add next round

apps/bitwarden/bitwarden-deployment.yaml

@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: bitwarden
+  name: bitwarden-deployment
+  namespace: default
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: bitwarden
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: bitwarden
+    spec:
+      containers:
+      - env:
+        - name: SIGNUPS_ALLOWED
+          value: "false"
+        - name: INVITATIONS_ALLOWED
+          value: "true"
+        - name: ADMIN_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: admin_token
+              name: bitwarden
+        image: vaultwarden/server:latest
+        imagePullPolicy: IfNotPresent
+        name: bitwarden
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        - containerPort: 3012
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /data
+          name: bitwarden-data
+        - mountPath: /persistentvolumes
+          name: nfs-client-root
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext:
+        fsGroup: 0
+        runAsGroup: 0
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: bitwarden-data
+        persistentVolumeClaim:
+          claimName: bitwarden
+      - name: nfs-client-root
+        nfs:
+          path: /volume1/k8s
+          server: 192.168.1.176

apps/bitwarden/bitwarden-ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    acme.cert-manager.io/http01-edit-in-place: "true"
+    cert-manager.io/issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: nginx
+  name: bitwarden-ingress
+  namespace: default
+spec:
+  rules:
+  - host: bitwarden.lilpenguins.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: bitwarden-service
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - bitwarden.lilpenguins.com
+    secretName: bitwarden-tls-prod

apps/bitwarden/bitwarden-secrets.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  admin_token: VkxCMGRmSUdwMGp4QzE0YzA2QUdvTmI0c1VURmFRU3FCYjF6OW83WXZqbnJTYldyRFVqbE1rOGs2QmVOVElYaw==
+kind: Secret
+metadata:
+  name: bitwarden
+  namespace: default
+type: Opaque

apps/bitwarden/bitwarden-service.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden-service
+spec:
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 80
+    - name: notification
+      port: 3012
+      protocol: TCP
+      targetPort: 3012
+  selector:
+    app: bitwarden

apps/bitwarden/bitwarden-storage.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bitwarden
+  namespace: default
+spec:
+  storageClassName: synology-iscsi-storage-custom
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi