From dcb1ca1cfd4fd5d50ebe8eb42852273c545add3d Mon Sep 17 00:00:00 2001 From: Lester Guerzon Date: Sun, 5 Nov 2023 14:14:32 +0800 Subject: [PATCH] feat: multiple features - allow disabling the admin token - minor fix to writing initContainers in template - update example for signupDomains - add support for push notifications - rework storage variable and add support for custom attachments dir - Makefile for testing - fix logging configuration - use alpine image - move resource config to values.yml - add readiness probe - add funding button for repo Signed-off-by: Lester Guerzon --- .github/FUNDING.yml | 1 + CONTRIBUTING.md | 19 ++- Makefile | 8 ++ README.md | 19 ++- charts/vaultwarden/Chart.yaml | 2 +- charts/vaultwarden/README.md | 127 +++++++++++------- charts/vaultwarden/templates/configmap.yaml | 20 ++- charts/vaultwarden/templates/secrets.yaml | 2 +- charts/vaultwarden/templates/statefulset.yaml | 59 +++++--- charts/vaultwarden/values.yaml | 78 +++++++---- generate-readme.sh | 4 +- 11 files changed, 220 insertions(+), 119 deletions(-) create mode 100644 .github/FUNDING.yml create mode 100644 Makefile diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..dd67961 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: guerzon diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7c55773..0bf1c14 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,21 +9,20 @@ This document was created by the Linux Kernel community and is a simple statemen See the [DCO](../DCO) file for details. -## Requirements +## How-to 1. Fork this repository, develop, and test your changes. -2. Submit a pull request. +2. When updating the `values.yml`, also update the [chart documentation](./charts/vaultwarden/README.md) by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). A quick way to do this is to run the tool via Docker and the script [generate-readme.sh](generate-readme.sh): -### Technical Requirements + ```bash + ./generate-readme.sh + ``` + +3. Submit a pull request. + +### Reminders When submitting a pull request, please ensure that: - The PR follow [Helm best practices](https://helm.sh/docs/chart_best_practices/). - Any change to a chart requires a version bump following [semver](https://semver.org/) principles. -- The tables of parameters are generated based on the metadata information from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). - - A quick way to do this is to run the tool via Docker and the script [generate-readme.sh](generate-readme.sh): - - ```bash - ./generate-readme.sh - ``` diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b3da8c9 --- /dev/null +++ b/Makefile @@ -0,0 +1,8 @@ + +lint: + ct lint --target-branch main + +test: + ct install --target-branch main --helm-extra-set-args="--set=domain=https://warden.example.com:8443" + +.PHONY: lint test diff --git a/README.md b/README.md index ef61605..d6090ec 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ The `vaultwarden` project can be found [here](https://github.com/dani-garcia/vau - Kubernetes >= 1.12 - Helm >= 3.1.0 +- `docker` and `make` for generating the chart documentation ## Usage @@ -26,16 +27,6 @@ helm repo add vaultwarden https://guerzon.github.io/vaultwarden Refer to the detailed documentation [here](./charts/vaultwarden/README.md). -## Uninstall - -To uninstall/delete the `vaultwarden-demo` release: - -```console -export NAMESPACE=vaultwarden -export RELEASE_NAME=vaultwarden-demo -helm -n $NAMESPACE uninstall $RELEASE_NAME -``` - ## Disclaimer Please do your due-diligence before using this chart for a production deployment. @@ -44,7 +35,7 @@ Nevertheless, if you find any issues while using this chart, or have any suggest ## License -[MIT](./LICENSE). +See [LICENSE](./LICENSE). ## Author @@ -54,3 +45,9 @@ This Helm chart was created and maintained by [Lester Guerzon](https://blog.pidn - The `vaultwarden` project can be found [here](https://github.com/dani-garcia/vaultwarden) - Further information about `Bitwarden` and 8bit Solutions LLC can be found [here](https://bitwarden.com/) + +## References + +- Guides: +- Configuration: +- Releases: diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml index 4624239..70c0b30 100644 --- a/charts/vaultwarden/Chart.yaml +++ b/charts/vaultwarden/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: guerzon email: guerzon@proton.me url: https://github.com/guerzon -version: 0.15.3 +version: 0.16.0 kubeVersion: ">=1.12.0-0" diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md index e82202a..7651359 100644 --- a/charts/vaultwarden/README.md +++ b/charts/vaultwarden/README.md @@ -27,7 +27,7 @@ helm upgrade -i \ -f demo.yaml ``` -### General configuration +## General configuration This chart deploys `vaultwarden` from pre-built images on [Docker Hub](https://hub.docker.com/r/vaultwarden/server/tags): `vaultwarden/server`. The image can be defined by specifying the tag with `image.tag`. @@ -48,7 +48,7 @@ domain: "https://vaultwarden.contoso.com:9443/" Detailed configuration options can be found in the [Vaultwarden settings](./charts/vaultwarden/README.md#vaultwarden-settings) section. -### Database options +## Database options By default, `vaultwarden` uses a SQLite database located in `/data/db.sqlite3`. However, it is also possible to make use of an external database, in particular either [MySQL](https://www.mysql.com/downloads/) or [PostgreSQL](https://www.postgresql.org). @@ -91,11 +91,11 @@ database: Detailed configuration options can be found in the [Database Configuration](./charts/vaultwarden/README.md#database-configuration) section. -### SSL and Ingress +## SSL and Ingress This chart supports the usage of existing Ingress Controllers for exposing the `vaultwarden` deployment. -#### nginx-ingress +### nginx-ingress Nginx ingress controller can be installed by following [this](https://kubernetes.github.io/ingress-nginx/deploy/) guide. An SSL certificate can be added as a secret with a few commands: @@ -118,7 +118,7 @@ ingress: allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16" ``` -#### AWS LB Controller +### AWS LB Controller When using AWS, the [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/) can be used together with [ACM](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/cert_discovery/). @@ -137,9 +137,26 @@ ingress: Detailed configuration options can be found in the [Exposure Parameters](./charts/vaultwarden/README.md#exposure-parameters) section. -### Security +## Security -An admin token can be generated with: `openssl rand -base64 48`. +### Admin page + +An insecure string token can be generated with: `openssl rand -base64 48` and can be used for the admin token. However, from v1.28.0 and later, it is now possible to pass a hashed value to the admin token: + +```bash +echo -n "R@ndomTokenString" | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1 +``` + +Please see [this](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token) guide for more information. + +```yaml +adminToken: + value: "khit9gYQV6ax9LKTTm+s6QbZi5oiuR+3s1PEn9q3IRmCl9IQn7LmBpmFCOYTb7Mr" +``` + +You can also [disable](https://github.com/dani-garcia/vaultwarden/wiki/Disable-admin-token) the admin token by passing `--set adminToken=null` to `helm`. Doing so will pass the disable the authentication to the admin page. Do this if you know what you are doing. + +### Service account By default, the chart deploys a [service account](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) called `vaultwarden-svc`. @@ -151,7 +168,7 @@ serviceAccount: Detailed configuration options can be found in the [Security settings](./charts/vaultwarden/README.md#security-settings) section. -### Mail settings +## Mail settings To enable the SMTP service, make sure that at a minimum, `smtp.host` and `smtp.from` are set. @@ -168,31 +185,48 @@ smtp: Detailed configuration options can be found in the [SMTP Configuration](./charts/vaultwarden/README.md#smtp-configuration) section. -### Storage +## Persistent storage + +Vaultwarden requires persistent storage for its attachments and icons cache. -To use persistent storage using a claim, set `storage.enabled` to `true`. The following example sets the storage class to an already-installed Rancher's [local path storage](https://github.com/rancher/local-path-provisioner) provisioner. +To use persistent storage using a claim, set the `data` dictionary. Optionally set a different path using the `path` key. The following example sets the storage class to an already-installed Rancher's [local path storage](https://github.com/rancher/local-path-provisioner) provisioner. ```yaml -storage: - enabled: true - size: "10Gi" +data: + name: "vaultwarden-data" + size: "15Gi" class: "local-path" ``` Example for AWS: ```yaml -storage: - enabled: true +data: + name: "vaultwarden-data" size: "10Gi" class: "gp2" + path: "/srv/vaultwarden-data" +``` + +To use persistent storage for attachments, set the `attachmenets` dictionary. Optionally set a different path. Note that by default, the path is `/data/attachments`. + +```yaml +data: + name: "vaultwarden-data" + size: "15Gi" + class: "local-path" ``` -Detailed configuration options can be found in the [Storage Configuration](./charts/vaultwarden/README.md#storage-configuration) section. +## Uninstall + +To uninstall/delete the `vaultwarden-demo` release: -## Deployment in GKE +```bash +export NAMESPACE=vaultwarden +export RELEASE_NAME=vaultwarden-demo -I have written a detailed post about deploying Vaultwarden in Google Kubernetes Engine [here](https://medium.com/@sreafterhours/terraform-helm-external-dns-cert-manager-nginx-and-vaultwarden-on-gke-5080f3b4909f). +helm -n $NAMESPACE uninstall $RELEASE_NAME +``` ## Parameters @@ -202,7 +236,7 @@ I have written a detailed post about deploying Vaultwarden in Google Kubernetes | ------------------- | --------------------------------------------- | -------------------- | | `image.registry` | Vaultwarden image registry | `docker.io` | | `image.repository` | Vaultwarden image repository | `vaultwarden/server` | -| `image.tag` | Vaultwarden image tag | `1.29.2` | +| `image.tag` | Vaultwarden image tag | `1.29.2-alpine` | | `image.pullPolicy` | Vaultwarden image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names | `[]` | | `domain` | Domain name where the application is accessed | `""` | @@ -222,22 +256,22 @@ I have written a detailed post about deploying Vaultwarden in Google Kubernetes ### Security settings -| Name | Description | Value | -| ------------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------- | -| `adminToken.existingSecret` | Specify an existing Kubernetes secret containing the admin token. Also set adminToken.existingSecretKey. | `""` | -| `adminToken.existingSecretKey` | When using adminToken.existingSecret, specify the key containing the token. | `""` | -| `adminToken.value` | Plain string containing the admin token. | `R@ndomToken$tring` | -| `signupsAllowed` | By default, anyone who can access your instance can register for a new account. | `true` | -| `invitationsAllowed` | Even when registration is disabled, organization administrators or owners can | `true` | -| `signupDomains` | List of domain names for users allowed to register | `""` | -| `signupsVerify` | Whether to require account verification for newly-registered users. | `true` | -| `showPassHint` | Whether a password hint should be shown in the page. | `false` | -| `fullnameOverride` | String to override the application name. | `""` | -| `invitationOrgName` | String Name shown in the invitation emails that don't come from a specific organization | `Vaultwarden` | -| `iconBlacklistNonGlobalIps` | Whether block non-global IPs. | `true` | -| `ipHeader` | Client IP Header, used to identify the IP of the client | `X-Real-IP` | -| `serviceAccount.create` | Create a service account | `true` | -| `serviceAccount.name` | Name of the service account to create | `vaultwarden-svc` | +| Name | Description | Value | +| ------------------------------ | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | +| `adminToken.existingSecret` | Specify an existing Kubernetes secret containing the admin token. Also set adminToken.existingSecretKey. | `""` | +| `adminToken.existingSecretKey` | When using adminToken.existingSecret, specify the key containing the token. | `""` | +| `adminToken.value` | Plain or argon2 string containing the admin token. | `$argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk` | +| `signupsAllowed` | By default, anyone who can access your instance can register for a new account. | `true` | +| `invitationsAllowed` | Even when registration is disabled, organization administrators or owners can | `true` | +| `signupDomains` | List of domain names for users allowed to register. For example: | `""` | +| `signupsVerify` | Whether to require account verification for newly-registered users. | `true` | +| `showPassHint` | Whether a password hint should be shown in the page. | `false` | +| `fullnameOverride` | String to override the application name. | `""` | +| `invitationOrgName` | String Name shown in the invitation emails that don't come from a specific organization | `Vaultwarden` | +| `iconBlacklistNonGlobalIps` | Whether block non-global IPs. | `true` | +| `ipHeader` | Client IP Header, used to identify the IP of the client | `X-Real-IP` | +| `serviceAccount.create` | Create a service account | `true` | +| `serviceAccount.name` | Name of the service account to create | `vaultwarden-svc` | ### Exposure Parameters @@ -295,22 +329,19 @@ I have written a detailed post about deploying Vaultwarden in Google Kubernetes | `smtp.acceptInvalidCerts` | Accept Invalid Certificates | `false` | | `smtp.debug` | SMTP debugging | `false` | -### Storage Configuration +### Persistent data configuration -| Name | Description | Value | -| ----------------- | ------------------------------------------- | ------- | -| `storage.enabled` | Enable configuration for persistent storage | `false` | -| `storage.size` | Storage size for /data | `15Gi` | -| `storage.class` | Specify the storage class | `""` | -| `storage.dataDir` | Specify the data directory | `/data` | +| Name | Description | Value | +| ------------- | ------------------------------------------------------------------------- | ----- | +| `data` | Data directory configuration, refer to values.yaml for parameters. | `{}` | +| `attachments` | Attachments directory configuration, refer to values.yaml for parameters. | `{}` | ### Logging Configuration -| Name | Description | Value | -| ------------------ | ----------------------------------- | ----------------------- | -| `logging.enabled` | Enable logging to a file | `false` | -| `logging.logfile` | Specify logfile path for output log | `/data/vaultwarden.log` | -| `logging.loglevel` | Specify the log level | `warn` | +| Name | Description | Value | +| ------------------ | --------------------- | ----- | +| `logging.logLevel` | Specify the log level | `""` | +| `logging.logFile` | Log to a file | `""` | ### Extra containers Configuration @@ -327,3 +358,5 @@ I have written a detailed post about deploying Vaultwarden in Google Kubernetes | `affinity` | Affinity for pod assignment | `{}` | | `tolerations` | Tolerations for pod assignment | `[]` | | `statefulsetlabels` | Additional labels for the statefulset | `{}` | +| `pushNotifications` | Enable mobile push notifications | `{}` | +| `resources` | Resource configurations | `{}` | diff --git a/charts/vaultwarden/templates/configmap.yaml b/charts/vaultwarden/templates/configmap.yaml index a75ba55..e6e0c89 100644 --- a/charts/vaultwarden/templates/configmap.yaml +++ b/charts/vaultwarden/templates/configmap.yaml @@ -26,7 +26,12 @@ data: WEBSOCKET_ADDRESS: {{ .Values.websocket.address | quote }} WEBSOCKET_PORT: {{ .Values.websocket.port | quote }} {{- end }} - DATA_FOLDER: {{ .Values.storage.dataDir | quote }} + {{- if .Values.data }} + DATA_FOLDER: {{ default "/data" .Values.data.path | quote }} + {{- end }} + {{- if .Values.attachments }} + ATTACHMENTS_FOLDER: {{ default "/data/attachments" .Values.attachments.path | quote }} + {{- end }} ROCKET_PORT: {{ .Values.rocket.port | quote }} ROCKET_WORKERS: {{ .Values.rocket.workers | quote }} SHOW_PASSWORD_HINT: {{ .Values.showPassHint | quote }} @@ -37,12 +42,19 @@ data: {{- end }} SIGNUPS_VERIFY: {{ .Values.signupsVerify | quote }} WEB_VAULT_ENABLED: {{ .Values.webVaultEnabled | quote }} - {{- if .Values.logging.enabled }} - LOG_FILE: {{ .Values.logging.logfile | quote }} - LOG_LEVEL: {{ .Values.logging.loglevel | quote }} + {{- if .Values.logging.logFile }} + LOG_FILE: {{ .Values.logging.logFile | quote }} + {{- end }} + {{- if .Values.logging.logLevel }} + LOG_LEVEL: {{ .Values.logging.logLevel | quote }} {{- end }} DB_CONNECTION_RETRIES: {{ .Values.database.connectionRetries | quote }} DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }} INVITATION_ORG_NAME: {{ .Values.invitationOrgName | quote }} ICON_BLACKLIST_NON_GLOBAL_IPS: {{ .Values.iconBlacklistNonGlobalIps | quote }} IP_HEADER: {{ .Values.ipHeader | quote }} + {{- if .Values.pushNotifications }} + PUSH_ENABLED: "true" + PUSH_INSTALLATION_ID: {{ .Values.pushNotifications.installationId | quote }} + PUSH_INSTALLATION_KEY: {{ .Values.pushNotifications.installationKey | quote }} + {{- end }} diff --git a/charts/vaultwarden/templates/secrets.yaml b/charts/vaultwarden/templates/secrets.yaml index 4910e2b..b5f359b 100644 --- a/charts/vaultwarden/templates/secrets.yaml +++ b/charts/vaultwarden/templates/secrets.yaml @@ -13,7 +13,7 @@ data: SMTP_PASSWORD: {{ .Values.smtp.password.value | b64enc | quote }} SMTP_USERNAME: {{ .Values.smtp.username.value | b64enc | quote }} {{- end }} - {{- if not ( .Values.adminToken.existingSecret ) }} + {{- if ( .Values.adminToken ) }} ADMIN_TOKEN: {{ .Values.adminToken.value | b64enc | quote }} {{- end }} {{ end }} diff --git a/charts/vaultwarden/templates/statefulset.yaml b/charts/vaultwarden/templates/statefulset.yaml index 942904a..9f6906e 100644 --- a/charts/vaultwarden/templates/statefulset.yaml +++ b/charts/vaultwarden/templates/statefulset.yaml @@ -47,10 +47,10 @@ spec: tolerations: {{- toYaml .Values.tolerations | nindent 8 }} {{- end }} + {{- if .Values.initContainers }} initContainers: - {{- if .Values.initContainers }} {{- toYaml .Values.initContainers | nindent 8 }} - {{- end }} + {{- end }} containers: - image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -73,11 +73,16 @@ spec: name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }} key: {{ default "SMTP_PASSWORD" .Values.smtp.password.existingSecretKey }} {{- end }} + {{- if .Values.adminToken }} - name: ADMIN_TOKEN valueFrom: secretKeyRef: name: {{ default (include "vaultwarden.fullname" .) .Values.adminToken.existingSecret }} key: {{ default "ADMIN_TOKEN" .Values.adminToken.existingSecretKey }} + {{- else }} + - name: DISABLE_ADMIN_TOKEN + value: "true" + {{- end }} {{- if ne "default" .Values.database.type }} - name: DATABASE_URL {{- if .Values.database.existingSecret }} @@ -100,31 +105,52 @@ spec: - containerPort: {{ .Values.websocket.port }} name: websocket protocol: TCP - {{- if .Values.storage.enabled }} + readinessProbe: + httpGet: + path: /alive + port: 8080 + initialDelaySeconds: 5 + {{- if .Values.data }} + volumeMounts: + - name: {{ .Values.data.name }} + mountPath: {{ default "/data" .Values.data.path }} + {{- end }} + {{- if .Values.attachments }} volumeMounts: - - name: vaultwarden-data - mountPath: {{ .Values.storage.dataDir }} + - name: {{ .Values.attachments.name }} + mountPath: {{ default "/data/attachments" .Values.attachments.path }} {{- end }} resources: - limits: - cpu: 300m - memory: 1Gi - requests: - cpu: 50m - memory: 256Mi + {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.sidecars }} {{- toYaml .Values.sidecars | nindent 8 }} {{- end }} {{- if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} - {{- if .Values.storage.enabled }} + {{- if (or .Values.data .Values.attachments) }} persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain volumeClaimTemplates: + {{- if .Values.data }} + - metadata: + name: {{ .Values.data.name }} + labels: + {{- include "vaultwarden.labels" . | nindent 10 }} + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: {{ .Values.data.size }} + {{- if .Values.data.class }} + storageClassName: {{ .Values.data.class | quote }} + {{- end }} + {{- end }} + {{- if .Values.attachments }} - metadata: - name: vaultwarden-data + name: {{ .Values.attachments.name }} labels: {{- include "vaultwarden.labels" . | nindent 10 }} spec: @@ -132,8 +158,9 @@ spec: - "ReadWriteOnce" resources: requests: - storage: {{ .Values.storage.size }} - {{- if .Values.storage.class }} - storageClassName: {{ .Values.storage.class | quote }} + storage: {{ .Values.attachments.size }} + {{- if .Values.attachments.class }} + storageClassName: {{ .Values.attachments.class | quote }} {{- end }} + {{- end }} {{- end }} diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml index e341eb2..36aa053 100644 --- a/charts/vaultwarden/values.yaml +++ b/charts/vaultwarden/values.yaml @@ -11,7 +11,7 @@ image: ## @param image.tag Vaultwarden image tag ## Ref: https://hub.docker.com/r/vaultwarden/server/tags ## - tag: "1.29.2" + tag: "1.29.2-alpine" ## @param image.pullPolicy Vaultwarden image pull policy ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -56,6 +56,7 @@ podLabels: {} ## @section Security settings ## + adminToken: ## @param adminToken.existingSecret Specify an existing Kubernetes secret containing the admin token. Also set adminToken.existingSecretKey. ## Example: admincreds_secret @@ -65,10 +66,11 @@ adminToken: ## Example: ADMIN_TOKEN ## existingSecretKey: "" - ## @param adminToken.value Plain string containing the admin token. - ## Example: ADMIN_TOKEN + ## @param adminToken.value Plain or argon2 string containing the admin token. + ## This example is the argon2 has of "R@ndomTokenString" (no quotes). ## - value: "R@ndomToken$tring" + value: "$argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk" + ## @param signupsAllowed By default, anyone who can access your instance can register for a new account. ## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is ## an organization owner or admin can still invite new users. If you want to disable this as well, set @@ -82,7 +84,8 @@ signupsAllowed: true ## if signupsAllowed is actually set to false. You can disable this functionality completely by setting ## invitationsAllowed env variable to false invitationsAllowed: true -## @param signupDomains List of domain names for users allowed to register +## @param signupDomains List of domain names for users allowed to register. For example: +## example.com,example.net,example.org. ## signupDomains: "" ## @param signupsVerify Whether to require account verification for newly-registered users. @@ -283,34 +286,35 @@ smtp: ## debug: false -## @section Storage Configuration +## @section Persistent data configuration ## -storage: - ## @param storage.enabled Enable configuration for persistent storage - ## - enabled: false - ## @param storage.size Storage size for /data - ## - size: "15Gi" - ## @param storage.class Specify the storage class - ## - class: "" - ## @param storage.dataDir Specify the data directory - ## - dataDir: "/data" + +## @param data Data directory configuration, refer to values.yaml for parameters. +## +data: {} + # name: "vaultwarden-data" + # size: "15Gi" + # class: "" + # path: "/data" + +## @param attachments Attachments directory configuration, refer to values.yaml for parameters. +## By default, attachments/ is located inside the data directory. +## +attachments: {} + # name: "vaultwarden-files" + # size: "100Gi" + # class: "" + # path: /files ## @section Logging Configuration ## logging: - ## @param logging.enabled Enable logging to a file - ## - enabled: false - ## @param logging.logfile Specify logfile path for output log + ## @param logging.logLevel Specify the log level ## - logfile: "/data/vaultwarden.log" - ## @param logging.loglevel Specify the log level + logLevel: "" + ## @param logging.logFile Log to a file ## - loglevel: "warn" + logFile: "" ## @section Extra containers Configuration ## @@ -344,3 +348,25 @@ tolerations: [] ## @param statefulsetlabels Additional labels for the statefulset ## statefulsetlabels: {} + +## @param pushNotifications Enable mobile push notifications +## Supported since 1.29.0. +## Refer to https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification for details +## +pushNotifications: {} + # installationId: "" + # installationKey: "" + +## @param resources Resource configurations +## +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 300m + # memory: 1Gi + # requests: + # cpu: 50m + # memory: 256Mi diff --git a/generate-readme.sh b/generate-readme.sh index b282034..486f3c3 100755 --- a/generate-readme.sh +++ b/generate-readme.sh @@ -4,9 +4,7 @@ if [ ! -d "readme-generator-for-helm" ]; then git clone https://github.com/bitnami-labs/readme-generator-for-helm fi -cd readme-generator-for-helm/ -docker build -t readme-gen . -cd .. +docker build -t readme-gen readme-generator-for-helm/ # Run the tool and mount the current project directory. docker run --rm -v $(pwd):/mnt -w /mnt readme-gen readme-generator -v charts/vaultwarden/values.yaml -r charts/vaultwarden/README.md