137 lines
4.6 KiB
YAML
137 lines
4.6 KiB
YAML
{{- if eq .Values.persistence.type "statefulset" }}
|
|
{{- $fullName := include "bitwarden.fullname" . -}}
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: {{ $fullName }}
|
|
labels:
|
|
{{- include "bitwarden.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- if not .Values.autoscaling.enabled }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "bitwarden.selectorLabels" . | nindent 6 }}
|
|
serviceName: {{ $fullName }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "bitwarden.selectorLabels" . | nindent 8 }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "bitwarden.serviceAccountName" . }}
|
|
{{- with .Values.podSecurityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ $fullName }}
|
|
{{- with .Values.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ $fullName }}
|
|
env:
|
|
{{- with .Values.bitwarden.admin }}
|
|
{{- if and .enabled (not .disableAdminToken) }}
|
|
- name: ADMIN_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
{{- if .existingSecret.enabled }}
|
|
name: {{ .existingSecret.name | quote }}
|
|
key: {{ .existingSecret.tokenKey | quote }}
|
|
{{- else }}
|
|
name: {{ $fullName }}
|
|
key: admin-token
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.bitwarden.smtp }}
|
|
{{- if eq .enabled true }}
|
|
{{- if and .existingSecret.enabled (not .user) }}
|
|
- name: SMTP_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .existingSecret.name | quote }}
|
|
key: {{ .existingSecret.userKey | quote }}
|
|
- name: SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .existingSecret.name | quote }}
|
|
key: {{ .existingSecret.passwordKey | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.bitwarden.yubico }}
|
|
{{- if and .enabled .existingSecret.enabled }}
|
|
- name: YUBICO_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .existingSecret.name | quote }}
|
|
key: {{ .existingSecret.clientIdKey | quote }}
|
|
- name: YUBICO_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .existingSecret.name | quote }}
|
|
key: {{ .existingSecret.secretKeyKey | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- include "bitwarden.externalDatabaseEnv" . | nindent 12 }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.bitwarden.gui.port }}
|
|
protocol: TCP
|
|
{{- if .Values.bitwarden.websockets.enabled }}
|
|
- name: websocket
|
|
containerPort: {{ .Values.bitwarden.websockets.port }}
|
|
protocol: TCP
|
|
{{- end }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
{{- with .Values.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: {{ include "bitwarden.fullname" . }}
|
|
mountPath: /data
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: {{ include "bitwarden.fullname" . }}
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim | quote }}{{- else }}{{ include "bitwarden.fullname" . }}{{- end }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- end }}
|