truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-13 17:52:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update catalog information

Browse Source
This commit is contained in:
sonicaj
2023-04-04 06:53:15 +00:00
parent fccf8800ab
commit 10daafa5ec
37 changed files with 1355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
catalog.json
View File

@@ -287,6 +287,26 @@
"test": {},
"enterprise": {},
"community": {
"vaultwarden": {
"app_readme": "<h1>Vaultwarden</h1>\n<p><a href=\"https://github.com/dani-garcia/vaultwarden\">Vaultwarden</a> Alternative implementation of the <code>Bitwarden</code> server API written in Rust and compatible with upstream Bitwarden clients</p>\n<blockquote>\n<p>During the installation process, a container will be launched with <strong>root</strong> privileges. This is required\nin order to apply the correct permissions to the <code>Vaultwarden</code> data directory. Afterward, the <code>Vaultwarden</code> container\nwill run as a <strong>non</strong>-root user (default <code>568</code>).\nSame applies to the <code>postgres</code> container. This will run afterwards as a <strong>non</strong>-root user (<code>999</code>).\nOn each upgrade, a container will be launched with <strong>root</strong> privileges in order to apply the correct\npermissions to the <code>postgres</code> <strong>backups</strong> directory. Container that performs the backup will run as a <strong>non</strong>-root user (<code>999</code>) afterwards.\nKeep in mind the permissions on the backup directory will be changed to <code>999:999</code> on <strong>every</strong> update.\nBut will only be changed once for the <code>Vaultwarden</code> and <code>postgres</code> data directories.</p>\n</blockquote>\n<p>While the option to use <code>Rocket</code> for TLS is there, it is not\n<a href=\"https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket\">recommended</a>.\nInstead, use a reverse proxy to handle TLS termination.</p>\n<p>Using <code>HTTPS</code> is <strong>required</strong> for the most of the features to work (correctly).</p>",
"categories": [
"password",
"manager"
],
"description": "Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients.",
"healthy": true,
"healthy_error": null,
"location": "/__w/charts/charts/community/vaultwarden",
"latest_version": "1.0.0",
"latest_app_version": "1.27.0",
"latest_human_version": "1.27.0_1.0.0",
"last_update": null,
"name": "vaultwarden",
"recommended": false,
"title": "Vaultwarden",
"icon": "https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png",
"icon_url": null
},
"ipfs": {
"app_readme": "<h1>IPFS</h1>\n<p><a href=\"https://ipfs.tech\">Interplanetary Filesystem</a> - the Web3 standard for content-addressing, interoperable with HTTP</p>\n<blockquote>\n<p>When application is installed, a container will be launched with <strong>root</strong> privileges.\nThis is required in order to apply the correct permissions to the ipfs directories.\nAfterward, the <code>ipfs</code> container will run as a <strong>non</strong>-root user (Default: <code>568</code>).</p>\n</blockquote>",
"categories": [
@@ -307,6 +327,26 @@
"title": "IPFS",
"icon_url": "https://avatars.githubusercontent.com/u/10536621"
},
"qbittorrent": {
"app_readme": "<h1>qBittorrent</h1>\n<p>The <a href=\"https://www.qbittorrent.org/\">qBittorrent</a> project aims to provide an open-source software alternative to \u00b5Torrent.</p>\n<blockquote>\n<p>When application is installed, a container will be launched with <strong>root</strong> privileges.\nThis is required in order to apply the correct permissions to the qBittorrent directories.\nAfterward, the <code>qBittorrent</code> container will run as a <strong>non</strong>-root user (Default: <code>568</code>).</p>\n</blockquote>",
"categories": [
"media",
"torrent",
"download"
],
"description": "The qBittorrent project aims to provide an open-source software alternative to \u00b5Torrent.",
"healthy": true,
"healthy_error": null,
"location": "/__w/charts/charts/community/qbittorrent",
"latest_version": "1.0.0",
"latest_app_version": "4.5.2",
"latest_human_version": "4.5.2_1.0.0",
"last_update": null,
"name": "qbittorrent",
"recommended": false,
"title": "qBittorrent",
"icon_url": "https://upload.wikimedia.org/wikipedia/commons/9/9e/Qbittorrent_logo.png"
},
"chia": {
"app_readme": "<h1>Chia</h1>\n<p>This container runs as <code>root</code> user.</p>\n<p>When a port is set to &lt; 9000. Host Networking is enabled automatically.</p>\n<blockquote>\n<p>Also NodePort services turn to ClusterIP services, to avoid attempts to bind ports twice.</p>\n</blockquote>\n<p>Key file is stored in <code>/plots/keyfile</code> and is generated automatically, <strong>only</strong> if the file does not exist.\nIf you want to use your own <code>keyfile</code>, you can create a file called <code>keyfile</code> in the <code>/plots</code> directory and it will be used instead.</p>\n<blockquote>\n<p>When set on <code>harvester</code> mode <code>keys</code> variable is set to <code>none</code> and no generation is performed.</p>\n</blockquote>",
"categories": [

6
community/qbittorrent/1.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.0.1
digest: sha256:ec8784f128039af68613a8268208bde360d5b178f811c4a16c79a1650ca8be92
generated: "2023-04-03T17:54:32.688255209+03:00"

26
community/qbittorrent/1.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
name: qbittorrent
description: The qBittorrent project aims to provide an open-source software alternative to µTorrent.
annotations:
title: qBittorrent
type: application
version: 1.0.0
apiVersion: v2
appVersion: '4.5.2'
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
dependencies:
- name: common
repository: file://../../../common
version: 1.0.1
home: https://www.qbittorrent.org/
icon: https://upload.wikimedia.org/wikipedia/commons/9/9e/Qbittorrent_logo.png
sources:
- https://github.com/onedr0p/containers/tree/main/apps/qbittorrent
- https://github.com/truenas/charts/tree/master/community/qbittorrent
- https://www.qbittorrent.org/
keywords:
- media
- torrent
- download

7
community/qbittorrent/1.0.0/README.md Normal file
View File

@@ -0,0 +1,7 @@
# qBittorrent
The [qBittorrent](https://www.qbittorrent.org/) project aims to provide an open-source software alternative to µTorrent.
> When application is installed, a container will be launched with **root** privileges.
> This is required in order to apply the correct permissions to the qBittorrent directories.
> Afterward, the `qBittorrent` container will run as a **non**-root user (Default: `568`).

7
community/qbittorrent/1.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,7 @@
# qBittorrent
The [qBittorrent](https://www.qbittorrent.org/) project aims to provide an open-source software alternative to µTorrent.
> When application is installed, a container will be launched with **root** privileges.
> This is required in order to apply the correct permissions to the qBittorrent directories.
> Afterward, the `qBittorrent` container will run as a **non**-root user (Default: `568`).

BIN
community/qbittorrent/1.0.0/charts/common-1.0.1.tgz Normal file
View File

Binary file not shown.

17
community/qbittorrent/1.0.0/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,17 @@
qbitNetwork:
webPort: 31000
btPort: 32444
qbitRunAs:
user: 1000
group: 1000
qbitStorage:
downloads:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/downloads
datasetName: ""
config:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/config
datasetName: ""

20
community/qbittorrent/1.0.0/ci/extra-env-values.yaml Normal file
View File

@@ -0,0 +1,20 @@
qbitConfig:
additionalEnvs:
- name: "TESTVAR"
value: "SOMEVALUE"
- name: "TESTVAR2"
value: "SOMEVALUE2"
qbitNetwork:
webPort: 31000
btPort: 32444
qbitStorage:
downloads:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/downloads
datasetName: ""
config:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/config
datasetName: ""

14
community/qbittorrent/1.0.0/ci/hostNet-values.yaml Normal file
View File

@@ -0,0 +1,14 @@
qbitNetwork:
webPort: 30000
btPort: 32555
hostNetwork: true
qbitStorage:
downloads:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/downloads
datasetName: ""
config:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/config
datasetName: ""

34
community/qbittorrent/1.0.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,34 @@
image:
repository: ghcr.io/onedr0p/qbittorrent
pullPolicy: IfNotPresent
tag: "4.5.2"
resources:
limits:
cpu: 4000m
memory: 8Gi
qbitConfig:
additionalEnvs: []
qbitNetwork:
webPort: 30000
btPort: 50413
hostNetwork: false
qbitRunAs:
user: 568
group: 568
qbitStorage:
downloads:
type: ixVolume
hostPath: ""
datasetName: downloads
config:
type: ixVolume
hostPath: ""
datasetName: config
notes:
custom: |
Default credentials:
- username: admin
- password: adminadmin

209
community/qbittorrent/1.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,209 @@
groups:
- name: qBittorrent Configuration
description: Configure qBittorrent
- name: User and Group Configuration
description: Configure User and Group for qBittorrent
- name: Network Configuration
description: Configure Network for qBittorrent
- name: Storage Configuration
description: Configure Storage for qBittorrent
- name: Resources Configuration
description: Configure Resources for qBittorrent
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: qbitConfig
label: ""
group: qBittorrent Configuration
schema:
type: dict
attrs:
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for qBittorrent.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: qbitRunAs
label: ""
group: User and Group Configuration
schema:
type: dict
attrs:
- variable: user
label: User ID
description: The user id that qBittorrent will run as.
schema:
type: int
min: 1
default: 568
required: true
- variable: group
label: Group ID
description: The group id that qBittorrent will run as.
schema:
type: int
min: 1
default: 568
required: true
- variable: qbitNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: webPort
label: Web Port
description: The port for the qBittorrent Web UI.
schema:
type: int
default: 30000
min: 9000
max: 65535
required: true
- variable: btPort
label: BT Port
description: The port for the qBittorrent BitTorrent protocol. Both TCP and UDP
schema:
type: int
default: 50413
min: 9000
max: 65535
required: true
- variable: hostNetwork
label: Host Network
description: |
Bind to the host network. It's recommended to keep this disabled.</br>
schema:
type: boolean
default: false
- variable: qbitStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: downloads
label: qBittorrent Downloads Storage
description: The path to store qBittorrent Downloads.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: downloads
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: config
label: qBittorrent Config Storage
description: The path to store qBittorrent Configuration.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: config
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: resources
label: Resources Configuration
group: Resources Configuration
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for qBittorrent.
schema:
type: string
default: 4000m
required: true
- variable: memory
label: Memory
description: Memory limit for qBittorrent.
schema:
type: string
default: 8Gi
required: true

1
community/qbittorrent/1.0.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

11
community/qbittorrent/1.0.0/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,11 @@
{{- define "qbittorrent.configuration" -}}
{{/* Configmaps */}}
configmap:
qbit-config:
enabled: true
data:
QBITTORRENT__BT_PORT: {{ .Values.qbitNetwork.btPort | quote }}
QBITTORRENT__PORT: {{ .Values.qbitNetwork.webPort | quote }}
{{- end -}}

12
community/qbittorrent/1.0.0/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,12 @@
{{- define "qbittorrent.portal" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
path: "/"
port: {{ .Values.qbitNetwork.webPort | quote }}
protocol: http
host: $node_ip
{{- end -}}

138
community/qbittorrent/1.0.0/templates/_qbittorrent.tpl Normal file
View File

@@ -0,0 +1,138 @@
{{- define "qbittorrent.workload" -}}
workload:
qbittorrent:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ .Values.qbitNetwork.hostNetwork }}
containers:
qbittorrent:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: {{ .Values.qbitRunAs.user }}
runAsGroup: {{ .Values.qbitRunAs.group }}
{{ with .Values.qbitConfig.additionalEnvs }}
env:
{{ range $env := . }}
{{ $env.name }}: {{ $env.value }}
{{ end }}
{{ end }}
envFrom:
- configMapRef:
name: qbit-config
probes:
liveness:
enabled: true
type: http
port: "{{ .Values.qbitNetwork.webPort }}"
path: /
readiness:
enabled: true
type: http
port: "{{ .Values.qbitNetwork.webPort }}"
path: /
startup:
enabled: true
type: http
port: "{{ .Values.qbitNetwork.webPort }}"
path: /
initContainers:
check-permissions:
enabled: true
type: init
imageSelector: bashImage
resources:
limits:
cpu: 1000m
memory: 512Mi
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- CHOWN
command: bash
args:
- -c
- |
for dir in /mnt/directories/*; do
if [ ! -d "$dir" ]; then
echo "[$dir] is not a directory, skipping"
continue
fi
if [ $(stat -c %u "$dir") -eq {{ .Values.qbitRunAs.user }} ] && [ $(stat -c %g "$dir") -eq {{ .Values.qbitRunAs.group }} ]; then
echo "Permissions on ["$dir"] are correct"
else
echo "Permissions on ["$dir"] are incorrect"
echo "Changing ownership to {{ .Values.qbitRunAs.user }}:{{ .Values.qbitRunAs.group }} on the following directories: ["$dir"]"
chown -R {{ .Values.qbitRunAs.user }}:{{ .Values.qbitRunAs.group }} "$dir"
echo "Finished changing ownership"
echo "Permissions after changing ownership:"
stat -c "%u %g" "$dir"
fi
done
{{/* Service */}}
service:
qbittorrent:
enabled: true
primary: true
type: NodePort
targetSelector: qbittorrent
ports:
webui:
enabled: true
primary: true
port: {{ .Values.qbitNetwork.webPort }}
nodePort: {{ .Values.qbitNetwork.webPort }}
targetSelector: qbittorrent
qbittorrent-bt:
enabled: true
type: NodePort
targetSelector: qbittorrent
ports:
bt-tcp:
enabled: true
primary: true
port: {{ .Values.qbitNetwork.btPort }}
nodePort: {{ .Values.qbitNetwork.btPort }}
targetSelector: qbittorrent
bt-upd:
enabled: true
primary: true
port: {{ .Values.qbitNetwork.btPort }}
nodePort: {{ .Values.qbitNetwork.btPort }}
protocol: udp
targetSelector: qbittorrent
{{/* Persistence */}}
persistence:
config:
enabled: true
type: {{ .Values.qbitStorage.config.type }}
datasetName: {{ .Values.qbitStorage.config.datasetName | default "" }}
hostPath: {{ .Values.qbitStorage.config.hostPath | default "" }}
targetSelector:
qbittorrent:
qbittorrent:
mountPath: /config
check-permissions:
mountPath: /mnt/directories/config
downloads:
enabled: true
type: {{ .Values.qbitStorage.downloads.type }}
datasetName: {{ .Values.qbitStorage.downloads.datasetName | default "" }}
hostPath: {{ .Values.qbitStorage.downloads.hostPath | default "" }}
targetSelector:
qbittorrent:
qbittorrent:
mountPath: /downloads
check-permissions:
mountPath: /mnt/directories/downloads
{{- end -}}

10
community/qbittorrent/1.0.0/templates/common.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- include "ix.v1.common.loader.init" . -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "qbittorrent.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "qbittorrent.configuration" $ | fromYaml) -}}
{{/* Create the configmap for portal manually*/}}
{{- include "qbittorrent.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

5
community/qbittorrent/item.yaml Normal file
View File

@@ -0,0 +1,5 @@
icon_url: https://upload.wikimedia.org/wikipedia/commons/9/9e/Qbittorrent_logo.png
categories:
- media
- torrent
- download

6
community/vaultwarden/1.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.0.1
digest: sha256:ec8784f128039af68613a8268208bde360d5b178f811c4a16c79a1650ca8be92
generated: "2023-04-03T17:51:26.178586108+03:00"

24
community/vaultwarden/1.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
name: vaultwarden
description: Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients.
annotations:
title: Vaultwarden
type: application
version: 1.0.0
apiVersion: v2
appVersion: '1.27.0'
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
dependencies:
- name: common
repository: file://../../../common
version: 1.0.1
home: https://github.com/dani-garcia/vaultwarden
icon: https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png
sources:
- https://github.com/dani-garcia/vaultwarden
- https://github.com/truenas/charts/tree/master/community/vaultwarden
keywords:
- password
- manager

18
community/vaultwarden/1.0.0/README.md Normal file
View File

@@ -0,0 +1,18 @@
# Vaultwarden
[Vaultwarden](https://github.com/dani-garcia/vaultwarden) Alternative implementation of the `Bitwarden` server API written in Rust and compatible with upstream Bitwarden clients
> During the installation process, a container will be launched with **root** privileges. This is required
> in order to apply the correct permissions to the `Vaultwarden` data directory. Afterward, the `Vaultwarden` container
> will run as a **non**-root user (default `568`).
> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `Vaultwarden` and `postgres` data directories.
While the option to use `Rocket` for TLS is there, it is not
[recommended](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket).
Instead, use a reverse proxy to handle TLS termination.
Using `HTTPS` is **required** for the most of the features to work (correctly).

18
community/vaultwarden/1.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,18 @@
# Vaultwarden
[Vaultwarden](https://github.com/dani-garcia/vaultwarden) Alternative implementation of the `Bitwarden` server API written in Rust and compatible with upstream Bitwarden clients
> During the installation process, a container will be launched with **root** privileges. This is required
> in order to apply the correct permissions to the `Vaultwarden` data directory. Afterward, the `Vaultwarden` container
> will run as a **non**-root user (default `568`).
> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `Vaultwarden` and `postgres` data directories.
While the option to use `Rocket` for TLS is there, it is not
[recommended](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket).
Instead, use a reverse proxy to handle TLS termination.
Using `HTTPS` is **required** for the most of the features to work (correctly).

BIN
community/vaultwarden/1.0.0/charts/common-1.0.1.tgz Normal file
View File

Binary file not shown.

17
community/vaultwarden/1.0.0/ci/additional-env-values.yaml Normal file
View File

@@ -0,0 +1,17 @@
vaultwardenStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
vaultwardenConfig:
additionalEnvs:
- name: LOG_LEVEL
value: debug
- name: SIGNUPS_ALLOWED
value: false

13
community/vaultwarden/1.0.0/ci/admin-values.yaml Normal file
View File

@@ -0,0 +1,13 @@
vaultwardenStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
vaultwardenConfig:
adminToken: "super-long-secret-password"

10
community/vaultwarden/1.0.0/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
vaultwardenStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup

100
community/vaultwarden/1.0.0/ci/https-values.yaml Normal file
View File

@@ -0,0 +1,100 @@
vaultwardenStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
vaultwardenNetwork:
certificateID: 1
domain: https://vault.example.com:30000
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

14
community/vaultwarden/1.0.0/ci/other-user-values.yaml Normal file
View File

@@ -0,0 +1,14 @@
vaultwardenStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
vaultwardenRunAs:
user: 1000
group: 1000

13
community/vaultwarden/1.0.0/ci/ws-disabled-values.yaml Normal file
View File

@@ -0,0 +1,13 @@
vaultwardenStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
vaultwardenNetwork:
wsEnabled: false

39
community/vaultwarden/1.0.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,39 @@
image:
repository: vaultwarden/server
pullPolicy: IfNotPresent
tag: "1.28.1"
resources:
limits:
cpu: 4000m
memory: 8Gi
vaultwardenConfig:
adminToken: ""
additionalEnvs: []
vaultwardenNetwork:
webPort: 30000
wsEnabled: true
wsPort: 30001
hostNetwork: false
certificateID: ""
domain: ""
vaultwardenRunAs:
user: 568
group: 568
vaultwardenStorage:
data:
type: ixVolume
hostPath: ""
datasetName: data
pgData:
type: ixVolume
hostPath: ""
datasetName: pgData
pgBackup:
type: ixVolume
hostPath: ""
datasetName: pgBackup

285
community/vaultwarden/1.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,285 @@
groups:
- name: Vaultwarden Configuration
description: Configure Vaultwarden
- name: User and Group Configuration
description: Configure User and Group for Vaultwarden
- name: Network Configuration
description: Configure Network for Vaultwarden
- name: Storage Configuration
description: Configure Storage for Vaultwarden
- name: Resources Configuration
description: Configure Resources for Vaultwarden
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
admin_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_admin_path"
questions:
- variable: vaultwardenConfig
label: ""
group: Vaultwarden Configuration
schema:
type: dict
attrs:
- variable: adminToken
label: Admin Token
description: Setting this, will enable the admin portal
schema:
type: string
private: true
max_length: 20
default: ""
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for Vaultwarden.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: vaultwardenRunAs
label: ""
group: User and Group Configuration
schema:
type: dict
attrs:
- variable: user
label: User ID
description: The user id that Vaultwarden will run as.
schema:
type: int
min: 1
default: 568
required: true
- variable: group
label: Group ID
description: The group id that Vaultwarden will run as.
schema:
type: int
min: 1
default: 568
required: true
- variable: vaultwardenNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: webPort
label: Web Port
description: The port for the Vaultwarden Web UI.
schema:
type: int
default: 30000
min: 9000
max: 65535
required: true
- variable: wsEnabled
label: Enable Websocket
schema:
type: boolean
default: true
- variable: wsPort
label: Websocket Port
description: The port for the Vaultwarden Websocket.
schema:
type: int
show_if: [["wsEnabled", "=", true]]
default: 30001
min: 9000
max: 65535
required: true
- variable: hostNetwork
label: Host Network
description: |
Bind to the host network. It's recommended to keep this disabled.</br>
schema:
type: boolean
default: false
- variable: domain
label: Domain
description: |
The domain to use for Vaultwarden </br>
Format is: https://sub.domain.tld:port
schema:
type: string
default: ""
- variable: certificateID
label: Certificate
description: |
The certificate to use for Vaultwarden </br>
Using the Rocket method for TLS setup is NOT recommended </br>
Prefer a reverse proxy with a valid certificate </br>
schema:
type: int
"null": true
$ref:
- "definitions/certificate"
- variable: vaultwardenStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: data
label: Vaultwarden Data Storage
description: The path to store Vaultwarden attachments, icons, etc.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: data
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgData
label: Vaultwarden Postgres Data Storage
description: The path to store Vaultwarden Postgres Data.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: pgData
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgBackup
label: Vaultwarden Postgres Backup Storage
description: The path to store Vaultwarden Postgres Backup.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: pgBackup
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: resources
label: ""
group: Resources Configuration
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for Vaultwarden.
schema:
type: string
default: 4000m
required: true
- variable: memory
label: Memory
description: Memory limit for Vaultwarden.
schema:
type: string
default: 8Gi
required: true

1
community/vaultwarden/1.0.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

34
community/vaultwarden/1.0.0/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,34 @@
{{- define "vaultwarden.configuration" -}}
{{- if and .Values.vaultwardenNetwork.domain (not (hasPrefix "http" .Values.vaultwardenNetwork.domain)) -}}
{{- fail "Vaultwarden - Expected [Domain] to have the following format [http(s)://(sub).domain.tld(:port)]." -}}
{{- end -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $dbHost := (printf "%s-postgres" $fullname) -}}
{{- $dbUser := "vaultwarden" -}}
{{- $dbName := "vaultwarden" -}}
{{- $dbPass := (randAlphaNum 32) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{ $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
secret:
postgres-creds:
enabled: true
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ $dbURL }}
{{ with .Values.vaultwardenConfig.adminToken }}
vaultwarden:
enabled: true
data:
ADMIN_TOKEN: {{ . | quote }}
{{ end }}
{{- end -}}

24
community/vaultwarden/1.0.0/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{- define "vaultwarden.portal" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
path: /
admin_path: /admin
port: {{ .Values.vaultwardenNetwork.webPort | quote }}
{{ if or (hasPrefix "https://" .Values.vaultwardenNetwork.domain) .Values.vaultwardenNetwork.certificateID }}
protocol: https
{{ else }}
protocol: http
{{ end }}
{{- $host := "$node_ip" -}}
{{ with .Values.vaultwardenNetwork.domain }} {{/* Trim protocol and trailing slash */}}
{{ $host = (. | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/") }}
{{ $host = mustRegexReplaceAll "(.*):[0-9]+" $host "${1}" }}
{{ end }}
host: {{ $host }}
{{- end -}}

48
community/vaultwarden/1.0.0/templates/_postgres.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{- define "postgres.workload" -}}
{{/* Postgres Database */}}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds" "resources" .Values.resources) | nindent 2 }}
{{/* Service */}}
service:
postgres:
enabled: true
type: ClusterIP
targetSelector: postgres
ports:
postgres:
enabled: true
primary: true
port: 5432
targetSelector: postgres
{{/* Persistence */}}
persistence:
postgresdata:
enabled: true
type: {{ .Values.vaultwardenStorage.pgData.type }}
datasetName: {{ .Values.vaultwardenStorage.pgData.datasetName | default "" }}
hostPath: {{ .Values.vaultwardenStorage.pgData.hostPath | default "" }}
targetSelector:
# Postgres pod
postgres:
# Postgres container
postgres:
mountPath: /var/lib/postgresql/data
# Permissions container, for postgres, container is named "permissions"
permissions:
mountPath: /mnt/directories/postgres_data
postgresbackup:
enabled: true
type: {{ .Values.vaultwardenStorage.pgBackup.type }}
datasetName: {{ .Values.vaultwardenStorage.pgBackup.datasetName | default "" }}
hostPath: {{ .Values.vaultwardenStorage.pgBackup.hostPath | default "" }}
targetSelector:
# Postgres backup pod
postgresbackup:
# Postgres backup container
postgresbackup:
mountPath: /postgres_backup
# Permissions container, for postgres, container is named "permissions"
permissions:
mountPath: /mnt/directories/postgres_backup
{{- end -}}

119
community/vaultwarden/1.0.0/templates/_vaultwarden.tpl Normal file
View File

@@ -0,0 +1,119 @@
{{- define "vaultwarden.workload" -}}
workload:
vaultwarden:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ .Values.vaultwardenNetwork.hostNetwork }}
containers:
vaultwarden:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: {{ .Values.vaultwardenRunAs.user }}
runAsGroup: {{ .Values.vaultwardenRunAs.group }}
env:
ROCKET_PORT: {{ .Values.vaultwardenNetwork.webPort }}
WEBSOCKET_PORT: {{ .Values.vaultwardenNetwork.wsPort }}
WEBSOCKET_ENABLED: {{ .Values.vaultwardenNetwork.wsEnabled }}
DATABASE_URL:
secretKeyRef:
name: postgres-creds
key: POSTGRES_URL
{{ if .Values.vaultwardenConfig.adminToken }}
ADMIN_TOKEN:
secretKeyRef:
name: vaultwarden
key: ADMIN_TOKEN
{{ end }}
{{ if .Values.vaultwardenNetwork.certificateID }}
ROCKET_TLS: '{certs="/certs/public.crt",key="/certs/private.key"}'
{{ end }}
{{ with .Values.vaultwardenNetwork.domain }}
DOMAIN: {{ . }}
{{ end }}
{{ with .Values.vaultwardenConfig.additionalEnvs }}
{{ range $env := . }}
{{ $env.name }}: {{ $env.value }}
{{ end }}
{{ end }}
probes:
liveness:
enabled: true
type: exec
command: /healthcheck.sh
readiness:
enabled: true
type: exec
command: /healthcheck.sh
startup:
enabled: true
type: exec
command: /healthcheck.sh
initContainers:
{{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
"UID" .Values.vaultwardenRunAs.user
"GID" .Values.vaultwardenRunAs.group
"type" "install") | nindent 8 }}
{{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
{{/* Service */}}
service:
vaultwarden:
enabled: true
primary: true
type: NodePort
targetSelector: vaultwarden
ports:
webui:
enabled: true
primary: true
port: {{ .Values.vaultwardenNetwork.webPort }}
nodePort: {{ .Values.vaultwardenNetwork.webPort }}
targetSelector: vaultwarden
ws:
enabled: {{ .Values.vaultwardenNetwork.wsEnabled }}
port: {{ .Values.vaultwardenNetwork.wsPort }}
nodePort: {{ .Values.vaultwardenNetwork.wsPort }}
targetSelector: vaultwarden
{{/* Persistence */}}
persistence:
data:
enabled: true
type: {{ .Values.vaultwardenStorage.data.type }}
datasetName: {{ .Values.vaultwardenStorage.data.datasetName | default "" }}
hostPath: {{ .Values.vaultwardenStorage.data.hostPath | default "" }}
targetSelector:
vaultwarden:
vaultwarden:
mountPath: /data
01-permissions:
mountPath: /mnt/directories/data
{{- if .Values.vaultwardenNetwork.certificateID }}
cert:
enabled: true
type: secret
objectName: vaultwarden-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
targetSelector:
vaultwarden:
vaultwarden:
mountPath: /certs
readOnly: true
scaleCertificate:
vaultwarden-cert:
enabled: true
id: {{ .Values.vaultwardenNetwork.certificateID }}
{{- end -}}
{{- end -}}

11
community/vaultwarden/1.0.0/templates/common.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- include "ix.v1.common.loader.init" . -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "vaultwarden.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "vaultwarden.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{/* Create the configmap for portal manually*/}}
{{- include "vaultwarden.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

4
community/vaultwarden/item.yaml Normal file
View File

@@ -0,0 +1,4 @@
icon: https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png
categories:
- password
- manager