mirror of
https://gitlab.com/oecis/charts.git
synced 2024-11-15 00:28:59 +00:00
remove vaultwarden
This commit is contained in:
parent
69ec141244
commit
ac889209f2
1
charts/vaultwarden/.github/FUNDING.yml
vendored
1
charts/vaultwarden/.github/FUNDING.yml
vendored
@ -1 +0,0 @@
|
||||
github: [guerzon]
|
5
charts/vaultwarden/.gitignore
vendored
5
charts/vaultwarden/.gitignore
vendored
@ -1,5 +0,0 @@
|
||||
*.tgz
|
||||
/.idea/*
|
||||
.vscode
|
||||
.DS_Store
|
||||
testing-values.yaml
|
@ -1,21 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
@ -1,33 +0,0 @@
|
||||
|
||||
# Contributing Guide
|
||||
|
||||
## Requirements
|
||||
|
||||
1. Fork this repository, develop, and test your changes.
|
||||
2. Submit a pull request.
|
||||
|
||||
### Technical Requirements
|
||||
|
||||
When submitting a pull request, please ensure that:
|
||||
|
||||
- The PR follow [Helm best practices](https://helm.sh/docs/chart_best_practices/).
|
||||
- Any change to a chart requires a version bump following [semver](https://semver.org/) principles.
|
||||
- The tables of parameters are generated based on the metadata information from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
|
||||
|
||||
A quick way to do this is to run the tool via Docker:
|
||||
|
||||
```bash
|
||||
# Clone and build:
|
||||
git clone https://github.com/bitnami-labs/readme-generator-for-helm
|
||||
cd readme-generator-for-helm/
|
||||
docker build -t readme-gen .
|
||||
|
||||
# Run the tool and mount the current project directory.
|
||||
cd <this-project-dir>
|
||||
docker run --rm -d -it --name readmegen -v $(pwd):/mnt readme-gen bash
|
||||
docker exec -it readmegen bash
|
||||
|
||||
# Update the values documentation
|
||||
cd /mnt
|
||||
readme-generator -v values.yaml -r README.md
|
||||
```
|
@ -1,15 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: vaultwarden
|
||||
description: vaultwarden is an unofficial Bitwarden-compatible server written in Rust
|
||||
keywords:
|
||||
- Rust
|
||||
- vaultwarden
|
||||
sources:
|
||||
- https://github.com/guerzon/vaultwarden
|
||||
- https://github.com/dani-garcia/vaultwarden
|
||||
appVersion: 1.24.0
|
||||
maintainers:
|
||||
- name: Lester Guerzon
|
||||
email: lester.guerzon@gmail.com
|
||||
url: https://github.com/guerzon
|
||||
version: 0.8.0
|
@ -1,21 +0,0 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2022 Lester Guerzon
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
@ -1,92 +0,0 @@
|
||||
# vaultwarden
|
||||
|
||||
![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 1.24.0](https://img.shields.io/badge/AppVersion-1.24.0-informational?style=flat-square)
|
||||
|
||||
vaultwarden is an unofficial Bitwarden-compatible server written in Rust
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Lester Guerzon | <lester.guerzon@gmail.com> | <https://github.com/guerzon> |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/guerzon/vaultwarden>
|
||||
* <https://github.com/dani-garcia/vaultwarden>
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| adminToken.existingSecretKey | string | `"ADMIN_TOKEN"` | |
|
||||
| adminToken.value | string | `"R@ndomToken$tring"` | |
|
||||
| affinity | object | `{}` | |
|
||||
| database.dbName | string | `""` | |
|
||||
| database.host | string | `""` | |
|
||||
| database.password | string | `""` | |
|
||||
| database.port | string | `""` | |
|
||||
| database.type | string | `"default"` | |
|
||||
| database.uriOverride | string | `""` | |
|
||||
| database.username | string | `""` | |
|
||||
| domain | string | `""` | |
|
||||
| fullnameOverride | string | `""` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.pullSecrets | list | `[]` | |
|
||||
| image.registry | string | `"docker.io"` | |
|
||||
| image.repository | string | `"vaultwarden/server"` | |
|
||||
| image.tag | string | `"1.24.0"` | |
|
||||
| ingress.additionalAnnotations | object | `{}` | |
|
||||
| ingress.class | string | `"nginx"` | |
|
||||
| ingress.enabled | bool | `false` | |
|
||||
| ingress.hostname | string | `"warden.contoso.com"` | |
|
||||
| ingress.nginxAllowList | string | `""` | |
|
||||
| ingress.nginxIngressAnnotations | bool | `true` | |
|
||||
| ingress.path | string | `"/"` | |
|
||||
| ingress.pathType | string | `"ImplementationSpecific"` | |
|
||||
| ingress.pathTypeWs | string | `"ImplementationSpecific"` | |
|
||||
| ingress.pathWs | string | `"/notifications/hub"` | |
|
||||
| ingress.tls | bool | `true` | |
|
||||
| ingress.tlsSecret | string | `""` | |
|
||||
| initContainers | list | `[]` | |
|
||||
| invitationsAllowed | bool | `true` | |
|
||||
| logging.enabled | bool | `false` | |
|
||||
| logging.logfile | string | `"/data/vaultwarden.log"` | |
|
||||
| logging.loglevel | string | `"warn"` | |
|
||||
| nodeSelector | object | `{}` | |
|
||||
| rocket.port | string | `"8080"` | |
|
||||
| rocket.workers | string | `"10"` | |
|
||||
| service.annotations | object | `{}` | |
|
||||
| service.type | string | `"ClusterIP"` | |
|
||||
| serviceAccount.create | bool | `true` | |
|
||||
| serviceAccount.name | string | `"vaultwarden-svc"` | |
|
||||
| showPassHint | string | `"false"` | |
|
||||
| sidecars | list | `[]` | |
|
||||
| signupDomains | string | `"contoso.com"` | |
|
||||
| signupsAllowed | bool | `true` | |
|
||||
| signupsVerify | string | `"true"` | |
|
||||
| smtp.acceptInvalidCerts | string | `"false"` | |
|
||||
| smtp.acceptInvalidHostnames | string | `"false"` | |
|
||||
| smtp.authMechanism | string | `"Plain"` | |
|
||||
| smtp.debug | bool | `false` | |
|
||||
| smtp.from | string | `""` | |
|
||||
| smtp.fromName | string | `""` | |
|
||||
| smtp.host | string | `""` | |
|
||||
| smtp.password.existingSecretKey | string | `"SMTP_PASSWORD"` | |
|
||||
| smtp.password.value | string | `""` | |
|
||||
| smtp.port | int | `25` | |
|
||||
| smtp.security | string | `"starttls"` | |
|
||||
| smtp.username.existingSecretKey | string | `"SMTP_USERNAME"` | |
|
||||
| smtp.username.value | string | `""` | |
|
||||
| storage.class | string | `"default"` | |
|
||||
| storage.dataDir | string | `"/data"` | |
|
||||
| storage.enabled | bool | `false` | |
|
||||
| storage.size | string | `"15Gi"` | |
|
||||
| tolerations | list | `[]` | |
|
||||
| webVaultEnabled | string | `"true"` | |
|
||||
| websocket.address | string | `"0.0.0.0"` | |
|
||||
| websocket.enabled | bool | `true` | |
|
||||
| websocket.port | int | `3012` | |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
|
@ -1,17 +0,0 @@
|
||||
|
||||
domain: "https://vaultwarden.contoso.com"
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: vaultwarden.contoso.com
|
||||
class: "alb"
|
||||
additionalAnnotations:
|
||||
alb.ingress.kubernetes.io/scheme: internet-facing
|
||||
alb.ingress.kubernetes.io/tags: Environment=dev,Team=test
|
||||
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:ACCOUNT:certificate/LONGID"
|
||||
|
||||
adminToken: "khit9gYQV6ax9LKTTm+s6QbZi5oiuR+3s1PEn9q3IRmCl9IQn7LmBpmFCOYTb7Mr"
|
||||
|
||||
image:
|
||||
pullSecrets:
|
||||
- myRegKey
|
@ -1,7 +0,0 @@
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
Thanks for installing {{ .Chart.Name }}.
|
||||
|
||||
You have named your release: {{ .Release.Name }}.
|
||||
|
||||
Vaultwarden is accessible here: {{ .Values.ingress.hostname }}
|
@ -1,31 +0,0 @@
|
||||
{{/*
|
||||
Return a default application name.
|
||||
*/}}
|
||||
{{- define "vaultwarden.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 20 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "dbPort" -}}
|
||||
{{- if .Values.database.port }}
|
||||
{{- printf "%s%s" ":" .Values.database.port }}
|
||||
{{- else }}
|
||||
{{- printf "%s" "" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return the database string
|
||||
*/}}
|
||||
{{ define "dbString" }}
|
||||
{{- $var := print .Values.database.type "://" .Values.database.username ":" .Values.database.password "@" .Values.database.host (include "dbPort" . ) "/" .Values.database.dbName }}
|
||||
{{- printf "%s" $var }}
|
||||
{{- end -}}
|
@ -1,45 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
data:
|
||||
DOMAIN: {{ .Values.domain | quote }}
|
||||
{{- if ne "default" .Values.database.type }}
|
||||
{{- if .Values.database.uriOverride }}
|
||||
DATABASE_URL: {{ .Values.database.uriOverride }}
|
||||
{{- else }}
|
||||
DATABASE_URL: {{ include "dbString" . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.smtp.host .Values.smtp.from | quote }}
|
||||
SMTP_HOST: {{ .Values.smtp.host | quote }}
|
||||
SMTP_SECURITY: {{ .Values.smtp.security | quote }}
|
||||
SMTP_PORT: {{ .Values.smtp.port | quote }}
|
||||
SMTP_AUTH_MECHANISM: {{ .Values.smtp.authMechanism | quote }}
|
||||
SMTP_FROM: {{ .Values.smtp.from | quote }}
|
||||
SMTP_FROM_NAME: {{ default "Vaultwarden" .Values.smtp.fromName | quote }}
|
||||
SMTP_DEBUG: {{ .Values.smtp.debug | quote }}
|
||||
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.smtp.acceptInvalidHostnames | quote }}
|
||||
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.smtp.acceptInvalidCerts | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.websocket.enabled }}
|
||||
WEBSOCKET_ENABLED: "true"
|
||||
WEBSOCKET_ADDRESS: {{ .Values.websocket.address | quote }}
|
||||
WEBSOCKET_PORT: {{ .Values.websocket.port | quote }}
|
||||
{{- end }}
|
||||
DATA_FOLDER: {{ .Values.storage.dataDir | quote }}
|
||||
ROCKET_PORT: {{ .Values.rocket.port | quote }}
|
||||
ROCKET_WORKERS: {{ .Values.rocket.workers | quote }}
|
||||
SHOW_PASSWORD_HINT: {{ .Values.showPassHint | quote }}
|
||||
SIGNUPS_ALLOWED: {{ .Values.signupsAllowed | quote }}
|
||||
INVITATIONS_ALLOWED: {{ .Values.invitationsAllowed | quote }}
|
||||
SIGNUPS_DOMAINS_WHITELIST: {{ .Values.signupDomains | quote }}
|
||||
SIGNUPS_VERIFY: {{ .Values.signupsVerify | quote }}
|
||||
WEB_VAULT_ENABLED: {{ .Values.webVaultEnabled | quote }}
|
||||
{{- if .Values.logging.enabled }}
|
||||
LOG_FILE: {{ .Values.logging.logfile | quote }}
|
||||
LOG_LEVEL: {{ .Values.logging.loglevel | quote }}
|
||||
{{- end }}
|
@ -1,71 +0,0 @@
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- $newAPIversion := .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
|
||||
{{- if $newAPIversion }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else }}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
annotations:
|
||||
ingress.kubernetes.io/rewrite-target: /
|
||||
{{- if .Values.ingress.tls }}
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.additionalAnnotations }}
|
||||
{{- toYaml .Values.ingress.additionalAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.nginxIngressAnnotations }}
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
more_set_headers "Request-Id: $req_id";
|
||||
nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/limit-connections: "25"
|
||||
nginx.ingress.kubernetes.io/limit-rps: "15"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
|
||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
|
||||
{{- if .Values.ingress.nginxAllowList }}
|
||||
nginx.ingress.kubernetes.io/whitelist-source-range: {{ .Values.ingress.nginxAllowList }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.class }}
|
||||
ingressClassName: {{ .Values.ingress.class | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
{{- if eq "nginx" .Values.ingress.class }}
|
||||
secretName: {{ .Values.ingress.tlsSecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostname | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ .Values.ingress.path }}
|
||||
pathType: {{ .Values.ingress.pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
port:
|
||||
name: "http"
|
||||
{{- if .Values.websocket.enabled }}
|
||||
- path: {{ .Values.ingress.pathWs }}
|
||||
pathType: {{ .Values.ingress.pathTypeWs }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
port:
|
||||
name: "websocket"
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,48 +0,0 @@
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ .Values.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
rules:
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources: ["deployments"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["create","delete","get","list","patch","update","watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods/exec"]
|
||||
verbs: ["create","delete","get","list","patch","update","watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods/log"]
|
||||
verbs: ["get","list","watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.serviceAccount.name }}
|
||||
{{- end }}
|
@ -1,18 +0,0 @@
|
||||
{{ if not (and (hasKey .Values.smtp "existingSecret") (hasKey .Values.adminToken "existingSecret")) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if not (hasKey .Values.smtp "existingSecret") }}
|
||||
SMTP_PASSWORD: {{ .Values.smtp.password.value | b64enc | quote }}
|
||||
SMTP_USERNAME: {{ .Values.smtp.username.value | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if not (hasKey .Values.adminToken "existingSecret") }}
|
||||
ADMIN_TOKEN: {{ .Values.adminToken.value | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{ end }}
|
@ -1,26 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
{{- if .Values.service.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.service.type | quote }}
|
||||
selector:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
ports:
|
||||
- name: "http"
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
{{- if .Values.websocket.enabled }}
|
||||
- name: "websocket"
|
||||
port: 3012
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.websocket.port }}
|
||||
{{- end }}
|
@ -1,102 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
spec:
|
||||
serviceName: vaultwarden
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vaultwarden
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: vaultwarden
|
||||
app.kubernetes.io/component: vaultwarden
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha1sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha1sum }}
|
||||
spec:
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml .Values.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml .Values.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml .Values.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
{{- if .Values.initContainers }}
|
||||
{{- toYaml .Values.initContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
name: vaultwarden
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "vaultwarden.fullname" . }}
|
||||
env:
|
||||
- name: SMTP_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }}
|
||||
key: {{ default "SMTP_USERNAME" .Values.smtp.username.existingSecretKey }}
|
||||
- name: SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }}
|
||||
key: {{ default "SMTP_PASSWORD" .Values.smtp.password.existingSecretKey }}
|
||||
- name: ADMIN_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ default (include "vaultwarden.fullname" .) .Values.adminToken.existingSecret }}
|
||||
key: {{ default "ADMIN_TOKEN" .Values.adminToken.existingSecretKey }}
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
protocol: TCP
|
||||
- containerPort: {{ .Values.websocket.port }}
|
||||
name: websocket
|
||||
protocol: TCP
|
||||
{{- if .Values.storage.enabled }}
|
||||
volumeMounts:
|
||||
- name: vaultwarden-data
|
||||
mountPath: {{ .Values.storage.dataDir }}
|
||||
{{- end }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: 300m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 256Mi
|
||||
{{- if .Values.sidecars }}
|
||||
{{- toYaml .Values.sidecars | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- if .Values.storage.enabled }}
|
||||
persistentVolumeClaimRetentionPolicy:
|
||||
whenDeleted: Retain
|
||||
whenScaled: Retain
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: vaultwarden-data
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.storage.size }}
|
||||
storageClassName: {{ default "default" .Values.storage.class }}
|
||||
{{- end }}
|
@ -1,282 +0,0 @@
|
||||
|
||||
## @section Vaultwarden settings
|
||||
##
|
||||
image:
|
||||
## @param image.registry Vaultwarden image registry
|
||||
##
|
||||
registry: docker.io
|
||||
## @param image.repository Vaultwarden image repository
|
||||
##
|
||||
repository: vaultwarden/server
|
||||
##
|
||||
## @param image.tag Vaultwarden image tag
|
||||
## Ref: https://hub.docker.com/r/vaultwarden/server/tags
|
||||
##
|
||||
tag: "1.24.0"
|
||||
## @param image.pullPolicy Vaultwarden image pull policy
|
||||
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
## @param image.pullSecrets Specify docker-registry secret names
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## Example:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## @param domain Domain name where the application is accessed
|
||||
## Example: https://warden.contoso.com:8443
|
||||
##
|
||||
domain: ""
|
||||
## @param websocket.enabled Enable websocket notifications
|
||||
## @param websocket.address Websocket listen address
|
||||
## @param websocket.port Websocket listen port
|
||||
##
|
||||
websocket:
|
||||
enabled: true
|
||||
address: "0.0.0.0"
|
||||
port: 3012
|
||||
## @param rocket.port Rocket port
|
||||
## @param rocket.workers Rocket number of workers
|
||||
##
|
||||
rocket:
|
||||
port: "8080"
|
||||
workers: "10"
|
||||
## @param webVaultEnabled Enable Web Vault
|
||||
##
|
||||
webVaultEnabled: "true"
|
||||
|
||||
## @section Security settings
|
||||
##
|
||||
## @param adminToken The admin token used for /admin
|
||||
##
|
||||
adminToken:
|
||||
#existingSecret: vaultwarden
|
||||
existingSecretKey: ADMIN_TOKEN
|
||||
value: "R@ndomToken$tring"
|
||||
## @param signupsAllowed By default, anyone who can access your instance can register for a new account.
|
||||
## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is
|
||||
## an organization owner or admin can still invite new users. If you want to disable this as well, set
|
||||
## invitationsAllowed to false. The vaultwarden admin can invite anyone via the admin page, regardless
|
||||
## of any of the restrictions above
|
||||
##
|
||||
## If signupDomains is set, then the value of signupsAllowed is ignored
|
||||
signupsAllowed: true
|
||||
## @param invitationsAllowed Even when registration is disabled, organization administrators or owners can
|
||||
## invite users to join organization. After they are invited, they can register with the invited email even
|
||||
## if signupsAllowed is actually set to false. You can disable this functionality completely by setting
|
||||
## invitationsAllowed env variable to false
|
||||
invitationsAllowed: true
|
||||
## @param signupDomains List of domain names for users allowed to register
|
||||
##
|
||||
signupDomains: "contoso.com"
|
||||
## @param signupsVerify Whether to require account verification for newly-registered users.
|
||||
##
|
||||
signupsVerify: "true"
|
||||
## @param showPassHint Whether a password hint should be shown in the page.
|
||||
##
|
||||
showPassHint: "false"
|
||||
## @param fullnameOverride String to override the application name.
|
||||
##
|
||||
fullnameOverride: ""
|
||||
## @param serviceAccount.create Create a service account
|
||||
## @param serviceAccount.name Name of the service account to create
|
||||
##
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: "vaultwarden-svc"
|
||||
|
||||
## @section Exposure Parameters
|
||||
##
|
||||
|
||||
## Ingress configuration
|
||||
## Refer to the README for some examples
|
||||
##
|
||||
ingress:
|
||||
## @param ingress.enabled Deploy an ingress resource.
|
||||
##
|
||||
enabled: false
|
||||
## @param ingress.class Ingress resource class
|
||||
## The Ingress class to use, e. g. "nginx" for a nginx ingress controller or "alb" for a AWS LB controller.
|
||||
#
|
||||
class: "nginx"
|
||||
## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations
|
||||
## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/)
|
||||
##
|
||||
nginxIngressAnnotations: true
|
||||
## @param ingress.additionalAnnotations Additional annotations for the ingress resource.
|
||||
##
|
||||
additionalAnnotations: {}
|
||||
## @param ingress.tls Enable TLS on the ingress resource.
|
||||
##
|
||||
tls: true
|
||||
## @param ingress.hostname Hostname for the ingress.
|
||||
##
|
||||
hostname: "warden.contoso.com"
|
||||
## @param ingress.path Default application path for the ingress
|
||||
##
|
||||
path: "/"
|
||||
## @param ingress.pathWs Path for the websocket ingress
|
||||
##
|
||||
pathWs: "/notifications/hub"
|
||||
## @param ingress.pathType Path type for the ingress
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
||||
##
|
||||
pathType: "ImplementationSpecific"
|
||||
## @param ingress.pathTypeWs Path type for the ingress
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
||||
##
|
||||
pathTypeWs: "ImplementationSpecific"
|
||||
## @param ingress.tlsSecret Kubernetes secret containing the SSL certificate when using the "nginx" class.
|
||||
##
|
||||
tlsSecret: ""
|
||||
## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow.
|
||||
##
|
||||
nginxAllowList: ""
|
||||
## TODO:
|
||||
## - Add support for using cert-manager.
|
||||
## - Support for multiple TLS hostnames.
|
||||
##
|
||||
|
||||
## Service configuration
|
||||
service:
|
||||
## @param service.type Service type
|
||||
##
|
||||
type: "ClusterIP"
|
||||
## @param service.annotations Additional annotations for the vaultwarden service
|
||||
##
|
||||
annotations: {}
|
||||
|
||||
## @section Database Configuration
|
||||
##
|
||||
database:
|
||||
## @param database.type Database type, either mysql or postgresql
|
||||
## Default is a sqlite database.
|
||||
##
|
||||
type: "default"
|
||||
## @param database.host Database hostname or IP address
|
||||
##
|
||||
host: ""
|
||||
## @param database.port Database port
|
||||
## Default for MySQL is 3306, default for PostgreSQL is 5432
|
||||
port: ""
|
||||
## @param database.username Database username
|
||||
##
|
||||
username: ""
|
||||
## @param database.password Database password
|
||||
##
|
||||
password: ""
|
||||
## @param database.dbName Database name
|
||||
##
|
||||
dbName: ""
|
||||
## @param database.uriOverride Manually specify the DB connection string
|
||||
##
|
||||
uriOverride: ""
|
||||
|
||||
## @section SMTP Configuration
|
||||
##
|
||||
smtp:
|
||||
#existingSecret: vaultwarden
|
||||
## @param smtp.host SMTP host
|
||||
##
|
||||
host: ""
|
||||
## @param smtp.security SMTP Encryption method
|
||||
## Possible values:
|
||||
## - starttls: explicit TLS using ports 587 or 25
|
||||
## - force_tls: implicit TLS using port 465
|
||||
## - off: no encryption, using port 25, unless using STARTTLS
|
||||
##
|
||||
security: "starttls"
|
||||
## @param smtp.port SMTP port
|
||||
##
|
||||
port: 25
|
||||
## @param smtp.from SMTP sender email address
|
||||
## Example: juan.delacruz@gmail.com
|
||||
##
|
||||
from: ""
|
||||
## @param smtp.fromName SMTP sender FROM
|
||||
##
|
||||
fromName: ""
|
||||
## @param smtp.username Username for the SMTP authentication.
|
||||
## Example: juan
|
||||
##
|
||||
username:
|
||||
existingSecretKey: SMTP_USERNAME
|
||||
value: ""
|
||||
## @param smtp.password Password for the SMTP service.
|
||||
##
|
||||
password:
|
||||
existingSecretKey: SMTP_PASSWORD
|
||||
value: ""
|
||||
## @param smtp.authMechanism SMTP authentication mechanism
|
||||
## Possible values: "Plain", "Login", "Xoauth2"
|
||||
## Multiple options need to be separated by a comma. (not tested)
|
||||
##
|
||||
authMechanism: "Plain"
|
||||
## @param smtp.acceptInvalidHostnames Accept Invalid Hostnames
|
||||
##
|
||||
acceptInvalidHostnames: "false"
|
||||
## @param smtp.acceptInvalidCerts Accept Invalid Certificates
|
||||
##
|
||||
acceptInvalidCerts: "false"
|
||||
## @param smtp.debug SMTP debugging
|
||||
##
|
||||
debug: false
|
||||
|
||||
## @section Storage Configuration
|
||||
##
|
||||
storage:
|
||||
## @param storage.enabled Enable configuration for persistent storage
|
||||
##
|
||||
enabled: false
|
||||
## @param storage.size Storage size for /data
|
||||
##
|
||||
size: "15Gi"
|
||||
## @param storage.class Specify the storage class
|
||||
##
|
||||
class: "default"
|
||||
## @param storage.dataDir Specify the data directory
|
||||
##
|
||||
dataDir: "/data"
|
||||
|
||||
## @section Logging Configuration
|
||||
##
|
||||
logging:
|
||||
## @param logging.enabled Enable logging to a file
|
||||
##
|
||||
enabled: false
|
||||
## @param logging.logfile Specify logfile path for output log
|
||||
##
|
||||
logfile: "/data/vaultwarden.log"
|
||||
## @param logging.loglevel Specify the log level
|
||||
##
|
||||
loglevel: "warn"
|
||||
|
||||
## @section Extra containers Configuration
|
||||
##
|
||||
|
||||
## @param initContainers extra init containers for initializing the vaultwarden instance
|
||||
##
|
||||
initContainers: []
|
||||
|
||||
## @param sidecars extra containers running alongside the vaultwarden instance
|
||||
##
|
||||
sidecars: []
|
||||
|
||||
## @section Extra Configuration
|
||||
##
|
||||
|
||||
## @param nodeSelector Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
|
||||
##
|
||||
nodeSelector: {}
|
||||
|
||||
## @param affinity Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
## @param tolerations Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
Loading…
Reference in New Issue
Block a user