From cc47f621d47cd1f85278fcd5630d7731ff705b8e Mon Sep 17 00:00:00 2001 From: Daniel Del Rio Date: Tue, 27 Jun 2023 16:20:30 +0000 Subject: [PATCH 1/4] GH-29: fixes #29 https://github.com/passbolt/charts-passbolt/issues/29 --- templates/deployment.yaml | 2 +- values.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 5420f3d..70b663a 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -134,7 +134,7 @@ spec: name: {{ $fullName }}-sec-redis-proxy readOnly: true resources: - {{- toYaml .Values.redisProxyResources | nindent 12 }} + {{- toYaml .Values.app.cache.redis.sentinelProxy.resources | nindent 12 }} {{- end -}} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/values.yaml b/values.yaml index 4fb76c9..d4dc7ed 100644 --- a/values.yaml +++ b/values.yaml @@ -120,6 +120,8 @@ app: repository: haproxy # -- Configure redis sentinel image tag tag: "latest" + # -- Configure redis sentinel container resources + resources: {} # -- Configure the passbolt deployment resources resources: {} From ad026a6b8793c3ad453effa7ec47434140cfedfe Mon Sep 17 00:00:00 2001 From: Daniel Del Rio Date: Wed, 28 Jun 2023 10:03:08 +0000 Subject: [PATCH 2/4] Ksrt12 feat extra env --- README.md | 8 +++++--- templates/cronjob-proc-email.yaml | 6 ++++++ templates/deployment.yaml | 12 ++++++++++++ templates/job-create-gpg.yaml | 6 ++++++ values.yaml | 8 +++++++- 5 files changed, 36 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2458c38..e144756 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ To uninstall/delete the chart from your cluster: ```bash helm delete my-release -```` +``` The above command deletes all the kubernetes components associated with the chart and deletes the release. @@ -90,7 +90,7 @@ chart and deletes the release. ## Requirements | Repository | Name | Version | -|-------------------------------------------------------|------------------|---------| +| ----------------------------------------------------- | ---------------- | ------- | | https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | | https://charts.bitnami.com/bitnami | redis | 17.3.8 | | https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | @@ -98,7 +98,7 @@ chart and deletes the release. ## Values | Key | Type | Default | Description | -|---------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ------------------------------------------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | affinity | object | `{}` | Configure passbolt deployment affinity | | app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | | app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | @@ -190,6 +190,8 @@ chart and deletes the release. | passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | | passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | | passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | +| passboltEnv.extraEnv | array | `[]` | Configure passbolt extra environment variables | +| passboltEnv.extraEnvFrom | array | `[]` | Configure passbolt environment variables from existing configMaps and secrets | | podAnnotations | object | `{}` | Map of annotation for passbolt server pod | | podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | | rbacEnabled | bool | `true` | Enable role based access control | diff --git a/templates/cronjob-proc-email.yaml b/templates/cronjob-proc-email.yaml index 5c4f01d..e5e4406 100644 --- a/templates/cronjob-proc-email.yaml +++ b/templates/cronjob-proc-email.yaml @@ -40,11 +40,17 @@ spec: env: - name: DATASOURCES_DEFAULT_HOST value: {{ include "passbolt.databaseServiceName" . }} + {{- with .Values.passboltEnv.extraEnv }} + {{- toYaml . | nindent 16 }} + {{- end }} envFrom: - configMapRef: name: {{ $Name }}-cm-env - secretRef: name: {{ $Name }}-sec-env + {{- with .Values.passboltEnv.extraEnvFrom }} + {{- toYaml . | nindent 16 }} + {{- end }} volumeMounts: - name: {{ $Name }}-vol-success mountPath: /tmp/pod diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 5420f3d..ac0c0d0 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -61,11 +61,17 @@ spec: env: - name: DATASOURCES_DEFAULT_HOST value: {{ include "passbolt.databaseServiceName" . }} + {{- with .Values.passboltEnv.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ $Name }}-cm-env - secretRef: name: {{ $Name }}-sec-env + {{- with .Values.passboltEnv.extraEnvFrom }} + {{- toYaml . | nindent 12 }} + {{- end }} containers: - name: {{ $fullName }} command: @@ -91,11 +97,17 @@ spec: env: - name: DATASOURCES_DEFAULT_HOST value: {{ include "passbolt.databaseServiceName" . }} + {{- with .Values.passboltEnv.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ $Name }}-cm-env - secretRef: name: {{ $Name }}-sec-env + {{- with .Values.passboltEnv.extraEnvFrom }} + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- if .Values.app.cache.redis.enabled }} - mountPath: "/etc/passbolt/app.php" diff --git a/templates/job-create-gpg.yaml b/templates/job-create-gpg.yaml index ce23d24..4f3b4b9 100644 --- a/templates/job-create-gpg.yaml +++ b/templates/job-create-gpg.yaml @@ -72,11 +72,17 @@ spec: env: - name: DATASOURCES_DEFAULT_HOST value: {{ include "passbolt.databaseServiceName" . }} + {{- with .Values.passboltEnv.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ $Name }}-cm-env - secretRef: name: {{ $Name }}-sec-env + {{- with .Values.passboltEnv.extraEnvFrom }} + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: - name: {{ $fullName }}-vol-success mountPath: /tmp/pod diff --git a/values.yaml b/values.yaml index 4fb76c9..0aea4f8 100644 --- a/values.yaml +++ b/values.yaml @@ -202,7 +202,13 @@ passboltEnv: # PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: # -- Configure passbolt security salt. # SECURITY_SALT: - + # -- Environment variables to add to the passbolt pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the passbolt pods + extraEnvFrom: + [] + # - secretRef: + # name: passbolt-secret ## Passbolt deployment parameters # -- If autoscaling is disabled this will define the number of pods to run From db89859a9a1d322807f40cf802215c041fa212e4 Mon Sep 17 00:00:00 2001 From: Daniel Del Rio Figueira Date: Wed, 28 Jun 2023 12:22:51 +0200 Subject: [PATCH 3/4] Update changelog for 0.4.0 --- CHANGELOG.md | 22 ++++- Chart.yaml | 2 +- README.md | 237 ++++++++++++++++++++++++++------------------------- 3 files changed, 141 insertions(+), 120 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 897cb53..0a9d0b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,20 +3,35 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/v0.3.3...HEAD) +## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/0.4.0...HEAD) + +## [0.4.0] - 2023-06-28 + +This release includes breaking changes .Values.redisProxyResources now is .Values.app.cache.redis.sentinelProxy.resources + +### Fixed + +- [#29](https://github.com/passbolt/charts-passbolt/issues/29) Missing redis resources field + +### Added + +- [#30](https://github.com/passbolt/charts-passbolt/pull/30) Inject variables to pods from existing K8s secrets and inject extra env variables. ## [0.3.3] - 2023-06-15 ### Fixed + - Added capability of using specific client on init database container, fixes [#26](https://github.com/passbolt/charts-passbolt/issues/26) ### Added + - Allow mounting custom volumes [#25](https://github.com/passbolt/charts-passbolt/pull/25) - Bumped passbolt docker version to 4.0.2-2-ce that comes with support for debian bookworm and php 8.2. ## [0.3.2] - 2023-05-19 ### Added + - [#18](https://github.com/passbolt/charts-passbolt/pull/18) Allow setting annotations on service - Passbolt v4 as default application deployment version. Please read: https://help.passbolt.com/releases/ce/get-up-stand-up @@ -27,6 +42,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Fix issue when disable sentinel proxy on api [#17](https://github.com/passbolt/charts-passbolt/pull/17) ### Added + - Added tests for disabled redis proxy @@ -49,9 +65,11 @@ It also merges some PR to add more control over the bitnami charts used by defau Thanks to @plusiv and @cm3brian for their contributions! ### Added + - [#10](https://github.com/passbolt/charts-passbolt/pull/10) feat: add mariadb persistence options ### Fixed + - [#11](https://github.com/passbolt/charts-passbolt/issues/11) Incorrect/not guaranteed refs present ## [0.2.0] - 2023-03-17 @@ -69,10 +87,12 @@ The downside however is that now this chart requires passbolt-3.12.0-3 as minima We have also include a few contributions from the community, thanks to all of you who helped during this release! ### Added + - [#6](https://github.com/passbolt/charts-passbolt/pull/6) make kubectl more flexible - Support for rootless images in HA scenarios ### Fixed + - [#9](https://github.com/passbolt/charts-passbolt/pull/9) set default value for EMAIL_TRANSPORT_DEFAULT_HOST ## [0.1.4] - 2023-03-06 diff --git a/Chart.yaml b/Chart.yaml index 9d3b01a..7674856 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.3 +version: 0.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/README.md b/README.md index e144756..47e709d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ passbolt sails kubernetes -![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0.2-2-ce](https://img.shields.io/badge/AppVersion-4.0.2--2--ce-informational?style=flat-square) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0.2-2-ce](https://img.shields.io/badge/AppVersion-4.0.2--2--ce-informational?style=flat-square) Passbolt is an open source, security first password manager with strong focus on collaboration. @@ -89,124 +89,125 @@ chart and deletes the release. ## Requirements -| Repository | Name | Version | -| ----------------------------------------------------- | ---------------- | ------- | -| https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | -| https://charts.bitnami.com/bitnami | redis | 17.3.8 | -| https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | +| https://charts.bitnami.com/bitnami | redis | 17.3.8 | +| https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | ## Values -| Key | Type | Default | Description | -| ------------------------------------------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| affinity | object | `{}` | Configure passbolt deployment affinity | -| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | -| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | -| app.cache.redis.sentinelProxy.image | object | `{"repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | -| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | -| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | -| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | -| app.image.repository | string | `"passbolt/passbolt"` | Configure pasbolt deployment image repsitory | -| app.image.tag | string | `"4.0.2-2-ce"` | Overrides the image tag whose default is the chart appVersion. | -| app.initImage.client | string | `"mariadb"` | Configure pasbolt deployment init container image client for database | -| app.initImage.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | -| app.initImage.repository | string | `"mariadb"` | Configure pasbolt deployment image repsitory | -| app.initImage.tag | string | `"latest"` | Overrides the image tag whose default is the chart appVersion. | -| app.resources | object | `{}` | | -| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | -| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | -| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | -| cronJobEmail | object | `{"enabled":true,"schedule":"* * * * *"}` | Enable email cron | -| extraVolumeMounts | string | `""` | Add additional volume mounts, e.g. for overwriting config files | -| extraVolumes | string | `""` | Add additional volumes, e.g. for overwriting config files | -| fullnameOverride | string | `""` | Value to override the whole fullName | -| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | -| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | -| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | -| imagePullSecrets | list | `[]` | Configure image pull secrets | -| ingress.annotations | object | `{"nginx.ingress.kubernetes.io/backend-protocol":"HTTPS"}` | Configure passbolt ingress annotations | -| ingress.enabled | bool | `true` | Enable passbolt ingress | -| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | -| ingress.tls | list | `[]` | Configure passbolt ingress tls | -| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | -| jwtServerPrivate | string | `nil` | JWT server private key in base64 | -| jwtServerPublic | string | `nil` | JWT server public key in base64 | -| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | -| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | -| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | -| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | -| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | -| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | -| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | -| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | -| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | -| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | -| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | -| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | -| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | -| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | -| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | -| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | -| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | -| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | -| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | -| nameOverride | string | `""` | Value to override the chart name on default | -| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | -| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | -| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | -| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | -| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | -| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | -| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | -| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | -| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | -| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | -| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | -| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | -| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | -| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | -| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | -| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | -| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | -| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | -| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | -| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | -| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | -| passboltEnv.extraEnv | array | `[]` | Configure passbolt extra environment variables | -| passboltEnv.extraEnvFrom | array | `[]` | Configure passbolt environment variables from existing configMaps and secrets | -| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | -| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | -| rbacEnabled | bool | `true` | Enable role based access control | -| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | -| redis.auth.enabled | bool | `true` | Enable redis authentication | -| redis.auth.password | string | `"CHANGEME"` | Configure redis password | -| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | -| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | -| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | -| service.annotations | object | `{}` | Annotations to add to the service | -| service.name | string | `"https"` | Configure passbolt service port name | -| service.port | int | `443` | Configure passbolt service port | -| service.targetPort | int | `443` | Configure passbolt service targetPort | -| service.type | string | `"ClusterIP"` | Configure passbolt service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| tolerations | list | `[]` | Configure passbolt deployment tolerations | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Configure passbolt deployment affinity | +| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | +| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | +| app.cache.redis.sentinelProxy.image | object | `{"repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | +| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | +| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | +| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | +| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | +| app.image.repository | string | `"passbolt/passbolt"` | Configure pasbolt deployment image repsitory | +| app.image.tag | string | `"4.0.2-2-ce"` | Overrides the image tag whose default is the chart appVersion. | +| app.initImage.client | string | `"mariadb"` | Configure pasbolt deployment init container image client for database | +| app.initImage.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | +| app.initImage.repository | string | `"mariadb"` | Configure pasbolt deployment image repsitory | +| app.initImage.tag | string | `"latest"` | Overrides the image tag whose default is the chart appVersion. | +| app.resources | object | `{}` | | +| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | +| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | +| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | +| cronJobEmail | object | `{"enabled":true,"schedule":"* * * * *"}` | Enable email cron | +| extraVolumeMounts | string | `""` | Add additional volume mounts, e.g. for overwriting config files | +| extraVolumes | string | `""` | Add additional volumes, e.g. for overwriting config files | +| fullnameOverride | string | `""` | Value to override the whole fullName | +| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | +| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | +| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | +| imagePullSecrets | list | `[]` | Configure image pull secrets | +| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | +| ingress.enabled | bool | `false` | Enable passbolt ingress | +| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | +| ingress.tls | list | `[]` | Configure passbolt ingress tls | +| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | +| jwtServerPrivate | string | `nil` | JWT server private key in base64 | +| jwtServerPublic | string | `nil` | JWT server public key in base64 | +| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | +| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | +| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | +| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | +| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | +| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | +| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | +| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | +| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | +| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | +| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | +| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | +| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | +| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | +| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | +| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | +| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | +| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | +| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | +| nameOverride | string | `""` | Value to override the chart name on default | +| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | +| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | +| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | +| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | +| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | +| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | +| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | +| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | +| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | +| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | +| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | +| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | +| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | +| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | +| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | +| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | +| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | +| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | +| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | +| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | +| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | +| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | +| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | +| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | +| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | +| rbacEnabled | bool | `true` | Enable role based access control | +| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | +| redis.auth.enabled | bool | `true` | Enable redis authentication | +| redis.auth.password | string | `"CHANGEME"` | Configure redis password | +| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | +| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | +| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | +| service.annotations | object | `{}` | Annotations to add to the service | +| service.name | string | `"https"` | Configure passbolt service port name | +| service.port | int | `443` | Configure passbolt service port | +| service.targetPort | int | `443` | Configure passbolt service targetPort | +| service.type | string | `"ClusterIP"` | Configure passbolt service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| tolerations | list | `[]` | Configure passbolt deployment tolerations | From dc71f652befa4833e95c7c94905e1ed1c78d58aa Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Wed, 28 Jun 2023 12:25:49 +0200 Subject: [PATCH 4/4] Updated readme --- README.md | 236 +++++++++++++++++++++++++++--------------------------- 1 file changed, 118 insertions(+), 118 deletions(-) diff --git a/README.md b/README.md index 47e709d..c98d018 100644 --- a/README.md +++ b/README.md @@ -89,125 +89,125 @@ chart and deletes the release. ## Requirements -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | -| https://charts.bitnami.com/bitnami | redis | 17.3.8 | -| https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | +| Repository | Name | Version | +|-------------------------------------------------------|------------------|---------| +| https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | +| https://charts.bitnami.com/bitnami | redis | 17.3.8 | +| https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | ## Values -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Configure passbolt deployment affinity | -| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | -| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | -| app.cache.redis.sentinelProxy.image | object | `{"repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | -| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | -| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | -| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | -| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | -| app.image.repository | string | `"passbolt/passbolt"` | Configure pasbolt deployment image repsitory | -| app.image.tag | string | `"4.0.2-2-ce"` | Overrides the image tag whose default is the chart appVersion. | -| app.initImage.client | string | `"mariadb"` | Configure pasbolt deployment init container image client for database | -| app.initImage.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | -| app.initImage.repository | string | `"mariadb"` | Configure pasbolt deployment image repsitory | -| app.initImage.tag | string | `"latest"` | Overrides the image tag whose default is the chart appVersion. | -| app.resources | object | `{}` | | -| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | -| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | -| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | -| cronJobEmail | object | `{"enabled":true,"schedule":"* * * * *"}` | Enable email cron | -| extraVolumeMounts | string | `""` | Add additional volume mounts, e.g. for overwriting config files | -| extraVolumes | string | `""` | Add additional volumes, e.g. for overwriting config files | -| fullnameOverride | string | `""` | Value to override the whole fullName | -| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | -| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | -| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | -| imagePullSecrets | list | `[]` | Configure image pull secrets | -| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | -| ingress.enabled | bool | `false` | Enable passbolt ingress | -| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | -| ingress.tls | list | `[]` | Configure passbolt ingress tls | -| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | -| jwtServerPrivate | string | `nil` | JWT server private key in base64 | -| jwtServerPublic | string | `nil` | JWT server public key in base64 | -| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | -| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | -| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | -| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | -| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | -| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | -| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | -| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | -| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | -| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | -| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | -| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | -| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | -| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | -| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | -| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | -| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | -| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | -| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | -| nameOverride | string | `""` | Value to override the chart name on default | -| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | -| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | -| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | -| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | -| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | -| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | -| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | -| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | -| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | -| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | -| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | -| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | -| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | -| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | -| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | -| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | -| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | -| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | -| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | -| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | -| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | -| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | -| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | -| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | -| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | -| rbacEnabled | bool | `true` | Enable role based access control | -| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | -| redis.auth.enabled | bool | `true` | Enable redis authentication | -| redis.auth.password | string | `"CHANGEME"` | Configure redis password | -| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | -| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | -| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | -| service.annotations | object | `{}` | Annotations to add to the service | -| service.name | string | `"https"` | Configure passbolt service port name | -| service.port | int | `443` | Configure passbolt service port | -| service.targetPort | int | `443` | Configure passbolt service targetPort | -| service.type | string | `"ClusterIP"` | Configure passbolt service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| tolerations | list | `[]` | Configure passbolt deployment tolerations | +| Key | Type | Default | Description | +|---------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| affinity | object | `{}` | Configure passbolt deployment affinity | +| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | +| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | +| app.cache.redis.sentinelProxy.image | object | `{"repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | +| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | +| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | +| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | +| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | +| app.image.repository | string | `"passbolt/passbolt"` | Configure pasbolt deployment image repsitory | +| app.image.tag | string | `"4.0.2-2-ce"` | Overrides the image tag whose default is the chart appVersion. | +| app.initImage.client | string | `"mariadb"` | Configure pasbolt deployment init container image client for database | +| app.initImage.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | +| app.initImage.repository | string | `"mariadb"` | Configure pasbolt deployment image repsitory | +| app.initImage.tag | string | `"latest"` | Overrides the image tag whose default is the chart appVersion. | +| app.resources | object | `{}` | | +| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | +| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | +| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | +| cronJobEmail | object | `{"enabled":true,"schedule":"* * * * *"}` | Enable email cron | +| extraVolumeMounts | string | `""` | Add additional volume mounts, e.g. for overwriting config files | +| extraVolumes | string | `""` | Add additional volumes, e.g. for overwriting config files | +| fullnameOverride | string | `""` | Value to override the whole fullName | +| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | +| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | +| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | +| imagePullSecrets | list | `[]` | Configure image pull secrets | +| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | +| ingress.enabled | bool | `false` | Enable passbolt ingress | +| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | +| ingress.tls | list | `[]` | Configure passbolt ingress tls | +| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | +| jwtServerPrivate | string | `nil` | JWT server private key in base64 | +| jwtServerPublic | string | `nil` | JWT server public key in base64 | +| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | +| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | +| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | +| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | +| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | +| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | +| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | +| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | +| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | +| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | +| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | +| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | +| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | +| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | +| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | +| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | +| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | +| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | +| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | +| nameOverride | string | `""` | Value to override the chart name on default | +| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | +| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | +| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | +| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | +| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | +| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | +| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | +| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | +| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | +| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | +| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | +| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | +| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | +| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | +| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | +| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | +| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | +| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | +| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | +| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | +| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | +| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | +| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | +| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | +| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | +| rbacEnabled | bool | `true` | Enable role based access control | +| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | +| redis.auth.enabled | bool | `true` | Enable redis authentication | +| redis.auth.password | string | `"CHANGEME"` | Configure redis password | +| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | +| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | +| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | +| service.annotations | object | `{}` | Annotations to add to the service | +| service.name | string | `"https"` | Configure passbolt service port name | +| service.port | int | `443` | Configure passbolt service port | +| service.targetPort | int | `443` | Configure passbolt service targetPort | +| service.type | string | `"ClusterIP"` | Configure passbolt service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| tolerations | list | `[]` | Configure passbolt deployment tolerations |