mirror of
https://gitlab.com/oecis/charts.git
synced 2024-11-15 00:28:59 +00:00
283 lines
8.3 KiB
YAML
283 lines
8.3 KiB
YAML
|
|
## @section Vaultwarden settings
|
|
##
|
|
image:
|
|
## @param image.registry Vaultwarden image registry
|
|
##
|
|
registry: docker.io
|
|
## @param image.repository Vaultwarden image repository
|
|
##
|
|
repository: vaultwarden/server
|
|
##
|
|
## @param image.tag Vaultwarden image tag
|
|
## Ref: https://hub.docker.com/r/vaultwarden/server/tags
|
|
##
|
|
tag: "1.24.0"
|
|
## @param image.pullPolicy Vaultwarden image pull policy
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## @param image.pullSecrets Specify docker-registry secret names
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## Example:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## @param domain Domain name where the application is accessed
|
|
## Example: https://warden.contoso.com:8443
|
|
##
|
|
domain: ""
|
|
## @param websocket.enabled Enable websocket notifications
|
|
## @param websocket.address Websocket listen address
|
|
## @param websocket.port Websocket listen port
|
|
##
|
|
websocket:
|
|
enabled: true
|
|
address: "0.0.0.0"
|
|
port: 3012
|
|
## @param rocket.port Rocket port
|
|
## @param rocket.workers Rocket number of workers
|
|
##
|
|
rocket:
|
|
port: "8080"
|
|
workers: "10"
|
|
## @param webVaultEnabled Enable Web Vault
|
|
##
|
|
webVaultEnabled: "true"
|
|
|
|
## @section Security settings
|
|
##
|
|
## @param adminToken The admin token used for /admin
|
|
##
|
|
adminToken:
|
|
#existingSecret: vaultwarden
|
|
existingSecretKey: ADMIN_TOKEN
|
|
value: "R@ndomToken$tring"
|
|
## @param signupsAllowed By default, anyone who can access your instance can register for a new account.
|
|
## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is
|
|
## an organization owner or admin can still invite new users. If you want to disable this as well, set
|
|
## invitationsAllowed to false. The vaultwarden admin can invite anyone via the admin page, regardless
|
|
## of any of the restrictions above
|
|
##
|
|
## If signupDomains is set, then the value of signupsAllowed is ignored
|
|
signupsAllowed: true
|
|
## @param invitationsAllowed Even when registration is disabled, organization administrators or owners can
|
|
## invite users to join organization. After they are invited, they can register with the invited email even
|
|
## if signupsAllowed is actually set to false. You can disable this functionality completely by setting
|
|
## invitationsAllowed env variable to false
|
|
invitationsAllowed: true
|
|
## @param signupDomains List of domain names for users allowed to register
|
|
##
|
|
signupDomains: "contoso.com"
|
|
## @param signupsVerify Whether to require account verification for newly-registered users.
|
|
##
|
|
signupsVerify: "true"
|
|
## @param showPassHint Whether a password hint should be shown in the page.
|
|
##
|
|
showPassHint: "false"
|
|
## @param fullnameOverride String to override the application name.
|
|
##
|
|
fullnameOverride: ""
|
|
## @param serviceAccount.create Create a service account
|
|
## @param serviceAccount.name Name of the service account to create
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: "vaultwarden-svc"
|
|
|
|
## @section Exposure Parameters
|
|
##
|
|
|
|
## Ingress configuration
|
|
## Refer to the README for some examples
|
|
##
|
|
ingress:
|
|
## @param ingress.enabled Deploy an ingress resource.
|
|
##
|
|
enabled: false
|
|
## @param ingress.class Ingress resource class
|
|
## The Ingress class to use, e. g. "nginx" for a nginx ingress controller or "alb" for a AWS LB controller.
|
|
#
|
|
class: "nginx"
|
|
## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations
|
|
## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/)
|
|
##
|
|
nginxIngressAnnotations: true
|
|
## @param ingress.additionalAnnotations Additional annotations for the ingress resource.
|
|
##
|
|
additionalAnnotations: {}
|
|
## @param ingress.tls Enable TLS on the ingress resource.
|
|
##
|
|
tls: true
|
|
## @param ingress.hostname Hostname for the ingress.
|
|
##
|
|
hostname: "warden.contoso.com"
|
|
## @param ingress.path Default application path for the ingress
|
|
##
|
|
path: "/"
|
|
## @param ingress.pathWs Path for the websocket ingress
|
|
##
|
|
pathWs: "/notifications/hub"
|
|
## @param ingress.pathType Path type for the ingress
|
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
|
##
|
|
pathType: "ImplementationSpecific"
|
|
## @param ingress.pathTypeWs Path type for the ingress
|
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
|
##
|
|
pathTypeWs: "ImplementationSpecific"
|
|
## @param ingress.tlsSecret Kubernetes secret containing the SSL certificate when using the "nginx" class.
|
|
##
|
|
tlsSecret: ""
|
|
## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow.
|
|
##
|
|
nginxAllowList: ""
|
|
## TODO:
|
|
## - Add support for using cert-manager.
|
|
## - Support for multiple TLS hostnames.
|
|
##
|
|
|
|
## Service configuration
|
|
service:
|
|
## @param service.type Service type
|
|
##
|
|
type: "ClusterIP"
|
|
## @param service.annotations Additional annotations for the vaultwarden service
|
|
##
|
|
annotations: {}
|
|
|
|
## @section Database Configuration
|
|
##
|
|
database:
|
|
## @param database.type Database type, either mysql or postgresql
|
|
## Default is a sqlite database.
|
|
##
|
|
type: "default"
|
|
## @param database.host Database hostname or IP address
|
|
##
|
|
host: ""
|
|
## @param database.port Database port
|
|
## Default for MySQL is 3306, default for PostgreSQL is 5432
|
|
port: ""
|
|
## @param database.username Database username
|
|
##
|
|
username: ""
|
|
## @param database.password Database password
|
|
##
|
|
password: ""
|
|
## @param database.dbName Database name
|
|
##
|
|
dbName: ""
|
|
## @param database.uriOverride Manually specify the DB connection string
|
|
##
|
|
uriOverride: ""
|
|
|
|
## @section SMTP Configuration
|
|
##
|
|
smtp:
|
|
#existingSecret: vaultwarden
|
|
## @param smtp.host SMTP host
|
|
##
|
|
host: ""
|
|
## @param smtp.security SMTP Encryption method
|
|
## Possible values:
|
|
## - starttls: explicit TLS using ports 587 or 25
|
|
## - force_tls: implicit TLS using port 465
|
|
## - off: no encryption, using port 25, unless using STARTTLS
|
|
##
|
|
security: "starttls"
|
|
## @param smtp.port SMTP port
|
|
##
|
|
port: 25
|
|
## @param smtp.from SMTP sender email address
|
|
## Example: juan.delacruz@gmail.com
|
|
##
|
|
from: ""
|
|
## @param smtp.fromName SMTP sender FROM
|
|
##
|
|
fromName: ""
|
|
## @param smtp.username Username for the SMTP authentication.
|
|
## Example: juan
|
|
##
|
|
username:
|
|
existingSecretKey: SMTP_USERNAME
|
|
value: ""
|
|
## @param smtp.password Password for the SMTP service.
|
|
##
|
|
password:
|
|
existingSecretKey: SMTP_PASSWORD
|
|
value: ""
|
|
## @param smtp.authMechanism SMTP authentication mechanism
|
|
## Possible values: "Plain", "Login", "Xoauth2"
|
|
## Multiple options need to be separated by a comma. (not tested)
|
|
##
|
|
authMechanism: "Plain"
|
|
## @param smtp.acceptInvalidHostnames Accept Invalid Hostnames
|
|
##
|
|
acceptInvalidHostnames: "false"
|
|
## @param smtp.acceptInvalidCerts Accept Invalid Certificates
|
|
##
|
|
acceptInvalidCerts: "false"
|
|
## @param smtp.debug SMTP debugging
|
|
##
|
|
debug: false
|
|
|
|
## @section Storage Configuration
|
|
##
|
|
storage:
|
|
## @param storage.enabled Enable configuration for persistent storage
|
|
##
|
|
enabled: false
|
|
## @param storage.size Storage size for /data
|
|
##
|
|
size: "15Gi"
|
|
## @param storage.class Specify the storage class
|
|
##
|
|
class: "default"
|
|
## @param storage.dataDir Specify the data directory
|
|
##
|
|
dataDir: "/data"
|
|
|
|
## @section Logging Configuration
|
|
##
|
|
logging:
|
|
## @param logging.enabled Enable logging to a file
|
|
##
|
|
enabled: false
|
|
## @param logging.logfile Specify logfile path for output log
|
|
##
|
|
logfile: "/data/vaultwarden.log"
|
|
## @param logging.loglevel Specify the log level
|
|
##
|
|
loglevel: "warn"
|
|
|
|
## @section Extra containers Configuration
|
|
##
|
|
|
|
## @param initContainers extra init containers for initializing the vaultwarden instance
|
|
##
|
|
initContainers: []
|
|
|
|
## @param sidecars extra containers running alongside the vaultwarden instance
|
|
##
|
|
sidecars: []
|
|
|
|
## @section Extra Configuration
|
|
##
|
|
|
|
## @param nodeSelector Node labels for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## @param affinity Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## @param tolerations Tolerations for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|