2021-09-13 10:58:34 +00:00
# Include{groups}
2021-04-13 15:02:41 +00:00
portals :
web_portal :
protocols :
- "$kubernetes-resource_configmap_portal_protocol"
host :
- "$kubernetes-resource_configmap_portal_host"
ports :
- "$kubernetes-resource_configmap_portal_port"
questions :
- variable : portal
group : "Container Image"
label : "Configure Portal Button"
schema :
type : dict
hidden : true
attrs :
- variable : enabled
label : "Enable"
description : "enable the portal button"
schema :
hidden : true
editable : false
type : boolean
default : true
2021-10-20 17:39:05 +00:00
# Include{global}
2021-05-30 14:09:07 +00:00
- variable : controller
group : "Controller"
label : ""
2021-04-13 15:02:41 +00:00
schema :
2021-05-30 14:09:07 +00:00
type : dict
attrs :
2021-11-06 20:41:31 +00:00
- variable : advanced
label : "Show Advanced Controller Settings"
2021-05-30 14:09:07 +00:00
schema :
2021-11-06 20:41:31 +00:00
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : type
description : "Please specify type of workload to deploy"
label : "(Advanced) Controller Type"
schema :
type : string
default : "deployment"
required : true
enum :
- value : "deployment"
description : "Deployment"
- value : "statefulset"
description : "Statefulset"
- value : "daemonset"
description : "Daemonset"
- variable : replicas
description : "Number of desired pod replicas"
label : "Desired Replicas"
schema :
type : int
default : 1
required : true
- variable : strategy
description : "Please specify type of workload to deploy"
label : "(Advanced) Update Strategy"
schema :
type : string
default : "Recreate"
required : true
enum :
- value : "Recreate"
description : "Recreate: Kill existing pods before creating new ones"
- value : "RollingUpdate"
description : "RollingUpdate: Create new pods and then kill old ones"
- value : "OnDelete"
description : "(Legacy) OnDelete: ignore .spec.template changes"
2021-09-13 10:58:34 +00:00
# Include{controllerExpert}
2021-05-30 15:02:12 +00:00
2021-09-13 11:00:23 +00:00
- variable : env
group : "Container Configuration"
label : "Image Environment"
schema :
type : dict
attrs :
2021-10-04 11:27:12 +00:00
# Include{fixedEnv}
2021-09-13 11:00:23 +00:00
# Include{containerConfig}
2021-05-30 15:02:12 +00:00
- variable : vaultwarden
2021-04-13 15:02:41 +00:00
label : ""
2021-05-30 15:02:12 +00:00
group : "App Configuration"
2021-04-13 15:02:41 +00:00
schema :
type : dict
attrs :
- variable : yubico
2021-05-25 10:43:34 +00:00
label : "Yubico OTP authentication"
2021-04-13 15:02:41 +00:00
schema :
type : dict
attrs :
- variable : enabled
2021-05-25 10:43:34 +00:00
label : "Enable Yubico OTP authentication"
2021-05-30 15:02:12 +00:00
description : "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication"
2021-04-13 15:02:41 +00:00
schema :
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : server
label : "Yubico server"
description : "Defaults to YubiCloud"
schema :
type : string
default : ""
- variable : clientId
label : "Yubico ID"
schema :
type : string
default : ""
- variable : secretKey
label : "Yubico Secret Key"
schema :
type : string
default : ""
- variable : admin
label : "Admin Portal"
schema :
type : dict
attrs :
- variable : enabled
label : "Enable Admin Portal"
schema :
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : disableAdminToken
label : "Make Accessible Without Password/Token"
schema :
type : boolean
default : false
- variable : token
label : "Admin Portal Password/Token"
description : "Will be automatically generated if not defined"
schema :
type : string
default : ""
- variable : icons
label : "Icon Download Settings"
schema :
type : dict
attrs :
- variable : disableDownload
label : "Disable Icon Download"
description : "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)"
schema :
type : boolean
default : false
- variable : cache
label : "Cache time-to-live"
description : "Cache time-to-live for icons fetched. 0 means no purging"
schema :
type : int
default : 2592000
- variable : token
label : "Failed Downloads Cache time-to-live"
description : "Cache time-to-live for icons that were not available. 0 means no purging."
schema :
type : int
default : 2592000
- variable : log
label : "Logging"
schema :
type : dict
attrs :
- variable : level
label : "Log level"
schema :
type : string
default : "info"
required : true
enum :
- value : "trace"
description : "trace"
- value : "debug"
description : "debug"
- value : "info"
description : "info"
- value : "warn"
description : "warn"
- value : "error"
description : "error"
- value : "off"
description : "off"
- variable : file
label : "Log-File Location"
schema :
type : string
default : ""
- variable : smtp
label : "SMTP Settings (Email)"
schema :
type : dict
attrs :
- variable : enabled
label : "Enable SMTP Support"
schema :
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : host
label : "SMTP hostname"
schema :
type : string
required : true
default : ""
- variable : from
label : "SMTP sender e-mail address"
schema :
type : string
required : true
default : ""
- variable : fromName
label : "SMTP sender name"
schema :
type : string
required : true
default : ""
- variable : user
label : "SMTP username"
schema :
type : string
required : true
default : ""
- variable : password
label : "SMTP password"
description : "Required is user is specified, ignored if no user provided"
schema :
type : string
default : ""
- variable : ssl
label : "Enable SSL connection"
schema :
type : boolean
default : true
- variable : port
label : "SMTP port"
description : "Usually: 25 without SSL, 587 with SSL"
schema :
type : int
default : 587
- variable : authMechanism
label : "SMTP Authentication Mechanisms"
description : "Comma-separated options: Plain, Login and Xoauth2"
schema :
type : string
default : "Plain"
- variable : heloName
label : "SMTP HELO - Hostname"
description : "Hostname to be sent for SMTP HELO. Defaults to pod name"
schema :
type : string
default : ""
- variable : port
label : "SMTP timeout"
schema :
type : int
default : 15
- variable : invalidHostname
label : "Accept Invalid Hostname"
description : "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!"
schema :
type : boolean
default : false
- variable : invalidCertificate
label : "Accept Invalid Certificate"
description : "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!"
schema :
type : boolean
default : false
- variable : allowSignups
label : "Allow Signup"
2021-05-30 15:02:12 +00:00
description : "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users"
2021-04-13 15:02:41 +00:00
schema :
type : boolean
default : true
- variable : allowInvitation
label : "Always allow Invitation"
2021-05-30 15:02:12 +00:00
description : "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations"
2021-04-13 15:02:41 +00:00
schema :
type : boolean
default : true
- variable : defaultInviteName
label : "Default Invite Organisation Name"
description : "Default organization name in invitation e-mails that are not coming from a specific organization."
schema :
type : string
default : ""
- variable : showPasswordHint
label : "Show password hints"
2021-05-30 15:02:12 +00:00
description : "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display"
2021-04-13 15:02:41 +00:00
schema :
type : boolean
default : true
- variable : signupwhitelistenable
label : "Enable Signup Whitelist"
description : "allowSignups is ignored if set"
schema :
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : signupDomains
label : "Signup Whitelist Domains"
schema :
type : list
default : [ ]
items :
- variable : domain
label : "Domain"
schema :
type : string
default : ""
- variable : verifySignup
label : "Verifiy Signup"
description : "Verify e-mail before login is enabled. SMTP must be enabled"
schema :
type : boolean
default : false
- variable : requireEmail
label : "Block Login if email fails"
description : "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled"
schema :
type : boolean
default : false
- variable : emailAttempts
label : "Email token reset attempts"
description : "Maximum attempts before an email token is reset and a new email will need to be sent"
schema :
type : int
default : 3
- variable : emailTokenExpiration
label : "Email token validity in seconds"
schema :
type : int
default : 600
- variable : enableWebsockets
label : "Enable Websocket Connections"
2021-05-30 15:02:12 +00:00
description : "Enable Websockets for notification. https://github.com/dani-garcia/vaultwarden/wiki/Enabling-WebSocket-notifications"
2021-04-13 15:02:41 +00:00
schema :
type : boolean
default : true
hidden : true
- variable : enableWebVault
label : "Enable Webvault"
2021-05-30 15:02:12 +00:00
description : "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting"
2021-04-13 15:02:41 +00:00
schema :
type : boolean
default : true
- variable : orgCreationUsers
label : "Limit Organisation Creation to (users)"
description : "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users."
schema :
type : string
default : "all"
- variable : attachmentLimitOrg
label : "Limit Attachment Disk Usage per Organisation"
schema :
type : string
default : ""
- variable : attachmentLimitUser
label : "Limit Attachment Disk Usage per User"
schema :
type : string
default : ""
- variable : hibpApiKey
label : "HaveIBeenPwned API Key"
description : "Can be purchased at https://haveibeenpwned.com/API/Key"
schema :
type : string
default : ""
2021-09-13 11:00:23 +00:00
2021-05-22 15:59:46 +00:00
- variable : service
2021-05-30 14:09:07 +00:00
group : "Networking and Services"
2021-05-22 15:59:46 +00:00
label : "Configure Service(s)"
2021-04-13 15:02:41 +00:00
schema :
type : dict
attrs :
- variable : main
2021-05-22 15:59:46 +00:00
label : "Main Service"
2021-04-13 15:02:41 +00:00
description : "The Primary service on which the healthcheck runs, often the webUI"
schema :
type : dict
attrs :
- variable : enabled
label : "Enable the service"
schema :
type : boolean
default : true
hidden : true
- variable : type
2021-05-22 15:59:46 +00:00
label : "Service Type"
description : "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer"
2021-04-13 15:02:41 +00:00
schema :
type : string
2021-05-22 15:59:46 +00:00
default : "NodePort"
2021-04-13 15:02:41 +00:00
enum :
2021-05-22 15:59:46 +00:00
- value : "NodePort"
description : "NodePort"
2021-04-13 15:02:41 +00:00
- value : "ClusterIP"
description : "ClusterIP"
2021-05-22 15:59:46 +00:00
- value : "LoadBalancer"
description : "LoadBalancer"
- variable : loadBalancerIP
label : "LoadBalancer IP"
description : "LoadBalancerIP"
2021-04-13 15:02:41 +00:00
schema :
2021-05-22 15:59:46 +00:00
show_if : [ [ "type" , "=" , "LoadBalancer" ] ]
type : string
default : ""
- variable : externalIPs
label : "External IP's"
description : "External IP's"
schema :
show_if : [ [ "type" , "=" , "LoadBalancer" ] ]
type : list
default : [ ]
items :
- variable : externalIP
label : "External IP"
2021-04-13 15:02:41 +00:00
schema :
type : string
2021-05-22 15:59:46 +00:00
- variable : ports
label : "Service's Port(s) Configuration"
schema :
type : dict
attrs :
- variable : main
label : "Main Service Port Configuration"
2021-04-13 15:02:41 +00:00
schema :
2021-05-22 15:59:46 +00:00
type : dict
attrs :
2021-05-24 21:01:43 +00:00
- variable : enabled
label : "Enable the port"
schema :
type : boolean
default : true
hidden : true
2021-05-22 15:59:46 +00:00
- variable : protocol
label : "Port Type"
schema :
type : string
default : "HTTP"
enum :
- value : HTTP
description : "HTTP"
- value : "HTTPS"
description : "HTTPS"
- value : TCP
description : "TCP"
- value : "UDP"
description : "UDP"
2021-08-30 20:55:51 +00:00
- variable : targetPort
label : "Target Port"
description : "This port exposes the container port on the service"
2021-05-22 15:59:46 +00:00
schema :
type : int
default : 8080
editable : false
hidden : true
2021-08-30 20:55:51 +00:00
- variable : port
label : "Container Port"
2021-05-22 15:59:46 +00:00
schema :
type : int
default : 8080
editable : true
required : true
- variable : nodePort
label : "Node Port (Optional)"
description : "This port gets exposed to the node. Only considered when service type is NodePort"
schema :
type : int
min : 9000
max : 65535
default : 36000
2021-04-13 15:02:41 +00:00
- variable : ws
2021-05-22 15:59:46 +00:00
label : "WebSocket Service"
description : "WebSocket Service"
2021-04-13 15:02:41 +00:00
schema :
type : dict
attrs :
- variable : enabled
label : "Enable the service"
schema :
type : boolean
default : true
hidden : true
- variable : type
2021-05-22 15:59:46 +00:00
label : "Service Type"
description : "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer"
2021-04-13 15:02:41 +00:00
schema :
type : string
default : "ClusterIP"
enum :
2021-05-22 15:59:46 +00:00
- value : "NodePort"
description : "NodePort"
2021-04-13 15:02:41 +00:00
- value : "ClusterIP"
description : "ClusterIP"
2021-05-22 15:59:46 +00:00
- value : "LoadBalancer"
description : "LoadBalancer"
- variable : loadBalancerIP
label : "LoadBalancer IP"
description : "LoadBalancerIP"
2021-04-13 15:02:41 +00:00
schema :
2021-05-22 15:59:46 +00:00
show_if : [ [ "type" , "=" , "LoadBalancer" ] ]
type : string
default : ""
- variable : externalIPs
label : "External IP's"
description : "External IP's"
schema :
show_if : [ [ "type" , "=" , "LoadBalancer" ] ]
type : list
default : [ ]
items :
- variable : externalIP
label : "External IP"
2021-04-13 15:02:41 +00:00
schema :
type : string
2021-05-22 15:59:46 +00:00
- variable : ports
label : "Service's Port(s) Configuration"
schema :
type : dict
attrs :
- variable : ws
label : "WebSocket Service Port Configuration"
2021-04-13 15:02:41 +00:00
schema :
2021-05-22 15:59:46 +00:00
type : dict
attrs :
2021-05-24 21:01:43 +00:00
- variable : enabled
label : "Enable the port"
schema :
type : boolean
default : true
hidden : true
2021-05-22 15:59:46 +00:00
- variable : protocol
label : "Port Type"
schema :
type : string
default : "HTTP"
enum :
- value : HTTP
description : "HTTP"
- value : "HTTPS"
description : "HTTPS"
- value : TCP
description : "TCP"
- value : "UDP"
description : "UDP"
2021-08-30 20:55:51 +00:00
- variable : targetPort
label : "Target Port"
description : "This port exposes the container port on the service"
2021-05-22 15:59:46 +00:00
schema :
type : int
default : 3012
editable : false
hidden : true
2021-08-30 20:55:51 +00:00
- variable : port
label : "Container Port"
2021-05-22 15:59:46 +00:00
schema :
type : int
default : 3012
editable : true
required : true
- variable : nodePort
label : "Node Port (Optional)"
description : "This port gets exposed to the node. Only considered when service type is NodePort"
schema :
type : int
min : 9000
max : 65535
default : 36001
2021-06-11 11:59:46 +00:00
2021-09-13 16:49:14 +00:00
- variable : serviceexpert
group : "Networking and Services"
label : "Show Expert Config"
schema :
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : hostNetwork
group : "Networking and Services"
label : "Host-Networking (Complicated)"
schema :
type : boolean
default : false
2021-10-05 10:50:21 +00:00
# Include{serviceExpert}
2021-09-13 16:49:14 +00:00
2021-09-13 10:58:34 +00:00
# Include{serviceList}
2021-08-30 13:58:30 +00:00
2021-04-13 15:02:41 +00:00
- variable : persistence
label : "Integrated Persistent Storage"
2021-05-22 15:59:46 +00:00
description : "Integrated Persistent Storage"
2021-05-30 14:09:07 +00:00
group : "Storage and Persistence"
2021-04-13 15:02:41 +00:00
schema :
type : dict
attrs :
- variable : data
label : "App Config Storage"
description : "Stores the Application Configuration."
schema :
type : dict
attrs :
- variable : enabled
label : "Enable the storage"
schema :
type : boolean
default : true
2021-11-06 20:41:31 +00:00
hidden : true
2021-06-11 11:59:46 +00:00
- variable : type
2021-11-06 20:41:31 +00:00
label : "Type of Storage"
description : "Sets the persistence type, Anything other than PVC could break rollback!"
2021-06-11 11:59:46 +00:00
schema :
type : string
2021-11-06 20:41:31 +00:00
default : "simplePVC"
2021-06-11 11:59:46 +00:00
enum :
2021-11-06 20:41:31 +00:00
- value : "simplePVC"
description : "PVC (simple)"
- value : "simpleHP"
description : "HostPath (simple)"
2021-06-11 11:59:46 +00:00
- value : "emptyDir"
description : "emptyDir"
2021-11-06 20:41:31 +00:00
- value : "pvc"
description : "pvc"
2021-06-11 11:59:46 +00:00
- value : "hostPath"
description : "hostPath"
2021-11-06 20:41:31 +00:00
# Include{persistenceBasic}
2021-06-11 11:59:46 +00:00
- variable : hostPath
label : "hostPath"
description : "Path inside the container the storage is mounted"
schema :
show_if : [ [ "type" , "=" , "hostPath" ] ]
type : hostpath
2021-04-13 15:02:41 +00:00
- variable : mountPath
label : "mountPath"
description : "Path inside the container the storage is mounted"
schema :
type : string
default : "/data"
hidden : true
2021-10-17 11:48:45 +00:00
valid_chars : '^\/([a-zA-Z0-9._-]+\/?)+$'
2021-06-11 11:59:46 +00:00
- variable : medium
label : "EmptyDir Medium"
2021-04-13 15:02:41 +00:00
schema :
2021-06-11 11:59:46 +00:00
show_if : [ [ "type" , "=" , "emptyDir" ] ]
type : string
default : ""
enum :
- value : ""
description : "Default"
- value : "Memory"
description : "Memory"
2021-11-06 20:41:31 +00:00
# Include{persistenceAdvanced}
2021-08-12 12:11:34 +00:00
2021-09-13 10:58:34 +00:00
# Include{persistenceList}
2021-06-08 11:20:47 +00:00
- variable : ingress
label : ""
group : "Ingress"
schema :
type : dict
attrs :
- variable : main
label : "Main Ingress"
schema :
type : dict
attrs :
2021-10-05 10:50:21 +00:00
# Include{ingressDefault}
2021-06-08 11:20:47 +00:00
2021-10-05 10:50:21 +00:00
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
2021-09-13 16:49:14 +00:00
2021-09-13 10:58:34 +00:00
# Include{ingressList}
2021-08-30 13:58:30 +00:00
2021-11-06 20:41:31 +00:00
- variable : advancedSecurity
label : "Show Advanced Security Settings"
2021-05-30 14:09:07 +00:00
group : "Security and Permissions"
2021-04-14 20:24:09 +00:00
schema :
2021-11-06 20:41:31 +00:00
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : securityContext
label : "Security Context"
2021-09-10 13:26:10 +00:00
schema :
2021-11-06 20:41:31 +00:00
type : dict
attrs :
- variable : privileged
label : "Privileged mode"
schema :
type : boolean
default : false
- variable : readOnlyRootFilesystem
label : "ReadOnly Root Filesystem"
schema :
type : boolean
default : true
- variable : allowPrivilegeEscalation
label : "Allow Privilege Escalation"
schema :
type : boolean
default : false
- variable : runAsNonRoot
label : "runAsNonRoot"
schema :
type : boolean
default : true
2021-06-08 11:20:47 +00:00
2021-04-14 20:24:09 +00:00
- variable : podSecurityContext
2021-05-30 14:09:07 +00:00
group : "Security and Permissions"
2021-04-14 20:24:09 +00:00
label : "Pod Security Context"
schema :
type : dict
attrs :
- variable : runAsUser
label : "runAsUser"
description : "The UserID of the user running the application"
schema :
type : int
default : 568
- variable : runAsGroup
label : "runAsGroup"
description : The groupID this App of the user running the application"
schema :
type : int
default : 568
- variable : fsGroup
label : "fsGroup"
description : "The group that should own ALL storage."
schema :
type : int
default : 568
2021-08-24 10:53:31 +00:00
- variable : supplementalGroups
2021-08-30 13:58:30 +00:00
label : "supplemental Groups"
2021-08-24 10:53:31 +00:00
schema :
type : list
default : [ ]
items :
- variable : supplementalGroupsEntry
2021-08-30 13:58:30 +00:00
label : "supplemental Group"
2021-08-24 10:53:31 +00:00
schema :
type : int
2021-04-14 20:24:09 +00:00
- variable : fsGroupChangePolicy
label : "When should we take ownership?"
schema :
type : string
default : "OnRootMismatch"
enum :
- value : "OnRootMismatch"
description : "OnRootMismatch"
- value : "Always"
description : "Always"
2021-09-26 18:05:21 +00:00
2021-09-26 18:44:02 +00:00
# Include{resources}
2021-08-30 13:58:30 +00:00
- variable : autoscaling
group : "Resources and Devices"
2021-09-13 10:58:34 +00:00
label : "(Advanced) Horizontal Pod Autoscaler"
2021-08-30 13:58:30 +00:00
schema :
type : dict
attrs :
- variable : enabled
label : "enabled"
schema :
type : boolean
default : false
show_subquestions_if : true
subquestions :
- variable : target
label : "Target"
description : "deployment name, defaults to main deployment"
schema :
type : string
default : ""
- variable : minReplicas
label : "Minimum Replicas"
schema :
type : int
default : 1
- variable : maxReplicas
label : "Maximum Replicas"
schema :
type : int
default : 5
- variable : targetCPUUtilizationPercentage
label : "Target CPU Utilization Percentage"
schema :
type : int
default : 80
- variable : targetMemoryUtilizationPercentage
label : "Target Memory Utilization Percentage"
schema :
type : int
default : 80
2021-09-13 10:58:34 +00:00
# Include{addons}
