feat: Replace nginx snippet annotation with custom header annotation (#…

…106)
guerzon · Aug 29, 2024 · 6c1cf6a · 6c1cf6a
1 parent eac4a45
commit 6c1cf6a
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 18 deletions.
diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: guerzon
     email: [email protected]
     url: https://github.com/guerzon
-version: 0.24.4
+version: 0.25.0
 kubeVersion: ">=1.12.0-0"
diff --git a/charts/vaultwarden/templates/configmap.yaml b/charts/vaultwarden/templates/configmap.yaml
@@ -1,5 +1,12 @@
 apiVersion: v1
 kind: ConfigMap
+metadata:
+  name: custom-headers-configmap
+data:
+  Request-Id: $req_id
+---
+apiVersion: v1
+kind: ConfigMap
 metadata:
   name: {{ include "vaultwarden.fullname" . }}
   namespace: {{ .Release.Namespace }}

diff --git a/charts/vaultwarden/templates/ingress.yaml b/charts/vaultwarden/templates/ingress.yaml
@@ -26,8 +26,7 @@ metadata:
     {{- toYaml $ingress.additionalAnnotations | nindent 4 }}
     {{- end }}
     {{- if $ingress.nginxIngressAnnotations }}
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_set_headers "Request-Id: $req_id";
+    nginx.ingress.kubernetes.io/custom-headers: {{ $ingress.customHeadersConfigMap }}
     nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
     nginx.ingress.kubernetes.io/enable-cors: "true"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"

diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml
@@ -101,13 +101,15 @@ serviceAccount:
 
 ## @param podSecurityContext Pod security options
 ##
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 1001
   # supplementalGroups:
   #   - 1001
 
 ## @param securityContext Default security options to run vault as read only container without privilege escalation
-securityContext: {}
+securityContext:
+  {}
   # allowPrivilegeEscalation: false
   # privileged: false
   # readOnlyRootFilesystem: true
@@ -122,7 +124,6 @@ securityContext: {}
 ## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
 dnsConfig: {}
 
-
 ## @section Reliability configuration
 ##
 
@@ -194,7 +195,8 @@ startupProbe:
 
 ## @param resources Resource configurations
 ##
-resources: {}
+resources:
+  {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -208,7 +210,8 @@ resources: {}
 
 ## @param strategy Resource configurations
 ##
-strategy: {}
+strategy:
+  {}
   # type: RollingUpdate
   # rollingUpdate:
   #   maxSurge: 1
@@ -224,13 +227,13 @@ podDisruptionBudget:
   ## @param podDisruptionBudget.maxUnavailable Maximum number/percentage of pods that may be made unavailable
   maxUnavailable: null
 
-
 ## @section Persistent data configuration
 ##
 
 ## @param data Data directory configuration, refer to values.yaml for parameters.
 ##
-data: {}
+data:
+  {}
   # name: "vaultwarden-data"
   # size: "15Gi"
   # class: ""
@@ -241,7 +244,8 @@ data: {}
 ## @param attachments Attachments directory configuration, refer to values.yaml for parameters.
 ## By default, attachments/ is located inside the data directory.
 ##
-attachments: {}
+attachments:
+  {}
   # name: "vaultwarden-files"
   # size: "100Gi"
   # class: ""
@@ -296,7 +300,6 @@ database:
 ## Supported since 1.29.0.
 ## Refer to https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification for details
 ##
-
 pushNotifications:
   ## @param pushNotifications.enabled Enable the push notification service
   ##
@@ -451,7 +454,6 @@ emailChangeAllowed: "true"
 ##
 showPassHint: "false"
 
-
 ## @section Advanced settings
 ##
 
@@ -529,14 +531,12 @@ adminRateLimitMaxBurst: "3"
 ##
 timeZone: ""
 
-
 ## @section BETA Features
 ##
 
 ## @param orgGroupsEnabled Controls whether group support is enabled for organizations
 orgGroupsEnabled: "false"
 
-
 ## @section MFA/2FA settings
 ##
 
@@ -564,7 +564,6 @@ duo:
   ##
   hostname: ""
 
-
 ## @section SMTP Configuration
 ##
 smtp:
@@ -628,7 +627,6 @@ smtp:
   ##
   debug: false
 
-
 ## @section Exposure settings
 ##
 
@@ -667,7 +665,7 @@ ingress:
   #
   class: "nginx"
   ## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations
-  ## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/)
+  ## These annotations only make sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/)
   ##
   nginxIngressAnnotations: true
   ## @param ingress.additionalAnnotations Additional annotations for the ingress resource.
@@ -698,6 +696,10 @@ ingress:
   ## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow.
   ##
   nginxAllowList: ""
+  ## @param ingress.customHeadersConfigMap ConfigMap containing custom headers to be added to the ingress.
+  ## Defaults to "custom-headers-configmap", which sets a Request-ID header.
+  ##
+  customHeadersConfigMap: "custom-headers-configmap"
   ## TODO:
   ##   - Add support for using cert-manager.
   ##   - Support for multiple TLS hostnames.