# This is a YAML-formatted file. # Declare variables to be passed into your templates. ## Dependencies configuration parameters ## Redis dependency parameters # -- Install redis as a depending chart redisDependencyEnabled: true # -- Install mariadb as a depending chart mariadbDependencyEnabled: true # -- Install mariadb as a depending chart postgresqlDependencyEnabled: false global: imageRegistry: "" imagePullSecrets: [] # Configure redis dependency chart redis: auth: # -- Enable redis authentication enabled: true # -- Configure redis password password: "P4ssb0lt" sentinel: # -- Enable redis sentinel enabled: true ## MariaDB dependency parameters # Configure mariadb as a dependency chart mariadb: # -- Configure mariadb architecture architecture: replication auth: # -- Configure mariadb auth root password rootPassword: root # -- Configure mariadb auth username username: passbolt # -- Configure mariadb auth password password: P4ssb0lt # -- Configure mariadb auth database database: passbolt # -- Configure mariadb auth replicationPassword replicationPassword: P4ssb0ltReplica # -- Configure parameters for the primary instance. primary: # -- Configure persistence options. persistence: # -- Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir enabled: true # -- Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. existingClaim: "" # -- Subdirectory of the volume to mount at subPath: "" # -- Primary persistent volume storage Class storageClass: "longhorn" # -- Labels for the PVC labels: {} # -- Primary persistent volume claim annotations annotations: {} # -- Primary persistent volume access Modes accessModes: - ReadWriteOnce # -- Primary persistent volume size size: 8Gi # -- Selector to match an existing Persistent Volume selector: {} # -- Configure parameters for the secondary instance. secondary: # -- Configure persistence options. persistence: # -- Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir enabled: true # -- Subdirectory of the volume to mount at subPath: "" # -- Secondary persistent volume storage Class storageClass: "longhorn" # -- Labels for the PVC labels: {} # -- Secondary persistent volume claim annotations annotations: {} # -- Secondary persistent volume access Modes accessModes: - ReadWriteOnce # -- Secondary persistent volume size size: 8Gi # -- Selector to match an existing Persistent Volume selector: {} ## Passbolt configuration ## Passbolt container and sidecar parameters app: # -- Configure pasbolt deployment init container that waits for database databaseInitContainer: # -- Toggle pasbolt deployment init container that waits for database enabled: true #initImage: # # -- Configure pasbolt deployment init container image client for database # client: mariadb # registry: "" # # -- Configure pasbolt deployment image repsitory # repository: mariadb # # -- Configure pasbolt deployment image pullPolicy # pullPolicy: IfNotPresent # # -- Overrides the image tag whose default is the chart appVersion. # tag: latest image: # -- Configure pasbolt deployment image repsitory registry: "" repository: passbolt/passbolt # -- Configure pasbolt deployment image pullPolicy pullPolicy: IfNotPresent # Allowed options: mariadb, mysql or postgresql database: kind: mariadb # -- Configure ssl on mariadb/mysql clients # -- In case this is enabled, you will be responsible for creating and mounting the certificates and # -- additional configutions on both the client and the server. # ssl: off cache: # Use CACHE_CAKE_DEFAULT_* variables to configure the connection to redis instance # on the passboltEnv configuration section redis: # -- By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php # That instructs passbolt to store sessions on redis and to use it as a general cache. enabled: true sentinelProxy: # -- Inject a haproxy sidecar container configured as a proxy to redis sentinel # Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy enabled: true # -- Configure redis sentinel proxy image image: registry: "" # -- Configure redis sentinel image repository repository: haproxy # -- Configure redis sentinel image tag tag: "latest" # -- Configure redis sentinel container resources resources: {} # -- Configure the passbolt deployment resources extraPodLabels: {} resources: {} tls: # -- If autogenerate is true, the chart will generate a secret with a certificate for APP_FULL_BASE_URL hostname # -- if autogenerate is false, existingSecret should be filled with an existing tls kind secret name # @ignored autogenerate: true #existingSecret: "" # -- Enable email cron cronJobEmail: enabled: true schedule: "* * * * *" extraPodLabels: {} ## Passbolt environment parameters # -- Pro subscription key in base64 only if you are using pro version # subscriptionKey: # -- Configure passbolt subscription key path # subscription_keyPath: /etc/passbolt/subscription_key.txt # -- Configure passbolt gpg directory gpgPath: /etc/passbolt/gpg # -- Gpg server private key in base64 gpgServerKeyPrivate: "" # -- Gpg server public key in base64 gpgServerKeyPublic: "" # -- Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys. gpgExistingSecret: "" # -- Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys. jwtExistingSecret: "" # -- Configure passbolt jwt directory jwtPath: /etc/passbolt/jwt # -- JWT server private key in base64 jwtServerPrivate: "" # -- JWT server public key in base64 jwtServerPublic: "" # -- Forces overwrite JWT keys jwtCreateKeysForced: false jobCreateJwtKeys: extraPodLabels: {} jobCreateGpgKeys: extraPodLabels: {} passboltEnv: plain: # -- Configure passbolt privacy url PASSBOLT_LEGAL_PRIVACYPOLICYURL: https://www.passbolt.com/privacy # -- Configure passbolt to force ssl PASSBOLT_SSL_FORCE: false # -- Toggle passbolt public registration PASSBOLT_REGISTRATION_PUBLIC: false # -- Configure passbolt cake cache server CACHE_CAKE_DEFAULT_SERVER: 127.0.0.1 # -- Configure passbolt default email service port EMAIL_TRANSPORT_DEFAULT_PORT: 587 # -- Toggle passbolt debug mode DEBUG: false # -- Toggle passbolt selenium mode PASSBOLT_SELENIUM_ACTIVE: false # -- Configure passbolt license path PASSBOLT_PLUGINS_LICENSE_LICENSE: /etc/passbolt/subscription_key.txt # -- Configure passbolt jwt private key path PASSBOLT_JWT_SERVER_KEY: /var/www/passbolt/config/jwt/jwt.key # -- Configure passbolt jwt public key path PASSBOLT_JWT_SERVER_PEM: /var/www/passbolt/config/jwt/jwt.pem # -- Toggle passbolt jwt authentication PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED: true # -- Download Command for kubectl KUBECTL_DOWNLOAD_CMD: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" secret: # -- Configure passbolt cake cache password CACHE_CAKE_DEFAULT_PASSWORD: P4ssb0lt # -- Configure passbolt default database password DATASOURCES_DEFAULT_PASSWORD: P4ssb0lt # -- Configure passbolt default database username DATASOURCES_DEFAULT_USERNAME: passbolt # -- Configure passbolt default database DATASOURCES_DEFAULT_DATABASE: passbolt # -- Configure passbolt server gpg key fingerprint # PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: # -- Configure passbolt security salt. # SECURITY_SALT: # -- Environment variables to add to the passbolt pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the passbolt pods extraEnvFrom: [] # - secretRef: # name: passbolt-secret ## Passbolt deployment parameters # -- If autoscaling is disabled this will define the number of pods to run replicaCount: 2 # Configure autoscaling on passbolt deployment autoscaling: # -- Enable autoscaling on passbolt deployment enabled: false # -- Configure autoscaling minimum replicas minReplicas: 1 # -- Configure autoscaling maximum replicas maxReplicas: 100 # -- Configure autoscaling target CPU uptilization percentage targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 # -- Enable role based access control rbacEnabled: true # -- Configure passbolt container livenessProbe livenessProbe: # @ignore httpGet: port: https scheme: HTTPS path: /healthcheck/status.json httpHeaders: - name: Host value: passbolt.hofers.cloud initialDelaySeconds: 20 periodSeconds: 10 # -- Configure passbolt container RadinessProbe readinessProbe: # @ignore httpGet: port: https scheme: HTTPS httpHeaders: - name: Host value: passbolt.hofers.cloud path: /healthcheck/status.json initialDelaySeconds: 5 periodSeconds: 10 # Configure network policies to allow ingress access passbolt pods # networkPolicy defines which labels are allowed to reach to passbolt # and which namespaces networkPolicy: # -- Enable network policies to allow ingress access passbolt pods enabled: false # -- Configure network policies label for ingress deployment label: app.kubernetes.io/name # -- Configure network policies podLabel for podSelector podLabel: ingress-nginx # -- Configure network policies namespaceLabel for namespaceSelector namespaceLabel: ingress-nginx # -- Configure image pull secrets imagePullSecrets: [] # -- Value to override the chart name on default nameOverride: "" # -- Value to override the whole fullName fullnameOverride: "" serviceAccount: # -- Specifies whether a service account should be created create: true # -- Annotations to add to the service account annotations: {} # -- Map of annotation for passbolt server pod podAnnotations: {} # -- Security Context configuration for passbolt server pod podSecurityContext: {} # fsGroup: 2000 service: # -- Configure passbolt service type type: ClusterIP # -- Annotations to add to the service annotations: {} # -- Configure the service ports ports: # -- Configure the HTTPS port https: # -- Configure passbolt HTTPS service port port: 443 # -- Configure passbolt HTTPS service targetPort targetPort: 443 # -- Configure passbolt HTTPS service port name name: https http: # -- Configure passbolt HTTP service port port: 80 # -- Configure passbolt HTTP service targetPort targetPort: 80 # -- Configure passbolt HTTP service port name name: http ingress: # -- Enable passbolt ingress enabled: true # -- Configure passbolt ingress annotations annotations: {} # -- Configure passbolt ingress hosts hosts: # @ignored - host: passbolt.hofers.cloud paths: - path: / port: http pathType: ImplementationSpecific # -- Configure passbolt deployment nodeSelector nodeSelector: {} # -- Configure passbolt deployment tolerations tolerations: [] # -- Configure passbolt deployment affinity affinity: {} # -- Add additional volumes, e.g. for overwriting config files extraVolumes: [] # -- Add additional volume mounts, e.g. for overwriting config files extraVolumeMounts: []