# Optional - Override the chart name if desired fullnameOverride: "" nameOverride: "" general: # Domain name for the service domain: bitwarden.reeseapps.com ingress: # Set to false if using a custom ingress enabled: true # Current supported values for ingress type include: nginx className: "nginx" ## - Annotations to add to the Ingress resource. annotations: # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # nginx.ingress.kubernetes.io/use-regex: "true" # nginx.ingress.kubernetes.io/rewrite-target: /$1 ## - Labels to add to the Ingress resource labels: {} # Certificate options tls: # TLS certificate secret name name: bitwarden # Cluster cert issuer (ex. Let's Encrypt) name if one exists clusterIssuer: letsencrypt # Ingress path configuration - The samples provided are for Nginx. Examples with other Ingress providers are in the chart Readme on GitHub paths: web: path: /(.*) pathType: ImplementationSpecific attachments: path: /attachments/(.*) pathType: ImplementationSpecific api: path: /api/(.*) pathType: ImplementationSpecific icons: path: /icons/(.*) pathType: ImplementationSpecific notifications: path: /notifications/(.*) pathType: ImplementationSpecific events: path: /events/(.*) pathType: ImplementationSpecific scim: path: /scim/(.*) pathType: ImplementationSpecific sso: path: /(sso/.*) pathType: ImplementationSpecific identity: path: /(identity/.*) pathType: ImplementationSpecific admin: path: /(admin/?.*) pathType: ImplementationSpecific # Override application container version tags. Theses will be versioned with the chart and need not be changed in most circumstances. coreVersionOverride: "" webVersionOverride: "" # Disable account registration on web vault disableUserRegistration: "false" # Comma-separated list of email addresses for Admin users admins: "false" email: # Email address used for invitations, typically no-reply@smtp-host replyToEmail: "no-reply@reeseapps.com" # Your SMTP server hostname (recommended) or IP address smtpHost: "email-smtp.us-east-1.amazonaws.com" # The SMTP port used by the SMTP server smtpPort: "587" # Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS smtpSsl: "true" # Custom labels to add throughout the installation labels: {} # Specifies the access mode for persistent volume claims. This should not be changed in most cases, and the allowable # values are only ReadWriteMany and ReadWriteOnce. Please read https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes # to better understand these options before changing this value. volumeAccessMode: "ReadWriteMany" # Set to true to allow communication between your server and our cloud system. Doing so enables billing and license sync. Please see: https://bitwarden.com/help/self-host-an-organization/#step-4-setup-billing-and-license-sync enableCloudCommunication: false # Cloud region for sync. Please see: https://bitwarden.com/help/families-for-enterprise-self-hosted/#step-1-enable-cloud-communication cloudRegion: US # Specify the name of the shared storage class # This storage class requires ReadWriteMany. You will need to provide your own storage class. Storage classes with automatic volume previsioners are recommended. sharedStorageClassName: "ssd" # Secrets are required. Review the chart README on GitHub for details on creating these secrets secrets: secretName: custom-secret # Secrets can either be created via 'kubectl create secrets' or by using a secret provider class. If using the latter, specify the name here secretProviderClass: # Settings for individual service containers component: # The Admin component admin: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/admin # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: api: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/api # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "128Mi" cpu: "100m" limits: memory: "256Mi" cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: attachments: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/attachments # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: events: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/events # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: icons: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/icons # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: identity: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/identity # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "128Mi" cpu: "100m" limits: memory: "256Mi" cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: notifications: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/notifications # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: scim: # SCIM is disabled by default. To use this service, enable it below and set an appropriate Ingress path enabled: false # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/scim # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: sso: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/sso # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: web: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: bitwarden/web # The pod resource requirements. You can adjust these up and down for your environment resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: # Images used for jobs and init containers supportComponents: dbMigrator: image: name: bitwarden/mssqlmigratorutility certGenerator: image: name: docker.io/nginx tag: 1.25.3 kubectl: image: name: bitnami/kubectl tag: 1.21 # Data volume sizes for shared PVCs volume: dataprotection: # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: "1Gi" labels: {} attachments: # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: 1Gi labels: {} licenses: # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: 1Gi labels: {} logs: # Logs are disabled by default enabled: false # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: 1Gi labels: {} # # Configure service account for pre- and post-install hooks # serviceAccount: name: service-account # Certain instances will prequire the creation of a pre-deployed service account. For instance, AWS IAM enabled service accounts need to be created outside # of the chart to allow for setting of permissions on other AWS services like Secrets Manager deployRolesOnly: false # # Configure database # database: # deploy the database pod? if false, a connection string to a SQL Server will need to be provided through one of the configuration providers. enabled: true # Labels to add to the MSSQL deployment labels: {} # Image name, tag, and pull policy image: name: mcr.microsoft.com/mssql/server # Tag of the image to use. (Defaults to general.coreVersion) tag: 2022-CU13-ubuntu-22.04 # The container is limited to the resources below. Adjust for your environment. resources: requests: memory: "2G" cpu: "100m" limits: memory: "2G" cpu: "500m" # The MSSQL volumes for the PVCs volume: backups: # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: 1Gi labels: {} data: # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: 10Gi labels: {} log: # Use an existing PVC by specifying the name. # existingClaim: claimName # Override the accessMode specified in general.volumeAccessMode # accessMode: ReadWriteOnce # Override the storageClass specified in sharedStorageClassName # storageClass: "shared-storage" size: 10Gi labels: {} # Specifies the strategy used to replace old Pods by new ones. The value can be "OnDelete" or "RollingUpdate". "OnDelete" is the default value. # When set to OnDelete, the SQL pod will not be recreated automatically on update. It must be manually deleted to update. updateStrategy: OnDelete # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: # You can specify raw Kubernetes manifests that will be applied before or after the base Helm install. # Please see the chart README in GitHub for more information and examples. rawManifests: preInstall: [] postInstall: []