Skip to content

Commit

Permalink
feat: add support for more configuration options (#72)
Browse files Browse the repository at this point in the history 
Signed-off-by: Lester Guerzon <[email protected]>
  • Loading branch information
@guerzon
guerzon authored Feb 17, 2024
1 parent 3737ec0 commit 3f30ca3
Show file tree
Hide file tree
Showing 4 changed files with 140 additions and 27 deletions.
2 changes: 1 addition & 1 deletion charts/vaultwarden/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: guerzon
email: [email protected]
url: https://github.com/guerzon
version: 0.20.0
version: 0.21.0
kubeVersion: ">=1.12.0-0"
71 changes: 46 additions & 25 deletions charts/vaultwarden/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,27 +275,41 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME

### Security settings

| Name | Description | Value |
| ------------------------------ | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| `adminToken.existingSecret` | Specify an existing Kubernetes secret containing the admin token. Also set adminToken.existingSecretKey. | `""` |
| `adminToken.existingSecretKey` | When using adminToken.existingSecret, specify the key containing the token. | `""` |
| `adminToken.value` | Plain or argon2 string containing the admin token. | `$argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk` |
| `signupsAllowed` | By default, anyone who can access your instance can register for a new account. | `true` |
| `invitationsAllowed` | Even when registration is disabled, organization administrators or owners can | `true` |
| `signupDomains` | List of domain names for users allowed to register. For example: | `""` |
| `signupsVerify` | Whether to require account verification for newly-registered users. | `true` |
| `showPassHint` | Whether a password hint should be shown in the page. | `false` |
| `fullnameOverride` | String to override the application name. | `""` |
| `invitationOrgName` | String Name shown in the invitation emails that don't come from a specific organization | `Vaultwarden` |
| `iconBlacklistNonGlobalIps` | Whether block non-global IPs. | `true` |
| `ipHeader` | Client IP Header, used to identify the IP of the client | `X-Real-IP` |
| `serviceAccount.create` | Create a service account | `true` |
| `serviceAccount.name` | Name of the service account to create | `vaultwarden-svc` |
| `podSecurityContext` | Pod security options | `{}` |
| `securityContext` | Default security options to run vault as read only container without privilege escalation | `{}` |
| `yubico.clientId` | Yubico client ID | `""` |
| `yubico.secretKey` | Yubico secret key | `""` |
| `yubico.server` | Specify a Yubico server, otherwise the default servers will be used | `""` |
| Name | Description | Value |
| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| `adminToken.existingSecret` | Specify an existing Kubernetes secret containing the admin token. Also set adminToken.existingSecretKey. | `""` |
| `adminToken.existingSecretKey` | When using adminToken.existingSecret, specify the key containing the token. | `""` |
| `adminToken.value` | Plain or argon2 string containing the admin token. | `$argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk` |
| `signupsAllowed` | By default, anyone who can access your instance can register for a new account. | `true` |
| `invitationsAllowed` | Even when registration is disabled, organization administrators or owners can | `true` |
| `signupDomains` | List of domain names for users allowed to register. For example: | `""` |
| `signupsVerify` | Whether to require account verification for newly-registered users. | `true` |
| `showPassHint` | Whether a password hint should be shown in the page. | `false` |
| `fullnameOverride` | String to override the application name. | `""` |
| `invitationOrgName` | String Name shown in the invitation emails that don't come from a specific organization | `Vaultwarden` |
| `orgCreationUsers` | Controls which users can create new orgs. | `""` |
| `orgEventsEnabled` | Controls whether event logging is enabled for organizations | `false` |
| `sendsAllowed` | Controls whether users are allowed to create Bitwarden Sends. | `true` |
| `emergencyAccessAllowed` | Controls whether users can enable emergency access to their accounts. | `true` |
| `emergencyNotifReminderSched` | Cron schedule of the job that sends expiration reminders to emergency access grantors. | `0 3 * * * *` |
| `emergencyRqstTimeoutSched` | Cron schedule of the job that grants emergency access requests that have met the required wait time. | `0 7 * * * *` |
| `eventCleanupSched` | Cron schedule of the job that cleans old events from the event table. | `0 10 0 * * *` |
| `eventsDayRetain` | Number of days to retain events stored in the database. | `""` |
| `iconService` | The predefined icon services are: internal, bitwarden, duckduckgo, google. | `internal` |
| `invitationExpirationHours` | The number of hours after which an organization invite token, emergency access invite token, | `120` |
| `requireDeviceEmail` | Require new device emails. When a user logs in an email is required to be sent. | `false` |
| `trashAutoDeleteDays` | Number of days to wait before auto-deleting a trashed item. | `""` |
| `timeZone` | Specify timezone different from the default (UTC). | `""` |
| `iconBlacklistNonGlobalIps` | Whether block non-global IPs. | `true` |
| `ipHeader` | Client IP Header, used to identify the IP of the client | `X-Real-IP` |
| `serviceAccount.create` | Create a service account | `true` |
| `serviceAccount.name` | Name of the service account to create | `vaultwarden-svc` |
| `podSecurityContext` | Pod security options | `{}` |
| `securityContext` | Default security options to run vault as read only container without privilege escalation | `{}` |
| `yubico.clientId` | Yubico client ID | `""` |
| `yubico.secretKey` | Yubico secret key | `""` |
| `yubico.server` | Specify a Yubico server, otherwise the default servers will be used | `""` |
| `experimentalClientFeatureFlags` | Comma separated list of experimental features to enable in clients, make sure to check which features are already enabled by default (.env.template) | `nil` |

### Exposure Parameters

Expand Down Expand Up @@ -386,10 +400,11 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME

### Logging Configuration

| Name | Description | Value |
| ------------------ | --------------------- | ----- |
| `logging.logLevel` | Specify the log level | `""` |
| `logging.logFile` | Log to a file | `""` |
| Name | Description | Value |
| ------------------ | ----------------------------------------------------------------------- | ------ |
| `logging.logLevel` | Specify the log level | `""` |
| `logging.logFile` | Log to a file | `""` |
| `extendedLogging` | Enable extended logging, which shows timestamps and targets in the logs | `true` |

### Extra Configuration

Expand All @@ -408,3 +423,9 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME
| `podDisruptionBudget.enabled` | Enable PodDisruptionBudget settings | `false` |
| `podDisruptionBudget.minAvailable` | Minimum number/percentage of pods that should remain scheduled. | `1` |
| `podDisruptionBudget.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` |

### BETA Features

| Name | Description | Value |
| ------------------ | ----------------------------------------------------------- | ------- |
| `orgGroupsEnabled` | Controls whether group support is enabled for organizations | `false` |
Loading

0 comments on commit 3f30ca3

Please sign in to comment.