From ac889209f2ded4f5ec36cbd061c49b7f10ee3bc1 Mon Sep 17 00:00:00 2001 From: Jrester Date: Mon, 28 Aug 2023 11:57:49 +0200 Subject: [PATCH] remove vaultwarden --- charts/vaultwarden/.github/FUNDING.yml | 1 - charts/vaultwarden/.gitignore | 5 - charts/vaultwarden/.helmignore | 21 -- charts/vaultwarden/CONTRIBUTING.md | 33 -- charts/vaultwarden/Chart.yaml | 15 - charts/vaultwarden/LICENSE | 21 -- charts/vaultwarden/README.md | 92 ------ charts/vaultwarden/demo.yaml | 17 -- charts/vaultwarden/templates/NOTES.txt | 7 - charts/vaultwarden/templates/_helpers.tpl | 31 -- charts/vaultwarden/templates/configmap.yaml | 45 --- charts/vaultwarden/templates/ingress.yaml | 71 ----- charts/vaultwarden/templates/rbac.yaml | 48 --- charts/vaultwarden/templates/secrets.yaml | 18 -- charts/vaultwarden/templates/service.yaml | 26 -- charts/vaultwarden/templates/statefulset.yaml | 102 ------- charts/vaultwarden/values.yaml | 282 ------------------ 17 files changed, 835 deletions(-) delete mode 100644 charts/vaultwarden/.github/FUNDING.yml delete mode 100644 charts/vaultwarden/.gitignore delete mode 100644 charts/vaultwarden/.helmignore delete mode 100644 charts/vaultwarden/CONTRIBUTING.md delete mode 100644 charts/vaultwarden/Chart.yaml delete mode 100644 charts/vaultwarden/LICENSE delete mode 100644 charts/vaultwarden/README.md delete mode 100644 charts/vaultwarden/demo.yaml delete mode 100644 charts/vaultwarden/templates/NOTES.txt delete mode 100644 charts/vaultwarden/templates/_helpers.tpl delete mode 100644 charts/vaultwarden/templates/configmap.yaml delete mode 100644 charts/vaultwarden/templates/ingress.yaml delete mode 100644 charts/vaultwarden/templates/rbac.yaml delete mode 100644 charts/vaultwarden/templates/secrets.yaml delete mode 100644 charts/vaultwarden/templates/service.yaml delete mode 100644 charts/vaultwarden/templates/statefulset.yaml delete mode 100644 charts/vaultwarden/values.yaml diff --git a/charts/vaultwarden/.github/FUNDING.yml b/charts/vaultwarden/.github/FUNDING.yml deleted file mode 100644 index 5889487..0000000 --- a/charts/vaultwarden/.github/FUNDING.yml +++ /dev/null @@ -1 +0,0 @@ -github: [guerzon] diff --git a/charts/vaultwarden/.gitignore b/charts/vaultwarden/.gitignore deleted file mode 100644 index 2b9e064..0000000 --- a/charts/vaultwarden/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*.tgz -/.idea/* -.vscode -.DS_Store -testing-values.yaml diff --git a/charts/vaultwarden/.helmignore b/charts/vaultwarden/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/charts/vaultwarden/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/vaultwarden/CONTRIBUTING.md b/charts/vaultwarden/CONTRIBUTING.md deleted file mode 100644 index 89fc871..0000000 --- a/charts/vaultwarden/CONTRIBUTING.md +++ /dev/null @@ -1,33 +0,0 @@ - -# Contributing Guide - -## Requirements - -1. Fork this repository, develop, and test your changes. -2. Submit a pull request. - -### Technical Requirements - -When submitting a pull request, please ensure that: - -- The PR follow [Helm best practices](https://helm.sh/docs/chart_best_practices/). -- Any change to a chart requires a version bump following [semver](https://semver.org/) principles. -- The tables of parameters are generated based on the metadata information from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). - - A quick way to do this is to run the tool via Docker: - - ```bash - # Clone and build: - git clone https://github.com/bitnami-labs/readme-generator-for-helm - cd readme-generator-for-helm/ - docker build -t readme-gen . - - # Run the tool and mount the current project directory. - cd - docker run --rm -d -it --name readmegen -v $(pwd):/mnt readme-gen bash - docker exec -it readmegen bash - - # Update the values documentation - cd /mnt - readme-generator -v values.yaml -r README.md - ``` diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml deleted file mode 100644 index b7a37b4..0000000 --- a/charts/vaultwarden/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -name: vaultwarden -description: vaultwarden is an unofficial Bitwarden-compatible server written in Rust -keywords: - - Rust - - vaultwarden -sources: - - https://github.com/guerzon/vaultwarden - - https://github.com/dani-garcia/vaultwarden -appVersion: 1.24.0 -maintainers: - - name: Lester Guerzon - email: lester.guerzon@gmail.com - url: https://github.com/guerzon -version: 0.8.0 diff --git a/charts/vaultwarden/LICENSE b/charts/vaultwarden/LICENSE deleted file mode 100644 index 2ae00bd..0000000 --- a/charts/vaultwarden/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2022 Lester Guerzon - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md deleted file mode 100644 index 6120f2c..0000000 --- a/charts/vaultwarden/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# vaultwarden - -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 1.24.0](https://img.shields.io/badge/AppVersion-1.24.0-informational?style=flat-square) - -vaultwarden is an unofficial Bitwarden-compatible server written in Rust - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Lester Guerzon | | | - -## Source Code - -* -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| adminToken.existingSecretKey | string | `"ADMIN_TOKEN"` | | -| adminToken.value | string | `"R@ndomToken$tring"` | | -| affinity | object | `{}` | | -| database.dbName | string | `""` | | -| database.host | string | `""` | | -| database.password | string | `""` | | -| database.port | string | `""` | | -| database.type | string | `"default"` | | -| database.uriOverride | string | `""` | | -| database.username | string | `""` | | -| domain | string | `""` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.pullSecrets | list | `[]` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"vaultwarden/server"` | | -| image.tag | string | `"1.24.0"` | | -| ingress.additionalAnnotations | object | `{}` | | -| ingress.class | string | `"nginx"` | | -| ingress.enabled | bool | `false` | | -| ingress.hostname | string | `"warden.contoso.com"` | | -| ingress.nginxAllowList | string | `""` | | -| ingress.nginxIngressAnnotations | bool | `true` | | -| ingress.path | string | `"/"` | | -| ingress.pathType | string | `"ImplementationSpecific"` | | -| ingress.pathTypeWs | string | `"ImplementationSpecific"` | | -| ingress.pathWs | string | `"/notifications/hub"` | | -| ingress.tls | bool | `true` | | -| ingress.tlsSecret | string | `""` | | -| initContainers | list | `[]` | | -| invitationsAllowed | bool | `true` | | -| logging.enabled | bool | `false` | | -| logging.logfile | string | `"/data/vaultwarden.log"` | | -| logging.loglevel | string | `"warn"` | | -| nodeSelector | object | `{}` | | -| rocket.port | string | `"8080"` | | -| rocket.workers | string | `"10"` | | -| service.annotations | object | `{}` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `"vaultwarden-svc"` | | -| showPassHint | string | `"false"` | | -| sidecars | list | `[]` | | -| signupDomains | string | `"contoso.com"` | | -| signupsAllowed | bool | `true` | | -| signupsVerify | string | `"true"` | | -| smtp.acceptInvalidCerts | string | `"false"` | | -| smtp.acceptInvalidHostnames | string | `"false"` | | -| smtp.authMechanism | string | `"Plain"` | | -| smtp.debug | bool | `false` | | -| smtp.from | string | `""` | | -| smtp.fromName | string | `""` | | -| smtp.host | string | `""` | | -| smtp.password.existingSecretKey | string | `"SMTP_PASSWORD"` | | -| smtp.password.value | string | `""` | | -| smtp.port | int | `25` | | -| smtp.security | string | `"starttls"` | | -| smtp.username.existingSecretKey | string | `"SMTP_USERNAME"` | | -| smtp.username.value | string | `""` | | -| storage.class | string | `"default"` | | -| storage.dataDir | string | `"/data"` | | -| storage.enabled | bool | `false` | | -| storage.size | string | `"15Gi"` | | -| tolerations | list | `[]` | | -| webVaultEnabled | string | `"true"` | | -| websocket.address | string | `"0.0.0.0"` | | -| websocket.enabled | bool | `true` | | -| websocket.port | int | `3012` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/vaultwarden/demo.yaml b/charts/vaultwarden/demo.yaml deleted file mode 100644 index 41bd885..0000000 --- a/charts/vaultwarden/demo.yaml +++ /dev/null @@ -1,17 +0,0 @@ - -domain: "https://vaultwarden.contoso.com" - -ingress: - enabled: true - hostname: vaultwarden.contoso.com - class: "alb" - additionalAnnotations: - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/tags: Environment=dev,Team=test - alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:ACCOUNT:certificate/LONGID" - -adminToken: "khit9gYQV6ax9LKTTm+s6QbZi5oiuR+3s1PEn9q3IRmCl9IQn7LmBpmFCOYTb7Mr" - -image: - pullSecrets: - - myRegKey diff --git a/charts/vaultwarden/templates/NOTES.txt b/charts/vaultwarden/templates/NOTES.txt deleted file mode 100644 index cc415ab..0000000 --- a/charts/vaultwarden/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -** Please be patient while the chart is being deployed ** - -Thanks for installing {{ .Chart.Name }}. - -You have named your release: {{ .Release.Name }}. - -Vaultwarden is accessible here: {{ .Values.ingress.hostname }} diff --git a/charts/vaultwarden/templates/_helpers.tpl b/charts/vaultwarden/templates/_helpers.tpl deleted file mode 100644 index ae22547..0000000 --- a/charts/vaultwarden/templates/_helpers.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Return a default application name. -*/}} -{{- define "vaultwarden.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 20 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "dbPort" -}} -{{- if .Values.database.port }} -{{- printf "%s%s" ":" .Values.database.port }} -{{- else }} -{{- printf "%s" "" }} -{{- end }} -{{- end }} - -{{/* -Return the database string -*/}} -{{ define "dbString" }} -{{- $var := print .Values.database.type "://" .Values.database.username ":" .Values.database.password "@" .Values.database.host (include "dbPort" . ) "/" .Values.database.dbName }} -{{- printf "%s" $var }} -{{- end -}} diff --git a/charts/vaultwarden/templates/configmap.yaml b/charts/vaultwarden/templates/configmap.yaml deleted file mode 100644 index 67e4bf1..0000000 --- a/charts/vaultwarden/templates/configmap.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden -data: - DOMAIN: {{ .Values.domain | quote }} - {{- if ne "default" .Values.database.type }} - {{- if .Values.database.uriOverride }} - DATABASE_URL: {{ .Values.database.uriOverride }} - {{- else }} - DATABASE_URL: {{ include "dbString" . | quote }} - {{- end }} - {{- end }} - {{- if and .Values.smtp.host .Values.smtp.from | quote }} - SMTP_HOST: {{ .Values.smtp.host | quote }} - SMTP_SECURITY: {{ .Values.smtp.security | quote }} - SMTP_PORT: {{ .Values.smtp.port | quote }} - SMTP_AUTH_MECHANISM: {{ .Values.smtp.authMechanism | quote }} - SMTP_FROM: {{ .Values.smtp.from | quote }} - SMTP_FROM_NAME: {{ default "Vaultwarden" .Values.smtp.fromName | quote }} - SMTP_DEBUG: {{ .Values.smtp.debug | quote }} - SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.smtp.acceptInvalidHostnames | quote }} - SMTP_ACCEPT_INVALID_CERTS: {{ .Values.smtp.acceptInvalidCerts | quote }} - {{- end }} - {{- if .Values.websocket.enabled }} - WEBSOCKET_ENABLED: "true" - WEBSOCKET_ADDRESS: {{ .Values.websocket.address | quote }} - WEBSOCKET_PORT: {{ .Values.websocket.port | quote }} - {{- end }} - DATA_FOLDER: {{ .Values.storage.dataDir | quote }} - ROCKET_PORT: {{ .Values.rocket.port | quote }} - ROCKET_WORKERS: {{ .Values.rocket.workers | quote }} - SHOW_PASSWORD_HINT: {{ .Values.showPassHint | quote }} - SIGNUPS_ALLOWED: {{ .Values.signupsAllowed | quote }} - INVITATIONS_ALLOWED: {{ .Values.invitationsAllowed | quote }} - SIGNUPS_DOMAINS_WHITELIST: {{ .Values.signupDomains | quote }} - SIGNUPS_VERIFY: {{ .Values.signupsVerify | quote }} - WEB_VAULT_ENABLED: {{ .Values.webVaultEnabled | quote }} - {{- if .Values.logging.enabled }} - LOG_FILE: {{ .Values.logging.logfile | quote }} - LOG_LEVEL: {{ .Values.logging.loglevel | quote }} - {{- end }} diff --git a/charts/vaultwarden/templates/ingress.yaml b/charts/vaultwarden/templates/ingress.yaml deleted file mode 100644 index 47fcda2..0000000 --- a/charts/vaultwarden/templates/ingress.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- $newAPIversion := .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- if $newAPIversion }} -apiVersion: networking.k8s.io/v1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden - annotations: - ingress.kubernetes.io/rewrite-target: / - {{- if .Values.ingress.tls }} - ingress.kubernetes.io/ssl-redirect: "true" - {{- end }} - {{- if .Values.ingress.additionalAnnotations }} - {{- toYaml .Values.ingress.additionalAnnotations | nindent 4 }} - {{- end }} - {{- if .Values.ingress.nginxIngressAnnotations }} - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Request-Id: $req_id"; - nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/limit-connections: "25" - nginx.ingress.kubernetes.io/limit-rps: "15" - nginx.ingress.kubernetes.io/proxy-body-size: 1024m - nginx.ingress.kubernetes.io/proxy-connect-timeout: "10" - nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" - nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" - {{- if .Values.ingress.nginxAllowList }} - nginx.ingress.kubernetes.io/whitelist-source-range: {{ .Values.ingress.nginxAllowList }} - {{- end }} - {{- end }} -spec: - {{- if .Values.ingress.class }} - ingressClassName: {{ .Values.ingress.class | quote }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - - hosts: - - {{ .Values.ingress.hostname | quote }} - {{- if eq "nginx" .Values.ingress.class }} - secretName: {{ .Values.ingress.tlsSecret }} - {{- end }} - {{- end }} - rules: - - host: {{ .Values.ingress.hostname | quote }} - http: - paths: - - path: {{ .Values.ingress.path }} - pathType: {{ .Values.ingress.pathType }} - backend: - service: - name: {{ include "vaultwarden.fullname" . }} - port: - name: "http" - {{- if .Values.websocket.enabled }} - - path: {{ .Values.ingress.pathWs }} - pathType: {{ .Values.ingress.pathTypeWs }} - backend: - service: - name: {{ include "vaultwarden.fullname" . }} - port: - name: "websocket" - {{- end }} -{{- end }} diff --git a/charts/vaultwarden/templates/rbac.yaml b/charts/vaultwarden/templates/rbac.yaml deleted file mode 100644 index b310f99..0000000 --- a/charts/vaultwarden/templates/rbac.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden -rules: - - apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["create","delete","get","list","patch","update","watch"] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create","delete","get","list","patch","update","watch"] - - apiGroups: [""] - resources: ["pods/log"] - verbs: ["get","list","watch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "vaultwarden.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} -{{- end }} diff --git a/charts/vaultwarden/templates/secrets.yaml b/charts/vaultwarden/templates/secrets.yaml deleted file mode 100644 index 6f19d34..0000000 --- a/charts/vaultwarden/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if not (and (hasKey .Values.smtp "existingSecret") (hasKey .Values.adminToken "existingSecret")) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden -type: Opaque -data: - {{- if not (hasKey .Values.smtp "existingSecret") }} - SMTP_PASSWORD: {{ .Values.smtp.password.value | b64enc | quote }} - SMTP_USERNAME: {{ .Values.smtp.username.value | b64enc | quote }} - {{- end }} - {{- if not (hasKey .Values.adminToken "existingSecret") }} - ADMIN_TOKEN: {{ .Values.adminToken.value | b64enc | quote }} - {{- end }} -{{ end }} diff --git a/charts/vaultwarden/templates/service.yaml b/charts/vaultwarden/templates/service.yaml deleted file mode 100644 index 54632b2..0000000 --- a/charts/vaultwarden/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden - {{- if .Values.service.annotations }} - annotations: - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type | quote }} - selector: - app.kubernetes.io/component: vaultwarden - ports: - - name: "http" - port: 80 - protocol: TCP - targetPort: 8080 - {{- if .Values.websocket.enabled }} - - name: "websocket" - port: 3012 - protocol: TCP - targetPort: {{ .Values.websocket.port }} - {{- end }} diff --git a/charts/vaultwarden/templates/statefulset.yaml b/charts/vaultwarden/templates/statefulset.yaml deleted file mode 100644 index 12403a2..0000000 --- a/charts/vaultwarden/templates/statefulset.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "vaultwarden.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: vaultwarden -spec: - serviceName: vaultwarden - replicas: 1 - selector: - matchLabels: - app: vaultwarden - app.kubernetes.io/component: vaultwarden - template: - metadata: - labels: - app: vaultwarden - app.kubernetes.io/component: vaultwarden - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha1sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha1sum }} - spec: - {{- if .Values.nodeSelector }} - nodeSelector: - {{- toYaml .Values.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: - {{- toYaml .Values.affinity | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: - {{- toYaml .Values.tolerations | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- toYaml .Values.initContainers | nindent 8 }} - {{- end }} - containers: - - image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: vaultwarden - envFrom: - - configMapRef: - name: {{ include "vaultwarden.fullname" . }} - env: - - name: SMTP_USERNAME - valueFrom: - secretKeyRef: - name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }} - key: {{ default "SMTP_USERNAME" .Values.smtp.username.existingSecretKey }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }} - key: {{ default "SMTP_PASSWORD" .Values.smtp.password.existingSecretKey }} - - name: ADMIN_TOKEN - valueFrom: - secretKeyRef: - name: {{ default (include "vaultwarden.fullname" .) .Values.adminToken.existingSecret }} - key: {{ default "ADMIN_TOKEN" .Values.adminToken.existingSecretKey }} - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: {{ .Values.websocket.port }} - name: websocket - protocol: TCP - {{- if .Values.storage.enabled }} - volumeMounts: - - name: vaultwarden-data - mountPath: {{ .Values.storage.dataDir }} - {{- end }} - resources: - limits: - cpu: 300m - memory: 1Gi - requests: - cpu: 50m - memory: 256Mi - {{- if .Values.sidecars }} - {{- toYaml .Values.sidecars | nindent 8 }} - {{- end }} - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- end }} - {{- if .Values.storage.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - volumeClaimTemplates: - - metadata: - name: vaultwarden-data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: {{ .Values.storage.size }} - storageClassName: {{ default "default" .Values.storage.class }} - {{- end }} diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml deleted file mode 100644 index e7ef647..0000000 --- a/charts/vaultwarden/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ - -## @section Vaultwarden settings -## -image: - ## @param image.registry Vaultwarden image registry - ## - registry: docker.io - ## @param image.repository Vaultwarden image repository - ## - repository: vaultwarden/server - ## - ## @param image.tag Vaultwarden image tag - ## Ref: https://hub.docker.com/r/vaultwarden/server/tags - ## - tag: "1.24.0" - ## @param image.pullPolicy Vaultwarden image pull policy - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## @param image.pullSecrets Specify docker-registry secret names - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param domain Domain name where the application is accessed -## Example: https://warden.contoso.com:8443 -## -domain: "" -## @param websocket.enabled Enable websocket notifications -## @param websocket.address Websocket listen address -## @param websocket.port Websocket listen port -## -websocket: - enabled: true - address: "0.0.0.0" - port: 3012 -## @param rocket.port Rocket port -## @param rocket.workers Rocket number of workers -## -rocket: - port: "8080" - workers: "10" -## @param webVaultEnabled Enable Web Vault -## -webVaultEnabled: "true" - -## @section Security settings -## -## @param adminToken The admin token used for /admin -## -adminToken: - #existingSecret: vaultwarden - existingSecretKey: ADMIN_TOKEN - value: "R@ndomToken$tring" -## @param signupsAllowed By default, anyone who can access your instance can register for a new account. -## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is -## an organization owner or admin can still invite new users. If you want to disable this as well, set -## invitationsAllowed to false. The vaultwarden admin can invite anyone via the admin page, regardless -## of any of the restrictions above -## -## If signupDomains is set, then the value of signupsAllowed is ignored -signupsAllowed: true -## @param invitationsAllowed Even when registration is disabled, organization administrators or owners can -## invite users to join organization. After they are invited, they can register with the invited email even -## if signupsAllowed is actually set to false. You can disable this functionality completely by setting -## invitationsAllowed env variable to false -invitationsAllowed: true -## @param signupDomains List of domain names for users allowed to register -## -signupDomains: "contoso.com" -## @param signupsVerify Whether to require account verification for newly-registered users. -## -signupsVerify: "true" -## @param showPassHint Whether a password hint should be shown in the page. -## -showPassHint: "false" -## @param fullnameOverride String to override the application name. -## -fullnameOverride: "" -## @param serviceAccount.create Create a service account -## @param serviceAccount.name Name of the service account to create -## -serviceAccount: - create: true - name: "vaultwarden-svc" - -## @section Exposure Parameters -## - -## Ingress configuration -## Refer to the README for some examples -## -ingress: - ## @param ingress.enabled Deploy an ingress resource. - ## - enabled: false - ## @param ingress.class Ingress resource class - ## The Ingress class to use, e. g. "nginx" for a nginx ingress controller or "alb" for a AWS LB controller. - # - class: "nginx" - ## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations - ## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/) - ## - nginxIngressAnnotations: true - ## @param ingress.additionalAnnotations Additional annotations for the ingress resource. - ## - additionalAnnotations: {} - ## @param ingress.tls Enable TLS on the ingress resource. - ## - tls: true - ## @param ingress.hostname Hostname for the ingress. - ## - hostname: "warden.contoso.com" - ## @param ingress.path Default application path for the ingress - ## - path: "/" - ## @param ingress.pathWs Path for the websocket ingress - ## - pathWs: "/notifications/hub" - ## @param ingress.pathType Path type for the ingress - ## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ - ## - pathType: "ImplementationSpecific" - ## @param ingress.pathTypeWs Path type for the ingress - ## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ - ## - pathTypeWs: "ImplementationSpecific" - ## @param ingress.tlsSecret Kubernetes secret containing the SSL certificate when using the "nginx" class. - ## - tlsSecret: "" - ## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow. - ## - nginxAllowList: "" - ## TODO: - ## - Add support for using cert-manager. - ## - Support for multiple TLS hostnames. - ## - -## Service configuration -service: - ## @param service.type Service type - ## - type: "ClusterIP" - ## @param service.annotations Additional annotations for the vaultwarden service - ## - annotations: {} - -## @section Database Configuration -## -database: - ## @param database.type Database type, either mysql or postgresql - ## Default is a sqlite database. - ## - type: "default" - ## @param database.host Database hostname or IP address - ## - host: "" - ## @param database.port Database port - ## Default for MySQL is 3306, default for PostgreSQL is 5432 - port: "" - ## @param database.username Database username - ## - username: "" - ## @param database.password Database password - ## - password: "" - ## @param database.dbName Database name - ## - dbName: "" - ## @param database.uriOverride Manually specify the DB connection string - ## - uriOverride: "" - -## @section SMTP Configuration -## -smtp: - #existingSecret: vaultwarden - ## @param smtp.host SMTP host - ## - host: "" - ## @param smtp.security SMTP Encryption method - ## Possible values: - ## - starttls: explicit TLS using ports 587 or 25 - ## - force_tls: implicit TLS using port 465 - ## - off: no encryption, using port 25, unless using STARTTLS - ## - security: "starttls" - ## @param smtp.port SMTP port - ## - port: 25 - ## @param smtp.from SMTP sender email address - ## Example: juan.delacruz@gmail.com - ## - from: "" - ## @param smtp.fromName SMTP sender FROM - ## - fromName: "" - ## @param smtp.username Username for the SMTP authentication. - ## Example: juan - ## - username: - existingSecretKey: SMTP_USERNAME - value: "" - ## @param smtp.password Password for the SMTP service. - ## - password: - existingSecretKey: SMTP_PASSWORD - value: "" - ## @param smtp.authMechanism SMTP authentication mechanism - ## Possible values: "Plain", "Login", "Xoauth2" - ## Multiple options need to be separated by a comma. (not tested) - ## - authMechanism: "Plain" - ## @param smtp.acceptInvalidHostnames Accept Invalid Hostnames - ## - acceptInvalidHostnames: "false" - ## @param smtp.acceptInvalidCerts Accept Invalid Certificates - ## - acceptInvalidCerts: "false" - ## @param smtp.debug SMTP debugging - ## - debug: false - -## @section Storage Configuration -## -storage: - ## @param storage.enabled Enable configuration for persistent storage - ## - enabled: false - ## @param storage.size Storage size for /data - ## - size: "15Gi" - ## @param storage.class Specify the storage class - ## - class: "default" - ## @param storage.dataDir Specify the data directory - ## - dataDir: "/data" - -## @section Logging Configuration -## -logging: - ## @param logging.enabled Enable logging to a file - ## - enabled: false - ## @param logging.logfile Specify logfile path for output log - ## - logfile: "/data/vaultwarden.log" - ## @param logging.loglevel Specify the log level - ## - loglevel: "warn" - -## @section Extra containers Configuration -## - -## @param initContainers extra init containers for initializing the vaultwarden instance -## -initContainers: [] - -## @param sidecars extra containers running alongside the vaultwarden instance -## -sidecars: [] - -## @section Extra Configuration -## - -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector -## -nodeSelector: {} - -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: []