forked from guerzon/vaultwarden
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
274 lines (258 loc) · 8.09 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
## @section Vaultwarden settings
##
image:
## @param image.registry Vaultwarden image registry
##
registry: docker.io
## @param image.repository Vaultwarden image repository
##
repository: vaultwarden/server
##
## @param image.tag Vaultwarden image tag
## Ref: https://hub.docker.com/r/vaultwarden/server/tags
##
tag: "1.24.0"
## @param image.pullPolicy Vaultwarden image pull policy
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## @param image.pullSecrets Specify docker-registry secret names
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param domain Domain name where the application is accessed
## Example: https://warden.contoso.com:8443
##
domain: ""
## @param websocket.enabled Enable websocket notifications
## @param websocket.address Websocket listen address
## @param websocket.port Websocket listen port
##
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
## @param rocket.port Rocket port
## @param rocket.workers Rocket number of workers
##
rocket:
port: "8080"
workers: "10"
## @param webVaultEnabled Enable Web Vault
##
webVaultEnabled: "true"
## @section Security settings
##
## @param adminToken The admin token used for /admin
##
adminToken: "R@ndomToken$tring"
## @param signupsAllowed By default, anyone who can access your instance can register for a new account.
## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is
## an organization owner or admin can still invite new users. If you want to disable this as well, set
## invitationsAllowed to false. The vaultwarden admin can invite anyone via the admin page, regardless
## of any of the restrictions above
##
## If signupDomains is set, then the value of signupsAllowed is ignored
signupsAllowed: true
## @param invitationsAllowed Even when registration is disabled, organization administrators or owners can
## invite users to join organization. After they are invited, they can register with the invited email even
## if signupsAllowed is actually set to false. You can disable this functionality completely by setting
## invitationsAllowed env variable to false
invitationsAllowed: true
## @param signupDomains List of domain names for users allowed to register
##
signupDomains: "contoso.com"
## @param signupsVerify Whether to require account verification for newly-registered users.
##
signupsVerify: "true"
## @param showPassHint Whether a password hint should be shown in the page.
##
showPassHint: "false"
## @param fullnameOverride String to override the application name.
##
fullnameOverride: ""
## @param serviceAccount.create Create a service account
## @param serviceAccount.name Name of the service account to create
##
serviceAccount:
create: true
name: "vaultwarden-svc"
## @section Exposure Parameters
##
## Ingress configuration
## Refer to the README for some examples
##
ingress:
## @param ingress.enabled Deploy an ingress resource.
##
enabled: false
## @param ingress.class Ingress resource class
## The Ingress class to use, e. g. "nginx" for a nginx ingress controller or "alb" for a AWS LB controller.
#
class: "nginx"
## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations
## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/)
##
nginxIngressAnnotations: true
## @param ingress.additionalAnnotations Additional annotations for the ingress resource.
##
additionalAnnotations: {}
## @param ingress.tls Enable TLS on the ingress resource.
##
tls: true
## @param ingress.hostname Hostname for the ingress.
##
hostname: "warden.contoso.com"
## @param ingress.path Default application path for the ingress
##
path: "/"
## @param ingress.pathWs Path for the websocket ingress
##
pathWs: "/notifications/hub"
## @param ingress.pathType Path type for the ingress
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
pathType: "ImplementationSpecific"
## @param ingress.pathTypeWs Path type for the ingress
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
pathTypeWs: "ImplementationSpecific"
## @param ingress.tlsSecret Kubernetes secret containing the SSL certificate when using the "nginx" class.
##
tlsSecret: ""
## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow.
##
nginxAllowList: ""
## TODO:
## - Add support for using cert-manager.
## - Support for multiple TLS hostnames.
##
## Service configuration
service:
## @param service.type Service type
##
type: "ClusterIP"
## @param service.annotations Additional annotations for the vaultwarden service
##
annotations: {}
## @section Database Configuration
##
database:
## @param database.type Database type, either mysql or postgresql
## Default is a sqlite database.
##
type: "default"
## @param database.host Database hostname or IP address
##
host: ""
## @param database.port Database port
## Default for MySQL is 3306, default for PostgreSQL is 5432
port: ""
## @param database.username Database username
##
username: ""
## @param database.password Database password
##
password: ""
## @param database.dbName Database name
##
dbName: ""
## @param database.uriOverride Manually specify the DB connection string
##
uriOverride: ""
## @section SMTP Configuration
##
smtp:
## @param smtp.host SMTP host
##
host: ""
## @param smtp.security SMTP Encryption method
## Possible values:
## - starttls: explicit TLS using ports 587 or 25
## - force_tls: implicit TLS using port 465
## - off: no encryption, using port 25, unless using STARTTLS
##
security: "starttls"
## @param smtp.port SMTP port
##
port: 25
## @param smtp.from SMTP sender email address
## Example: [email protected]
##
from: ""
## @param smtp.fromName SMTP sender FROM
##
fromName: ""
## @param smtp.username Username for the SMTP authentication.
## Example: juan
##
username: ""
## @param smtp.password Password for the SMTP service.
##
password: ""
## @param smtp.authMechanism SMTP authentication mechanism
## Possible values: "Plain", "Login", "Xoauth2"
## Multiple options need to be separated by a comma. (not tested)
##
authMechanism: "Plain"
## @param smtp.acceptInvalidHostnames Accept Invalid Hostnames
##
acceptInvalidHostnames: "false"
## @param smtp.acceptInvalidCerts Accept Invalid Certificates
##
acceptInvalidCerts: "false"
## @param smtp.debug SMTP debugging
##
debug: false
## @section Storage Configuration
##
storage:
## @param storage.enabled Enable configuration for persistent storage
##
enabled: false
## @param storage.size Storage size for /data
##
size: "15Gi"
## @param storage.class Specify the storage class
##
class: "default"
## @param storage.dataDir Specify the data directory
##
dataDir: "/data"
## @section Logging Configuration
##
logging:
## @param logging.enabled Enable logging to a file
##
enabled: false
## @param logging.logfile Specify logfile path for output log
##
logfile: "/data/vaultwarden.log"
## @param logging.loglevel Specify the log level
##
loglevel: "warn"
## @section Extra containers Configuration
##
## @param initContainers extra init containers for initializing the vaultwarden instance
##
initContainers: []
## @param sidecars extra containers running alongside the vaultwarden instance
##
sidecars: []
## @section Extra Configuration
##
## @param nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
##
nodeSelector: {}
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []