ducoterra
ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
428 lines
16 KiB
YAML
428 lines
16 KiB
YAML
# Optional - Override the chart name if desired
|
|
fullnameOverride: ""
|
|
nameOverride: ""
|
|
|
|
general:
|
|
# Domain name for the service
|
|
domain: bitwarden.reeseapps.com
|
|
ingress:
|
|
# Set to false if using a custom ingress
|
|
enabled: true
|
|
# Current supported values for ingress type include: nginx
|
|
className: "nginx"
|
|
## - Annotations to add to the Ingress resource.
|
|
annotations:
|
|
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
# nginx.ingress.kubernetes.io/use-regex: "true"
|
|
# nginx.ingress.kubernetes.io/rewrite-target: /$1
|
|
## - Labels to add to the Ingress resource
|
|
labels: {}
|
|
# Certificate options
|
|
tls:
|
|
# TLS certificate secret name
|
|
name: bitwarden
|
|
# Cluster cert issuer (ex. Let's Encrypt) name if one exists
|
|
clusterIssuer: letsencrypt
|
|
# Ingress path configuration - The samples provided are for Nginx. Examples with other Ingress providers are in the chart Readme on GitHub
|
|
paths:
|
|
web:
|
|
path: /(.*)
|
|
pathType: ImplementationSpecific
|
|
attachments:
|
|
path: /attachments/(.*)
|
|
pathType: ImplementationSpecific
|
|
api:
|
|
path: /api/(.*)
|
|
pathType: ImplementationSpecific
|
|
icons:
|
|
path: /icons/(.*)
|
|
pathType: ImplementationSpecific
|
|
notifications:
|
|
path: /notifications/(.*)
|
|
pathType: ImplementationSpecific
|
|
events:
|
|
path: /events/(.*)
|
|
pathType: ImplementationSpecific
|
|
scim:
|
|
path: /scim/(.*)
|
|
pathType: ImplementationSpecific
|
|
sso:
|
|
path: /(sso/.*)
|
|
pathType: ImplementationSpecific
|
|
identity:
|
|
path: /(identity/.*)
|
|
pathType: ImplementationSpecific
|
|
admin:
|
|
path: /(admin/?.*)
|
|
pathType: ImplementationSpecific
|
|
|
|
# Override application container version tags. Theses will be versioned with the chart and need not be changed in most circumstances.
|
|
coreVersionOverride: ""
|
|
webVersionOverride: ""
|
|
# Disable account registration on web vault
|
|
disableUserRegistration: "false"
|
|
# Comma-separated list of email addresses for Admin users
|
|
admins: "false"
|
|
email:
|
|
# Email address used for invitations, typically no-reply@smtp-host
|
|
replyToEmail: "no-reply@reeseapps.com"
|
|
# Your SMTP server hostname (recommended) or IP address
|
|
smtpHost: "email-smtp.us-east-1.amazonaws.com"
|
|
# The SMTP port used by the SMTP server
|
|
smtpPort: "587"
|
|
# Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS
|
|
smtpSsl: "true"
|
|
# Custom labels to add throughout the installation
|
|
labels: {}
|
|
# Specifies the access mode for persistent volume claims. This should not be changed in most cases, and the allowable
|
|
# values are only ReadWriteMany and ReadWriteOnce. Please read https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
|
|
# to better understand these options before changing this value.
|
|
volumeAccessMode: "ReadWriteMany"
|
|
# Set to true to allow communication between your server and our cloud system. Doing so enables billing and license sync. Please see: https://bitwarden.com/help/self-host-an-organization/#step-4-setup-billing-and-license-sync
|
|
enableCloudCommunication: false
|
|
# Cloud region for sync. Please see: https://bitwarden.com/help/families-for-enterprise-self-hosted/#step-1-enable-cloud-communication
|
|
cloudRegion: US
|
|
|
|
# Specify the name of the shared storage class
|
|
# This storage class requires ReadWriteMany. You will need to provide your own storage class. Storage classes with automatic volume previsioners are recommended.
|
|
sharedStorageClassName: "ssd"
|
|
|
|
# Secrets are required. Review the chart README on GitHub for details on creating these secrets
|
|
secrets:
|
|
secretName: custom-secret
|
|
# Secrets can either be created via 'kubectl create secrets' or by using a secret provider class. If using the latter, specify the name here
|
|
secretProviderClass:
|
|
|
|
# Settings for individual service containers
|
|
component:
|
|
# The Admin component
|
|
admin:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/admin
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
api:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/api
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "200m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
attachments:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/attachments
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
events:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/events
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
icons:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/icons
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
identity:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/identity
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "200m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
notifications:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/notifications
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
scim:
|
|
# SCIM is disabled by default. To use this service, enable it below and set an appropriate Ingress path
|
|
enabled: false
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/scim
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
sso:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/sso
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
web:
|
|
# Additional deployment labels
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: bitwarden/web
|
|
# The pod resource requirements. You can adjust these up and down for your environment
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
|
|
deploymentStrategy: RollingUpdate
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
# Images used for jobs and init containers
|
|
supportComponents:
|
|
dbMigrator:
|
|
image:
|
|
name: bitwarden/mssqlmigratorutility
|
|
certGenerator:
|
|
image:
|
|
name: docker.io/nginx
|
|
tag: 1.25.3
|
|
kubectl:
|
|
image:
|
|
name: bitnami/kubectl
|
|
tag: 1.21
|
|
# Data volume sizes for shared PVCs
|
|
volume:
|
|
dataprotection:
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: "1Gi"
|
|
labels: {}
|
|
attachments:
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: 1Gi
|
|
labels: {}
|
|
licenses:
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: 1Gi
|
|
labels: {}
|
|
logs:
|
|
# Logs are disabled by default
|
|
enabled: false
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: 1Gi
|
|
labels: {}
|
|
|
|
#
|
|
# Configure service account for pre- and post-install hooks
|
|
#
|
|
serviceAccount:
|
|
name: service-account
|
|
# Certain instances will prequire the creation of a pre-deployed service account. For instance, AWS IAM enabled service accounts need to be created outside
|
|
# of the chart to allow for setting of permissions on other AWS services like Secrets Manager
|
|
deployRolesOnly: false
|
|
|
|
#
|
|
# Configure database
|
|
#
|
|
database:
|
|
# deploy the database pod? if false, a connection string to a SQL Server will need to be provided through one of the configuration providers.
|
|
enabled: true
|
|
# Labels to add to the MSSQL deployment
|
|
labels: {}
|
|
# Image name, tag, and pull policy
|
|
image:
|
|
name: mcr.microsoft.com/mssql/server
|
|
# Tag of the image to use. (Defaults to general.coreVersion)
|
|
tag: 2022-CU13-ubuntu-22.04
|
|
# The container is limited to the resources below. Adjust for your environment.
|
|
resources:
|
|
requests:
|
|
memory: "2G"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "2G"
|
|
cpu: "500m"
|
|
|
|
# The MSSQL volumes for the PVCs
|
|
volume:
|
|
backups:
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: 1Gi
|
|
labels: {}
|
|
data:
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: 10Gi
|
|
labels: {}
|
|
log:
|
|
# Use an existing PVC by specifying the name.
|
|
# existingClaim: claimName
|
|
# Override the accessMode specified in general.volumeAccessMode
|
|
# accessMode: ReadWriteOnce
|
|
# Override the storageClass specified in sharedStorageClassName
|
|
# storageClass: "shared-storage"
|
|
size: 10Gi
|
|
labels: {}
|
|
# Specifies the strategy used to replace old Pods by new ones. The value can be "OnDelete" or "RollingUpdate". "OnDelete" is the default value.
|
|
# When set to OnDelete, the SQL pod will not be recreated automatically on update. It must be manually deleted to update.
|
|
updateStrategy: OnDelete
|
|
# This will set the Kubernetes container security context
|
|
securityContext:
|
|
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
|
|
podServiceAccount:
|
|
|
|
# You can specify raw Kubernetes manifests that will be applied before or after the base Helm install.
|
|
# Please see the chart README in GitHub for more information and examples.
|
|
rawManifests:
|
|
preInstall: []
|
|
postInstall: []
|