bitwarden / helm-charts Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU Affero General Public License v3.0
License: GNU Affero General Public License v3.0
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are awaiting their schedule. Click on a checkbox to get an update now.
.github/workflows/build.yml
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
Azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
Azure/login v1.6.0@e15b166166a8746d1a47596803bd8c1b595455cf
actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808
ubuntu 22.04
.github/workflows/linter.yml
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
Azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
actions/setup-python v5.1.0@82c7e631bb3cdc910f68e0081d67478d79c6982d
helm/chart-testing-action v2.6.1@e6669bcd63d7cb57cb4380c33043eebe5d111992
ubuntu 22.04
.github/workflows/release.yml
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
Azure/login v1.6.0@e15b166166a8746d1a47596803bd8c1b595455cf
crazy-max/ghaction-import-gpg v6.1.0@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4
Azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
helm/chart-releaser-action v1.5.0@be16258da8010256c6e82849661221415f031968
ubuntu 22.04
.github/workflows/tests.yml
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
Azure/setup-helm v3.5@5119fcb9089d432beecbf79bb2c7915207344b78
actions/setup-python v5.1.0@82c7e631bb3cdc910f68e0081d67478d79c6982d
helm/chart-testing-action v2.6.1@e6669bcd63d7cb57cb4380c33043eebe5d111992
helm/kind-action v1.10.0@0025e74a8c7512023d06dc019c617aa3cf561fde
ubuntu 22.04
.github/workflows/update-versions.yml
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
Azure/login v1.6.0@e15b166166a8746d1a47596803bd8c1b595455cf
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
crazy-max/ghaction-import-gpg v6.1.0@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4
ubuntu 22.04
ubuntu 22.04
.github/workflows/version-bump.yml
actions/checkout v4.1.5@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
Azure/login v1.6.0@e15b166166a8746d1a47596803bd8c1b595455cf
crazy-max/ghaction-import-gpg v6.1.0@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4
ubuntu 22.04
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: Cannot find preset's package (github>bitwarden/renovate-config:pin-actions)
deploy minimal helm values:
database:
enabled: true
volume:
backups:
size: 20Gi
data:
size: 20Gi
log:
size: 10Gi
general:
admins: xxxx
domain: bitwarden.env.fr
email:
replyToEmail: [email protected]
smtpHost: toto.env.fr
smtpPort: "587"
volumeAccessMode: ReadWriteOnce
secrets:
secretName: custom
mssql pod is up and running
mssql log:
SQL Server 2019 will run as non-root by default.
This container is running as user mssql.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
2023-12-04 16:54:47.94 Server The licensing PID was successfully processed. The new edition is [Express Edition].
2023-12-04 16:54:48.81 Server Setup step is copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf'.
2023-12-04 16:54:48.82 Server ERROR: Setup FAILED copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf': 5(Access is denied.)
ERROR: BootstrapSystemDataDirectories() failure (HRESULT 0x80070005)
Stream closed EOF for bitwarden/bitwarden-self-host-mssql-0 (bitwarden-self-host-mssql)
kube event:
state:
waiting:
message: back-off 5m0s restarting failed container=bitwarden-self-host-mssql
pod=bitwarden-self-host-mssql-0_bitwarden(61aea36e-717f-4732-81ff-ab64ca6bbc90)
reason: CrashLoopBackOff
No response
No response
self-host-0.1.7-Beta
kubernetes self-hosted: 1.22.2
Liveliness probes do not fail in normal operation.
Liveliness probes occasionally fail. E.g.
$ kubectl -n bitwarden get events
LAST SEEN TYPE REASON OBJECT MESSAGE
9m11s Normal Killing pod/bitwarden-api-54c5d4fbcb-kc7c5 Container bitwarden-api failed liveness probe, will be restarted
9m10s Normal Pulled pod/bitwarden-api-54c5d4fbcb-kc7c5 Container image "bitwarden/api:2024.2.2" already present on machine
9m10s Normal Created pod/bitwarden-api-54c5d4fbcb-kc7c5 Created container bitwarden-api
9m10s Normal Started pod/bitwarden-api-54c5d4fbcb-kc7c5 Started container bitwarden-api
6m1s Warning Unhealthy pod/bitwarden-api-54c5d4fbcb-kc7c5 Liveness probe failed: Get "http://10.244.3.144:5000/alive": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
4m11s Warning Unhealthy pod/bitwarden-admin-58c8896cf8-7sdvc Liveness probe failed: Get "http://10.244.3.143:5000/alive": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
No response
No response
self-host-2024.2.2
I do not think it is currently possible to deploy the bitwarden helm chart in a cluster that requires pods to run without root.
There is an option to provide security context to some pods, but not all.
My installation on a security hardened cluster (no root containers allowed) failed as soon as I tried to deploy the bitwarden-db-pre-upgrade job. This job has no configurable security context, so I couldn't get any further.
It would be great if running as non-root was the default for a security oriented tool like bitwarden.
As an alternative, I would like to see the option to run bitwarden as non-root with a custom values configuration.
It was possible to run in a hardened cluster
It is not possible at the moment
No response
No response
self-host-2024.4.0
No response
Start fresh with no secrets or anything in the bitwarden namespace.
create a "custom-secret" and set globalSettings__identityServer__certificatePassword
kubectl create secret generic custom-secret -n bitwarden \
--from-literal=globalSettings__identityServer__certificatePassword="MY_CUSTOM_p@ssw0rd" \
--from-literal=SA_PASSWORD="REPLACE"
install Bitwarden with helm.
Check the value of the bitwarden-identity-cert-password
secret
Setting globalSettings__identityServer__certificatePassword
in the "custom-secret" can be used to set the value for the deployment. Or if no value is provided a unique password will be generated, so that all installs do not end up using the same value.
The value is rendered into the job that makes the identity certificate without checking the custom secret that is already in the cluster. Leading to the value always being "map[]"
# Source: self-host/templates/pre-install-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: "bitwarden-setup"
labels:
app.kubernetes.io/component: pre-install-hook
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
spec:
template:
metadata:
name: "bitwarden-setup"
labels:
app.kubernetes.io/component: pre-install-hook
spec:
serviceAccountName: "bitwarden-service-account"
initContainers:
- name: generate-identity-cert
command:
- "/bin/sh"
- "-c"
args: ['
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /bitwarden/identity.key -out /bitwarden/identity.crt -subj "/CN=Bitwarden IdentityServer" -days 36500;
openssl pkcs12 -export -out /bitwarden/identity.pfx -inkey /bitwarden/identity.key -in /bitwarden/identity.crt -passout pass:map[];
chmod 777 /bitwarden/identity.pfx;
echo Done;
']
image: "docker.io/nginx:1.25.3"
volumeMounts:
- name: temp
mountPath: "/bitwarden"
containers:
- name: create-resources
command:
- "/bin/sh"
- "-c"
args: ['
ls -atlh /bitwarden;
kubectl create secret generic bitwarden-identity-cert --from-file=/bitwarden/identity.pfx -n bitwarden ;
kubectl create secret generic bitwarden-identity-cert-password -n bitwarden
--from-literal=globalSettings__identityServer__certificatePassword="map[]";
echo "Done"
']
image: "bitnami/kubectl:1.21"
volumeMounts:
- name: temp
mountPath: "/bitwarden"
restartPolicy: Never
volumes:
- name: temp
emptyDir:
medium: Memory
No response
No response
self-host-2024.2.2
apiVersion: v2
appVersion: 2024.2.2
description: A Helm chart for deploying a Bitwarden instance on Kubernetes
home: https://github.com/bitwarden/helm-charts/tree/main/charts/self-host
icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/icon-square.svg
maintainers:
- name: dept-devops
name: self-host
type: application
version: 2024.2.2
This is likely a mssql bug, but will start here.
Try to install bitwarden - the mssql pod crashes and thus fails to start. See the attached error log. A SIGABRT
happens with the first few lines of the log:
Ubuntu 22.04.3 LTS
Capturing core dump and information to /var/opt/mssql/log...
/bin/cat: /proc/10/maps: Permission denied
cat: /proc/10/environ: Permission denied
find: '/proc/10/task/10/fdinfo': Permission denied
find: '/proc/10/task/12/fdinfo': Permission denied
I am running Kubernetes 1.29.2 via k0s on Fedora 39. I have been successfully running the 2023.12 release over the last month. Today I upgraded to 2024.2.2 and ran into this error. However, when rolling back to 2023.12 I still get the same error.
Wondering if this was caused by SE linux, I disabled it. That made no difference.
Today I also ran dnf update
and noticed I got a new kernel plus other updates. I know wonder if one of those updates is causing this issue.
A few people have reported this issue over the years, usually around mounting volumes into a mssql docker image. For example:
For bitwarden to install correctly
Bitwarden doesn't install
No response
My values.yaml overrides:
general:
domain: xx.xx.xx
ingress:
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
# Comma-separated list of email addresses for Admin users
admins: [email protected]
email:
# Email address used for invitations, typically no-reply@smtp-host
replyToEmail: [email protected]
# Your SMTP server hostname (recommended) or IP address
smtpHost: xx.xx.xx
# The SMTP port used by the SMTP server
smtpPort: "465"
# Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS
smtpSsl: "false"
volumeAccessMode: ReadWriteOnce
sharedStorageClassName: openebs-hostpath
# Secrets are required. Review the chart README on GitHub for details on creating these secrets
secrets:
secretName: bitwarden-credentials
# Data volume sizes for shared PVCs
volume:
dataprotection:
size: "1Gi"
attachments:
size: 1Gi
licenses:
size: 1Gi
logs:
enabled: true
size: 1Gi
serviceAccount:
name: bitwarden
deployRolesOnly: false
database:
enabled: true
resources:
requests:
memory: "2G"
cpu: "500m"
limits:
memory: "4G"
cpu:
2024.2.2
k0s
Kubernetes 1.29.2
Fedora 39
use flux to deploy the helm release;
Helm release is well deployed
โ Helm install failed: error while running post render on files: map[string]interface {}(nil): yaml: unmarshal errors:
line 54: mapping key "resources" already defined at line 53
No response
No response
self-host-0.1.7-Beta
No response
I received the first email after I create the account, so my SMPT is working, I expect to receive the verification email
Error received instead
No response
0.1.14-Beta
Using EKS as kubernetes environment and Amazon SES to send emails
run this cmd:
helm install bitwarden bitwarden/self-host --version=0.1.7-Beta --namespace bitwarden --values values.yaml
with this minimal values:
database:
enabled: true
volume:
backups:
size: 20Gi
data:
size: 20Gi
log:
size: 10Gi
general:
admins: false
domain: test.env.fr
email:
replyToEmail: [email protected]
smtpHost: xxxxx
smtpPort: "587"
ingress:
annotations:
enabled: true
secrets:
secretName: custom
Helm release is deployed
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(StatefulSet.spec): missing required field "serviceName" in io.k8s.api.apps.v1.StatefulSetSpec
No response
No response
0.1.7-Beta
No response
Log:
self-host-web pod
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET http://bitwarden.xxxx.xx/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dweb%26redirect_uri%3Dhttps%253A%252F%252Fbitwarden.xxxx.xx%252Fsso-connector.html%26response_type%3Dcode%26scope%3Dapi%2520offline_access%26state%3DzPXULyXRcXD5hdeh4kEZtjDgF9fH5ULPL3giu4GDNR7JSgwh896a4a2BhfTXvFF9_identifier%253DKIF%25C3%259C%26code_challenge%3D4YNnYCgAKaCVZYu_mljIsSgWcPdQC1kP38mMRbeZA8o%26code_challenge_method%3DS256%26response_mode%3Dquery%26domain_hint%3DKIF%25C3%259C%26ssoToken%3DBWUserPrefix_CfDJ8MIpcSLm3NdOhzBWDFQa2p_ExYcHORWE1RjVO6sVwIVN6jkWIgxXZX-oknRiJCszX0oZLqbMEtAc1Cqek8AbKNi61MnqGGjkDtrigfSgjwnDqJIQMsW5vuuQjXwwP2D9sEF0qe9wBGWsfa8qHqFD9Qb24nhQk1wv8Wz65s3w_K1o7knB-2VBHLiDM7X2Vw6jBI0e206BOMh9F3kZLiHUysG6kxEpHWDipZtV_c_czVv6a1EmGqlw-2mZAfqjbl6l5-vl58IoNjfEZW9G-Id1BWk4lrpf11a9zjfkGsRdg1jYZR0c_QKNPwr4z6jZ7NUIhA - - - 404 0 - 0.2309ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Successful Login
Login not successful - 404 error
No response
No response
0.1.2-Beta
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.