apiVersion: apps/v1 kind: Deployment metadata: name: vaultwarden labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: vaultwarden app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden helm.sh/chart: vaultwarden-4.5.0 namespace: vaultwarden spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: vaultwarden app.kubernetes.io/instance: vaultwarden template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: DOMAIN value: https://passwords.alexlebens.dev - name: SIGNUPS_ALLOWED value: "false" - name: INVITATIONS_ALLOWED value: "false" - name: DATABASE_URL valueFrom: secretKeyRef: key: uri name: vaultwarden-postgresql-18-cluster-app - name: SSO_ENABLED value: "true" - name: SSO_SIGNUPS_MATCH_EMAIL value: "true" - name: SSO_AUTHORITY value: https://auth.alexlebens.dev/application/o/vaultwarden/ - name: SSO_SCOPES value: email profile offline_access - name: SSO_CLIENT_ID valueFrom: secretKeyRef: key: client name: vaultwarden-oidc-secret - name: SSO_CLIENT_SECRET valueFrom: secretKeyRef: key: secret name: vaultwarden-oidc-secret image: vaultwarden/server:1.35.1 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /data name: config volumes: - name: config persistentVolumeClaim: claimName: vaultwarden-data