{{- if eq .Values.persistence.type "deployment" }}
{{- $fullName := include "bitwarden.fullname" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
{{- include "bitwarden.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "bitwarden.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "bitwarden.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "bitwarden.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $fullName }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
- configMapRef:
name: {{ $fullName }}
env:
{{- with .Values.bitwarden.admin }}
{{- if and .enabled (not .disableAdminToken) }}
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
{{- if .existingSecret.enabled }}
name: {{ .existingSecret.name | quote }}
key: {{ .existingSecret.tokenKey | quote }}
{{- else }}
name: {{ $fullName }}
key: admin-token
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.bitwarden.smtp }}
{{- if eq .enabled true }}
{{- if and .existingSecret.enabled (not .user) }}
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .existingSecret.name | quote }}
key: {{ .existingSecret.userKey | quote }}
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .existingSecret.name | quote }}
key: {{ .existingSecret.passwordKey | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.bitwarden.yubico }}
{{- if and .enabled .existingSecret.enabled }}
- name: YUBICO_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .existingSecret.name | quote }}
key: {{ .existingSecret.clientIdKey | quote }}
- name: YUBICO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .existingSecret.name | quote }}
key: {{ .existingSecret.secretKeyKey | quote }}
{{- end }}
{{- end }}
{{- include "bitwarden.externalDatabaseEnv" . | nindent 12 }}
ports:
- name: http
containerPort: {{ .Values.bitwarden.gui.port }}
protocol: TCP
{{- if .Values.bitwarden.websockets.enabled }}
- name: websocket
containerPort: {{ .Values.bitwarden.websockets.port }}
protocol: TCP
{{- end }}
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: {{ include "bitwarden.fullname" . }}
mountPath: /data
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: {{ include "bitwarden.fullname" . }}
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim | quote }}{{- else }}{{ include "bitwarden.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}