{{- if eq .Values.persistence.type "deployment" }} {{- $fullName := include "bitwarden.fullname" . -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ $fullName }} labels: {{- include "bitwarden.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: {{- include "bitwarden.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "bitwarden.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "bitwarden.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ $fullName }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - configMapRef: name: {{ $fullName }} env: {{- with .Values.bitwarden.admin }} {{- if and .enabled (not .disableAdminToken) }} - name: ADMIN_TOKEN valueFrom: secretKeyRef: {{- if .existingSecret.enabled }} name: {{ .existingSecret.name | quote }} key: {{ .existingSecret.tokenKey | quote }} {{- else }} name: {{ $fullName }} key: admin-token {{- end }} {{- end }} {{- end }} {{- with .Values.bitwarden.smtp }} {{- if eq .enabled true }} {{- if and .existingSecret.enabled (not .user) }} - name: SMTP_USERNAME valueFrom: secretKeyRef: name: {{ .existingSecret.name | quote }} key: {{ .existingSecret.userKey | quote }} - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ .existingSecret.name | quote }} key: {{ .existingSecret.passwordKey | quote }} {{- end }} {{- end }} {{- end }} {{- with .Values.bitwarden.yubico }} {{- if and .enabled .existingSecret.enabled }} - name: YUBICO_CLIENT_ID valueFrom: secretKeyRef: name: {{ .existingSecret.name | quote }} key: {{ .existingSecret.clientIdKey | quote }} - name: YUBICO_SECRET_KEY valueFrom: secretKeyRef: name: {{ .existingSecret.name | quote }} key: {{ .existingSecret.secretKeyKey | quote }} {{- end }} {{- end }} {{- include "bitwarden.externalDatabaseEnv" . | nindent 12 }} ports: - name: http containerPort: {{ .Values.bitwarden.gui.port }} protocol: TCP {{- if .Values.bitwarden.websockets.enabled }} - name: websocket containerPort: {{ .Values.bitwarden.websockets.port }} protocol: TCP {{- end }} livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: {{ include "bitwarden.fullname" . }} mountPath: /data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: {{ include "bitwarden.fullname" . }} {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim | quote }}{{- else }}{{ include "bitwarden.fullname" . }}{{- end }} {{- else }} emptyDir: {} {{- end }} {{- end }}