feat(privatebin): Add PrivateBin to incubator (#2971)

* Add PrivateBin to incubator

privatebin: fix linting errors

privatebin: fix privatebin.secrets definition

* privatebin: implement PR suggestions

Add tc.common.loader.apply

Add postgresql dependency to Chart.yaml

Change chart version to 0.0.1

Fix probes

Change service port

Omit default securityContext values

Add non-default podSecurityContext to values.yaml

Remove obsolete App Config Storage and ingress from questions.yaml

* privatebin: mount secret volume

* privatebin: remove fs, gcs, mysql, and sqlite from conf.php

* Expose privatebin options in {values,questions}.yaml

* privatebin: remove /tmp volume

* privatebin: add nginx/php sizelimit configs

* privatebin: cleanup secrets conditionals

* privatebin: fix configMap vols

* Re-add ingress; remove persistenceBasic/persistenceAdvanced

* privatebin: add empty options to enums where necessary

* privatebin: remove required constraints from bool questions

* update port

* bump

Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
Michael Schnerring 2022-06-27 11:38:25 +02:00 committed by GitHub
parent e4e6f86d2c
commit 2e02a90d73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 955 additions and 0 deletions

View File

@ -0,0 +1,34 @@
apiVersion: v2
appVersion: "1.4.0"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.1.4
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.18
deprecated: false
description: PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data.
home: https://github.com/truecharts/apps/tree/master/charts/incubator/privatebin
icon: https://truecharts.org/_static/img/appicons/privatebin.png
keywords:
- privatebin
- pastebin
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: privatebin
sources:
- https://privatebin.info/
- https://github.com/PrivateBin/PrivateBin
- https://hub.docker.com/r/privatebin/pdo
type: application
version: 0.0.1
annotations:
truecharts.org/catagories: |
- productivity
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,562 @@
# Include{groups}
portals:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: privatebin
group: "Container Configuration"
label: "PrivateBin Custom Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "name"
description: "Set a project name to be displayed on the website"
schema:
type: string
default: ""
- variable: basepath
label: "basepath"
description: "The full URL, with the domain name and directories that point to the PrivateBin files. This URL is essential to allow Opengraph images to be displayed on social networks."
schema:
type: string
default: ""
- variable: discussion
label: "discussion"
description: "Enable or disable the discussion feature"
schema:
type: boolean
default: true
- variable: opendiscussion
label: "opendiscussion"
description: "Preselect the discussion feature"
schema:
type: boolean
default: false
- variable: password
label: "password"
description: "Enable or disable the password feature"
schema:
type: boolean
default: true
- variable: fileupload
label: "fileupload"
description: "Enable or disable the file upload feature"
schema:
type: boolean
default: false
- variable: burnafterreadingselected
label: "burnafterreadingselected"
description: "Preselect the burn-after-reading feature"
schema:
type: boolean
default: false
- variable: defaultformatter
label: "defaultformatter"
description: "Which display mode to preselect by default"
schema:
type: string
default: "plaintext"
required: true
enum:
- value: "plaintext"
description: "Plain Text"
- value: "syntaxhighlighting"
description: "Source Code"
- value: "markdown"
description: "Markdown"
- variable: syntaxhighlightingtheme
label: "syntaxhighlightingtheme"
description: "Set a syntax highlighting theme"
schema:
type: string
default: ""
enum:
- value: ""
description: "PrivateBin Default"
- value: "desert"
description: "Desert"
- value: "doxy"
description: "Doxy"
- value: "prettify"
description: "Default"
- value: "sons-of-obsidian"
description: "Sons-Of-Obsidian"
- value: "sunburst"
description: "Sunburst"
- variable: sizelimit
label: "sizelimit"
description: "Size limit per paste or comment in bytes"
schema:
type: int
default: 10485760
required: true
- variable: template
label: "template"
description: "Template to use"
schema:
type: string
default: "bootstrap"
required: true
enum:
- value: "bootstrap"
description: "bootstrap"
- value: "bootstrap-page"
description: "bootstrap-page"
- value: "bootstrap-dark"
description: "bootstrap-dark"
- value: "bootstrap-dark-page"
description: "bootstrap-dark-page"
- value: "bootstrap-compact"
description: "bootstrap-compact"
- value: "bootstrap-compact-page"
description: "bootstrap-compact-page"
- value: "page"
description: "page"
- variable: info
label: "info"
description: "Info text to display. Use single, instead of double quotes for HTML attributes."
schema:
type: string
default: ""
- variable: notice
label: "notice"
description: "Notice to display"
schema:
type: string
default: ""
- variable: languageselection
label: "languageselection"
description: "By default PrivateBin will guess the visitors language based on the browsers settings. Optionally you can enable the language selection menu, which uses a session cookie to store the choice until the browser is closed."
schema:
type: boolean
default: false
- variable: languagedefault
label: "languagedefault"
description: "Set the language your installs defaults to, defaults to English. If this is set and language selection is disabled, this will be the only language."
schema:
type: string
default: ""
- variable: urlshortener
label: "urlshortener"
description: "URL shortener address to offer after a new paste is created. It is suggested to only use this with self-hosted shorteners as this will leak the pastes encryption key."
schema:
type: string
default: ""
- variable: qrcode
label: "qrcode"
description: "Let users create a QR code for sharing the paste URL with one click. It works both when a new paste is created and when you view a paste."
schema:
type: string
default: ""
enum:
- value: ""
description: "PrivateBin Default"
- value: "true"
description: "true"
- value: "false"
description: "false"
- variable: icon
label: "icon"
description: "IP based icons are a weak mechanism to detect if a comment was from. a different user when the same username was used in a comment. It might be used to get the IP of a non anonymous comment poster if the server salt is leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs."
schema:
type: string
default: ""
enum:
- value: ""
description: "PrivateBin Default"
- value: "none"
description: "none"
- value: "vizhash"
description: "vizhash"
- value: "identicon"
description: "identicon"
- variable: cspheader
label: "cspheader"
description: "Content Security Policy headers allow a website to restrict what sources are allowed to be accessed in its context. You need to change this if you added custom scripts from third-party domains to your templates, e.g. tracking scripts or run your site behind certain DDoS-protection services. Check the documentation at https://content-security-policy.com/"
schema:
type: string
default: ""
- variable: zerobincompatibility
label: "zerobincompatibility"
description: "Stay compatible with PrivateBin Alpha 0.19, less secure. f enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of sha256 in HMAC for the deletion token."
schema:
type: string
default: ""
enum:
- value: ""
description: "PrivateBin Default"
- value: "true"
description: "true"
- value: "false"
description: "false"
- variable: httpwarning
label: "httpwarning"
description: "Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS). Secure transport methods like Tor and I2P domains are automatically whitelisted. It is **strongly discouraged** to disable this."
schema:
type: string
default: ""
enum:
- value: ""
description: "PrivateBin Default"
- value: "true"
description: "true"
- value: "false"
description: "false"
- variable: compression
label: "compression"
description: "Pick compression algorithm or disable it. Only applies to pastes/comments created after changing the setting."
schema:
type: string
default: ""
enum:
- value: ""
description: "PrivateBin Default"
- value: "none"
description: "none"
- value: "zlib"
description: "zlib"
- variable: expire
label: "Expire Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: default
label: "default"
description: "Expire value that is selected per default"
schema:
type: string
default: ""
required: true
enum:
- value: ""
description: "PrivateBin Default"
- value: "5min"
description: "5min"
- value: "10min"
description: "10min"
- value: "1hour"
description: "1hour"
- value: "1day"
description: "1day"
- value: "1week"
description: "1week"
- value: "1month"
description: "1month"
- value: "1year"
description: "1year"
- value: "never"
description: "never"
- variable: traffic
label: "Traffic Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: limit
label: "limit"
description: "Time limit between calls from the same IP address in seconds"
schema:
type: int
default: 10
required: true
- variable: exempted
label: "exempted"
description: "Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted from the rate-limit. Invalid IPs will be ignored. If multiple values are to be exempted, the list needs to be comma separated. Leave unset to disable exemptions."
schema:
type: string
default: ""
- variable: creators
label: "creators"
description: "If you want only some source IP addresses (v4 or v6) or subnets (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be ignored. If multiple values are to be exempted, the list needs to be comma separated. Leave unset to allow anyone to create pastes."
schema:
type: string
default: ""
- variable: header
label: "header"
description: "If your website runs behind a reverse proxy or load balancer, set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR"
schema:
type: string
default: ""
- variable: purge
label: "Purge Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: limit
label: "limit"
description: "Minimum time limit between two purgings of expired pastes, it is only triggered when pastes are created"
schema:
type: int
default: 300
required: true
- variable: batchsize
label: "batchsize"
description: "Maximum amount of expired pastes to delete in one purge. Set this to 0 to disable purging. Set it higher, if you are running a large site."
schema:
type: int
default: 10
required: true
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10248
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 8080
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 65534
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 82
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 82
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}

View File

@ -0,0 +1,16 @@
{{/* Calculate PHP and NGINX file size limits from PrivateBin configuration */}}
{{- define "privatebin.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "tc.common.names.fullname" . }}-config
data:
sizelimits-php.ini: |-
upload_max_filesize = {{ .Values.privatebin.main.sizelimit }}
post_max_size = {{ .Values.privatebin.main.sizelimit }}
memory_limit = {{ mul .Values.privatebin.main.sizelimit 2 }}
sizelimits-nginx.conf: |-
client_max_body_size {{ add (div (div .Values.privatebin.main.sizelimit 1024) 1024) 5 }}M;
{{- end }}

View File

@ -0,0 +1,224 @@
{{/*
Custom PrivateBin configuration. See also:
https://github.com/PrivateBin/docker-nginx-fpm-alpine#custom-configuration
The default configuration file can be found here:
https://github.com/PrivateBin/PrivateBin/blob/master/cfg/conf.sample.php
*/}}
{{- define "privatebin.secrets" -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "tc.common.names.fullname" . }}-secret
labels:
{{- include "tc.common.labels" . | nindent 4 }}
stringData:
conf.php: |-
;<?php http_response_code(403); /*
; config file for PrivateBin
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
; (optional) set a project name to be displayed on the website
{{- with .Values.privatebin.main.name }}
name = "{{ . }}"
{{- end }}
; The full URL, with the domain name and directories that point to the PrivateBin files
; This URL is essential to allow Opengraph images to be displayed on social networks
{{- with .Values.privatebin.main.basepath }}
basepath = "{{ . }}"
{{- end }}
; enable or disable the discussion feature, defaults to true
discussion = {{ .Values.privatebin.main.discussion }}
; preselect the discussion feature, defaults to false
opendiscussion = {{ .Values.privatebin.main.opendiscussion }}
; enable or disable the password feature, defaults to true
password = {{ .Values.privatebin.main.password }}
; enable or disable the file upload feature, defaults to false
fileupload = {{ .Values.privatebin.main.fileupload }}
; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = {{ .Values.privatebin.main.burnafterreadingselected }}
; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "{{ .Values.privatebin.main.defaultformatter }}"
; (optional) set a syntax highlighting theme, as found in css/prettify/
{{- with .Values.privatebin.main.syntaxhighlightingtheme }}
syntaxhighlightingtheme = "{{ . }}"
{{- end }}
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = {{ .Values.privatebin.main.sizelimit }}
; template to include, default is "bootstrap" (tpl/bootstrap.php)
template = "{{ .Values.privatebin.main.template }}"
; (optional) info text to display
; use single, instead of double quotes for HTML attributes
{{- with .Values.privatebin.main.info }}
info = "{{ . }}"
{{- end }}
; (optional) notice to display
{{- with .Values.privatebin.main.notice }}
notice = "{{ . }}"
{{- end }}
; by default PrivateBin will guess the visitors language based on the browsers
; settings. Optionally you can enable the language selection menu, which uses
; a session cookie to store the choice until the browser is closed.
languageselection = {{ .Values.privatebin.main.languageselection }}
; set the language your installs defaults to, defaults to English
; if this is set and language selection is disabled, this will be the only language
{{- with .Values.privatebin.main.languagedefault }}
languagedefault = "{{ . }}"
{{- end }}
; (optional) URL shortener address to offer after a new paste is created
; it is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key
{{- with .Values.privatebin.main.urlshortener }}
urlshortener = "{{ . }}"
{{- end }}
; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
{{- with .Values.privatebin.main.qrcode }}
qrcode = "{{ . }}"
{{- end }}
; (optional) IP based icons are a weak mechanism to detect if a comment was from
; a different user when the same username was used in a comment. It might be
; used to get the IP of a non anonymous comment poster if the server salt is
; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values: "none" / "vizhash" / "identicon" (default).
{{- with .Values.privatebin.main.icon }}
icon = "{{ . }}"
{{- end }}
; Content Security Policy headers allow a website to restrict what sources are
; allowed to be accessed in its context. You need to change this if you added
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use a bootstrap theme, you can remove the allow-popups from the
; sandbox restrictions.
; - By default this disallows to load images from third-party servers, e.g. when
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
{{- with .Values.privatebin.main.cspheader }}
cspheader = "{{ . }}"
{{- end }}
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
{{- with .Values.privatebin.main.zerobincompatibility }}
zerobincompatibility = "{{ . }}"
{{- end }}
; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
{{- with .Values.privatebin.main.httpwarning }}
httpwarning = "{{ . }}"
{{- end }}
; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: "none" / "zlib" (default).
{{- with .Values.privatebin.main.compression }}
compression = "{{ . }}"
{{- end }}
[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]
default = "{{ .Values.privatebin.expire.default }}"
[expire_options]
; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
; Well this is not *exactly* one month, it's 30 days:
1month = 2592000
1year = 31536000
never = 0
[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"
[traffic]
; time limit between calls from the same IP address in seconds
; Set this to 0 to disable rate limiting.
limit = {{ .Values.privatebin.traffic.limit }}
; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
{{- with .Values.privatebin.traffic.exempted }}
exempted = "{{ . }}"
{{- end }}
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
{{- with .Values.privatebin.traffic.creators }}
creators = "{{ . }}"
{{- end }}
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
{{- with .Values.privatebin.traffic.header }}
header = "{{ . }}"
{{- end }}
[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
limit = {{ .Values.privatebin.purge.limit }}
; maximum amount of expired pastes to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = {{ .Values.privatebin.purge.batchsize }}
[model]
; example of DB configuration for PostgreSQL
class = Database
[model_options]
dsn = {{ printf "pgsql:host=%v-postgresql;dbname=%v" .Release.Name .Values.postgresql.postgresqlDatabase }}
tbl = "privatebin_" ; table prefix
usr = "{{ .Values.postgresql.postgresqlUsername }}"
pwd = "{{ .Values.postgresql.postgresqlPassword }}"
opt[12] = true ; PDO::ATTR_PERSISTENT
{{- end }}

View File

@ -0,0 +1,11 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render secrets for privatebin */}}
{{- include "privatebin.secrets" . }}
{{/* Render configMap for privatebin */}}
{{- include "privatebin.configmap" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

View File

@ -0,0 +1,108 @@
image:
repository: privatebin/pdo
pullPolicy: IfNotPresent
tag: 1.4.0@sha256:5fe4b94286dcadbd0e576418f619205463030754e257863ec430eb7eb3e957fd
podSecurityContext:
runAsUser: 65534
runAsGroup: 82
fsGroup: 82
privatebin:
# See also: https://github.com/PrivateBin/PrivateBin/wiki/Configuration
main:
name: ""
basepath: ""
discussion: true
opendiscussion: false
password: true
fileupload: false
burnafterreadingselected: false
defaultformatter: "plaintext"
syntaxhighlightingtheme: ""
sizelimit: 10485760
template: "bootstrap"
info: ""
notice: ""
languageselection: false
languagedefault: ""
urlshortener: ""
qrcode: ""
icon: ""
cspheader: ""
zerobincompatibility: ""
httpwarning: ""
compression: ""
expire:
default: "1week"
traffic:
limit: 10
exempted: ""
creators: ""
header: ""
purge:
limit: 300
batchsize: 10
env:
TZ: "{{ .Values.TZ }}"
PHP_TZ: "{{ .Values.TZ }}"
service:
main:
protocol: HTTP
ports:
main:
targetPort: 8080
port: 10248
probes:
liveness:
path: "/"
readiness:
path: "/"
startup:
path: "/"
persistence:
run:
enabled: true
mountPath: "/run"
type: "emptyDir"
medium: "Memory"
nginx-cache:
enabled: true
mountPath: "/var/lib/nginx/tmp"
type: "emptyDir"
conf-app:
enabled: true
type: "custom"
readOnly: true
mountPath: "/srv/cfg"
volumeSpec:
secret:
secretName: '{{ include "tc.common.names.fullname" . }}-secret'
conf-php:
enabled: true
type: "custom"
readOnly: true
mountPath: "/etc/php8/conf.d/10-sizelimits.ini"
subPath: "sizelimits-php.ini"
volumeSpec:
configMap:
name: '{{ include "tc.common.names.fullname" . }}-config'
conf-nginx:
enabled: true
type: "custom"
readOnly: true
mountPath: "/etc/nginx/conf.d/sizelimits.conf"
subPath: "sizelimits-nginx.conf"
volumeSpec:
configMap:
name: '{{ include "tc.common.names.fullname" . }}-config'
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: privatebin
postgresqlDatabase: privatebin