You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
210 lines
8.6 KiB
210 lines
8.6 KiB
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "bitwardenrs.fullname" . }}
|
|
labels:
|
|
{{- include "bitwardenrs.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- with .Values.strategy }}
|
|
strategy:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
replicas: {{ .Values.replicaCount }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "bitwardenrs.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "bitwardenrs.selectorLabels" . | nindent 8 }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "bitwardenrs.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
image: "{{ include "bitwardenrs.image" . }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
env:
|
|
- name: ROCKET_PORT
|
|
value: "8080"
|
|
- name: SIGNUPS_ALLOWED
|
|
value: {{ .Values.bitwardenrs.allowSignups | quote }}
|
|
{{- if .Values.bitwardenrs.signupDomains }}
|
|
- name: SIGNUPS_DOMAINS_WHITELIST
|
|
value: {{ join "," .Values.bitwardenrs.signupDomains | quote }}
|
|
{{- end }}
|
|
{{- if and (eq .Values.bitwardenrs.verifySignup true) (eq .Values.bitwardenrs.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
|
|
- name: SIGNUPS_VERIFY
|
|
value: {{ .Values.bitwardenrs.verifySignup | quote }}
|
|
- name: INVITATIONS_ALLOWED
|
|
value: {{ .Values.bitwardenrs.allowInvitation | quote }}
|
|
{{- if .Values.bitwardenrs.defaultInviteName }}
|
|
- name: INVITATION_ORG_NAME
|
|
value: {{ .Values.bitwardenrs.defaultInviteName | quote }}
|
|
{{- end }}
|
|
- name: SHOW_PASSWORD_HINT
|
|
value: {{ .Values.bitwardenrs.showPasswordHint | quote }}
|
|
- name: WEBSOCKET_ENABLED
|
|
value: {{ .Values.bitwardenrs.enableWebsockets | quote }}
|
|
- name: WEB_VAULT_ENABLED
|
|
value: {{ .Values.bitwardenrs.enableWebVault | quote }}
|
|
- name: ORG_CREATION_USERS
|
|
value: {{ .Values.bitwardenrs.orgCreationUsers | quote }}
|
|
{{- if .Values.bitwardenrs.extraEnv }}
|
|
{{- range $key, $val := .Values.bitwardenrs.extraEnv }}
|
|
- name: {{ $key }}
|
|
value: {{ $val | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if eq .Values.database.type "sqlite" }}
|
|
- name: ENABLE_DB_WAL
|
|
value: {{ .Values.database.wal | quote }}
|
|
{{- else }}
|
|
- name: ENABLE_DB_WAL
|
|
value: "false"
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ if .Values.database.existingSecret }}{{ .Values.database.existingSecret }}{{else}}{{ include "bitwardenrs.fullname" . }}{{end}}
|
|
key: database-url
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.domain }}
|
|
- name: DOMAIN
|
|
value: {{ .Values.bitwardenrs.domain | quote }}
|
|
{{- end }}
|
|
{{- if eq .Values.bitwardenrs.admin.enabled true }}
|
|
{{- if eq .Values.bitwardenrs.admin.disableAdminToken true }}
|
|
- name: DISABLE_ADMIN_TOKEN
|
|
value: "true"
|
|
{{- else }}
|
|
- name: ADMIN_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.bitwardenrs.admin.existingSecret | default (include "bitwardenrs.fullname" .) }}
|
|
key: admin-token
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if eq .Values.bitwardenrs.smtp.enabled true }}
|
|
- name: SMTP_HOST
|
|
value: {{ required "SMTP host is required to enable SMTP" .Values.bitwardenrs.smtp.host | quote }}
|
|
- name: SMTP_FROM
|
|
value: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.bitwardenrs.smtp.from | quote }}
|
|
{{- if .Values.bitwardenrs.smtp.fromName }}
|
|
- name: SMTP_FROM_NAME
|
|
value: {{ .Values.bitwardenrs.smtp.fromName | quote }}
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.smtp.ssl }}
|
|
- name: SMTP_SSL
|
|
value: {{ .Values.bitwardenrs.smtp.ssl | quote }}
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.smtp.port }}
|
|
- name: SMTP_PORT
|
|
value: {{ .Values.bitwardenrs.smtp.port | quote }}
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.smtp.authMechanism }}
|
|
- name: SMTP_AUTH_MECHANISM
|
|
value: {{ .Values.bitwardenrs.smtp.authMechanism | quote }}
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.smtp.heloName }}
|
|
- name: HELO_NAME
|
|
value: {{ .Values.bitwardenrs.smtp.heloName | quote }}
|
|
{{- end }}
|
|
{{- if or .Values.bitwardenrs.smtp.existingSecret .Values.bitwardenrs.smtp.user }}
|
|
- name: SMTP_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.bitwardenrs.smtp.existingSecret | default (include "bitwardenrs.fullname" .) }}
|
|
key: smtp-user
|
|
- name: SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.bitwardenrs.smtp.existingSecret | default (include "bitwardenrs.fullname" .) }}
|
|
key: smtp-password
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if eq .Values.bitwardenrs.yubico.enabled true }}
|
|
{{- if .Values.bitwardenrs.yubico.server }}
|
|
- name: YUBICO_SERVER
|
|
value: {{ .Values.bitwardenrs.yubico.server | quote }}
|
|
{{- end }}
|
|
- name: YUBICO_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.bitwardenrs.yubico.existingSecret | default (include "bitwardenrs.fullname" .) }}
|
|
key: yubico-client-id
|
|
- name: YUBICO_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.bitwardenrs.yubico.existingSecret | default (include "bitwardenrs.fullname" .) }}
|
|
key: yubico-secret-key
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.log.file }}
|
|
- name: LOG_FILE
|
|
value: {{ .Values.bitwardenrs.log.file | quote }}
|
|
{{- end }}
|
|
{{- if or .Values.bitwardenrs.log.level .Values.bitwardenrs.log.timeFormat }}
|
|
- name: EXTENDED_LOGGING
|
|
value: "true"
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.log.level }}
|
|
{{- include "bitwardenrs.logLevelValid" . }}
|
|
- name: LOG_LEVEL
|
|
value: {{ .Values.bitwardenrs.log.level | quote }}
|
|
{{- end }}
|
|
{{- if .Values.bitwardenrs.log.timeFormat }}
|
|
- name: LOG_TIMESTAMP_FORMAT
|
|
value: {{ .Values.bitwardenrs.log.timeFormat | quote }}
|
|
{{- end }}
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
{{- if .Values.bitwardenrs.enableWebsockets }}
|
|
- name: websocket
|
|
containerPort: 3012
|
|
protocol: TCP
|
|
{{- end }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
volumeMounts:
|
|
- name: {{ include "bitwardenrs.fullname" . }}
|
|
mountPath: /data
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumes:
|
|
- name: {{ include "bitwardenrs.fullname" . }}
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim | quote }}{{- else }}{{ include "bitwardenrs.fullname" . }}{{- end }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
|