Add Vaultwarden deployment

apps/hydra/vaultwarden/deployment.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: vaultwarden
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      containers:
+      - env:
+        - name: SIGNUPS_ALLOWED
+          value: "true"
+        image: quay.io/vaultwarden/server:1.36.0
+        name: vaultwarden
+        ports:
+        - containerPort: 80
+        resources: {}
+        volumeMounts:
+        - mountPath: /data
+          name: data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: vaultwarden-pvc
+status: {}

apps/hydra/vaultwarden/kustomization.yaml

@@ -4,6 +4,7 @@ metadata:
   name: vaultwarden
   namespace: vaultwarden
 resources:
+- deployment.yaml
 - namespace.yaml
 - pvc.yaml
 - service.yaml

pkg/vaultwarden/vaultwarden.go

@@ -4,6 +4,7 @@ import (
 	"danicos.dev/daniel/go-kube/pkg/kube"
 	"danicos.dev/daniel/go-kube/pkg/stack"
 	"danicos.dev/daniel/homelab/pkg/root"
+	apps "k8s.io/api/apps/v1"
 	core "k8s.io/api/core/v1"
 )
 
@@ -25,27 +26,35 @@ func Stack() stack.Stack {
 	kz := kube.NewKuztomizedStack(
 		meta,
 		map[string]any{
-			"namespace": Namespace,
+			"namespace":  Namespace,
-			"service":   srv,
+			"service":    srv,
-			"pvc":       pvc,
+			"pvc":        pvc,
-			// "deployment":       Deployment(),
+			"deployment": Deployment(),
 		},
 	)
 	return kz.Stack("vaultwarden")
 }
 
-/*
+func Deployment() apps.Deployment {
-services:
+	envMap := map[string]string{
-  vaultwarden:
+		// "DOMAIN": root.Vaultwarden.Public.URL,
-    image: vaultwarden/server:latest
+		"SIGNUPS_ALLOWED": "true",
-    container_name: vaultwarden
+	}
-    restart: always
+	dataVol := kube.NewVolumeFrom(kube.VolumeSourcePVC, "data", pvc.Name)
-    environment:
+	podSpec := core.PodSpec{
-      # DOMAIN: "https://vaultwarden.example.com"  # required when using a reverse proxy; your domain; vaultwarden needs to know it's https to work properly with attachments
+		Containers: []core.Container{{
-      SIGNUPS_ALLOWED: "true" # Deactivate this with "false" after you have created your account so that no strangers can register
+			Name:  root.Vaultwarden.Name,
-    volumes:
+			Image: root.Vaultwarden.Image,
-      - ./vw-data:/data # the path before the : can be changed
+			Ports: []core.ContainerPort{{ContainerPort: root.Vaultwarden.Port}},
-    ports:
+			Env:   kube.NewEnvVar(envMap),
-      - 11001:80 # you can replace the 11001 with your preferred port
+			VolumeMounts: []core.VolumeMount{{
-
+				Name:      dataVol.Name,
-*/
+				MountPath: "/data",
+			}},
+		}},
+		Volumes: []core.Volume{
+			dataVol,
+		},
+	}
+	return kube.NewDeployment(meta, podSpec)
+}