s83/oecis-charts
1
0
Fork 0
mirror of https://gitlab.com/oecis/charts.git synced 2024-11-19 13:19:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

remove vaultwarden

Browse Source
This commit is contained in:
Jrester 2023-08-28 11:57:49 +02:00
parent 69ec141244
commit ac889209f2
17 changed files with 0 additions and 835 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
charts/vaultwarden/.github/FUNDING.yml vendored
View File

@ -1 +0,0 @@
github: [guerzon]

5
charts/vaultwarden/.gitignore vendored
View File

@ -1,5 +0,0 @@
*.tgz
/.idea/*
.vscode
.DS_Store
testing-values.yaml

21
charts/vaultwarden/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

33
charts/vaultwarden/CONTRIBUTING.md
View File

@ -1,33 +0,0 @@
# Contributing Guide
## Requirements
1. Fork this repository, develop, and test your changes.
2. Submit a pull request.
### Technical Requirements
When submitting a pull request, please ensure that:
- The PR follow [Helm best practices](https://helm.sh/docs/chart_best_practices/).
- Any change to a chart requires a version bump following [semver](https://semver.org/) principles.
- The tables of parameters are generated based on the metadata information from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
A quick way to do this is to run the tool via Docker:
```bash
# Clone and build:
git clone https://github.com/bitnami-labs/readme-generator-for-helm
cd readme-generator-for-helm/
docker build -t readme-gen .
# Run the tool and mount the current project directory.
cd <this-project-dir>
docker run --rm -d -it --name readmegen -v $(pwd):/mnt readme-gen bash
docker exec -it readmegen bash
# Update the values documentation
cd /mnt
readme-generator -v values.yaml -r README.md
```

15
charts/vaultwarden/Chart.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v2
name: vaultwarden
description: vaultwarden is an unofficial Bitwarden-compatible server written in Rust
keywords:
- Rust
- vaultwarden
sources:
- https://github.com/guerzon/vaultwarden
- https://github.com/dani-garcia/vaultwarden
appVersion: 1.24.0
maintainers:
- name: Lester Guerzon
email: lester.guerzon@gmail.com
url: https://github.com/guerzon
version: 0.8.0

21
charts/vaultwarden/LICENSE
View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2022 Lester Guerzon
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

92
charts/vaultwarden/README.md
View File

@ -1,92 +0,0 @@
# vaultwarden
![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 1.24.0](https://img.shields.io/badge/AppVersion-1.24.0-informational?style=flat-square)
vaultwarden is an unofficial Bitwarden-compatible server written in Rust
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Lester Guerzon | <lester.guerzon@gmail.com> | <https://github.com/guerzon> |
## Source Code
* <https://github.com/guerzon/vaultwarden>
* <https://github.com/dani-garcia/vaultwarden>
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| adminToken.existingSecretKey | string | `"ADMIN_TOKEN"` | |
| adminToken.value | string | `"R@ndomToken$tring"` | |
| affinity | object | `{}` | |
| database.dbName | string | `""` | |
| database.host | string | `""` | |
| database.password | string | `""` | |
| database.port | string | `""` | |
| database.type | string | `"default"` | |
| database.uriOverride | string | `""` | |
| database.username | string | `""` | |
| domain | string | `""` | |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.pullSecrets | list | `[]` | |
| image.registry | string | `"docker.io"` | |
| image.repository | string | `"vaultwarden/server"` | |
| image.tag | string | `"1.24.0"` | |
| ingress.additionalAnnotations | object | `{}` | |
| ingress.class | string | `"nginx"` | |
| ingress.enabled | bool | `false` | |
| ingress.hostname | string | `"warden.contoso.com"` | |
| ingress.nginxAllowList | string | `""` | |
| ingress.nginxIngressAnnotations | bool | `true` | |
| ingress.path | string | `"/"` | |
| ingress.pathType | string | `"ImplementationSpecific"` | |
| ingress.pathTypeWs | string | `"ImplementationSpecific"` | |
| ingress.pathWs | string | `"/notifications/hub"` | |
| ingress.tls | bool | `true` | |
| ingress.tlsSecret | string | `""` | |
| initContainers | list | `[]` | |
| invitationsAllowed | bool | `true` | |
| logging.enabled | bool | `false` | |
| logging.logfile | string | `"/data/vaultwarden.log"` | |
| logging.loglevel | string | `"warn"` | |
| nodeSelector | object | `{}` | |
| rocket.port | string | `"8080"` | |
| rocket.workers | string | `"10"` | |
| service.annotations | object | `{}` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `"vaultwarden-svc"` | |
| showPassHint | string | `"false"` | |
| sidecars | list | `[]` | |
| signupDomains | string | `"contoso.com"` | |
| signupsAllowed | bool | `true` | |
| signupsVerify | string | `"true"` | |
| smtp.acceptInvalidCerts | string | `"false"` | |
| smtp.acceptInvalidHostnames | string | `"false"` | |
| smtp.authMechanism | string | `"Plain"` | |
| smtp.debug | bool | `false` | |
| smtp.from | string | `""` | |
| smtp.fromName | string | `""` | |
| smtp.host | string | `""` | |
| smtp.password.existingSecretKey | string | `"SMTP_PASSWORD"` | |
| smtp.password.value | string | `""` | |
| smtp.port | int | `25` | |
| smtp.security | string | `"starttls"` | |
| smtp.username.existingSecretKey | string | `"SMTP_USERNAME"` | |
| smtp.username.value | string | `""` | |
| storage.class | string | `"default"` | |
| storage.dataDir | string | `"/data"` | |
| storage.enabled | bool | `false` | |
| storage.size | string | `"15Gi"` | |
| tolerations | list | `[]` | |
| webVaultEnabled | string | `"true"` | |
| websocket.address | string | `"0.0.0.0"` | |
| websocket.enabled | bool | `true` | |
| websocket.port | int | `3012` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

17
charts/vaultwarden/demo.yaml
View File

@ -1,17 +0,0 @@
domain: "https://vaultwarden.contoso.com"
ingress:
enabled: true
hostname: vaultwarden.contoso.com
class: "alb"
additionalAnnotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/tags: Environment=dev,Team=test
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:ACCOUNT:certificate/LONGID"
adminToken: "khit9gYQV6ax9LKTTm+s6QbZi5oiuR+3s1PEn9q3IRmCl9IQn7LmBpmFCOYTb7Mr"
image:
pullSecrets:
- myRegKey

7
charts/vaultwarden/templates/NOTES.txt
View File

@ -1,7 +0,0 @@
** Please be patient while the chart is being deployed **
Thanks for installing {{ .Chart.Name }}.
You have named your release: {{ .Release.Name }}.
Vaultwarden is accessible here: {{ .Values.ingress.hostname }}

31
charts/vaultwarden/templates/_helpers.tpl
View File

@ -1,31 +0,0 @@
{{/*
Return a default application name.
*/}}
{{- define "vaultwarden.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 20 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "dbPort" -}}
{{- if .Values.database.port }}
{{- printf "%s%s" ":" .Values.database.port }}
{{- else }}
{{- printf "%s" "" }}
{{- end }}
{{- end }}
{{/*
Return the database string
*/}}
{{ define "dbString" }}
{{- $var := print .Values.database.type "://" .Values.database.username ":" .Values.database.password "@" .Values.database.host (include "dbPort" . ) "/" .Values.database.dbName }}
{{- printf "%s" $var }}
{{- end -}}

45
charts/vaultwarden/templates/configmap.yaml
View File

@ -1,45 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
data:
DOMAIN: {{ .Values.domain | quote }}
{{- if ne "default" .Values.database.type }}
{{- if .Values.database.uriOverride }}
DATABASE_URL: {{ .Values.database.uriOverride }}
{{- else }}
DATABASE_URL: {{ include "dbString" . | quote }}
{{- end }}
{{- end }}
{{- if and .Values.smtp.host .Values.smtp.from | quote }}
SMTP_HOST: {{ .Values.smtp.host | quote }}
SMTP_SECURITY: {{ .Values.smtp.security | quote }}
SMTP_PORT: {{ .Values.smtp.port | quote }}
SMTP_AUTH_MECHANISM: {{ .Values.smtp.authMechanism | quote }}
SMTP_FROM: {{ .Values.smtp.from | quote }}
SMTP_FROM_NAME: {{ default "Vaultwarden" .Values.smtp.fromName | quote }}
SMTP_DEBUG: {{ .Values.smtp.debug | quote }}
SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.smtp.acceptInvalidHostnames | quote }}
SMTP_ACCEPT_INVALID_CERTS: {{ .Values.smtp.acceptInvalidCerts | quote }}
{{- end }}
{{- if .Values.websocket.enabled }}
WEBSOCKET_ENABLED: "true"
WEBSOCKET_ADDRESS: {{ .Values.websocket.address | quote }}
WEBSOCKET_PORT: {{ .Values.websocket.port | quote }}
{{- end }}
DATA_FOLDER: {{ .Values.storage.dataDir | quote }}
ROCKET_PORT: {{ .Values.rocket.port | quote }}
ROCKET_WORKERS: {{ .Values.rocket.workers | quote }}
SHOW_PASSWORD_HINT: {{ .Values.showPassHint | quote }}
SIGNUPS_ALLOWED: {{ .Values.signupsAllowed | quote }}
INVITATIONS_ALLOWED: {{ .Values.invitationsAllowed | quote }}
SIGNUPS_DOMAINS_WHITELIST: {{ .Values.signupDomains | quote }}
SIGNUPS_VERIFY: {{ .Values.signupsVerify | quote }}
WEB_VAULT_ENABLED: {{ .Values.webVaultEnabled | quote }}
{{- if .Values.logging.enabled }}
LOG_FILE: {{ .Values.logging.logfile | quote }}
LOG_LEVEL: {{ .Values.logging.loglevel | quote }}
{{- end }}

71
charts/vaultwarden/templates/ingress.yaml
View File

@ -1,71 +0,0 @@
{{- if .Values.ingress.enabled }}
{{- $newAPIversion := .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- if $newAPIversion }}
apiVersion: networking.k8s.io/v1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
annotations:
ingress.kubernetes.io/rewrite-target: /
{{- if .Values.ingress.tls }}
ingress.kubernetes.io/ssl-redirect: "true"
{{- end }}
{{- if .Values.ingress.additionalAnnotations }}
{{- toYaml .Values.ingress.additionalAnnotations | nindent 4 }}
{{- end }}
{{- if .Values.ingress.nginxIngressAnnotations }}
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Request-Id: $req_id";
nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/limit-connections: "25"
nginx.ingress.kubernetes.io/limit-rps: "15"
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
{{- if .Values.ingress.nginxAllowList }}
nginx.ingress.kubernetes.io/whitelist-source-range: {{ .Values.ingress.nginxAllowList }}
{{- end }}
{{- end }}
spec:
{{- if .Values.ingress.class }}
ingressClassName: {{ .Values.ingress.class | quote }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
- hosts:
- {{ .Values.ingress.hostname | quote }}
{{- if eq "nginx" .Values.ingress.class }}
secretName: {{ .Values.ingress.tlsSecret }}
{{- end }}
{{- end }}
rules:
- host: {{ .Values.ingress.hostname | quote }}
http:
paths:
- path: {{ .Values.ingress.path }}
pathType: {{ .Values.ingress.pathType }}
backend:
service:
name: {{ include "vaultwarden.fullname" . }}
port:
name: "http"
{{- if .Values.websocket.enabled }}
- path: {{ .Values.ingress.pathWs }}
pathType: {{ .Values.ingress.pathTypeWs }}
backend:
service:
name: {{ include "vaultwarden.fullname" . }}
port:
name: "websocket"
{{- end }}
{{- end }}

48
charts/vaultwarden/templates/rbac.yaml
View File

@ -1,48 +0,0 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "vaultwarden.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.name }}
{{- end }}

18
charts/vaultwarden/templates/secrets.yaml
View File

@ -1,18 +0,0 @@
{{ if not (and (hasKey .Values.smtp "existingSecret") (hasKey .Values.adminToken "existingSecret")) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
type: Opaque
data:
{{- if not (hasKey .Values.smtp "existingSecret") }}
SMTP_PASSWORD: {{ .Values.smtp.password.value | b64enc | quote }}
SMTP_USERNAME: {{ .Values.smtp.username.value | b64enc | quote }}
{{- end }}
{{- if not (hasKey .Values.adminToken "existingSecret") }}
ADMIN_TOKEN: {{ .Values.adminToken.value | b64enc | quote }}
{{- end }}
{{ end }}

26
charts/vaultwarden/templates/service.yaml
View File

@ -1,26 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
{{- if .Values.service.annotations }}
annotations:
{{- toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type | quote }}
selector:
app.kubernetes.io/component: vaultwarden
ports:
- name: "http"
port: 80
protocol: TCP
targetPort: 8080
{{- if .Values.websocket.enabled }}
- name: "websocket"
port: 3012
protocol: TCP
targetPort: {{ .Values.websocket.port }}
{{- end }}

102
charts/vaultwarden/templates/statefulset.yaml
View File

@ -1,102 +0,0 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "vaultwarden.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: vaultwarden
spec:
serviceName: vaultwarden
replicas: 1
selector:
matchLabels:
app: vaultwarden
app.kubernetes.io/component: vaultwarden
template:
metadata:
labels:
app: vaultwarden
app.kubernetes.io/component: vaultwarden
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha1sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha1sum }}
spec:
{{- if .Values.nodeSelector }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.initContainers }}
{{- toYaml .Values.initContainers | nindent 8 }}
{{- end }}
containers:
- image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: vaultwarden
envFrom:
- configMapRef:
name: {{ include "vaultwarden.fullname" . }}
env:
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }}
key: {{ default "SMTP_USERNAME" .Values.smtp.username.existingSecretKey }}
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }}
key: {{ default "SMTP_PASSWORD" .Values.smtp.password.existingSecretKey }}
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: {{ default (include "vaultwarden.fullname" .) .Values.adminToken.existingSecret }}
key: {{ default "ADMIN_TOKEN" .Values.adminToken.existingSecretKey }}
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: {{ .Values.websocket.port }}
name: websocket
protocol: TCP
{{- if .Values.storage.enabled }}
volumeMounts:
- name: vaultwarden-data
mountPath: {{ .Values.storage.dataDir }}
{{- end }}
resources:
limits:
cpu: 300m
memory: 1Gi
requests:
cpu: 50m
memory: 256Mi
{{- if .Values.sidecars }}
{{- toYaml .Values.sidecars | nindent 8 }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
{{- if .Values.storage.enabled }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
volumeClaimTemplates:
- metadata:
name: vaultwarden-data
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: {{ .Values.storage.size }}
storageClassName: {{ default "default" .Values.storage.class }}
{{- end }}

282
charts/vaultwarden/values.yaml
View File

@ -1,282 +0,0 @@
## @section Vaultwarden settings
##
image:
## @param image.registry Vaultwarden image registry
##
registry: docker.io
## @param image.repository Vaultwarden image repository
##
repository: vaultwarden/server
##
## @param image.tag Vaultwarden image tag
## Ref: https://hub.docker.com/r/vaultwarden/server/tags
##
tag: "1.24.0"
## @param image.pullPolicy Vaultwarden image pull policy
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## @param image.pullSecrets Specify docker-registry secret names
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param domain Domain name where the application is accessed
## Example: https://warden.contoso.com:8443
##
domain: ""
## @param websocket.enabled Enable websocket notifications
## @param websocket.address Websocket listen address
## @param websocket.port Websocket listen port
##
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
## @param rocket.port Rocket port
## @param rocket.workers Rocket number of workers
##
rocket:
port: "8080"
workers: "10"
## @param webVaultEnabled Enable Web Vault
##
webVaultEnabled: "true"
## @section Security settings
##
## @param adminToken The admin token used for /admin
##
adminToken:
#existingSecret: vaultwarden
existingSecretKey: ADMIN_TOKEN
value: "R@ndomToken$tring"
## @param signupsAllowed By default, anyone who can access your instance can register for a new account.
## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is
## an organization owner or admin can still invite new users. If you want to disable this as well, set
## invitationsAllowed to false. The vaultwarden admin can invite anyone via the admin page, regardless
## of any of the restrictions above
##
## If signupDomains is set, then the value of signupsAllowed is ignored
signupsAllowed: true
## @param invitationsAllowed Even when registration is disabled, organization administrators or owners can
## invite users to join organization. After they are invited, they can register with the invited email even
## if signupsAllowed is actually set to false. You can disable this functionality completely by setting
## invitationsAllowed env variable to false
invitationsAllowed: true
## @param signupDomains List of domain names for users allowed to register
##
signupDomains: "contoso.com"
## @param signupsVerify Whether to require account verification for newly-registered users.
##
signupsVerify: "true"
## @param showPassHint Whether a password hint should be shown in the page.
##
showPassHint: "false"
## @param fullnameOverride String to override the application name.
##
fullnameOverride: ""
## @param serviceAccount.create Create a service account
## @param serviceAccount.name Name of the service account to create
##
serviceAccount:
create: true
name: "vaultwarden-svc"
## @section Exposure Parameters
##
## Ingress configuration
## Refer to the README for some examples
##
ingress:
## @param ingress.enabled Deploy an ingress resource.
##
enabled: false
## @param ingress.class Ingress resource class
## The Ingress class to use, e. g. "nginx" for a nginx ingress controller or "alb" for a AWS LB controller.
#
class: "nginx"
## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations
## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/)
##
nginxIngressAnnotations: true
## @param ingress.additionalAnnotations Additional annotations for the ingress resource.
##
additionalAnnotations: {}
## @param ingress.tls Enable TLS on the ingress resource.
##
tls: true
## @param ingress.hostname Hostname for the ingress.
##
hostname: "warden.contoso.com"
## @param ingress.path Default application path for the ingress
##
path: "/"
## @param ingress.pathWs Path for the websocket ingress
##
pathWs: "/notifications/hub"
## @param ingress.pathType Path type for the ingress
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
pathType: "ImplementationSpecific"
## @param ingress.pathTypeWs Path type for the ingress
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
pathTypeWs: "ImplementationSpecific"
## @param ingress.tlsSecret Kubernetes secret containing the SSL certificate when using the "nginx" class.
##
tlsSecret: ""
## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow.
##
nginxAllowList: ""
## TODO:
## - Add support for using cert-manager.
## - Support for multiple TLS hostnames.
##
## Service configuration
service:
## @param service.type Service type
##
type: "ClusterIP"
## @param service.annotations Additional annotations for the vaultwarden service
##
annotations: {}
## @section Database Configuration
##
database:
## @param database.type Database type, either mysql or postgresql
## Default is a sqlite database.
##
type: "default"
## @param database.host Database hostname or IP address
##
host: ""
## @param database.port Database port
## Default for MySQL is 3306, default for PostgreSQL is 5432
port: ""
## @param database.username Database username
##
username: ""
## @param database.password Database password
##
password: ""
## @param database.dbName Database name
##
dbName: ""
## @param database.uriOverride Manually specify the DB connection string
##
uriOverride: ""
## @section SMTP Configuration
##
smtp:
#existingSecret: vaultwarden
## @param smtp.host SMTP host
##
host: ""
## @param smtp.security SMTP Encryption method
## Possible values:
## - starttls: explicit TLS using ports 587 or 25
## - force_tls: implicit TLS using port 465
## - off: no encryption, using port 25, unless using STARTTLS
##
security: "starttls"
## @param smtp.port SMTP port
##
port: 25
## @param smtp.from SMTP sender email address
## Example: juan.delacruz@gmail.com
##
from: ""
## @param smtp.fromName SMTP sender FROM
##
fromName: ""
## @param smtp.username Username for the SMTP authentication.
## Example: juan
##
username:
existingSecretKey: SMTP_USERNAME
value: ""
## @param smtp.password Password for the SMTP service.
##
password:
existingSecretKey: SMTP_PASSWORD
value: ""
## @param smtp.authMechanism SMTP authentication mechanism
## Possible values: "Plain", "Login", "Xoauth2"
## Multiple options need to be separated by a comma. (not tested)
##
authMechanism: "Plain"
## @param smtp.acceptInvalidHostnames Accept Invalid Hostnames
##
acceptInvalidHostnames: "false"
## @param smtp.acceptInvalidCerts Accept Invalid Certificates
##
acceptInvalidCerts: "false"
## @param smtp.debug SMTP debugging
##
debug: false
## @section Storage Configuration
##
storage:
## @param storage.enabled Enable configuration for persistent storage
##
enabled: false
## @param storage.size Storage size for /data
##
size: "15Gi"
## @param storage.class Specify the storage class
##
class: "default"
## @param storage.dataDir Specify the data directory
##
dataDir: "/data"
## @section Logging Configuration
##
logging:
## @param logging.enabled Enable logging to a file
##
enabled: false
## @param logging.logfile Specify logfile path for output log
##
logfile: "/data/vaultwarden.log"
## @param logging.loglevel Specify the log level
##
loglevel: "warn"
## @section Extra containers Configuration
##
## @param initContainers extra init containers for initializing the vaultwarden instance
##
initContainers: []
## @param sidecars extra containers running alongside the vaultwarden instance
##
sidecars: []
## @section Extra Configuration
##
## @param nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
##
nodeSelector: {}
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []