185 lines
4.9 KiB
YAML
185 lines
4.9 KiB
YAML
# Default values for vaultwarden.
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: vaultwarden/server
|
|
pullPolicy: IfNotPresent
|
|
tag: "1.27.0"
|
|
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
bitwarden:
|
|
domain: ""
|
|
signupsAllowed: true
|
|
invitationsAllowed: true
|
|
gui:
|
|
# If you set a different port here, you must also provide it under env
|
|
port: 80
|
|
websockets:
|
|
enabled: true
|
|
port: 3012
|
|
admin:
|
|
enabled: false
|
|
disableAdminToken: true
|
|
existingSecret:
|
|
enabled: false
|
|
name: ""
|
|
tokenKey: ""
|
|
# External database configuration.
|
|
# Requires vaultwarden/server >= 1.17.0 or vaultwarden/server-{mysql,postgres} images
|
|
# ref: https://github.com/dani-garcia/vaultwarden/wiki/Using-the-MySQL-Backend
|
|
# https://github.com/dani-garcia/vaultwarden/wiki/Using-the-PostgreSQL-Backend
|
|
externalDatabase:
|
|
enabled: false
|
|
# Supported values: 'mysql', 'postgresql'.
|
|
type: ""
|
|
# Database host. Required if external database is enabled.
|
|
host: ""
|
|
# Database port. Optional, default value is specific to the database backend.
|
|
port: ""
|
|
# Database name.
|
|
database: ""
|
|
# Database user.
|
|
user: ""
|
|
# Database password. Special characters must be escaped with percent encoding.
|
|
password: ""
|
|
# Use existing secret for database credentials.
|
|
existingSecret:
|
|
enabled: false
|
|
name: ""
|
|
userKey: ""
|
|
# Special characters in the password value must be escaped with percent encoding.
|
|
passwordKey: ""
|
|
# Enable SMTP. https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
|
|
smtp:
|
|
enabled: false
|
|
# SMTP hostname, required if SMTP is enabled
|
|
host: ""
|
|
# SMTP sender e-mail address, required if SMTP is enabled
|
|
from: ""
|
|
# SMTP sender name, defaults to 'Bitwarden_RS'
|
|
fromName: ""
|
|
# Enable a secure connection
|
|
security: force_tls
|
|
# SMTP port
|
|
port: 465
|
|
# Timeout
|
|
timeout: 120
|
|
# SMTP username
|
|
user: ""
|
|
# SMTP password. Required is user is specified, ignored if no user provided
|
|
password: ""
|
|
# Use existing secret for SMTP authentication
|
|
existingSecret:
|
|
enabled: false
|
|
name: ""
|
|
userKey: ""
|
|
passwordKey: ""
|
|
# Enable Yubikey 2FA: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication
|
|
yubico:
|
|
enabled: false
|
|
# OTP verification server. Will use the default YubiCloud servers if not specified
|
|
server: ""
|
|
# API Client ID for OTP server. Ignored if existingSecret is provided.
|
|
clientId: ""
|
|
# API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret.
|
|
secretKey: ""
|
|
# Use existing secret for API keys
|
|
existingSecret:
|
|
enabled: false
|
|
name: ""
|
|
clientIdKey: ""
|
|
secretKeyKey: ""
|
|
|
|
env: {}
|
|
# If you plan to run the WebUI on a port other than port 80, specify that here:
|
|
# For example, if running the container as a non-root user.
|
|
# ROCKET_PORT: "80"
|
|
|
|
persistence:
|
|
type: statefulset
|
|
enabled: false
|
|
size: 1Gi
|
|
accessMode: ReadWriteOnce
|
|
## Persistent Volume storage class
|
|
# storageClass: "-"
|
|
## Use existing Persistent Volume Claim
|
|
# existingClaim:
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
securityContext: {}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 80
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
## set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
annotations: {}
|
|
labels: {}
|
|
additionalSpec: {}
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: chart-example.local
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 100
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|