366 lines
12 KiB
YAML
366 lines
12 KiB
YAML
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
## Dependencies configuration parameters
|
|
|
|
## Redis dependency parameters
|
|
|
|
# -- Install redis as a depending chart
|
|
redisDependencyEnabled: true
|
|
# -- Install mariadb as a depending chart
|
|
mariadbDependencyEnabled: true
|
|
# -- Install mariadb as a depending chart
|
|
postgresqlDependencyEnabled: false
|
|
|
|
global:
|
|
imageRegistry: ""
|
|
imagePullSecrets: []
|
|
|
|
# Configure redis dependency chart
|
|
redis:
|
|
auth:
|
|
# -- Enable redis authentication
|
|
enabled: true
|
|
# -- Configure redis password
|
|
password: "P4ssb0lt"
|
|
sentinel:
|
|
# -- Enable redis sentinel
|
|
enabled: true
|
|
|
|
## MariaDB dependency parameters
|
|
|
|
# Configure mariadb as a dependency chart
|
|
mariadb:
|
|
# -- Configure mariadb architecture
|
|
architecture: replication
|
|
auth:
|
|
# -- Configure mariadb auth root password
|
|
rootPassword: root
|
|
# -- Configure mariadb auth username
|
|
username: passbolt
|
|
# -- Configure mariadb auth password
|
|
password: P4ssb0lt
|
|
# -- Configure mariadb auth database
|
|
database: passbolt
|
|
# -- Configure mariadb auth replicationPassword
|
|
replicationPassword: P4ssb0ltReplica
|
|
# -- Configure parameters for the primary instance.
|
|
primary:
|
|
# -- Configure persistence options.
|
|
persistence:
|
|
# -- Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
|
|
enabled: true
|
|
# -- Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored.
|
|
existingClaim: ""
|
|
# -- Subdirectory of the volume to mount at
|
|
subPath: ""
|
|
# -- Primary persistent volume storage Class
|
|
storageClass: "longhorn"
|
|
# -- Labels for the PVC
|
|
labels: {}
|
|
# -- Primary persistent volume claim annotations
|
|
annotations: {}
|
|
# -- Primary persistent volume access Modes
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
# -- Primary persistent volume size
|
|
size: 8Gi
|
|
# -- Selector to match an existing Persistent Volume
|
|
selector: {}
|
|
# -- Configure parameters for the secondary instance.
|
|
secondary:
|
|
# -- Configure persistence options.
|
|
persistence:
|
|
# -- Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
|
|
enabled: true
|
|
# -- Subdirectory of the volume to mount at
|
|
subPath: ""
|
|
# -- Secondary persistent volume storage Class
|
|
storageClass: "longhorn"
|
|
# -- Labels for the PVC
|
|
labels: {}
|
|
# -- Secondary persistent volume claim annotations
|
|
annotations: {}
|
|
# -- Secondary persistent volume access Modes
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
# -- Secondary persistent volume size
|
|
size: 8Gi
|
|
# -- Selector to match an existing Persistent Volume
|
|
selector: {}
|
|
|
|
## Passbolt configuration
|
|
|
|
## Passbolt container and sidecar parameters
|
|
app:
|
|
# -- Configure pasbolt deployment init container that waits for database
|
|
databaseInitContainer:
|
|
# -- Toggle pasbolt deployment init container that waits for database
|
|
enabled: true
|
|
#initImage:
|
|
# # -- Configure pasbolt deployment init container image client for database
|
|
# client: mariadb
|
|
# registry: ""
|
|
# # -- Configure pasbolt deployment image repsitory
|
|
# repository: mariadb
|
|
# # -- Configure pasbolt deployment image pullPolicy
|
|
# pullPolicy: IfNotPresent
|
|
# # -- Overrides the image tag whose default is the chart appVersion.
|
|
# tag: latest
|
|
image:
|
|
# -- Configure pasbolt deployment image repsitory
|
|
registry: ""
|
|
repository: passbolt/passbolt
|
|
# -- Configure pasbolt deployment image pullPolicy
|
|
pullPolicy: IfNotPresent
|
|
# Allowed options: mariadb, mysql or postgresql
|
|
database:
|
|
kind: mariadb
|
|
# -- Configure ssl on mariadb/mysql clients
|
|
# -- In case this is enabled, you will be responsible for creating and mounting the certificates and
|
|
# -- additional configutions on both the client and the server.
|
|
# ssl: off
|
|
cache:
|
|
# Use CACHE_CAKE_DEFAULT_* variables to configure the connection to redis instance
|
|
# on the passboltEnv configuration section
|
|
redis:
|
|
# -- By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php
|
|
# That instructs passbolt to store sessions on redis and to use it as a general cache.
|
|
enabled: true
|
|
sentinelProxy:
|
|
# -- Inject a haproxy sidecar container configured as a proxy to redis sentinel
|
|
# Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy
|
|
enabled: true
|
|
# -- Configure redis sentinel proxy image
|
|
image:
|
|
registry: ""
|
|
# -- Configure redis sentinel image repository
|
|
repository: haproxy
|
|
# -- Configure redis sentinel image tag
|
|
tag: "latest"
|
|
# -- Configure redis sentinel container resources
|
|
resources: {}
|
|
# -- Configure the passbolt deployment resources
|
|
extraPodLabels: {}
|
|
resources: {}
|
|
tls:
|
|
# -- If autogenerate is true, the chart will generate a secret with a certificate for APP_FULL_BASE_URL hostname
|
|
# -- if autogenerate is false, existingSecret should be filled with an existing tls kind secret name
|
|
# @ignored
|
|
autogenerate: true
|
|
#existingSecret: ""
|
|
|
|
# -- Enable email cron
|
|
cronJobEmail:
|
|
enabled: true
|
|
schedule: "* * * * *"
|
|
extraPodLabels: {}
|
|
|
|
## Passbolt environment parameters
|
|
|
|
# -- Pro subscription key in base64 only if you are using pro version
|
|
# subscriptionKey:
|
|
# -- Configure passbolt subscription key path
|
|
# subscription_keyPath: /etc/passbolt/subscription_key.txt
|
|
|
|
# -- Configure passbolt gpg directory
|
|
gpgPath: /etc/passbolt/gpg
|
|
# -- Gpg server private key in base64
|
|
gpgServerKeyPrivate: ""
|
|
# -- Gpg server public key in base64
|
|
gpgServerKeyPublic: ""
|
|
# -- Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys.
|
|
gpgExistingSecret: ""
|
|
|
|
# -- Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys.
|
|
jwtExistingSecret: ""
|
|
# -- Configure passbolt jwt directory
|
|
jwtPath: /etc/passbolt/jwt
|
|
# -- JWT server private key in base64
|
|
jwtServerPrivate: ""
|
|
# -- JWT server public key in base64
|
|
jwtServerPublic: ""
|
|
# -- Forces overwrite JWT keys
|
|
jwtCreateKeysForced: false
|
|
jobCreateJwtKeys:
|
|
extraPodLabels: {}
|
|
|
|
jobCreateGpgKeys:
|
|
extraPodLabels: {}
|
|
|
|
passboltEnv:
|
|
plain:
|
|
# -- Configure passbolt privacy url
|
|
PASSBOLT_LEGAL_PRIVACYPOLICYURL: https://www.passbolt.com/privacy
|
|
# -- Configure passbolt to force ssl
|
|
PASSBOLT_SSL_FORCE: false
|
|
# -- Toggle passbolt public registration
|
|
PASSBOLT_REGISTRATION_PUBLIC: false
|
|
# -- Configure passbolt cake cache server
|
|
CACHE_CAKE_DEFAULT_SERVER: 127.0.0.1
|
|
# -- Configure passbolt default email service port
|
|
EMAIL_TRANSPORT_DEFAULT_PORT: 587
|
|
# -- Toggle passbolt debug mode
|
|
DEBUG: false
|
|
# -- Toggle passbolt selenium mode
|
|
PASSBOLT_SELENIUM_ACTIVE: false
|
|
# -- Configure passbolt license path
|
|
PASSBOLT_PLUGINS_LICENSE_LICENSE: /etc/passbolt/subscription_key.txt
|
|
# -- Configure passbolt jwt private key path
|
|
PASSBOLT_JWT_SERVER_KEY: /var/www/passbolt/config/jwt/jwt.key
|
|
# -- Configure passbolt jwt public key path
|
|
PASSBOLT_JWT_SERVER_PEM: /var/www/passbolt/config/jwt/jwt.pem
|
|
# -- Toggle passbolt jwt authentication
|
|
PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED: true
|
|
# -- Download Command for kubectl
|
|
KUBECTL_DOWNLOAD_CMD: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
|
secret:
|
|
# -- Configure passbolt cake cache password
|
|
CACHE_CAKE_DEFAULT_PASSWORD: P4ssb0lt
|
|
# -- Configure passbolt default database password
|
|
DATASOURCES_DEFAULT_PASSWORD: P4ssb0lt
|
|
# -- Configure passbolt default database username
|
|
DATASOURCES_DEFAULT_USERNAME: passbolt
|
|
# -- Configure passbolt default database
|
|
DATASOURCES_DEFAULT_DATABASE: passbolt
|
|
# -- Configure passbolt server gpg key fingerprint
|
|
# PASSBOLT_GPG_SERVER_KEY_FINGERPRINT:
|
|
# -- Configure passbolt security salt.
|
|
# SECURITY_SALT:
|
|
# -- Environment variables to add to the passbolt pods
|
|
extraEnv: []
|
|
# -- Environment variables from secrets or configmaps to add to the passbolt pods
|
|
extraEnvFrom:
|
|
[]
|
|
# - secretRef:
|
|
# name: passbolt-secret
|
|
## Passbolt deployment parameters
|
|
|
|
# -- If autoscaling is disabled this will define the number of pods to run
|
|
replicaCount: 2
|
|
|
|
# Configure autoscaling on passbolt deployment
|
|
autoscaling:
|
|
# -- Enable autoscaling on passbolt deployment
|
|
enabled: false
|
|
# -- Configure autoscaling minimum replicas
|
|
minReplicas: 1
|
|
# -- Configure autoscaling maximum replicas
|
|
maxReplicas: 100
|
|
# -- Configure autoscaling target CPU uptilization percentage
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
# -- Enable role based access control
|
|
rbacEnabled: true
|
|
|
|
# -- Configure passbolt container livenessProbe
|
|
livenessProbe:
|
|
# @ignore
|
|
httpGet:
|
|
port: https
|
|
scheme: HTTPS
|
|
path: /healthcheck/status.json
|
|
httpHeaders:
|
|
- name: Host
|
|
value: passbolt.hofers.cloud
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
# -- Configure passbolt container RadinessProbe
|
|
readinessProbe:
|
|
# @ignore
|
|
httpGet:
|
|
port: https
|
|
scheme: HTTPS
|
|
httpHeaders:
|
|
- name: Host
|
|
value: passbolt.hofers.cloud
|
|
path: /healthcheck/status.json
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
|
|
# Configure network policies to allow ingress access passbolt pods
|
|
# networkPolicy defines which labels are allowed to reach to passbolt
|
|
# and which namespaces
|
|
networkPolicy:
|
|
# -- Enable network policies to allow ingress access passbolt pods
|
|
enabled: false
|
|
# -- Configure network policies label for ingress deployment
|
|
label: app.kubernetes.io/name
|
|
# -- Configure network policies podLabel for podSelector
|
|
podLabel: ingress-nginx
|
|
# -- Configure network policies namespaceLabel for namespaceSelector
|
|
namespaceLabel: ingress-nginx
|
|
|
|
# -- Configure image pull secrets
|
|
imagePullSecrets: []
|
|
# -- Value to override the chart name on default
|
|
nameOverride: ""
|
|
# -- Value to override the whole fullName
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# -- Specifies whether a service account should be created
|
|
create: true
|
|
# -- Annotations to add to the service account
|
|
annotations: {}
|
|
|
|
# -- Map of annotation for passbolt server pod
|
|
podAnnotations: {}
|
|
|
|
# -- Security Context configuration for passbolt server pod
|
|
podSecurityContext:
|
|
{}
|
|
# fsGroup: 2000
|
|
|
|
service:
|
|
# -- Configure passbolt service type
|
|
type: ClusterIP
|
|
# -- Annotations to add to the service
|
|
annotations: {}
|
|
# -- Configure the service ports
|
|
ports:
|
|
# -- Configure the HTTPS port
|
|
https:
|
|
# -- Configure passbolt HTTPS service port
|
|
port: 443
|
|
# -- Configure passbolt HTTPS service targetPort
|
|
targetPort: 443
|
|
# -- Configure passbolt HTTPS service port name
|
|
name: https
|
|
http:
|
|
# -- Configure passbolt HTTP service port
|
|
port: 80
|
|
# -- Configure passbolt HTTP service targetPort
|
|
targetPort: 80
|
|
# -- Configure passbolt HTTP service port name
|
|
name: http
|
|
|
|
ingress:
|
|
# -- Enable passbolt ingress
|
|
enabled: true
|
|
# -- Configure passbolt ingress annotations
|
|
annotations: {}
|
|
# -- Configure passbolt ingress hosts
|
|
hosts:
|
|
# @ignored
|
|
- host: passbolt.hofers.cloud
|
|
paths:
|
|
- path: /
|
|
port: http
|
|
pathType: ImplementationSpecific
|
|
|
|
# -- Configure passbolt deployment nodeSelector
|
|
nodeSelector: {}
|
|
|
|
# -- Configure passbolt deployment tolerations
|
|
tolerations: []
|
|
|
|
# -- Configure passbolt deployment affinity
|
|
affinity: {}
|
|
|
|
# -- Add additional volumes, e.g. for overwriting config files
|
|
extraVolumes: []
|
|
|
|
# -- Add additional volume mounts, e.g. for overwriting config files
|
|
extraVolumeMounts: []
|