From c44a24ae6cbffac7bda8a7543692c1d464437751 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Thu, 25 Jan 2024 11:33:11 -0500 Subject: [PATCH] [DEVOPS-1713] - Allow use of existing PVCs (#101) --- charts/self-host/ci/test-values.yaml | 74 ++++++++++++++++- charts/self-host/templates/admin.yaml | 24 +++--- charts/self-host/templates/api.yaml | 26 +++--- charts/self-host/templates/attachments.yaml | 14 ++-- charts/self-host/templates/events.yaml | 20 ++--- charts/self-host/templates/icons.yaml | 16 ++-- charts/self-host/templates/identity.yaml | 22 ++--- charts/self-host/templates/mssql.yaml | 22 +++-- charts/self-host/templates/notifications.yaml | 20 ++--- .../post-install-db-migrator-job.yaml | 10 +-- .../pre-install-db-migrator-job.yaml | 8 +- .../self-host/templates/pre-install-job.yaml | 8 +- .../templates/pre-install-secret-keys.yaml | 2 +- .../templates/pre-install-secret-sql.yaml | 8 +- charts/self-host/templates/scim.yaml | 26 +++--- charts/self-host/templates/sso.yaml | 24 +++--- charts/self-host/templates/volumes.yaml | 83 ++++++++++++++++++- charts/self-host/templates/web.yaml | 12 +-- charts/self-host/values.schema.json | 78 +++++++++++++++++ charts/self-host/values.yaml | 48 ++++++++++- 20 files changed, 406 insertions(+), 139 deletions(-) diff --git a/charts/self-host/ci/test-values.yaml b/charts/self-host/ci/test-values.yaml index 3e8edb47..3b9dcc53 100644 --- a/charts/self-host/ci/test-values.yaml +++ b/charts/self-host/ci/test-values.yaml @@ -80,6 +80,10 @@ general: # values are only ReadWriteMany and ReadWriteOnce. Please read https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes # to better understand these options before changing this value. volumeAccessMode: "ReadWriteOnce" + # Set to true to allow communication between your server and our cloud system. Doing so enables billing and license sync. Please see: https://bitwarden.com/help/self-host-an-organization/#step-4-setup-billing-and-license-sync + enableCloudCommunication: false + # Cloud region for sync. Please see: https://bitwarden.com/help/families-for-enterprise-self-hosted/#step-1-enable-cloud-communication + cloudRegion: US # Specify the name of the shared storage class # This storage class requires ReadWriteMany. You will need to provide your own storage class. Storage classes with automatic volume previsioners are recommended. @@ -274,17 +278,60 @@ component: securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments podServiceAccount: +# Images used for jobs and init containers +supportComponents: + dbMigrator: + image: + name: bitwarden/mssqlmigratorutility + certGenerator: + image: + name: docker.io/nginx + tag: 1.25.3 + kubectl: + image: + name: bitnami/kubectl + tag: 1.21 # Data volume sizes for shared PVCs volume: dataprotection: + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: "1Gi" labels: {} attachments: + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi labels: {} licenses: + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi labels: {} + logs: + # Logs are disabled by default + enabled: true + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" + size: 1Gi + labels: {} + # # Configure service account for pre- and post-install hooks @@ -320,14 +367,35 @@ database: # The MSSQL volumes for the PVCs volume: backups: - # Storage size + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi + labels: {} data: - # Storage size + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 10Gi + labels: {} log: - # Storage size + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 10Gi + labels: {} + # Specifies the strategy used to replace old Pods by new ones. The value can be "OnDelete" or "RollingUpdate". "OnDelete" is the default value. + # When set to OnDelete, the SQL pod will not be recreated automatically on update. It must be manually deleted to update. + updateStrategy: OnDelete # This will set the Kubernetes container security context securityContext: # Run the pod under a service account you create. This is especially useful for OpenShift deployments diff --git a/charts/self-host/templates/admin.yaml b/charts/self-host/templates/admin.yaml index 7061e27d..6258c74a 100644 --- a/charts/self-host/templates/admin.yaml +++ b/charts/self-host/templates/admin.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.admin.deploymentStrategy }}" + type: {{ .Values.component.admin.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.admin" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.admin.podServiceAccount }} - serviceAccount: "{{ .Values.component.admin.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.admin.podServiceAccount }}" + serviceAccount: {{ .Values.component.admin.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.admin.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -50,7 +50,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -74,12 +74,12 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: admin {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -89,16 +89,16 @@ spec: volumes: - name: dataprotection persistentVolumeClaim: - claimName: {{ template "bitwarden.dataprotection" . }} + claimName: {{ default ( include "bitwarden.dataprotection" . ) .Values.volume.dataprotection.existingClaim }} - name: licenses persistentVolumeClaim: - claimName: {{ template "bitwarden.licenses" . }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + claimName: {{ default ( include "bitwarden.licenses" . ) .Values.volume.licenses.existingClaim }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/api.yaml b/charts/self-host/templates/api.yaml index 56e182e6..dcd05ab3 100644 --- a/charts/self-host/templates/api.yaml +++ b/charts/self-host/templates/api.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.api.deploymentStrategy }}" + type: {{ .Values.component.api.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.api" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.api.podServiceAccount }} - serviceAccount: "{{ .Values.component.api.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.api.podServiceAccount }}" + serviceAccount: {{ .Values.component.api.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.api.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -50,7 +50,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -76,12 +76,12 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: api {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -91,19 +91,19 @@ spec: volumes: - name: dataprotection persistentVolumeClaim: - claimName: {{ template "bitwarden.dataprotection" . }} + claimName: {{ default ( include "bitwarden.dataprotection" . ) .Values.volume.dataprotection.existingClaim }} - name: attachments persistentVolumeClaim: - claimName: {{ template "bitwarden.attachments" . }} + claimName: {{ default ( include "bitwarden.attachments" . ) .Values.volume.attachments.existingClaim }} - name: licenses persistentVolumeClaim: - claimName: {{ template "bitwarden.licenses" . }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + claimName: {{ default ( include "bitwarden.licenses" . ) .Values.volume.licenses.existingClaim }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/attachments.yaml b/charts/self-host/templates/attachments.yaml index 18ddb31e..60978f36 100644 --- a/charts/self-host/templates/attachments.yaml +++ b/charts/self-host/templates/attachments.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.attachments.deploymentStrategy }}" + type: {{ .Values.component.attachments.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.attachments" . }} @@ -26,8 +26,8 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.attachments.podServiceAccount }} - serviceAccount: "{{ .Values.component.attachments.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.attachments.podServiceAccount }}" + serviceAccount: {{ .Values.component.attachments.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.attachments.podServiceAccount | quote }} {{- end }} containers: - name: {{ template "bitwarden.attachments" . }} @@ -36,7 +36,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -58,7 +58,7 @@ spec: volumeMounts: - name: attachments mountPath: /etc/bitwarden/core/attachments - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -68,8 +68,8 @@ spec: volumes: - name: attachments persistentVolumeClaim: - claimName: {{ template "bitwarden.attachments" . }} - {{- if .Values.secrets.secretProviderClass}} + claimName: {{ default ( include "bitwarden.attachments" . ) .Values.volume.attachments.existingClaim }} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/events.yaml b/charts/self-host/templates/events.yaml index e046e577..59e075d6 100644 --- a/charts/self-host/templates/events.yaml +++ b/charts/self-host/templates/events.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.events.deploymentStrategy }}" + type: {{ .Values.component.events.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.events" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.events.podServiceAccount }} - serviceAccount: "{{ .Values.component.events.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.events.podServiceAccount }}" + serviceAccount: {{ .Values.component.events.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.events.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -50,7 +50,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -70,12 +70,12 @@ spec: resources: {{ toYaml .Values.component.events.resources | indent 10 }} volumeMounts: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: events @@ -83,7 +83,7 @@ spec: securityContext: {{ toYaml .Values.component.events.securityContext | indent 10 }} volumes: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io @@ -91,10 +91,10 @@ spec: volumeAttributes: secretProviderClass: {{ .Values.secrets.secretProviderClass }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} --- diff --git a/charts/self-host/templates/icons.yaml b/charts/self-host/templates/icons.yaml index 8224a9a7..55bed5af 100644 --- a/charts/self-host/templates/icons.yaml +++ b/charts/self-host/templates/icons.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.icons.deploymentStrategy }}" + type: {{ .Values.component.icons.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.icons" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.icons.podServiceAccount }} - serviceAccount: "{{ .Values.component.icons.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.icons.podServiceAccount }}" + serviceAccount: {{ .Values.component.icons.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.icons.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -73,7 +73,7 @@ spec: mountPath: "/mnt/secrets-store" readOnly: true {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: icons @@ -83,7 +83,7 @@ spec: securityContext: {{ toYaml .Values.component.icons.securityContext | indent 10 }} volumes: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io @@ -91,10 +91,10 @@ spec: volumeAttributes: secretProviderClass: {{ .Values.secrets.secretProviderClass }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} --- diff --git a/charts/self-host/templates/identity.yaml b/charts/self-host/templates/identity.yaml index 5af419f8..8d8849b1 100644 --- a/charts/self-host/templates/identity.yaml +++ b/charts/self-host/templates/identity.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.identity.deploymentStrategy }}" + type: {{ .Values.component.identity.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.identity" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.identity.podServiceAccount }} - serviceAccount: "{{ .Values.component.identity.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.identity.podServiceAccount }}" + serviceAccount: {{ .Values.component.identity.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.identity.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -50,7 +50,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -78,7 +78,7 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: identity @@ -96,16 +96,16 @@ spec: secretName: {{ .Release.Name }}-identity-cert - name: dataprotection persistentVolumeClaim: - claimName: {{ template "bitwarden.dataprotection" . }} + claimName: {{ default ( include "bitwarden.dataprotection" . ) .Values.volume.dataprotection.existingClaim }} - name: licenses persistentVolumeClaim: - claimName: {{ template "bitwarden.licenses" . }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + claimName: {{ default ( include "bitwarden.licenses" . ) .Values.volume.licenses.existingClaim }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/mssql.yaml b/charts/self-host/templates/mssql.yaml index f027fa42..593dc898 100644 --- a/charts/self-host/templates/mssql.yaml +++ b/charts/self-host/templates/mssql.yaml @@ -16,7 +16,7 @@ spec: serviceName: {{ template "bitwarden.mssql" . }} replicas: 1 updateStrategy: - type: "{{ .Values.database.updateStrategy }}" + type: {{ .Values.database.updateStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.mssql" . }} @@ -31,20 +31,22 @@ spec: {{- end }} spec: {{- if .Values.database.podServiceAccount }} - serviceAccount: "{{ .Values.database.podServiceAccount }}" - serviceAccountName: "{{ .Values.database.podServiceAccount }}" + serviceAccount: {{ .Values.database.podServiceAccount | quote }} + serviceAccountName: {{ .Values.database.podServiceAccount | quote }} {{- end }} containers: - name: {{ template "bitwarden.mssql" . }} image: "{{ .Values.database.image.name }}:{{ .Values.database.image.tag }}" imagePullPolicy: Always + {{- if .Values.database.resources }} resources: {{ toYaml .Values.database.resources | indent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ .Release.Name }}-sql-connection-string ports: @@ -57,7 +59,7 @@ spec: mountPath: /var/opt/mssql/log - name: mssql-backups mountPath: /var/opt/mssql/backups - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -83,20 +85,22 @@ spec: initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 3 + {{- if .Values.database.securityContext }} securityContext: {{ toYaml .Values.database.securityContext | indent 12 }} + {{- end }} enableServiceLinks: false volumes: - name: mssql-data persistentVolumeClaim: - claimName: {{ template "bitwarden.mssqlData" . }} + claimName: {{ default ( include "bitwarden.mssqlData" . ) .Values.database.volume.data.existingClaim }} - name: mssql-log persistentVolumeClaim: - claimName: {{ template "bitwarden.mssqlLog" . }} + claimName: {{ default ( include "bitwarden.mssqlLog" . ) .Values.database.volume.log.existingClaim }} - name: mssql-backups persistentVolumeClaim: - claimName: {{ template "bitwarden.mssqlBackups" . }} - {{- if .Values.secrets.secretProviderClass}} + claimName: {{ default ( include "bitwarden.mssqlBackups" . ) .Values.database.volume.backups.existingClaim }} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/notifications.yaml b/charts/self-host/templates/notifications.yaml index dbbaca13..ce436a30 100644 --- a/charts/self-host/templates/notifications.yaml +++ b/charts/self-host/templates/notifications.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.notifications.deploymentStrategy }}" + type: {{ .Values.component.notifications.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.notifications" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.notifications.podServiceAccount }} - serviceAccount: "{{ .Values.component.notifications.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.notifications.podServiceAccount }}" + serviceAccount: {{ .Values.component.notifications.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.notifications.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -50,7 +50,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -70,12 +70,12 @@ spec: resources: {{ toYaml .Values.component.notifications.resources | indent 10 }} volumeMounts: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: notifications @@ -83,7 +83,7 @@ spec: securityContext: {{ toYaml .Values.component.notifications.securityContext | indent 10 }} volumes: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io @@ -91,10 +91,10 @@ spec: volumeAttributes: secretProviderClass: {{ .Values.secrets.secretProviderClass }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} --- diff --git a/charts/self-host/templates/post-install-db-migrator-job.yaml b/charts/self-host/templates/post-install-db-migrator-job.yaml index 0da586ef..670b5cb5 100644 --- a/charts/self-host/templates/post-install-db-migrator-job.yaml +++ b/charts/self-host/templates/post-install-db-migrator-job.yaml @@ -60,17 +60,17 @@ spec: {{- if .Values.database.enabled }} name: {{ .Release.Name }}-sql-connection-string {{- else }} - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} {{- end }} key: globalSettings__sqlServer__connectionString image: "{{ .Values.supportComponents.dbMigrator.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" volumeMounts: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true {{- end }} - {{- if or (not .Values.database.enabled) (and .Values.database.enabled .Release.IsUpgrade) }} + {{- if or ( not .Values.database.enabled ) ( and .Values.database.enabled .Release.IsUpgrade ) }} args: [ "-f", "DbScripts_transition", "-r"] {{- end }} restartPolicy: Never @@ -78,9 +78,9 @@ spec: {{- if .Values.database.enabled }} - name: mssql-data persistentVolumeClaim: - claimName: {{ template "bitwarden.mssqlData" . }} + claimName: {{ default ( include "bitwarden.mssqlData" . ) .Values.database.volume.data.existingClaim }} {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/pre-install-db-migrator-job.yaml b/charts/self-host/templates/pre-install-db-migrator-job.yaml index 415fded5..87e1d8fa 100644 --- a/charts/self-host/templates/pre-install-db-migrator-job.yaml +++ b/charts/self-host/templates/pre-install-db-migrator-job.yaml @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: pre-install-db-migrator-job spec: {{- if .Values.serviceAccount.name }} - serviceAccountName: "{{ .Values.serviceAccount.name }}" + serviceAccountName: {{ .Values.serviceAccount.name | quote }} {{- end }} containers: - name: migrate-db @@ -32,19 +32,19 @@ spec: {{- if .Values.database.enabled }} name: {{ .Release.Name }}-sql-connection-string {{- else }} - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} {{- end }} key: globalSettings__sqlServer__connectionString image: "{{ .Values.supportComponents.dbMigrator.image.name }}:{{default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" volumeMounts: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true {{- end }} restartPolicy: Never volumes: - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/pre-install-job.yaml b/charts/self-host/templates/pre-install-job.yaml index 455560af..4c2db54d 100644 --- a/charts/self-host/templates/pre-install-job.yaml +++ b/charts/self-host/templates/pre-install-job.yaml @@ -1,6 +1,6 @@ -{{- $identityCertPasswordTxtValue := (randAlpha 32) }} -{{- $currentIdentityCert := (lookup "v1" "Secret" .Release.Namespace "{{ .Release.Name }}-identity-cert") }} -{{- $identityCertPasswordTxtValue := (lookup "v1" "Secret" .Release.Namespace "{{ .Release.Name }}-identity-cert-password") }} +{{- $identityCertPasswordTxtValue := ( randAlpha 32 ) }} +{{- $currentIdentityCert := ( lookup "v1" "Secret" .Release.Namespace "{{ .Release.Name }}-identity-cert" ) }} +{{- $identityCertPasswordTxtValue := ( lookup "v1" "Secret" .Release.Namespace "{{ .Release.Name }}-identity-cert-password" ) }} {{- if $currentIdentityCert }} {{- $identityCertPasswordTxtValue := index $currentIdentityCert.data "globalSettings__identityServer__certificatePassword" | b64dec }} @@ -24,7 +24,7 @@ spec: app.kubernetes.io/component: pre-install-hook spec: {{- if .Values.serviceAccount.name }} - serviceAccountName: "{{ .Values.serviceAccount.name }}" + serviceAccountName: {{ .Values.serviceAccount.name | quote }} {{- end }} {{- if not $currentIdentityCert }} diff --git a/charts/self-host/templates/pre-install-secret-keys.yaml b/charts/self-host/templates/pre-install-secret-keys.yaml index 377ed8ff..1418cd14 100644 --- a/charts/self-host/templates/pre-install-secret-keys.yaml +++ b/charts/self-host/templates/pre-install-secret-keys.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "bitwarden.keyssecret" . }} namespace: {{ .Release.Namespace }} data: -{{- $currentGeneratedSecret := (lookup "v1" "Secret" .Release.Namespace (include "bitwarden.keyssecret" . )) }} +{{- $currentGeneratedSecret := ( lookup "v1" "Secret" .Release.Namespace ( include "bitwarden.keyssecret" . ) ) }} {{- if $currentGeneratedSecret}} globalSettings__internalIdentityKey: {{ index $currentGeneratedSecret.data "globalSettings__internalIdentityKey"}} globalSettings__oidcIdentityClientKey: {{ index $currentGeneratedSecret.data "globalSettings__oidcIdentityClientKey"}} diff --git a/charts/self-host/templates/pre-install-secret-sql.yaml b/charts/self-host/templates/pre-install-secret-sql.yaml index 6513207f..d3246827 100644 --- a/charts/self-host/templates/pre-install-secret-sql.yaml +++ b/charts/self-host/templates/pre-install-secret-sql.yaml @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: pre-install-hook spec: {{- if .Values.serviceAccount.name }} - serviceAccountName: "{{ .Values.serviceAccount.name }}" + serviceAccountName: {{ .Values.serviceAccount.name | quote }} {{- end }} containers: - name: create-resources @@ -36,11 +36,11 @@ spec: image: "{{ .Values.supportComponents.kubectl.image.name }}:{{ .Values.supportComponents.kubectl.image.tag }}" envFrom: - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} volumeMounts: - name: temp mountPath: "/bitwarden" - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -50,7 +50,7 @@ spec: - name: temp emptyDir: medium: Memory - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/scim.yaml b/charts/self-host/templates/scim.yaml index 6e07159f..6dd5027b 100644 --- a/charts/self-host/templates/scim.yaml +++ b/charts/self-host/templates/scim.yaml @@ -15,7 +15,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.scim.deploymentStrategy }}" + type: {{ .Values.component.scim.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.scim" . }} @@ -27,10 +27,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.scim.podServiceAccount }} - serviceAccount: "{{ .Values.component.scim.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.scim.podServiceAccount }}" + serviceAccount: {{ .Values.component.scim.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.scim.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -51,7 +51,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -77,12 +77,12 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: scim {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -92,19 +92,19 @@ spec: volumes: - name: dataprotection persistentVolumeClaim: - claimName: {{ template "bitwarden.dataprotection" . }} + claimName: {{ default ( include "bitwarden.dataprotection" . ) .Values.volume.dataprotection.existingClaim }} - name: attachments persistentVolumeClaim: - claimName: {{ template "bitwarden.attachments" . }} + claimName: {{ default ( include "bitwarden.attachments" . ) .Values.volume.attachments.existingClaim }} - name: licenses persistentVolumeClaim: - claimName: {{ template "bitwarden.licenses" . }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + claimName: {{ default ( include "bitwarden.licenses" . ) .Values.volume.licenses.existingClaim }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/sso.yaml b/charts/self-host/templates/sso.yaml index 5e0c6749..2b9653cf 100644 --- a/charts/self-host/templates/sso.yaml +++ b/charts/self-host/templates/sso.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.sso.deploymentStrategy }}" + type: {{ .Values.component.sso.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.sso" . }} @@ -26,10 +26,10 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.sso.podServiceAccount }} - serviceAccount: "{{ .Values.component.sso.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.sso.podServiceAccount }}" + serviceAccount: {{ .Values.component.sso.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.sso.podServiceAccount | quote }} {{- end }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} initContainers: - name: create-mount-subdir command: @@ -50,7 +50,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} - secretRef: @@ -78,12 +78,12 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + {{- if .Values.volume.logs.enabled }} - name: applogs mountPath: /etc/bitwarden/logs subPath: sso {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -96,16 +96,16 @@ spec: secretName: {{ .Release.Name }}-identity-cert - name: dataprotection persistentVolumeClaim: - claimName: {{ template "bitwarden.dataprotection" . }} + claimName: {{ default ( include "bitwarden.dataprotection" . ) .Values.volume.dataprotection.existingClaim }} - name: licenses persistentVolumeClaim: - claimName: {{ template "bitwarden.licenses" . }} - {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + claimName: {{ default ( include "bitwarden.licenses" . ) .Values.volume.licenses.existingClaim }} + {{- if .Values.volume.logs.enabled }} - name: applogs persistentVolumeClaim: - claimName: {{ template "bitwarden.applogs" . }} + claimName: {{ default ( include "bitwarden.applogs" . ) .Values.volume.logs.existingClaim }} {{- end }} - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/templates/volumes.yaml b/charts/self-host/templates/volumes.yaml index bb0bece8..5936d140 100644 --- a/charts/self-host/templates/volumes.yaml +++ b/charts/self-host/templates/volumes.yaml @@ -1,17 +1,34 @@ +{{- if not .Values.volume.dataprotection.existingClaim }} --- apiVersion: v1 kind: PersistentVolumeClaim metadata: namespace: {{ .Release.Namespace }} name: {{ template "bitwarden.dataprotection" . }} + labels: + app.kubernetes.io/component: dataprotection +{{ include "bitwarden.labels" . | indent 4 }} +{{- with .Values.volume.dataprotection.labels }} +{{ toYaml . | indent 4 }} +{{- end }} spec: accessModes: + {{- if .Values.volume.dataprotection.accessMode }} + - {{ .Values.volume.dataprotection.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.volume.dataprotection.storageClass }} + storageClassName: {{ .Values.volume.dataprotection.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.volume.dataprotection.size }} +{{- end }} +{{- if not .Values.volume.licenses.existingClaim }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -26,12 +43,22 @@ metadata: {{- end }} spec: accessModes: + {{- if .Values.volume.licenses.accessMode }} + - {{ .Values.volume.licenses.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.volume.licenses.storageClass }} + storageClassName: {{ .Values.volume.licenses.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.volume.licenses.size }} +{{- end }} +{{- if not .Values.volume.attachments.existingClaim }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -46,13 +73,22 @@ metadata: {{- end }} spec: accessModes: + {{- if .Values.volume.attachments.accessMode }} + - {{ .Values.volume.attachments.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.volume.attachments.storageClass }} + storageClassName: {{ .Values.volume.attachments.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.volume.attachments.size }} +{{- end }} -{{- if and .Values.volume.logs .Values.volume.logs.enabled }} +{{- if and .Values.volume.logs.enabled (not .Values.volume.logs.existingClaim) }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -67,8 +103,16 @@ metadata: {{- end }} spec: accessModes: + {{- if .Values.volume.logs.accessMode }} + - {{ .Values.volume.logs.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.volume.logs.storageClass }} + storageClassName: {{ .Values.volume.logs.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.volume.logs.size }} @@ -79,6 +123,7 @@ spec: ################# {{- if .Values.database.enabled }} +{{- if not .Values.database.volume.log.existingClaim }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -88,17 +133,27 @@ metadata: labels: app.kubernetes.io/component: mssql-log {{ include "bitwarden.labels" . | indent 4 }} -{{- with .Values.database.labels }} +{{- with .Values.database.volume.log.labels }} {{ toYaml . | indent 4 }} {{- end }} spec: accessModes: + {{- if .Values.database.volume.log.accessMode }} + - {{ .Values.database.volume.log.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.database.volume.log.storageClass }} + storageClassName: {{ .Values.database.volume.log.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.database.volume.log.size }} +{{- end }} +{{- if not .Values.database.volume.backups.existingClaim }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -108,17 +163,27 @@ metadata: labels: app.kubernetes.io/component: mssql-backups {{ include "bitwarden.labels" . | indent 4 }} -{{- with .Values.database.labels }} +{{- with .Values.database.volume.backups.labels }} {{ toYaml . | indent 4 }} {{- end }} spec: accessModes: + {{- if .Values.database.volume.backups.accessMode }} + - {{ .Values.database.volume.backups.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.database.volume.backups.storageClass }} + storageClassName: {{ .Values.database.volume.backups.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.database.volume.backups.size }} +{{- end }} +{{- if not .Values.database.volume.data.existingClaim }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -128,14 +193,24 @@ metadata: labels: app.kubernetes.io/component: mssql-data {{ include "bitwarden.labels" . | indent 4 }} -{{- with .Values.database.labels }} +{{- with .Values.database.volume.data.labels }} {{ toYaml . | indent 4 }} {{- end }} spec: accessModes: + {{- if .Values.database.volume.data.accessMode }} + - {{ .Values.database.volume.data.accessMode }} + {{- else }} - {{ .Values.general.volumeAccessMode }} + {{- end }} + {{- if .Values.database.volume.data.storageClass }} + storageClassName: {{ .Values.database.volume.data.storageClass }} + {{- else }} storageClassName: {{ .Values.sharedStorageClassName }} + {{- end }} resources: requests: storage: {{ .Values.database.volume.data.size }} {{- end }} + +{{- end }} diff --git a/charts/self-host/templates/web.yaml b/charts/self-host/templates/web.yaml index 5e72b17a..0ec5b79f 100644 --- a/charts/self-host/templates/web.yaml +++ b/charts/self-host/templates/web.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: 1 strategy: - type: "{{ .Values.component.web.deploymentStrategy }}" + type: {{ .Values.component.web.deploymentStrategy | quote }} selector: matchLabels: app: {{ template "bitwarden.web" . }} @@ -26,8 +26,8 @@ spec: {{ include "bitwarden.labels" . | indent 8 }} spec: {{- if .Values.component.web.podServiceAccount }} - serviceAccount: "{{ .Values.component.web.podServiceAccount }}" - serviceAccountName: "{{ .Values.component.web.podServiceAccount }}" + serviceAccount: {{ .Values.component.web.podServiceAccount | quote }} + serviceAccountName: {{ .Values.component.web.podServiceAccount | quote }} {{- end }} containers: - name: {{ template "bitwarden.web" . }} @@ -36,7 +36,7 @@ spec: - configMapRef: name: {{ .Release.Name }}-config-map - secretRef: - name: "{{ .Values.secrets.secretName }}" + name: {{ .Values.secrets.secretName | quote }} - secretRef: name: {{ template "bitwarden.keyssecret" . }} {{- if .Values.database.enabled }} @@ -58,7 +58,7 @@ spec: volumeMounts: - name: web mountPath: /etc/bitwarden/web - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true @@ -69,7 +69,7 @@ spec: - name: web configMap: name: {{ .Release.Name }}-config-map-web - {{- if .Values.secrets.secretProviderClass}} + {{- if .Values.secrets.secretProviderClass }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io diff --git a/charts/self-host/values.schema.json b/charts/self-host/values.schema.json index 6550ae0f..685da992 100644 --- a/charts/self-host/values.schema.json +++ b/charts/self-host/values.schema.json @@ -2169,6 +2169,15 @@ "type": "object", "required": [], "properties": { + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" }, @@ -2183,6 +2192,15 @@ "type": "object", "required": [], "properties": { + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" }, @@ -2197,6 +2215,15 @@ "type": "object", "required": [], "properties": { + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" }, @@ -2214,6 +2241,15 @@ "enabled": { "type": "boolean" }, + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" }, @@ -2300,8 +2336,22 @@ "type": "object", "required": [], "properties": { + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" + }, + "labels": { + "type": "object", + "required": [], + "properties": {} } } }, @@ -2309,8 +2359,22 @@ "type": "object", "required": [], "properties": { + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" + }, + "labels": { + "type": "object", + "required": [], + "properties": {} } } }, @@ -2318,8 +2382,22 @@ "type": "object", "required": [], "properties": { + "existingClaim": { + "type": "string" + }, + "accessMode": { + "type": "string" + }, + "storageClass": { + "type": "string" + }, "size": { "type": "string" + }, + "labels": { + "type": "object", + "required": [], + "properties": {} } } } diff --git a/charts/self-host/values.yaml b/charts/self-host/values.yaml index b07db641..e44b2108 100644 --- a/charts/self-host/values.yaml +++ b/charts/self-host/values.yaml @@ -314,17 +314,41 @@ supportComponents: # Data volume sizes for shared PVCs volume: dataprotection: + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: "1Gi" labels: {} attachments: + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi labels: {} licenses: + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi labels: {} logs: # Logs are disabled by default enabled: false + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi labels: {} @@ -362,14 +386,32 @@ database: # The MSSQL volumes for the PVCs volume: backups: - # Storage size + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 1Gi + labels: {} data: - # Storage size + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 10Gi + labels: {} log: - # Storage size + # Use an existing PVC by specifying the name. + # existingClaim: claimName + # Override the accessMode specified in general.volumeAccessMode + # accessMode: ReadWriteOnce + # Override the storageClass specified in sharedStorageClassName + # storageClass: "shared-storage" size: 10Gi + labels: {} # Specifies the strategy used to replace old Pods by new ones. The value can be "OnDelete" or "RollingUpdate". "OnDelete" is the default value. # When set to OnDelete, the SQL pod will not be recreated automatically on update. It must be manually deleted to update. updateStrategy: OnDelete