Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Verified Commit d603fe8f authored by Benoît's avatar Benoît
Browse files

Fix README.md 


Signed-off-by: default avatarBenoit Pourre <benoit.pourre@gmail.com>
parent 18313c61
No related branches found
No related tags found
No related merge requests found
Pipeline #9577 failed
Stage: test
Stage: release
Hide whitespace changes
Inline Side-by-side
Chart.yaml
+ 0
1
View file @ d603fe8f
......@@ -16,7 +16,6 @@ dependencies:
description: Vaultwarden is an unofficial Bitwarden-compatible server written in Rust
engine: gotpl
home: https://github.com/dani-garcia/vaultwarden
icon: https://bitnami.com/assets/stacks/keycloak/img/keycloak-stack-220x234.png
keywords:
- Rust
- vaultwarden
......
README.md
+ 23
179
View file @ d603fe8f
# Helm chart for Vaultwarden
[![MIT Licensed](https://img.shields.io/github/license/guerzon/vaultwarden)](https://github.com/guerzon/vaultwarden/blob/main/LICENSE)
[![Helm Release](https://img.shields.io/docker/v/vaultwarden/server/1.24.0)](https://img.shields.io/docker/v/vaultwarden/server/1.24.0)
[![Helm Release](https://img.shields.io/docker/v/vaultwarden/server/1.26.0)](https://img.shields.io/docker/v/vaultwarden/server/1.26.0)
[Vaultwarden](https://github.com/dani-garcia/vaultwarden), formerly known as **Bitwarden_RS**, is an "alternative implementation of the Bitwarden server API written in Rust and compatible with [upstream Bitwarden clients](https://bitwarden.com/download/), perfect for self-hosted deployment where running the official resource-heavy service might not be ideal."
## TL;DR
```bash
git clone https://github.com/guerzon/vaultwarden
cd vaultwarden
helm install my-vaultwarden-release .
```
## Description
## Prerequisites
- Kubernetes 1.20+
- Helm 3.7.0+
## Usage
To deploy the chart with the release name `vaultwarden-release`:
```bash
export NAMESPACE=vaultwarden
export DOMAIN_NAME=pass.company.com
helm install vaultwarden-release . \
--namespace $NAMESPACE \
--set "ingress.enabled=true" \
--set "ingress.hostname=$DOMAIN_NAME"
```
To deploy the chart to another namespace using custom values in the file `demo.yaml`:
```bash
export NAMESPACE=vaultwarden-demo
export RELEASE_NAME=vaultwarden-demo
helm upgrade -i \
-n $NAMESPACE $RELEASE_NAME . \
-f demo.yaml
```
### General configuration
This chart deploys `vaultwarden` from pre-built images on [Docker Hub](https://hub.docker.com/r/vaultwarden/server/tags): `vaultwarden/server`. The image can be defined by specifying the tag with `image.tag`.
Example that uses the Alpine-based image `1.24.0-alpine` and an existing secret that contains registry credentials:
```yaml
image:
tag: "1.26.0-alpine"
pullSecrets:
- myRegKey
```
**Important**: specify the URL used by users with the `domain` variable, otherwise, some functionalities might not work:
```yaml
domain: "https://vaultwarden.contoso.com:9443/"
```
Detailed configuration options can be found in the [Vaultwarden settings](#vaultwarden-settings) section below.
### Database options
By default, `vaultwarden` uses a SQLite database located in `/data/db.sqlite3`. However, it is also possible to make use of an external database, in particular either [MySQL](https://www.mysql.com/downloads/) or [PostgreSQL](https://www.postgresql.org).
To configure an external database, set `database.type` to either `mysql` or `postgresql` and specify the datase connection information.
Example for using an external MySQL database:
```yaml
database:
type: mysql
host: database.contoso.eu
username: appuser
password: apppassword
dbName: prodapp
```
You can also specify the connection string:
```yaml
database:
type: postgresql
uriOverride: "postgresql://appuser:apppassword@pg.contoso.eu:5433/qualdb"
```
Detailed configuration options can be found in the [Database Configuration](#database-configuration) section below.
### SSL and Ingress
This chart supports the usage of existing Ingress Controllers for exposing the `vaultwarden` deployment.
#### nginx-ingress
Nginx ingress controller can be installed by following [this](https://kubernetes.github.io/ingress-nginx/deploy/) guide. An SSL certificate can be added as a secret with a few commands:
```bash
cd <dir-containing-the-certs>
kubectl create secret -n vaultwarden \
tls vw-constoso-com-crt \
--key privkey.pem \
--cert fullchain.pem
```
Once both prerequisites are ready, values can be set as follows:
```yaml
ingress:
enabled: true
class: "nginx"
tlsSecret: vw-constoso-com-crt
hostname: vaultwarden.contoso.com
allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16"
```
#### AWS LB Controller
When using AWS, the [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/) can be used together with [ACM](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/cert_discovery/).
Example for AWS:
```console
$ helm repo add doca https://charts.doca.cloud/charts
```yaml
ingress:
enabled: true
class: "alb"
hostname: vaultwarden.contoso.com
additionalAnnotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/tags: Environment=dev,Team=test
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:ACCOUNT:certificate/LONGID"
$ helm install my-release doca/vaultwarden
```
Detailed configuration options can be found in the [Exposure Parameters](#exposure-parameters) section below.
## Prerequisites
### Security
- Kubernetes 1.19+
- Helm 3.2.0+
- PV provisioner support in the underlying infrastructure
- [cert-manager](docs/projects/csi-driver/#supported-volume-attributes)
An admin token can be generated with: `openssl rand -base64 48`.
## Installing the Chart
Detailed configuration options can be found in the [Security Settings](#security-settings) section below.
To install the chart with the release name `my-release`:
By default, the chart deploys a [service account](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) called `vaultwarden-svc`.
```console
$ helm repo add doca https://charts.doca.cloud/charts
```yaml
serviceAccount:
create: true
name: "vaultwarden-svc"
$ helm install my-release doca/vaultwarden
```
Detailed configuration options can be found in the [Security settings](#security-settings) section below.
### Mail settings
These commands deploy Vaultwarden on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
To enable the SMTP service, make sure that at a minimum, `smtp.host` and `smtp.from` are set.
```yaml
smtp:
host: mx01.contoso.com
from: no-reply@contoso.com
fromName: "Vault Administrator"
username: admin
password: password
acceptInvalidHostnames: "true"
acceptInvalidCerts: "true"
```
> **Tip**: List all releases using `helm list`
Detailed configuration options can be found in the [SMTP Configuration](#smtp-configuration) section below.
## Uninstalling the Chart
### Storage
To uninstall/delete the `my-release` release:
To use persistent storage using a claim, set `storage.enabled` to `true`. The following example sets the storage class to an already-installed Rancher's [local path storage](https://github.com/rancher/local-path-provisioner) provisioner.
```yaml
storage:
enabled: true
size: "10Gi"
class: "local-path"
```console
$ helm delete my-release
```
Example for AWS:
The command removes all the Kubernetes components associated with the chart and deletes the release. Remove also the chart using `--purge` option:
```yaml
storage:
enabled: true
size: "10Gi"
class: "gp2"
```console
$ helm delete --purge my-release
```
Detailed configuration options can be found in the [Storage Configuration](#storage-configuration) section below.
## Parameters
......@@ -411,17 +266,6 @@ Detailed configuration options can be found in the [Storage Configuration](#stor
| `smtp.acceptInvalidCerts` | Accept Invalid Certificates | `false` |
| `smtp.debug` | SMTP debugging | `false` |
## Uninstall
To uninstall/delete the `vaultwarden-demo` release:
```console
export NAMESPACE=vaultwarden
export RELEASE_NAME=vaultwarden-demo
helm -n $NAMESPACE uninstall $RELEASE_NAME
```
## License
[MIT](./LICENSE).
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Froggit est fièrement fabriqué avec amour par Lydra avec des Logiciels Libres et hébergé en France chez Scaleway | Status du service