diff --git a/docs/REFERENCE.md b/docs/REFERENCE.md index c6bd7a0..74d5568 100644 --- a/docs/REFERENCE.md +++ b/docs/REFERENCE.md @@ -1100,7 +1100,7 @@ storage: **Endpoints**: - Web UI: `https://bitwarden.forteapps.net` -**Database**: Standalone PostgreSQL 16 StatefulSet (`vaultwarden-postgresql`) deployed in overlay with 2Gi PVC. Chart does NOT include a PostgreSQL subchart — must be provisioned separately. +**Database**: Separate ArgoCD Application `vaultwarden-postgresql` (sync-wave `"0"`) deploys PostgreSQL 16 StatefulSet + SealedSecret before Vaultwarden (wave `"1"`). 2Gi PVC. Chart does NOT include a PostgreSQL subchart — must be provisioned separately. **Secrets**: - `prod-db-creds` (SealedSecret) — PostgreSQL credentials (`pgusername`, `pgpassword`) + SMTP credentials diff --git a/infra/overlays/upc-dev/kustomization.yaml b/infra/overlays/upc-dev/kustomization.yaml index ccd8ad8..fac7510 100644 --- a/infra/overlays/upc-dev/kustomization.yaml +++ b/infra/overlays/upc-dev/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../base +- vaultwarden-postgresql - vaultwarden # No patches needed — base already has "upc-dev" paths diff --git a/infra/overlays/upc-dev/vaultwarden-postgresql/kustomization.yaml b/infra/overlays/upc-dev/vaultwarden-postgresql/kustomization.yaml new file mode 100644 index 0000000..e3e2778 --- /dev/null +++ b/infra/overlays/upc-dev/vaultwarden-postgresql/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- vaultwarden-postgresql.yaml diff --git a/infra/overlays/upc-dev/vaultwarden-postgresql/resources/kustomization.yaml b/infra/overlays/upc-dev/vaultwarden-postgresql/resources/kustomization.yaml new file mode 100644 index 0000000..b02c8e8 --- /dev/null +++ b/infra/overlays/upc-dev/vaultwarden-postgresql/resources/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- postgresql.yaml +- vaultwarden-db-secret-sealed.yaml diff --git a/infra/overlays/upc-dev/vaultwarden/postgresql.yaml b/infra/overlays/upc-dev/vaultwarden-postgresql/resources/postgresql.yaml similarity index 100% rename from infra/overlays/upc-dev/vaultwarden/postgresql.yaml rename to infra/overlays/upc-dev/vaultwarden-postgresql/resources/postgresql.yaml diff --git a/infra/overlays/upc-dev/vaultwarden/vaultwarden-db-secret-sealed.yaml b/infra/overlays/upc-dev/vaultwarden-postgresql/resources/vaultwarden-db-secret-sealed.yaml similarity index 100% rename from infra/overlays/upc-dev/vaultwarden/vaultwarden-db-secret-sealed.yaml rename to infra/overlays/upc-dev/vaultwarden-postgresql/resources/vaultwarden-db-secret-sealed.yaml diff --git a/infra/overlays/upc-dev/vaultwarden-postgresql/vaultwarden-postgresql.yaml b/infra/overlays/upc-dev/vaultwarden-postgresql/vaultwarden-postgresql.yaml new file mode 100644 index 0000000..4e878f6 --- /dev/null +++ b/infra/overlays/upc-dev/vaultwarden-postgresql/vaultwarden-postgresql.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden +--- + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vaultwarden-postgresql + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" + labels: + app.kubernetes.io/name: vaultwarden-postgresql + app.kubernetes.io/part-of: security + app.kubernetes.io/managed-by: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git + targetRevision: HEAD + path: infra/overlays/upc-dev/vaultwarden-postgresql/resources + + destination: + server: https://kubernetes.default.svc + namespace: vaultwarden + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=true diff --git a/infra/overlays/upc-dev/vaultwarden/kustomization.yaml b/infra/overlays/upc-dev/vaultwarden/kustomization.yaml index 8d6e150..65b394b 100644 --- a/infra/overlays/upc-dev/vaultwarden/kustomization.yaml +++ b/infra/overlays/upc-dev/vaultwarden/kustomization.yaml @@ -2,5 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - vaultwarden.yaml -- vaultwarden-db-secret-sealed.yaml -- postgresql.yaml diff --git a/infra/overlays/upc-dev/vaultwarden/vaultwarden.yaml b/infra/overlays/upc-dev/vaultwarden/vaultwarden.yaml index ceb52c8..1d41fd8 100644 --- a/infra/overlays/upc-dev/vaultwarden/vaultwarden.yaml +++ b/infra/overlays/upc-dev/vaultwarden/vaultwarden.yaml @@ -1,9 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: vaultwarden ---- - apiVersion: argoproj.io/v1alpha1 kind: Application metadata: