From 661f49409e69f5cfafbef4cd41411a72ebc5418d Mon Sep 17 00:00:00 2001
From: Chris Lovering <chris.lovering.95@gmail.com>
Date: Sun, 13 Aug 2023 20:01:42 +0100
Subject: Copy all files from kubernetes repo into this one
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit is a like-for-like copy of the [kubernetes repo](https://github.com/python-discord/kubernetes) check that repo for comit history prioir to this commit.

Co-authored-by: Amrou Bellalouna <amrbellalouna@gmail.com>
Co-authored-by: Bradley Reynolds <bradley.reynolds@darbia.dev>
Co-authored-by: Chris <chris.lovering.95@gmail.com>
Co-authored-by: Chris Lovering <chris.lovering.95@gmail.com>
Co-authored-by: ChrisJL <ChrisLovering@users.noreply.github.com>
Co-authored-by: Den4200 <dennis@dennispham.me>
Co-authored-by: GDWR <gregory.dwr@gmail.com>
Co-authored-by: Hassan Abouelela <abouelelahassan@gmail.com>
Co-authored-by: Hassan Abouelela <hassan@hassanamr.com>
Co-authored-by: jchristgit <jc@jchri.st>
Co-authored-by: Joe Banks <20439493+jb3@users.noreply.github.com>
Co-authored-by: Joe Banks <joe@jb3.dev>
Co-authored-by: Joe Banks <joseph@josephbanks.me>
Co-authored-by: Johannes Christ <jc@jchri.st>
Co-authored-by: Kieran Siek <kieransiek@protonmail.com>
Co-authored-by: kosayoda <kieransiek@protonmail.com>
Co-authored-by: ks129 <45097959+ks129@users.noreply.github.com>
Co-authored-by: Leon Sand├©y <leon.haland@gmail.com>
Co-authored-by: Leon Sand├©y <leon.sandoy@conmodo.com>
Co-authored-by: MarkKoz <KozlovMark@gmail.com>
Co-authored-by: Matteo Bertucci <matteobertucci2004@gmail.com>
Co-authored-by: Sebastiaan Zeeff <33516116+SebastiaanZ@users.noreply.github.com>
Co-authored-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
Co-authored-by: vcokltfre <vcokltfre@gmail.com>
---
 kubernetes/namespaces/default/bitwarden/README.md  |  14 +++++++++
 .../namespaces/default/bitwarden/configmap.yaml    |  23 ++++++++++++++
 .../namespaces/default/bitwarden/deployment.yaml   |  34 +++++++++++++++++++++
 .../namespaces/default/bitwarden/ingress.yaml      |  24 +++++++++++++++
 .../namespaces/default/bitwarden/secrets.yaml      | Bin 0 -> 345 bytes
 .../namespaces/default/bitwarden/service.yaml      |   9 ++++++
 6 files changed, 104 insertions(+)
 create mode 100644 kubernetes/namespaces/default/bitwarden/README.md
 create mode 100644 kubernetes/namespaces/default/bitwarden/configmap.yaml
 create mode 100644 kubernetes/namespaces/default/bitwarden/deployment.yaml
 create mode 100644 kubernetes/namespaces/default/bitwarden/ingress.yaml
 create mode 100644 kubernetes/namespaces/default/bitwarden/secrets.yaml
 create mode 100644 kubernetes/namespaces/default/bitwarden/service.yaml

(limited to 'kubernetes/namespaces/default/bitwarden')

diff --git a/kubernetes/namespaces/default/bitwarden/README.md b/kubernetes/namespaces/default/bitwarden/README.md
new file mode 100644
index 0000000..37f01eb
--- /dev/null
+++ b/kubernetes/namespaces/default/bitwarden/README.md
@@ -0,0 +1,14 @@
+# BitWarden
+
+Our internal password manager, used by the admins to share passwords for our services. Hosted at https://bitwarden.pythondiscord.com
+
+To deploy this, first set up the secrets (see below) and then run `kubectl apply -f .` in this folder.
+
+## Secrets
+This deployment expects a few secrets to exist in a secret called `bitwarden-secret-env`.
+
+
+| Environment           | Description                               |
+|-----------------------|-------------------------------------------|
+| ADMIN_TOKEN           | 64-character token used for initial login |
+| DATABASE_URL          | Database string: host://user:pass/db      |
diff --git a/kubernetes/namespaces/default/bitwarden/configmap.yaml b/kubernetes/namespaces/default/bitwarden/configmap.yaml
new file mode 100644
index 0000000..c758f5d
--- /dev/null
+++ b/kubernetes/namespaces/default/bitwarden/configmap.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bitwarden-config-env
+data:
+  # Domain to access bitwarden by
+  DOMAIN: "https://bitwarden.pythondiscord.com"
+
+  # Password hint must be sent to an email when this is false.
+  # When it's true, it'll be shown right on the page.
+  SHOW_PASSWORD_HINT: "false"
+
+  # Admins only, please!
+  SIGNUPS_ALLOWED: "false"
+
+  # Used for LiveSync
+  WEBSOCKET_ENABLED: "true"
+
+  # Max conns to the DB
+  DATABASE_MAX_CONNS: "2"
+
+  # Force bitwarden to use postgres, rather than it's own volume
+  I_REALLY_WANT_VOLATILE_STORAGE: "true"
diff --git a/kubernetes/namespaces/default/bitwarden/deployment.yaml b/kubernetes/namespaces/default/bitwarden/deployment.yaml
new file mode 100644
index 0000000..70a22ce
--- /dev/null
+++ b/kubernetes/namespaces/default/bitwarden/deployment.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bitwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bitwarden
+  template:
+    metadata:
+      labels:
+        app: bitwarden
+    spec:
+      containers:
+        - name: bitwarden
+          image: vaultwarden/server:latest
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 1m
+              memory: 50Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          ports:
+            - containerPort: 80
+          envFrom:
+            - secretRef:
+                name: bitwarden-secret-env
+            - configMapRef:
+                name: bitwarden-config-env
+          securityContext:
+            readOnlyRootFilesystem: true
diff --git a/kubernetes/namespaces/default/bitwarden/ingress.yaml b/kubernetes/namespaces/default/bitwarden/ingress.yaml
new file mode 100644
index 0000000..d0371f6
--- /dev/null
+++ b/kubernetes/namespaces/default/bitwarden/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+  name: bitwarden
+spec:
+  tls:
+  - hosts:
+      - "*.pythondiscord.com"
+    secretName: pythondiscord.com-tls
+  rules:
+  - host: bitwarden.pythondiscord.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bitwarden
+            port:
+              number: 80
diff --git a/kubernetes/namespaces/default/bitwarden/secrets.yaml b/kubernetes/namespaces/default/bitwarden/secrets.yaml
new file mode 100644
index 0000000..34cfd7a
Binary files /dev/null and b/kubernetes/namespaces/default/bitwarden/secrets.yaml differ
diff --git a/kubernetes/namespaces/default/bitwarden/service.yaml b/kubernetes/namespaces/default/bitwarden/service.yaml
new file mode 100644
index 0000000..3df8cc2
--- /dev/null
+++ b/kubernetes/namespaces/default/bitwarden/service.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden
+spec:
+  ports:
+    - port: 80
+  selector:
+    app: bitwarden
-- 
cgit v1.2.3