mirror of
https://github.com/k8s-at-home/charts.git
synced 2025-01-23 23:49:12 +00:00
[bitwardenrs] Update to 1.18.0 and add some missing features (#346)
This commit is contained in:
parent
8a5bd34f6a
commit
e928c2a4bd
@ -2,15 +2,15 @@ apiVersion: v2
|
|||||||
name: bitwardenrs
|
name: bitwardenrs
|
||||||
description: Unofficial Bitwarden compatible server written in Rust
|
description: Unofficial Bitwarden compatible server written in Rust
|
||||||
type: application
|
type: application
|
||||||
version: 1.1.1
|
version: 2.0.0
|
||||||
appVersion: 1.16.3
|
appVersion: 1.18.0
|
||||||
keywords:
|
keywords:
|
||||||
- bitwarden
|
- bitwarden
|
||||||
- bitwardenrs
|
- bitwardenrs
|
||||||
- bitwarden_rs
|
- bitwarden_rs
|
||||||
- password
|
- password
|
||||||
- rust
|
- rust
|
||||||
home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwarden_rs
|
home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/dani-garcia/bitwarden_rs
|
- https://github.com/dani-garcia/bitwarden_rs
|
||||||
maintainers:
|
maintainers:
|
||||||
|
@ -46,3 +46,13 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
|
|||||||
```console
|
```console
|
||||||
helm install bitwarden k8s-at-home/bitwardenrs --values values.yaml
|
helm install bitwarden k8s-at-home/bitwardenrs --values values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Upgrading an existing Release to a new major version
|
||||||
|
|
||||||
|
A major chart version change (like 1.1.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
|
||||||
|
|
||||||
|
### Upgrading from 1.x.x to 2.x.x
|
||||||
|
|
||||||
|
Chart version 2.0.0 introduces external database support.
|
||||||
|
* No actions required to continue with the default sqlite backend.
|
||||||
|
* Refer to the `bitwardenrs.externalDatabase` section of [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bitwardenrs/values.yaml) to configure MySQL or PostgreSQL database backends.
|
||||||
|
38
charts/bitwardenrs/templates/_database.tpl
Normal file
38
charts/bitwardenrs/templates/_database.tpl
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
{{/*
|
||||||
|
Generate environment variables for external database
|
||||||
|
*/}}
|
||||||
|
{{- define "bitwardenrs.externalDatabaseConfigMap" -}}
|
||||||
|
{{- with .Values.bitwardenrs.externalDatabase }}
|
||||||
|
{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
|
||||||
|
{{- if and (not .existingSecret.enabled) .user }}
|
||||||
|
DATABASE_USER: {{ .user | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (not .existingSecret.enabled) .password }}
|
||||||
|
DATABASE_PASSWORD: {{ .password | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "bitwardenrs.externalDatabaseEnv" -}}
|
||||||
|
{{- with .Values.bitwardenrs.externalDatabase }}
|
||||||
|
{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
|
||||||
|
{{- if .existingSecret.enabled }}
|
||||||
|
- name: DATABASE_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .existingSecret.name | quote }}
|
||||||
|
key: {{ .existingSecret.userKey | quote }}
|
||||||
|
- name: DATABASE_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .existingSecret.name | quote }}
|
||||||
|
key: {{ .existingSecret.passwordKey | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $dbport := not (empty .port) | ternary (printf ":%v" .port) "" }}
|
||||||
|
- name: DATABASE_URL
|
||||||
|
value: {{ printf "%v://$(DATABASE_USER):$(DATABASE_PASSWORD)@%v%v/%v" .type .host $dbport .database }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -12,8 +12,8 @@ data:
|
|||||||
WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
|
WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
|
||||||
{{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
|
{{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
|
||||||
DISABLE_ADMIN_TOKEN: "true"
|
DISABLE_ADMIN_TOKEN: "true"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.bitwardenrs.smtp }}
|
{{- with .Values.bitwardenrs.smtp }}
|
||||||
{{- if .enabled }}
|
{{- if .enabled }}
|
||||||
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
|
SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
|
||||||
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
|
SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
|
||||||
@ -31,6 +31,20 @@ data:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.bitwardenrs.yubico }}
|
||||||
|
{{- if .enabled }}
|
||||||
|
{{- if .server }}
|
||||||
|
YUBICO_SERVER: {{ .server | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (not .existingSecret.enabled) .clientId }}
|
||||||
|
YUBICO_CLIENT_ID: {{ .clientId | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (not .existingSecret.enabled) .secretKey }}
|
||||||
|
YUBICO_SECRET_KEY: {{ .secretKey | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- include "bitwardenrs.externalDatabaseConfigMap" . | nindent 2 }}
|
||||||
{{- if .Values.env }}
|
{{- if .Values.env }}
|
||||||
{{- toYaml .Values.env | nindent 2 }}
|
{{- toYaml .Values.env | nindent 2 }}
|
||||||
{{- end }}
|
{{- end }}
|
@ -54,11 +54,11 @@ spec:
|
|||||||
{{- else }}
|
{{- else }}
|
||||||
name: {{ $fullName }}
|
name: {{ $fullName }}
|
||||||
key: admin-token
|
key: admin-token
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.bitwardenrs.smtp }}
|
{{- with .Values.bitwardenrs.smtp }}
|
||||||
{{- if eq .enabled true }}
|
{{- if eq .enabled true }}
|
||||||
{{- if and .existingSecret.enabled (not .user) }}
|
{{- if and .existingSecret.enabled (not .user) }}
|
||||||
- name: SMTP_USERNAME
|
- name: SMTP_USERNAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
@ -70,9 +70,24 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .existingSecret.name | quote }}
|
name: {{ .existingSecret.name | quote }}
|
||||||
key: {{ .existingSecret.passwordKey | quote }}
|
key: {{ .existingSecret.passwordKey | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.bitwardenrs.yubico }}
|
||||||
|
{{- if and .enabled .existingSecret.enabled }}
|
||||||
|
- name: YUBICO_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .existingSecret.name | quote }}
|
||||||
|
key: {{ .existingSecret.clientIdKey | quote }}
|
||||||
|
- name: YUBICO_SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .existingSecret.name | quote }}
|
||||||
|
key: {{ .existingSecret.secretKeyKey | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: {{ .Values.bitwardenrs.gui.port }}
|
containerPort: {{ .Values.bitwardenrs.gui.port }}
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
{{- if .Values.ingress.enabled -}}
|
{{- if .Values.ingress.enabled -}}
|
||||||
{{- $fullName := include "bitwardenrs.fullname" . -}}
|
{{- $fullName := include "bitwardenrs.fullname" . -}}
|
||||||
{{- $svcPort := .Values.service.port -}}
|
{{- $svcPort := .Values.service.port -}}
|
||||||
|
{{- $websockets := .Values.bitwardenrs.websockets -}}
|
||||||
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||||
apiVersion: networking.k8s.io/v1beta1
|
apiVersion: networking.k8s.io/v1beta1
|
||||||
{{- else -}}
|
{{- else -}}
|
||||||
@ -36,6 +37,16 @@ spec:
|
|||||||
backend:
|
backend:
|
||||||
serviceName: {{ $fullName }}
|
serviceName: {{ $fullName }}
|
||||||
servicePort: {{ $svcPort }}
|
servicePort: {{ $svcPort }}
|
||||||
|
{{- if $websockets.enabled }}
|
||||||
|
- path: {{ . | trimSuffix "/" }}/notifications/hub
|
||||||
|
backend:
|
||||||
|
serviceName: {{ $fullName }}
|
||||||
|
servicePort: {{ $websockets.port }}
|
||||||
|
- path: {{ . | trimSuffix "/" }}/notifications/hub/negotiate
|
||||||
|
backend:
|
||||||
|
serviceName: {{ $fullName }}
|
||||||
|
servicePort: {{ $svcPort}}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -55,11 +55,11 @@ spec:
|
|||||||
{{- else }}
|
{{- else }}
|
||||||
name: {{ $fullName }}
|
name: {{ $fullName }}
|
||||||
key: admin-token
|
key: admin-token
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.bitwardenrs.smtp }}
|
{{- with .Values.bitwardenrs.smtp }}
|
||||||
{{- if eq .enabled true }}
|
{{- if eq .enabled true }}
|
||||||
{{- if and .existingSecret.enabled (not .user) }}
|
{{- if and .existingSecret.enabled (not .user) }}
|
||||||
- name: SMTP_USERNAME
|
- name: SMTP_USERNAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
@ -71,9 +71,24 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .existingSecret.name | quote }}
|
name: {{ .existingSecret.name | quote }}
|
||||||
key: {{ .existingSecret.passwordKey | quote }}
|
key: {{ .existingSecret.passwordKey | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.bitwardenrs.yubico }}
|
||||||
|
{{- if and .enabled .existingSecret.enabled }}
|
||||||
|
- name: YUBICO_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .existingSecret.name | quote }}
|
||||||
|
key: {{ .existingSecret.clientIdKey | quote }}
|
||||||
|
- name: YUBICO_SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .existingSecret.name | quote }}
|
||||||
|
key: {{ .existingSecret.secretKeyKey | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: {{ .Values.bitwardenrs.gui.port }}
|
containerPort: {{ .Values.bitwardenrs.gui.port }}
|
||||||
|
@ -27,6 +27,31 @@ bitwardenrs:
|
|||||||
enabled: false
|
enabled: false
|
||||||
name: ""
|
name: ""
|
||||||
tokenKey: ""
|
tokenKey: ""
|
||||||
|
# External database configuration.
|
||||||
|
# Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
|
||||||
|
# ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
|
||||||
|
# https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
|
||||||
|
externalDatabase:
|
||||||
|
enabled: false
|
||||||
|
# Supported values: 'mysql', 'postgresql'.
|
||||||
|
type: ""
|
||||||
|
# Database host. Required if external database is enabled.
|
||||||
|
host: ""
|
||||||
|
# Database port. Optional, default value is specific to the database backend.
|
||||||
|
port: ""
|
||||||
|
# Database name.
|
||||||
|
database: ""
|
||||||
|
# Database user.
|
||||||
|
user: ""
|
||||||
|
# Database password. Special characters must be escaped with percent encoding.
|
||||||
|
password: ""
|
||||||
|
# Use existing secret for database credentials.
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
name: ""
|
||||||
|
userKey: ""
|
||||||
|
# Special characters in the password value must be escaped with percent encoding.
|
||||||
|
passwordKey: ""
|
||||||
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
||||||
smtp:
|
smtp:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -50,6 +75,21 @@ bitwardenrs:
|
|||||||
name: ""
|
name: ""
|
||||||
userKey: ""
|
userKey: ""
|
||||||
passwordKey: ""
|
passwordKey: ""
|
||||||
|
# Enable Yubikey 2FA: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
||||||
|
yubico:
|
||||||
|
enabled: false
|
||||||
|
# OTP verification server. Will use the default YubiCloud servers if not specified
|
||||||
|
server: ""
|
||||||
|
# API Client ID for OTP server. Ignored if existingSecret is provided.
|
||||||
|
clientId: ""
|
||||||
|
# API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret.
|
||||||
|
secretKey: ""
|
||||||
|
# Use existing secret for API keys
|
||||||
|
existingSecret:
|
||||||
|
enabled: false
|
||||||
|
name: ""
|
||||||
|
clientIdKey: ""
|
||||||
|
secretKeyKey: ""
|
||||||
|
|
||||||
env: {}
|
env: {}
|
||||||
# If you plan to run the WebUI on a port other than port 80, specify that here:
|
# If you plan to run the WebUI on a port other than port 80, specify that here:
|
||||||
|
Loading…
Reference in New Issue
Block a user