Skip to content

Commit

Permalink
chore: artifactoryhub
Browse files Browse the repository at this point in the history 
Signed-off-by: Lester Guerzon <[email protected]>
  • Loading branch information
@guerzon
guerzon committed Nov 4, 2023
1 parent f9e9b56 commit 90f8d57
Show file tree
Hide file tree
Showing 4 changed files with 209 additions and 200 deletions.
206 changes: 7 additions & 199 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,222 +1,30 @@
# Helm chart for Vaultwarden

[![MIT Licensed](https://img.shields.io/github/license/guerzon/vaultwarden)](https://github.com/guerzon/vaultwarden/blob/main/LICENSE)
[![Helm Release](https://img.shields.io/docker/v/vaultwarden/server/latest)](https://img.shields.io/docker/v/vaultwarden/server/latest)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/vaultwarden)](https://artifacthub.io/packages/search?repo=vaultwarden)

[Vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as **Bitwarden_RS**, is an "alternative implementation of the Bitwarden server API written in Rust and compatible with [upstream Bitwarden clients](https://bitwarden.com/download/), perfect for self-hosted deployment where running the official resource-heavy service might not be ideal."

## TL;DR

```bash
helm repo add vaultwarden https://guerzon.github.io/vaultwarden
helm install my-vaultwarden-release vaultwarden/vaultwarden
```

## Description

This [Helm](https://helm.sh/docs/) chart is used to deploy `vaultwarden` with a stable configuration to Kubernetes clusters.

The upstream repository for the `vaultwarden` project can be found [here](https://github.com/dani-garcia/vaultwarden). To learn more about Vaultwarden, please visit the [wiki](https://github.com/dani-garcia/vaultwarden/wiki).
The `vaultwarden` project can be found [here](https://github.com/dani-garcia/vaultwarden). To learn more about Vaultwarden, please visit the [wiki](https://github.com/dani-garcia/vaultwarden/wiki).

## Prerequisites

- Kubernetes 1.12+
- Helm 3.1.0
- Kubernetes >= 1.12
- Helm >= 3.1.0

## Usage

To deploy the chart with the release name `vaultwarden-release`:
Add the repository:

```bash
export NAMESPACE=vaultwarden
export DOMAIN_NAME=pass.company.com
helm repo add vaultwarden https://guerzon.github.io/vaultwarden
helm install vaultwarden-release vaultwarden/vaultwarden \
--namespace $NAMESPACE \
--set "ingress.enabled=true" \
--set "ingress.hostname=$DOMAIN_NAME"
```

To deploy the chart to another namespace using custom values in the file `demo.yaml`:

```bash
export NAMESPACE=vaultwarden-demo
export RELEASE_NAME=vaultwarden-demo
helm upgrade -i \
-n $NAMESPACE $RELEASE_NAME vaultwarden/vaultwarden \
-f demo.yaml
```

### General configuration

This chart deploys `vaultwarden` from pre-built images on [Docker Hub](https://hub.docker.com/r/vaultwarden/server/tags): `vaultwarden/server`. The image can be defined by specifying the tag with `image.tag`.

Example that uses the Alpine-based image `1.24.0-alpine` and an existing secret that contains registry credentials:

```yaml
image:
tag: "1.24.0-alpine"
pullSecrets:
- myRegKey
```
**Important**: specify the URL used by users with the `domain` variable, otherwise, some functionalities might not work:

```yaml
domain: "https://vaultwarden.contoso.com:9443/"
```

Detailed configuration options can be found in the [Vaultwarden settings](./charts/vaultwarden/README.md#vaultwarden-settings) section.

### Database options

By default, `vaultwarden` uses a SQLite database located in `/data/db.sqlite3`. However, it is also possible to make use of an external database, in particular either [MySQL](https://www.mysql.com/downloads/) or [PostgreSQL](https://www.postgresql.org).

To configure an external database, set `database.type` to either `mysql` or `postgresql` and specify the datase connection information.

Example for using an external MySQL database:

```yaml
database:
type: mysql
host: database.contoso.eu
username: appuser
password: apppassword
dbName: prodapp
```

You can also specify the connection string:

```yaml
database:
type: postgresql
uriOverride: "postgresql://appuser:[email protected]:5433/qualdb"
```

Alternatively, you could create a Kubernetes secret containing the database URI:

```bash
DB_STRING="postgresql://appuser:[email protected]:5433/qualdb"
kubectl -n vaultwarden create secret generic prod-db-creds --from-literal=secret-uri=$DB_STRING
```

Then pass the name of the secret and the key to the chart:

```yaml
database:
type: postgresql
existingSecret: "prod-db-creds"
existingSecretKey: "secret-uri"
```

Detailed configuration options can be found in the [Database Configuration](./charts/vaultwarden/README.md#database-configuration) section.

### SSL and Ingress

This chart supports the usage of existing Ingress Controllers for exposing the `vaultwarden` deployment.

#### nginx-ingress

Nginx ingress controller can be installed by following [this](https://kubernetes.github.io/ingress-nginx/deploy/) guide. An SSL certificate can be added as a secret with a few commands:

```bash
cd <dir-containing-the-certs>
kubectl create secret -n vaultwarden \
tls vw-constoso-com-crt \
--key privkey.pem \
--cert fullchain.pem
```

Once both prerequisites are ready, values can be set as follows:

```yaml
ingress:
enabled: true
class: "nginx"
tlsSecret: vw-constoso-com-crt
hostname: vaultwarden.contoso.com
allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16"
```

#### AWS LB Controller

When using AWS, the [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/) can be used together with [ACM](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/cert_discovery/).

Example for AWS:

```yaml
ingress:
enabled: true
class: "alb"
hostname: vaultwarden.contoso.com
additionalAnnotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/tags: Environment=dev,Team=test
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:ACCOUNT:certificate/LONGID"
```

Detailed configuration options can be found in the [Exposure Parameters](./charts/vaultwarden/README.md#exposure-parameters) section.

### Security

An admin token can be generated with: `openssl rand -base64 48`.

By default, the chart deploys a [service account](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) called `vaultwarden-svc`.

```yaml
serviceAccount:
create: true
name: "vaultwarden-svc"
```

Detailed configuration options can be found in the [Security settings](./charts/vaultwarden/README.md#security-settings) section.

### Mail settings

To enable the SMTP service, make sure that at a minimum, `smtp.host` and `smtp.from` are set.

```yaml
smtp:
host: mx01.contoso.com
from: [email protected]
fromName: "Vault Administrator"
username: admin
password: password
acceptInvalidHostnames: "true"
acceptInvalidCerts: "true"
```

Detailed configuration options can be found in the [SMTP Configuration](./charts/vaultwarden/README.md#smtp-configuration) section.

### Storage

To use persistent storage using a claim, set `storage.enabled` to `true`. The following example sets the storage class to an already-installed Rancher's [local path storage](https://github.com/rancher/local-path-provisioner) provisioner.

```yaml
storage:
enabled: true
size: "10Gi"
class: "local-path"
```

Example for AWS:

```yaml
storage:
enabled: true
size: "10Gi"
class: "gp2"
```

Detailed configuration options can be found in the [Storage Configuration](./charts/vaultwarden/README.md#storage-configuration) section.

## Deployment in GKE

I have written a detailed post about deploying Vaultwarden in Google Kubernetes Engine [here](https://medium.com/@sreafterhours/terraform-helm-external-dns-cert-manager-nginx-and-vaultwarden-on-gke-5080f3b4909f).

## Parameters

Refer to the detailed parameter documentation [here](./charts/vaultwarden/README.md).
Refer to the detailed documentation [here](./charts/vaultwarden/README.md).

## Uninstall

Expand All @@ -240,7 +48,7 @@ Nevertheless, if you find any issues while using this chart, or have any suggest

## Author

This Helm chart was created and is being maintained by [Lester Guerzon](https://blog.pidnull.io).
This Helm chart was created and maintained by [Lester Guerzon](https://blog.pidnull.io).

### Credits

Expand Down
4 changes: 4 additions & 0 deletions artifacthub-repo.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
repositoryID: 0c334844-c49c-45a8-bf8e-b086fa93ddae
owners:
- name: guerzon
email: [email protected]
4 changes: 3 additions & 1 deletion charts/vaultwarden/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
apiVersion: v2
name: vaultwarden
description: vaultwarden is an unofficial Bitwarden-compatible server written in Rust
type: application
keywords:
- Rust
- vaultwarden
Expand All @@ -12,4 +13,5 @@ maintainers:
- name: guerzon
email: [email protected]
url: https://github.com/guerzon
version: 0.15.1
version: 0.15.2
kubeVersion: ">=1.12.0-0"
Loading

0 comments on commit 90f8d57

Please sign in to comment.