http-web-svc - containerPort: 3012 name: http-sock-svc envFrom: - secretRef: name: vaultwarden-secret env: - name: WEBSOCKET_ENABLED value: "true" - name: SIGNUPS_ALLOWED value: "false" volumeMounts: - mountPath: "/data" name: data livenessProbe: httpGet: path: / port: 80 failureThreshold: 10 initialDelaySeconds: 30 periodSeconds: 10 volumes: - name: data persistentVolumeClaim: claimName: vaultwarden-pvc --- apiVersion: v1 kind: Service metadata: name: vaultwarden-service namespace: vaultwarden spec: selector: app: vaultwarden type: ClusterIP ports: - name: vaultwarden-web-port protocol: TCP port: 80 targetPort: http-web-svc - name: vaultwarden-sock-port protocol: TCP port: 3012 targetPort: http-sock-svc --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: vaultwarden namespace: vaultwarden spec: entryPoints: - websecure routes: - kind: Rule match: Host(`vaultwarden.jibby.org`) services: - kind: Service name: vaultwarden-service port: 80 - kind: Rule match: Host(`vaultwarden.jibby.org`) && Path(`/notifications/hub`) services: - kind: Service name: vaultwarden-service port: 3012