feat: Expose vault

k8s/apps/cloudflared/cloudflared-mnke.yaml

@@ -122,5 +122,7 @@ data:
       service: https://panel.mnke.org
     - hostname: wings-01_jodye.mnke.org
       service: https://wings-01_jodye.mnke.org
+    - hostname: vault.mnke.org
+      service: https://vault.mnke.org
     # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404.
     - service: http_status:404

k8s/apps/ingressroutes/external/build/kustomization.yaml

@@ -8,5 +8,6 @@ resources:
   - seerr-tonydu.yaml
   - wizarr-tonydu.yaml
   - dns-dolo-mnke.yaml
+  - vaultwarden.yaml
   - wings-01-jodye.yaml
   - panel.yaml

k8s/apps/ingressroutes/external/build/vaultwarden.yaml

@@ -0,0 +1,35 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: vault.jumper.mnke.org
+  ports:
+    - name: vaultwarden-external
+      port: 443
+      targetPort: 443
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vaultwarden-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`vault.mnke.org`)
+      kind: Rule
+      services:
+        - kind: Service
+          name: vaultwarden-external
+          port: 443
+          passHostHeader: True
+  tls:
+    secretName: wildcard-mnke-org-tls

k8s/apps/ingressroutes/external/templater/values.yaml

@@ -56,6 +56,13 @@ proxies:
     upstream_port: 5380
     pass_host_header: false
 
+  - service_name: vaultwarden
+    tls_secret_name: wildcard-mnke-org-tls
+    listen_host: vault.mnke.org
+    upstream_host: vault.jumper.mnke.org
+    upstream_port: 443
+    pass_host_header: true
+
   - service_name: wings-01-jodye
     tls_secret_name: wildcard-mnke-org-tls
     listen_host: wings-01_jodye.mnke.org