apiVersion: v1 kind: PersistentVolumeClaim metadata: name: vaultwarden labels: app.kubernetes.io/name: vaultwarden app.kubernetes.io/component: vaultwarden spec: accessModes: - ReadWriteOnce resources: requests: storage: 4Gi --- apiVersion: v1 kind: Service metadata: name: vaultwarden labels: &labels app.kubernetes.io/name: vaultwarden app.kubernetes.io/component: vaultwarden spec: selector: *labels ports: - port: 8080 targetPort: http name: http --- apiVersion: apps/v1 kind: StatefulSet metadata: name: vaultwarden labels: &labels app.kubernetes.io/name: vaultwarden app.kubernetes.io/component: vaultwarden spec: serviceName: vaultwarden selector: matchLabels: *labels template: metadata: labels: *labels spec: containers: - name: vaultwarden image: ghcr.io/dani-garcia/vaultwarden env: - name: ROCKET_PORT value: '8080' envFrom: - configMapRef: name: vaultwarden optional: true - secretRef: name: vaultwarden optional: true ports: - name: http containerPort: 8080 readinessProbe: &probe httpGet: port: http path: /alive failureThreshold: 1 periodSeconds: 60 timeoutSeconds: 5 startupProbe: <<: *probe failureThreshold: 60 initialDelaySeconds: 2 periodSeconds: 1 timeoutSeconds: 1 securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /data name: data subPath: data - mountPath: /tmp name: tmp subPath: tmp securityContext: runAsUser: 266 runAsGroup: 266 fsGroup: 266 fsGroupChangePolicy: OnRootMismatch volumes: - name: data persistentVolumeClaim: claimName: vaultwarden - name: tmp emptyDir: medium: Memory