# services/vaultwarden/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: vaultwarden namespace: vaultwarden spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 maxUnavailable: 1 selector: matchLabels: app: vaultwarden template: metadata: labels: app: vaultwarden spec: serviceAccountName: vaultwarden-vault containers: - name: vaultwarden image: vaultwarden/server:1.33.2 command: ["/bin/sh", "-c"] args: - >- . /vault/scripts/vaultwarden_vault_env.sh && exec /start.sh env: - name: SIGNUPS_ALLOWED value: "false" - name: INVITATIONS_ALLOWED value: "true" - name: DOMAIN value: "https://vault.bstein.dev" - name: SMTP_HOST value: "mailu-front.mailu-mailserver.svc.cluster.local" - name: SMTP_PORT value: "25" - name: SMTP_SECURITY value: "starttls" - name: SMTP_ACCEPT_INVALID_HOSTNAMES value: "true" - name: SMTP_ACCEPT_INVALID_CERTS value: "true" - name: SMTP_FROM value: "postmaster@bstein.dev" - name: SMTP_FROM_NAME value: "Atlas Vaultwarden" ports: - name: http containerPort: 80 protocol: TCP volumeMounts: - name: vaultwarden-data mountPath: /data - name: vault-secrets mountPath: /vault/secrets readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true volumes: - name: vaultwarden-data persistentVolumeClaim: claimName: vaultwarden-data - name: vault-secrets csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: vaultwarden-vault - name: vault-scripts configMap: name: vaultwarden-vault-env defaultMode: 0555