From e0714cd4cd6350f06e2295817842bf209f81ac09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Groothuis?= Date: Thu, 23 Oct 2025 12:56:10 +0200 Subject: [PATCH] chore(bootstrap): Added vaultwarden to argocd --- clusters/artemis/apps/kustomization.yaml | 1 + .../artemis/apps/vaultwarden/app-project.yaml | 17 ++ .../artemis/apps/vaultwarden/application.yaml | 24 +++ .../apps/vaultwarden/kustomization.yaml | 7 + .../artemis/vaultwarden/kustomization.yaml | 8 + manifests/artemis/vaultwarden/values.yaml | 190 ++++++++++++++++++ 6 files changed, 247 insertions(+) create mode 100644 clusters/artemis/apps/vaultwarden/app-project.yaml create mode 100644 clusters/artemis/apps/vaultwarden/application.yaml create mode 100644 clusters/artemis/apps/vaultwarden/kustomization.yaml create mode 100644 manifests/artemis/vaultwarden/kustomization.yaml create mode 100644 manifests/artemis/vaultwarden/values.yaml diff --git a/clusters/artemis/apps/kustomization.yaml b/clusters/artemis/apps/kustomization.yaml index 07d2f7f..fceccc1 100644 --- a/clusters/artemis/apps/kustomization.yaml +++ b/clusters/artemis/apps/kustomization.yaml @@ -11,3 +11,4 @@ resources: - external-secrets - uptime-kuma - pocket-id + - vaultwarden diff --git a/clusters/artemis/apps/vaultwarden/app-project.yaml b/clusters/artemis/apps/vaultwarden/app-project.yaml new file mode 100644 index 0000000..5f21fc7 --- /dev/null +++ b/clusters/artemis/apps/vaultwarden/app-project.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: vaultwarden +spec: + description: Password manager + sourceRepos: + - '*' + sourceNamespaces: + - '*' + destinations: + - namespace: 'vaultwarden' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/clusters/artemis/apps/vaultwarden/application.yaml b/clusters/artemis/apps/vaultwarden/application.yaml new file mode 100644 index 0000000..749ef21 --- /dev/null +++ b/clusters/artemis/apps/vaultwarden/application.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + platform.dgse.cloud/cluster: artemis + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: vaultwarden + source: + repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git' + path: manifests/artemis/vaultwarden + targetRevision: HEAD + destination: + namespace: vaultwarden + name: in-cluster + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/clusters/artemis/apps/vaultwarden/kustomization.yaml b/clusters/artemis/apps/vaultwarden/kustomization.yaml new file mode 100644 index 0000000..f9b2a4b --- /dev/null +++ b/clusters/artemis/apps/vaultwarden/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app-project.yaml + - application.yaml diff --git a/manifests/artemis/vaultwarden/kustomization.yaml b/manifests/artemis/vaultwarden/kustomization.yaml new file mode 100644 index 0000000..4d3da76 --- /dev/null +++ b/manifests/artemis/vaultwarden/kustomization.yaml @@ -0,0 +1,8 @@ +--- +helmCharts: + - name: vaultwarden + repo: https://guerzon.github.io/vaultwarden/ + version: 0.31.8 + releaseName: vaultwarden + namespace: vaultwarden + valuesFile: values.yaml diff --git a/manifests/artemis/vaultwarden/values.yaml b/manifests/artemis/vaultwarden/values.yaml new file mode 100644 index 0000000..ef7924f --- /dev/null +++ b/manifests/artemis/vaultwarden/values.yaml @@ -0,0 +1,190 @@ +adminRateLimitMaxBurst: "3" +adminRateLimitSeconds: "300" +adminToken: + existingSecret: "" + existingSecretKey: "" + value: $argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk +affinity: {} +commonAnnotations: {} +commonLabels: {} +configMapAnnotations: {} +database: + connectionRetries: 15 + dbName: "" + existingSecret: "" + existingSecretKey: "" + host: "" + maxConnections: 10 + password: "" + port: "" + type: default + uriOverride: "" + username: "" +dnsConfig: {} +domain: https://vault.dgse.cloud +duo: + existingSecret: "" + hostname: "" + iKey: "" + sKey: + existingSecretKey: "" + value: "" +emailChangeAllowed: "true" +emergencyAccessAllowed: "true" +emergencyNotifReminderSched: 0 3 * * * * +emergencyRqstTimeoutSched: 0 7 * * * * +enableServiceLinks: true +eventCleanupSched: 0 10 0 * * * +eventsDayRetain: "" +experimentalClientFeatureFlags: null +extendedLogging: "true" +fullnameOverride: "" +hibpApiKey: "" +iconBlacklistNonGlobalIps: "true" +iconRedirectCode: "302" +iconService: internal +image: + extraSecrets: [] + extraVars: [] + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: vaultwarden/server + tag: 1.33.2-alpine +ingress: + additionalAnnotations: {} + additionalHostnames: [] + class: traefik + customHeadersConfigMap: {} + enabled: true + hostname: vault.dgse.cloud + labels: {} + nginxAllowList: "" + nginxIngressAnnotations: false + path: / + pathType: Prefix + tls: true + tlsSecret: vaultwarden-cert-secret +initContainers: [] +invitationExpirationHours: "120" +invitationOrgName: Vaultwarden +invitationsAllowed: true +ipHeader: X-Real-IP +livenessProbe: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 5 + path: /alive + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +logTimestampFormat: '%Y-%m-%d %H:%M:%S.%3f' +logging: + logFile: "" + logLevel: "" +nodeSelector: + node-role.kubernetes.io/worker: worker +orgAttachmentLimit: "" +orgCreationUsers: "" +orgEventsEnabled: "false" +orgGroupsEnabled: "false" +podAnnotations: {} +podDisruptionBudget: + enabled: false + maxUnavailable: null + minAvailable: 1 +podLabels: {} +podSecurityContext: {} +pushNotifications: + enabled: false + existingSecret: "" + identityUri: https://identity.bitwarden.com + installationId: + existingSecretKey: "" + value: "" + installationKey: + existingSecretKey: "" + value: "" + relayUri: https://push.bitwarden.com +readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 5 + path: /alive + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +replicas: 1 +requireDeviceEmail: "true" +resourceType: "" +resources: {} +rocket: + address: 0.0.0.0 + port: "8080" + workers: "10" +securityContext: {} +sendsAllowed: "true" +service: + annotations: {} + ipFamilyPolicy: SingleStack + labels: {} + sessionAffinity: "" + sessionAffinityConfig: {} + type: ClusterIP +serviceAccount: + create: true + name: vaultwarden-svc +showPassHint: "false" +sidecars: [] +signupDomains: "" +signupsAllowed: false +signupsVerify: "true" +smtp: + acceptInvalidCerts: "false" + acceptInvalidHostnames: "false" + authMechanism: Plain + debug: false + existingSecret: smtp-creds + from: vault@dgse.cloud + fromName: '[DGSE] Vault' + host: mail.dgse.cloud + password: + existingSecretKey: password + value: "" + port: 465 + security: force_tls + username: + existingSecretKey: username + value: "" +startupProbe: + enabled: false + failureThreshold: 10 + initialDelaySeconds: 5 + path: /alive + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +storage: + attachments: {} + data: + accessMode: ReadWriteOnce + class: "" + keepPvc: false + name: vaultwarden-data + path: /data + size: 15Gi + existingVolumeClaim: {} +strategy: {} +timeZone: "" +tolerations: [] +trashAutoDeleteDays: "" +userAttachmentLimit: "" +userSendLimit: "" +webVaultEnabled: "true" +yubico: + clientId: "" + existingSecret: "" + secretKey: + existingSecretKey: "" + value: "" + server: ""