apiVersion: v1
kind: Namespace
metadata:
  labels:
    pod-security.kubernetes.io/warn: privileged
    pod-security.kubernetes.io/warn-version: latest
  name: vaultwarden
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vaultwarden
  namespace: vaultwarden
  labels:
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/instance: vaultwarden
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: vaultwarden
      app.kubernetes.io/instance: vaultwarden
  template:
    metadata:
      name: vaultwarden
      labels:
        app.kubernetes.io/name: vaultwarden
        app.kubernetes.io/instance: vaultwarden
    spec:
      volumes:
        - name: vaultwarden-pv-storage
          persistentVolumeClaim:
            claimName: vaultwarden-pv-claim
      containers:
        - name: vaultwarden
          image: vaultwarden/server:latest
          env:
            - name: ADMIN_TOKEN
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-admin
                  key: admin-token
            - name: WEBSOCKET_ENABLED
              value: "true"
          securityContext:
            privileged: false
          volumeMounts:
            - mountPath: "/data"
              name: vaultwarden-pv-storage
          resources:
            limits:
              cpu: 100m
              memory: 128Mi
            requests:
              cpu: 50m
              memory: 64Mi
          livenessProbe:
            httpGet:
              path: /index.html
              port: 80
              scheme: HTTP
            initialDelaySeconds: 60
            timeoutSeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 6
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: vaultwarden-pv-claim
  namespace: vaultwarden
  labels:
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/instance: vaultwarden  
spec:
#  storageClassName: nfs-client # Needs to be specified if no default class is set
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
  name: vaultwarden
  namespace: vaultwarden
  labels:
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/instance: vaultwarden
spec:
  selector:
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/instance: vaultwarden
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP
---
apiVersion: v1
kind: Secret
metadata:
  name: vaultwarden-admin
  namespace: vaultwarden
  labels:
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/instance: vaultwarden
type: Opaque
stringData:
  admin-token: 8v6cw+7E7nCUyc1ajyri1Bb2oL3rVK5aQv0CLv9HOBUKcAChU93GPhHuUTHnsZ9w