bitwarden / helm-charts Goto Github PK

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): update actions/checkout action to v4.1.6

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>bitwarden/renovate-config:pin-actions)

Steps To Reproduce

deploy minimal helm values:

database:
  enabled: true
  volume:
    backups:
      size: 20Gi
    data:
      size: 20Gi
    log:
      size: 10Gi
general:
  admins: xxxx
  domain: bitwarden.env.fr
  email:
    replyToEmail: [email protected]
    smtpHost: toto.env.fr
    smtpPort: "587"
  volumeAccessMode: ReadWriteOnce
secrets:
  secretName: custom

Expected Result

mssql pod is up and running

Actual Result

mssql log:

SQL Server 2019 will run as non-root by default.
This container is running as user mssql.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
2023-12-04 16:54:47.94 Server      The licensing PID was successfully processed. The new edition is [Express Edition].
2023-12-04 16:54:48.81 Server      Setup step is copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf'.
2023-12-04 16:54:48.82 Server      ERROR: Setup FAILED copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf':  5(Access is denied.)
ERROR: BootstrapSystemDataDirectories() failure (HRESULT 0x80070005)
Stream closed EOF for bitwarden/bitwarden-self-host-mssql-0 (bitwarden-self-host-mssql)

kube event:

    state:
      waiting:
        message: back-off 5m0s restarting failed container=bitwarden-self-host-mssql
          pod=bitwarden-self-host-mssql-0_bitwarden(61aea36e-717f-4732-81ff-ab64ca6bbc90)
        reason: CrashLoopBackOff

Screenshots or Videos

No response

Additional Context

No response

Chart Version

self-host-0.1.7-Beta

Environment Details

kubernetes self-hosted: 1.22.2

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

1. Install helm chart
2. Wait and watch for events

Expected Result

Liveliness probes do not fail in normal operation.

Actual Result

Liveliness probes occasionally fail. E.g.

$ kubectl -n bitwarden get events
LAST SEEN   TYPE      REASON             OBJECT                                 MESSAGE
9m11s       Normal    Killing            pod/bitwarden-api-54c5d4fbcb-kc7c5     Container bitwarden-api failed liveness probe, will be restarted
9m10s       Normal    Pulled             pod/bitwarden-api-54c5d4fbcb-kc7c5     Container image "bitwarden/api:2024.2.2" already present on machine
9m10s       Normal    Created            pod/bitwarden-api-54c5d4fbcb-kc7c5     Created container bitwarden-api
9m10s       Normal    Started            pod/bitwarden-api-54c5d4fbcb-kc7c5     Started container bitwarden-api
6m1s        Warning   Unhealthy          pod/bitwarden-api-54c5d4fbcb-kc7c5     Liveness probe failed: Get "http://10.244.3.144:5000/alive": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
4m11s       Warning   Unhealthy          pod/bitwarden-admin-58c8896cf8-7sdvc   Liveness probe failed: Get "http://10.244.3.143:5000/alive": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Screenshots or Videos

No response

Additional Context

No response

Chart Version

self-host-2024.2.2

Environment Details

• Environment: k8s
• Hardware: AMD Ryzen 7 5800X 8-Core Processor
• Cores: 8
• RAM: 16Gi (4.9Gi Used, 9.7Gi Available)

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

I do not think it is currently possible to deploy the bitwarden helm chart in a cluster that requires pods to run without root.
There is an option to provide security context to some pods, but not all.
My installation on a security hardened cluster (no root containers allowed) failed as soon as I tried to deploy the bitwarden-db-pre-upgrade job. This job has no configurable security context, so I couldn't get any further.

It would be great if running as non-root was the default for a security oriented tool like bitwarden.
As an alternative, I would like to see the option to run bitwarden as non-root with a custom values configuration.

Expected Result

It was possible to run in a hardened cluster

Actual Result

It is not possible at the moment

Screenshots or Videos

No response

Additional Context

No response

Chart Version

self-host-2024.4.0

Environment Details

No response

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

1. Start fresh with no secrets or anything in the bitwarden namespace.

2. create a "custom-secret" and set globalSettings__identityServer__certificatePassword

   kubectl create secret generic custom-secret -n bitwarden \
      --from-literal=globalSettings__identityServer__certificatePassword="MY_CUSTOM_p@ssw0rd" \
      --from-literal=SA_PASSWORD="REPLACE"

3. install Bitwarden with helm.

4. Check the value of the bitwarden-identity-cert-password secret

Expected Result

Setting globalSettings__identityServer__certificatePassword in the "custom-secret" can be used to set the value for the deployment. Or if no value is provided a unique password will be generated, so that all installs do not end up using the same value.

Actual Result

The value is rendered into the job that makes the identity certificate without checking the custom secret that is already in the cluster. Leading to the value always being "map[]"

# Source: self-host/templates/pre-install-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: "bitwarden-setup"
  labels:
    app.kubernetes.io/component: pre-install-hook
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-weight": "2"
    "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
spec:
  template:
    metadata:
      name: "bitwarden-setup"
      labels:
        app.kubernetes.io/component: pre-install-hook
    spec:
      serviceAccountName: "bitwarden-service-account"
      initContainers:
      - name: generate-identity-cert
        command:
          - "/bin/sh"
          - "-c"
        args: ['
          openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /bitwarden/identity.key -out /bitwarden/identity.crt -subj "/CN=Bitwarden IdentityServer" -days 36500;
          openssl pkcs12 -export -out /bitwarden/identity.pfx -inkey /bitwarden/identity.key -in /bitwarden/identity.crt -passout pass:map[];
          chmod 777 /bitwarden/identity.pfx;
          echo Done;
        ']
        image: "docker.io/nginx:1.25.3"
        volumeMounts:
        - name: temp
          mountPath: "/bitwarden"
      containers:
      - name: create-resources
        command:
          - "/bin/sh"
          - "-c"
        args: ['
          ls -atlh /bitwarden;
          kubectl create secret generic bitwarden-identity-cert --from-file=/bitwarden/identity.pfx -n bitwarden ;
          kubectl create secret generic bitwarden-identity-cert-password -n bitwarden
            --from-literal=globalSettings__identityServer__certificatePassword="map[]";
          echo "Done"
        ']
        image: "bitnami/kubectl:1.21"
        volumeMounts:
        - name: temp
          mountPath: "/bitwarden"
      restartPolicy: Never
      volumes:
        - name: temp
          emptyDir:
            medium: Memory

Screenshots or Videos

No response

Additional Context

No response

Chart Version

self-host-2024.2.2

Environment Details

• Environment: RKE2 v1.27.10+rke2r1
• Helm: version.BuildInfo{Version:"v3.13.3", GitCommit:"c8b948945e52abba22ff885446a1486cb5fd3474", GitTreeState:"clean", GoVersion:"go1.20.11"}
• Chart:

  apiVersion: v2
  appVersion: 2024.2.2
  description: A Helm chart for deploying a Bitwarden instance on Kubernetes
  home: https://github.com/bitwarden/helm-charts/tree/main/charts/self-host
  icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/icon-square.svg
  maintainers:
  - name: dept-devops
  name: self-host
  type: application
  version: 2024.2.2

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

This is likely a mssql bug, but will start here.

Try to install bitwarden - the mssql pod crashes and thus fails to start. See the attached error log. A SIGABRT happens with the first few lines of the log:

Ubuntu 22.04.3 LTS
Capturing core dump and information to /var/opt/mssql/log...
/bin/cat: /proc/10/maps: Permission denied
cat: /proc/10/environ: Permission denied
find: '/proc/10/task/10/fdinfo': Permission denied
find: '/proc/10/task/12/fdinfo': Permission denied

I am running Kubernetes 1.29.2 via k0s on Fedora 39. I have been successfully running the 2023.12 release over the last month. Today I upgraded to 2024.2.2 and ran into this error. However, when rolling back to 2023.12 I still get the same error.

Wondering if this was caused by SE linux, I disabled it. That made no difference.

Today I also ran dnf update and noticed I got a new kernel plus other updates. I know wonder if one of those updates is causing this issue.

A few people have reported this issue over the years, usually around mounting volumes into a mssql docker image. For example:

microsoft/mssql-docker#538

bitwarden-self-host-mssql.log

Expected Result

For bitwarden to install correctly

Actual Result

Bitwarden doesn't install

Screenshots or Videos

No response

Additional Context

My values.yaml overrides:

general:
  domain: xx.xx.xx
  ingress:
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/rewrite-target: /$1
 
  # Comma-separated list of email addresses for Admin users
  admins: [email protected]
  email:
    # Email address used for invitations, typically no-reply@smtp-host
    replyToEmail: [email protected]
    # Your SMTP server hostname (recommended) or IP address
    smtpHost: xx.xx.xx
    # The SMTP port used by the SMTP server
    smtpPort: "465"
    # Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS
    smtpSsl: "false"

  volumeAccessMode: ReadWriteOnce

sharedStorageClassName: openebs-hostpath

# Secrets are required.  Review the chart README on GitHub for details on creating these secrets
secrets:
  secretName: bitwarden-credentials

# Data volume sizes for shared PVCs
volume:
  dataprotection:
    size: "1Gi"
  attachments:
    size: 1Gi
  licenses:
    size: 1Gi
  logs:
    enabled: true
    size: 1Gi

serviceAccount:
  name: bitwarden
  deployRolesOnly: false

database:
  enabled: true
  resources:
    requests:
      memory: "2G"
      cpu: "500m"
    limits:
      memory: "4G"
      cpu:

Chart Version

2024.2.2

Environment Details

k0s
Kubernetes 1.29.2
Fedora 39

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

use flux to deploy the helm release;

Expected Result

Helm release is well deployed

Actual Result

✗ Helm install failed: error while running post render on files: map[string]interface {}(nil): yaml: unmarshal errors:
  line 54: mapping key "resources" already defined at line 53

Screenshots or Videos

No response

Additional Context

No response

Chart Version

self-host-0.1.7-Beta

Environment Details

No response

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

1. Configure the bitwarden in the cluster
2. Create an admin account
3. Login
4. CLick on "Send email" to verify the email
5. Got an error "Service Temporarily unavailable 503"

Expected Result

I received the first email after I create the account, so my SMPT is working, I expect to receive the verification email

Actual Result

Error received instead

Screenshots or Videos

Additional Context

No response

Chart Version

0.1.14-Beta

Environment Details

Using EKS as kubernetes environment and Amazon SES to send emails

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

run this cmd:

helm install bitwarden bitwarden/self-host --version=0.1.7-Beta  --namespace bitwarden --values values.yaml

with this minimal values:

database:
  enabled: true
  volume:
    backups:
      size: 20Gi
    data:
      size: 20Gi
    log:
      size: 10Gi
general:
  admins: false
  domain: test.env.fr
  email:
    replyToEmail: [email protected]
    smtpHost: xxxxx
    smtpPort: "587"
  ingress:
    annotations:
    enabled: true
secrets:
  secretName: custom

Expected Result

Helm release is deployed

Actual Result

Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(StatefulSet.spec): missing required field "serviceName" in io.k8s.api.apps.v1.StatefulSetSpec

Screenshots or Videos

No response

Additional Context

No response

Chart Version

0.1.7-Beta

Environment Details

No response

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Steps To Reproduce

Steps To Reproduce

1. Go to 'https://bitwarden/#/sso
2. Click on 'Login.'
3. Login with SSO (SAML 2)

Log:
self-host-web pod

info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://bitwarden.xxxx.xx/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dweb%26redirect_uri%3Dhttps%253A%252F%252Fbitwarden.xxxx.xx%252Fsso-connector.html%26response_type%3Dcode%26scope%3Dapi%2520offline_access%26state%3DzPXULyXRcXD5hdeh4kEZtjDgF9fH5ULPL3giu4GDNR7JSgwh896a4a2BhfTXvFF9_identifier%253DKIF%25C3%259C%26code_challenge%3D4YNnYCgAKaCVZYu_mljIsSgWcPdQC1kP38mMRbeZA8o%26code_challenge_method%3DS256%26response_mode%3Dquery%26domain_hint%3DKIF%25C3%259C%26ssoToken%3DBWUserPrefix_CfDJ8MIpcSLm3NdOhzBWDFQa2p_ExYcHORWE1RjVO6sVwIVN6jkWIgxXZX-oknRiJCszX0oZLqbMEtAc1Cqek8AbKNi61MnqGGjkDtrigfSgjwnDqJIQMsW5vuuQjXwwP2D9sEF0qe9wBGWsfa8qHqFD9Qb24nhQk1wv8Wz65s3w_K1o7knB-2VBHLiDM7X2Vw6jBI0e206BOMh9F3kZLiHUysG6kxEpHWDipZtV_c_czVv6a1EmGqlw-2mZAfqjbl6l5-vl58IoNjfEZW9G-Id1BWk4lrpf11a9zjfkGsRdg1jYZR0c_QKNPwr4z6jZ7NUIhA - - - 404 0 - 0.2309ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]

Expected Result

Successful Login

Actual Result

Login not successful - 404 error

Screenshots or Videos

No response

Additional Context

No response

Chart Version

0.1.2-Beta

Environment Details

No response

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.