kubernetes/vaultwarden/vaultwarden.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: vaultwarden
  labels:
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/component: vaultwarden
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 4Gi

---
apiVersion: v1
kind: Service
metadata:
  name: vaultwarden
  labels: &labels
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/component: vaultwarden
spec:
  selector: *labels
  ports:
  - port: 8080
    targetPort: http
    name: http

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: vaultwarden
  labels: &labels
    app.kubernetes.io/name: vaultwarden
    app.kubernetes.io/component: vaultwarden
spec:
  serviceName: vaultwarden
  selector:
    matchLabels: *labels
  template:
    metadata:
      labels: *labels
    spec:
      containers:
      - name: vaultwarden
        image: ghcr.io/dani-garcia/vaultwarden
        env:
        - name: ROCKET_PORT
          value: '8080'
        envFrom:
        - configMapRef:
            name: vaultwarden
            optional: true
        - secretRef:
            name: vaultwarden
            optional: true
        ports:
        - name: http
          containerPort: 8080
        readinessProbe: &probe
          httpGet:
            port: http
            path: /alive
          failureThreshold: 1
          periodSeconds: 60
          timeoutSeconds: 5
        startupProbe:
          <<: *probe
          failureThreshold: 60
          initialDelaySeconds: 2
          periodSeconds: 1
          timeoutSeconds: 1
        securityContext:
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /data
          name: data
          subPath: data
        - mountPath: /tmp
          name: tmp
          subPath: tmp
      securityContext:
        runAsUser: 266
        runAsGroup: 266
        fsGroup: 266
        fsGroupChangePolicy: OnRootMismatch
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: vaultwarden
      - name: tmp
        emptyDir:
          medium: Memory