Skip to content

Commit

Permalink
feat: multiple features
Browse files Browse the repository at this point in the history
- allow disabling the admin token
- minor fix to writing initContainers in template
- update example for signupDomains
- add support for push notifications
- rework storage variable and add support for custom attachments dir
- Makefile for testing
- fix logging configuration
- use alpine image
- move resource config to values.yml
- add readiness probe
- add funding button for repo

Signed-off-by: Lester Guerzon <[email protected]>
  • Loading branch information
guerzon committed Nov 5, 2023
1 parent f58bd50 commit dcb1ca1
Show file tree
Hide file tree
Showing 11 changed files with 220 additions and 119 deletions.
1 change: 1 addition & 0 deletions .github/FUNDING.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
github: guerzon
19 changes: 9 additions & 10 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,21 +9,20 @@ This document was created by the Linux Kernel community and is a simple statemen

See the [DCO](../DCO) file for details.

## Requirements
## How-to

1. Fork this repository, develop, and test your changes.
2. Submit a pull request.
2. When updating the `values.yml`, also update the [chart documentation](./charts/vaultwarden/README.md) by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). A quick way to do this is to run the tool via Docker and the script [generate-readme.sh](generate-readme.sh):

### Technical Requirements
```bash
./generate-readme.sh
```

3. Submit a pull request.

### Reminders

When submitting a pull request, please ensure that:

- The PR follow [Helm best practices](https://helm.sh/docs/chart_best_practices/).
- Any change to a chart requires a version bump following [semver](https://semver.org/) principles.
- The tables of parameters are generated based on the metadata information from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).

A quick way to do this is to run the tool via Docker and the script [generate-readme.sh](generate-readme.sh):

```bash
./generate-readme.sh
```
8 changes: 8 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@

lint:
ct lint --target-branch main

test:
ct install --target-branch main --helm-extra-set-args="--set=domain=https://warden.example.com:8443"

.PHONY: lint test
19 changes: 8 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ The `vaultwarden` project can be found [here](https://github.com/dani-garcia/vau

- Kubernetes >= 1.12
- Helm >= 3.1.0
- `docker` and `make` for generating the chart documentation

## Usage

Expand All @@ -26,16 +27,6 @@ helm repo add vaultwarden https://guerzon.github.io/vaultwarden

Refer to the detailed documentation [here](./charts/vaultwarden/README.md).

## Uninstall

To uninstall/delete the `vaultwarden-demo` release:

```console
export NAMESPACE=vaultwarden
export RELEASE_NAME=vaultwarden-demo
helm -n $NAMESPACE uninstall $RELEASE_NAME
```

## Disclaimer

Please do your due-diligence before using this chart for a production deployment.
Expand All @@ -44,7 +35,7 @@ Nevertheless, if you find any issues while using this chart, or have any suggest

## License

[MIT](./LICENSE).
See [LICENSE](./LICENSE).

## Author

Expand All @@ -54,3 +45,9 @@ This Helm chart was created and maintained by [Lester Guerzon](https://blog.pidn

- The `vaultwarden` project can be found [here](https://github.com/dani-garcia/vaultwarden)
- Further information about `Bitwarden` and 8bit Solutions LLC can be found [here](https://bitwarden.com/)

## References

- Guides: <https://github.com/dani-garcia/vaultwarden/wiki>
- Configuration: <https://github.com/dani-garcia/vaultwarden/blob/main/.env.template>
- Releases: <https://github.com/dani-garcia/vaultwarden/releases>
2 changes: 1 addition & 1 deletion charts/vaultwarden/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: guerzon
email: [email protected]
url: https://github.com/guerzon
version: 0.15.3
version: 0.16.0
kubeVersion: ">=1.12.0-0"
127 changes: 80 additions & 47 deletions charts/vaultwarden/README.md

Large diffs are not rendered by default.

20 changes: 16 additions & 4 deletions charts/vaultwarden/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,12 @@ data:
WEBSOCKET_ADDRESS: {{ .Values.websocket.address | quote }}
WEBSOCKET_PORT: {{ .Values.websocket.port | quote }}
{{- end }}
DATA_FOLDER: {{ .Values.storage.dataDir | quote }}
{{- if .Values.data }}
DATA_FOLDER: {{ default "/data" .Values.data.path | quote }}
{{- end }}
{{- if .Values.attachments }}
ATTACHMENTS_FOLDER: {{ default "/data/attachments" .Values.attachments.path | quote }}
{{- end }}
ROCKET_PORT: {{ .Values.rocket.port | quote }}
ROCKET_WORKERS: {{ .Values.rocket.workers | quote }}
SHOW_PASSWORD_HINT: {{ .Values.showPassHint | quote }}
Expand All @@ -37,12 +42,19 @@ data:
{{- end }}
SIGNUPS_VERIFY: {{ .Values.signupsVerify | quote }}
WEB_VAULT_ENABLED: {{ .Values.webVaultEnabled | quote }}
{{- if .Values.logging.enabled }}
LOG_FILE: {{ .Values.logging.logfile | quote }}
LOG_LEVEL: {{ .Values.logging.loglevel | quote }}
{{- if .Values.logging.logFile }}
LOG_FILE: {{ .Values.logging.logFile | quote }}
{{- end }}
{{- if .Values.logging.logLevel }}
LOG_LEVEL: {{ .Values.logging.logLevel | quote }}
{{- end }}
DB_CONNECTION_RETRIES: {{ .Values.database.connectionRetries | quote }}
DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
INVITATION_ORG_NAME: {{ .Values.invitationOrgName | quote }}
ICON_BLACKLIST_NON_GLOBAL_IPS: {{ .Values.iconBlacklistNonGlobalIps | quote }}
IP_HEADER: {{ .Values.ipHeader | quote }}
{{- if .Values.pushNotifications }}
PUSH_ENABLED: "true"
PUSH_INSTALLATION_ID: {{ .Values.pushNotifications.installationId | quote }}
PUSH_INSTALLATION_KEY: {{ .Values.pushNotifications.installationKey | quote }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/vaultwarden/templates/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ data:
SMTP_PASSWORD: {{ .Values.smtp.password.value | b64enc | quote }}
SMTP_USERNAME: {{ .Values.smtp.username.value | b64enc | quote }}
{{- end }}
{{- if not ( .Values.adminToken.existingSecret ) }}
{{- if ( .Values.adminToken ) }}
ADMIN_TOKEN: {{ .Values.adminToken.value | b64enc | quote }}
{{- end }}
{{ end }}
59 changes: 43 additions & 16 deletions charts/vaultwarden/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ spec:
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }}
initContainers:
{{- if .Values.initContainers }}
{{- toYaml .Values.initContainers | nindent 8 }}
{{- end }}
{{- end }}
containers:
- image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
Expand All @@ -73,11 +73,16 @@ spec:
name: {{ default (include "vaultwarden.fullname" .) .Values.smtp.existingSecret }}
key: {{ default "SMTP_PASSWORD" .Values.smtp.password.existingSecretKey }}
{{- end }}
{{- if .Values.adminToken }}
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: {{ default (include "vaultwarden.fullname" .) .Values.adminToken.existingSecret }}
key: {{ default "ADMIN_TOKEN" .Values.adminToken.existingSecretKey }}
{{- else }}
- name: DISABLE_ADMIN_TOKEN
value: "true"
{{- end }}
{{- if ne "default" .Values.database.type }}
- name: DATABASE_URL
{{- if .Values.database.existingSecret }}
Expand All @@ -100,40 +105,62 @@ spec:
- containerPort: {{ .Values.websocket.port }}
name: websocket
protocol: TCP
{{- if .Values.storage.enabled }}
readinessProbe:
httpGet:
path: /alive
port: 8080
initialDelaySeconds: 5
{{- if .Values.data }}
volumeMounts:
- name: {{ .Values.data.name }}
mountPath: {{ default "/data" .Values.data.path }}
{{- end }}
{{- if .Values.attachments }}
volumeMounts:
- name: vaultwarden-data
mountPath: {{ .Values.storage.dataDir }}
- name: {{ .Values.attachments.name }}
mountPath: {{ default "/data/attachments" .Values.attachments.path }}
{{- end }}
resources:
limits:
cpu: 300m
memory: 1Gi
requests:
cpu: 50m
memory: 256Mi
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.sidecars }}
{{- toYaml .Values.sidecars | nindent 8 }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
{{- if .Values.storage.enabled }}
{{- if (or .Values.data .Values.attachments) }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
volumeClaimTemplates:
{{- if .Values.data }}
- metadata:
name: {{ .Values.data.name }}
labels:
{{- include "vaultwarden.labels" . | nindent 10 }}
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: {{ .Values.data.size }}
{{- if .Values.data.class }}
storageClassName: {{ .Values.data.class | quote }}
{{- end }}
{{- end }}
{{- if .Values.attachments }}
- metadata:
name: vaultwarden-data
name: {{ .Values.attachments.name }}
labels:
{{- include "vaultwarden.labels" . | nindent 10 }}
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: {{ .Values.storage.size }}
{{- if .Values.storage.class }}
storageClassName: {{ .Values.storage.class | quote }}
storage: {{ .Values.attachments.size }}
{{- if .Values.attachments.class }}
storageClassName: {{ .Values.attachments.class | quote }}
{{- end }}
{{- end }}
{{- end }}
78 changes: 52 additions & 26 deletions charts/vaultwarden/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ image:
## @param image.tag Vaultwarden image tag
## Ref: https://hub.docker.com/r/vaultwarden/server/tags
##
tag: "1.29.2"
tag: "1.29.2-alpine"
## @param image.pullPolicy Vaultwarden image pull policy
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
Expand Down Expand Up @@ -56,6 +56,7 @@ podLabels: {}

## @section Security settings
##

adminToken:
## @param adminToken.existingSecret Specify an existing Kubernetes secret containing the admin token. Also set adminToken.existingSecretKey.
## Example: admincreds_secret
Expand All @@ -65,10 +66,11 @@ adminToken:
## Example: ADMIN_TOKEN
##
existingSecretKey: ""
## @param adminToken.value Plain string containing the admin token.
## Example: ADMIN_TOKEN
## @param adminToken.value Plain or argon2 string containing the admin token.
## This example is the argon2 has of "R@ndomTokenString" (no quotes).
##
value: "R@ndomToken$tring"
value: "$argon2id$v=19$m=19456,t=2,p=1$Vkx1VkE4RmhDMUhwNm9YVlhPQkVOZk1Yc1duSDdGRVYzd0Y5ZkgwaVg0Yz0$PK+h1ANCbzzmEKaiQfCjWw+hWFaMKvLhG2PjRanH5Kk"

## @param signupsAllowed By default, anyone who can access your instance can register for a new account.
## To disable this, set this parameter to false. Even when signupsAllowed=false, an existing user who is
## an organization owner or admin can still invite new users. If you want to disable this as well, set
Expand All @@ -82,7 +84,8 @@ signupsAllowed: true
## if signupsAllowed is actually set to false. You can disable this functionality completely by setting
## invitationsAllowed env variable to false
invitationsAllowed: true
## @param signupDomains List of domain names for users allowed to register
## @param signupDomains List of domain names for users allowed to register. For example:
## example.com,example.net,example.org.
##
signupDomains: ""
## @param signupsVerify Whether to require account verification for newly-registered users.
Expand Down Expand Up @@ -283,34 +286,35 @@ smtp:
##
debug: false

## @section Storage Configuration
## @section Persistent data configuration
##
storage:
## @param storage.enabled Enable configuration for persistent storage
##
enabled: false
## @param storage.size Storage size for /data
##
size: "15Gi"
## @param storage.class Specify the storage class
##
class: ""
## @param storage.dataDir Specify the data directory
##
dataDir: "/data"

## @param data Data directory configuration, refer to values.yaml for parameters.
##
data: {}
# name: "vaultwarden-data"
# size: "15Gi"
# class: ""
# path: "/data"

## @param attachments Attachments directory configuration, refer to values.yaml for parameters.
## By default, attachments/ is located inside the data directory.
##
attachments: {}
# name: "vaultwarden-files"
# size: "100Gi"
# class: ""
# path: /files

## @section Logging Configuration
##
logging:
## @param logging.enabled Enable logging to a file
##
enabled: false
## @param logging.logfile Specify logfile path for output log
## @param logging.logLevel Specify the log level
##
logfile: "/data/vaultwarden.log"
## @param logging.loglevel Specify the log level
logLevel: ""
## @param logging.logFile Log to a file
##
loglevel: "warn"
logFile: ""

## @section Extra containers Configuration
##
Expand Down Expand Up @@ -344,3 +348,25 @@ tolerations: []
## @param statefulsetlabels Additional labels for the statefulset
##
statefulsetlabels: {}

## @param pushNotifications Enable mobile push notifications
## Supported since 1.29.0.
## Refer to https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification for details
##
pushNotifications: {}
# installationId: ""
# installationKey: ""

## @param resources Resource configurations
##
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 300m
# memory: 1Gi
# requests:
# cpu: 50m
# memory: 256Mi
4 changes: 1 addition & 3 deletions generate-readme.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@
if [ ! -d "readme-generator-for-helm" ]; then
git clone https://github.com/bitnami-labs/readme-generator-for-helm
fi
cd readme-generator-for-helm/
docker build -t readme-gen .
cd ..
docker build -t readme-gen readme-generator-for-helm/

# Run the tool and mount the current project directory.
docker run --rm -v $(pwd):/mnt -w /mnt readme-gen readme-generator -v charts/vaultwarden/values.yaml -r charts/vaultwarden/README.md

0 comments on commit dcb1ca1

Please sign in to comment.