# Default values for vaultwarden. replicaCount: 1 image: repository: vaultwarden/server pullPolicy: IfNotPresent tag: "1.25.2" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" bitwarden: domain: "" signupsAllowed: true invitationsAllowed: true gui: # If you set a different port here, you must also provide it under env port: 80 websockets: enabled: true port: 3012 admin: enabled: false disableAdminToken: true existingSecret: enabled: false name: "" tokenKey: "" # External database configuration. # Requires vaultwarden/server >= 1.17.0 or vaultwarden/server-{mysql,postgres} images # ref: https://github.com/dani-garcia/vaultwarden/wiki/Using-the-MySQL-Backend # https://github.com/dani-garcia/vaultwarden/wiki/Using-the-PostgreSQL-Backend externalDatabase: enabled: false # Supported values: 'mysql', 'postgresql'. type: "" # Database host. Required if external database is enabled. host: "" # Database port. Optional, default value is specific to the database backend. port: "" # Database name. database: "" # Database user. user: "" # Database password. Special characters must be escaped with percent encoding. password: "" # Use existing secret for database credentials. existingSecret: enabled: false name: "" userKey: "" # Special characters in the password value must be escaped with percent encoding. passwordKey: "" # Enable SMTP. https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration smtp: enabled: false # SMTP hostname, required if SMTP is enabled host: "" # SMTP sender e-mail address, required if SMTP is enabled from: "" # SMTP sender name, defaults to 'Bitwarden_RS' fromName: "" # Enable a secure connection security: force_tls # SMTP port port: 465 # Timeout timeout: 120 # SMTP username user: "" # SMTP password. Required is user is specified, ignored if no user provided password: "" # Use existing secret for SMTP authentication existingSecret: enabled: false name: "" userKey: "" passwordKey: "" # Enable Yubikey 2FA: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication yubico: enabled: false # OTP verification server. Will use the default YubiCloud servers if not specified server: "" # API Client ID for OTP server. Ignored if existingSecret is provided. clientId: "" # API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret. secretKey: "" # Use existing secret for API keys existingSecret: enabled: false name: "" clientIdKey: "" secretKeyKey: "" env: {} # If you plan to run the WebUI on a port other than port 80, specify that here: # For example, if running the container as a non-root user. # ROCKET_PORT: "80" persistence: type: statefulset enabled: false size: 1Gi accessMode: ReadWriteOnce ## Persistent Volume storage class # storageClass: "-" ## Use existing Persistent Volume Claim # existingClaim: serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 80 ## Provide any additional annotations which may be required. This can be used to ## set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} labels: {} additionalSpec: {} ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {}