description: Installation notes of vaultwarden on k3s
tags:
- k3s
- kubernetes
- postgresql
- vaultwarden
---
## Introduction
Please refer to [the official website](https://pass.app/) documentation for an up to date installation guide. This page only lists what I had to do at the time to setup pass and adapt it to my particular setup. I updated these instructions after migrating from a traditional hosting to kubernetes.
## Preparing the postgresql database
I have a postgresql running in its own namespace from bitnami images. To provision the pass database I :
```sh
export POSTGRES_PASSWORD=$(k get secret -n postgresql postgresql-secrets -o jsonpath="{.data.postgresql-password}"|
base64 --decode)
k run client --rm -ti -n postgresql --image docker.io/bitnami/postgresql:13.4.0-debian-10-r52 \
This app is part of an experiment of mine to migrate stuff from traditional hosting to kubernetes. I first wrote manifests by hand then imported them with terraform. I do not like it and find it too complex/overkill but everything is managed this way for now.
The basic terraform object works for simple things so here it is :
```hcl
resource "kubernetes_namespace" "myth-pass" {
provider = kubernetes.myth
metadata {
name = "pass"
}
}
```
### Secret
Here is the kubernetes secret that tells pass how to connect the database. The password comes from `terraform.tfvars`, you might need to update the service url with the format `<svc>.<namespace>.svc.cluster.local` :
At the time of writing I could not write the deployment with the `kubernetes_deployment` terraform ressource, so it is a raw manifest which imports a yaml syntax in hcl. It is horrible to look at but works. Change the image tag to the latest stable version of vaultwarden before deploying :