# services/vaultwarden/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: vaultwarden namespace: vaultwarden spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 maxUnavailable: 1 selector: matchLabels: app: vaultwarden template: metadata: labels: app: vaultwarden annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "vaultwarden" vault.hashicorp.com/agent-inject-secret-vaultwarden-env.sh: "kv/data/atlas/vaultwarden/vaultwarden-db-url" vault.hashicorp.com/agent-inject-template-vaultwarden-env.sh: | {{ with secret "kv/data/atlas/vaultwarden/vaultwarden-db-url" }} export DATABASE_URL="{{ .Data.data.DATABASE_URL }}" {{ end }} {{ with secret "kv/data/atlas/vaultwarden/vaultwarden-admin" }} export ADMIN_TOKEN="{{ .Data.data.ADMIN_TOKEN }}" {{ end }} {{ with secret "kv/data/atlas/shared/postmark-relay" }} export SMTP_USERNAME="{{ index .Data.data "relay-username" }}" export SMTP_PASSWORD="{{ index .Data.data "relay-password" }}" {{ end }} spec: serviceAccountName: vaultwarden-vault containers: - name: vaultwarden image: vaultwarden/server:1.33.2 command: ["/bin/sh", "-c"] args: - >- . /vault/secrets/vaultwarden-env.sh && exec /start.sh env: - name: SIGNUPS_ALLOWED value: "false" - name: INVITATIONS_ALLOWED value: "true" - name: DOMAIN value: "https://vault.bstein.dev" - name: SMTP_HOST value: "smtp.postmarkapp.com" - name: SMTP_PORT value: "587" - name: SMTP_SECURITY value: "starttls" - name: SMTP_ACCEPT_INVALID_HOSTNAMES value: "false" - name: SMTP_ACCEPT_INVALID_CERTS value: "false" - name: SMTP_FROM value: "no-reply-vaultwarden@bstein.dev" - name: SMTP_FROM_NAME value: "Vaultwarden" ports: - name: http containerPort: 80 protocol: TCP volumeMounts: - name: vaultwarden-data mountPath: /data volumes: - name: vaultwarden-data persistentVolumeClaim: claimName: vaultwarden-data