Vaultwarden ingress and cert.

argocd/apps/cert-manager/include/vaultwarden-certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: vaultwarden-cert
+  namespace: kube-system
+spec:
+  secretName: vaultwarden-tls
+  issuerRef:
+    name: lets-encrypt
+    kind: ClusterIssuer
+  commonName: vaultwarden.innovation-hub-niedersachsen.de
+  dnsNames:
+    - vaultwarden.innovation-hub-niedersachsen.de

config/vaultwarden/vaultwarden-ingressroute.yaml

@@ -0,0 +1,53 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: vaultwarden-stripprefix
+  namespace: kube-system
+spec:
+  stripPrefix:
+    prefixes:
+      - /
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: vaultwarden-transport
+  namespace: kube-system
+spec:
+  insecureSkipVerify: true
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vaultwarden-external
+  namespace: kube-system
+  annotations:
+    cert-manager.io/cluster-issuer: "lets-encrypt"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`vaultwarden.innovation-hub-niedersachsen.de`)
+      kind: Rule
+      services:
+        - name: vaultwarden-external-service
+          port: 3003
+          scheme: http
+          serversTransport: vaultwarden-transport
+      middlewares:
+        - name: vaultwarden-stripprefix
+  tls:
+    secretName: vaultwarden-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden-external-service
+  namespace: kube-system
+spec:
+  type: ExternalName
+  externalName: 192-168-4-106.nip.io
+  ports:
+    - port: 3003
+      targetPort: 3003