diff --git a/charts/self-host/README.md b/charts/self-host/README.md index e632c7a4..10d69512 100644 --- a/charts/self-host/README.md +++ b/charts/self-host/README.md @@ -561,43 +561,51 @@ secrets: secretProviderClass: bitwarden-azure-keyvault-csi #metadata.name in example ``` +### Create Empty Azure Application Gateway Rewrite Set + +Application Gateway ingress deployments have a few more required step for Bitwarden to function correctly. If you are using another ingress controller, you may skip to the next section. + +We will need to create a rewrite set on the Application Gateway. There are various ways of doing this, but we will discuss using the Azure Portal. For now we are creating an empty set for the Helm deployment to work. We will add the rewrite rule after deploying Helm. + + 1. Navigate to the Application Gateway in the Azure Portal + 2. Once in the Application Gateway, find the "Rewrites" blade in the left-hand navigation menu. + 3. Click the "+ Rewrite set" button at the top of the main page section to add a new rewrite set + 4. On the "Update rewrite set" page in the "Name and Association" tab set the `Name` field to the same value specified in the `appgw.ingress.kubernetes.io/rewrite-rule-set` ingress annotation + 5. Click Next + 6. Click Create + ### Helm ```shell helm upgrade bitwarden bitwarden/self-host --install --devel --namespace bitwarden --values my-values.yaml ``` -### Azure Application Gateway Rewrite Set +### Update Azure Application Gateway Rewrite Set Application Gateway ingress deployments have one more required step for Bitwarden to function correctly. If you are using another ingress controller, you may skip to the next section. -We will need to create a rewrite set on the Application Gateway. There are various ways of doing this, but we will discuss using the Azure Portal. +We will need finish the rewrite set on the Application Gateway we created earlier. - 1. Navigate to the Application Gateway in the Azure Portal - 2. Once in the Application Gateway, find the "Rewrites" blade in the left-hand navigation menu. - 3. Click the "+ Rewrite set" button at the top of the main page section to add a new rewrite set - 4. On the "Update rewrite set" page in the "Name and Association" tab: - - Set the Name field to the same value specified in the `appgw.ingress.kubernetes.io/rewrite-rule-set` ingress annotation - - Select all routing rules that start with something similar to "pr-bitwarden-bitwarden-ingress-rule-*" - 5. Click Next - 6. On the "Rewrite rule configuration" tab, click the "Add rewrite rule" button - 7. Enter a name for the rule. This can be anything that helps you with organization. Something simlar to "bitwarden-rewrite" will work. - 8. The rule sequence value does not matter for this purpose. - 9. Add a condition and set the following values: + 1. Reopen the rewrite set you created earlier. + 2. On the "Update rewrite set" page in the "Name and Association" tab, select all routing paths that begin with pr-bitwarden-self-host-ingress... , de-select any that do not begin with that prefix, and select Next + 3. On the "Rewrite rule configuration" tab, click the "Add rewrite rule" button + 4. Enter a name for the rule. This can be anything that helps you with organization. Something simlar to "bitwarden-rewrite" will work. + 5. The rule sequence value does not matter for this purpose. + 6. Add a condition and set the following values: - Type of variable to check: Server variable - Server variable: uri_path - Case-sensitive: No - Operator: equal (=) - Pattern to match: `^(\/(?!admin)[^\/]*)\/(.*)` - Click OK - 10. Add an action and set the following values: + 7. Add an action and set the following values: - Rewrite type: URL - Action type: Set - Components: URL path - URL path value: `/{var_uri_path_2}` - Re-evalueate path map: Unchecked - Click OK - 11. Click "Create" at the bottom of the screen + 8. Click "Update" at the bottom of the screen ### Pointing your DNS @@ -853,7 +861,7 @@ oc create secret generic custom-secret -n bitwarden \ --from-literal=globalSettings__yubico__clientId="REPLACE" \ --from-literal=globalSettings__yubico__key="REPLACE" \ --from-literal=SA_PASSWORD="REPLACE" # If using SQL pod - # --from-literal="REPLACE" # If using your own SQL server + # --from-literal=globalSettings__sqlServer__connectionString="REPLACE" # If using your own SQL server ``` ### Create a service account diff --git a/charts/self-host/templates/admin.yaml b/charts/self-host/templates/admin.yaml index fd2ee66c..13cfbab4 100644 --- a/charts/self-host/templates/admin.yaml +++ b/charts/self-host/templates/admin.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.admin" . }} - image: "{{ .Values.component.admin.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.admin.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/api.yaml b/charts/self-host/templates/api.yaml index fd448da8..a815fc14 100644 --- a/charts/self-host/templates/api.yaml +++ b/charts/self-host/templates/api.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.api" . }} - image: "{{ .Values.component.api.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.api.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/attachments.yaml b/charts/self-host/templates/attachments.yaml index 931cea3e..18162a62 100644 --- a/charts/self-host/templates/attachments.yaml +++ b/charts/self-host/templates/attachments.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.attachments" . }} - image: "{{ .Values.component.attachments.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.attachments.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/events.yaml b/charts/self-host/templates/events.yaml index 61390460..a3d4b732 100644 --- a/charts/self-host/templates/events.yaml +++ b/charts/self-host/templates/events.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.events" . }} - image: "{{ .Values.component.events.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.events.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/helpers.tpl b/charts/self-host/templates/helpers.tpl index 3719adc3..9c4cadf8 100644 --- a/charts/self-host/templates/helpers.tpl +++ b/charts/self-host/templates/helpers.tpl @@ -16,7 +16,7 @@ Get the coreVersion for image tags Get the webVersion for image tags */}} {{- define "bitwarden.webVersion" -}} -{{- default ( include "bitwarden.webVersionDefault" nil ) .Values.general.webVersionOverride -}} +{{- default ( include "bitwarden.webVersionDefault" nil ) .Values.webVersionOverride -}} {{- end -}} {{/* diff --git a/charts/self-host/templates/icons.yaml b/charts/self-host/templates/icons.yaml index 5911ad59..b4f51aab 100644 --- a/charts/self-host/templates/icons.yaml +++ b/charts/self-host/templates/icons.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.icons" . }} - image: "{{ .Values.component.icons.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.icons.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/identity.yaml b/charts/self-host/templates/identity.yaml index 22656f5f..d219c364 100644 --- a/charts/self-host/templates/identity.yaml +++ b/charts/self-host/templates/identity.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.identity" . }} - image: "{{ .Values.component.identity.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.identity.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/notifications.yaml b/charts/self-host/templates/notifications.yaml index d8fea8fa..caea757a 100644 --- a/charts/self-host/templates/notifications.yaml +++ b/charts/self-host/templates/notifications.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.notifications" . }} - image: "{{ .Values.component.notifications.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.notifications.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/post-install-db-migrator-job.yaml b/charts/self-host/templates/post-install-db-migrator-job.yaml index ed9a1188..441e7acc 100644 --- a/charts/self-host/templates/post-install-db-migrator-job.yaml +++ b/charts/self-host/templates/post-install-db-migrator-job.yaml @@ -63,7 +63,7 @@ spec: name: "{{ .Values.secrets.secretName }}" {{- end }} key: globalSettings__sqlServer__connectionString - image: "bitwarden/mssqlmigratorutility:{{ template "bitwarden.coreVersion" }}" + image: "bitwarden/mssqlmigratorutility:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" volumeMounts: {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline diff --git a/charts/self-host/templates/pre-install-db-migrator-job.yaml b/charts/self-host/templates/pre-install-db-migrator-job.yaml index e113657b..a25e584d 100644 --- a/charts/self-host/templates/pre-install-db-migrator-job.yaml +++ b/charts/self-host/templates/pre-install-db-migrator-job.yaml @@ -35,7 +35,7 @@ spec: name: "{{ .Values.secrets.secretName }}" {{- end }} key: globalSettings__sqlServer__connectionString - image: "bitwarden/mssqlmigratorutility:{{ template "bitwarden.coreVersion" }}" + image: "bitwarden/mssqlmigratorutility:{{default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" volumeMounts: {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline diff --git a/charts/self-host/templates/scim.yaml b/charts/self-host/templates/scim.yaml index 0a615211..401f464f 100644 --- a/charts/self-host/templates/scim.yaml +++ b/charts/self-host/templates/scim.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.scim" . }} - image: "{{ .Values.component.scim.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.scim.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/sso.yaml b/charts/self-host/templates/sso.yaml index 3e713e71..4a31945c 100644 --- a/charts/self-host/templates/sso.yaml +++ b/charts/self-host/templates/sso.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.sso" . }} - image: "{{ .Values.component.sso.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.sso.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/web.yaml b/charts/self-host/templates/web.yaml index aed477e1..55b75752 100644 --- a/charts/self-host/templates/web.yaml +++ b/charts/self-host/templates/web.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.web" . }} - image: "{{ .Values.component.web.image.name }}:{{ template "bitwarden.webVersion" }}" + image: "{{ .Values.component.web.image.name }}:{{ default ( include "bitwarden.webVersionDefault" nil ) .Values.general.webVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/values.yaml b/charts/self-host/values.yaml index 2df275f0..4bc1f09c 100644 --- a/charts/self-host/values.yaml +++ b/charts/self-host/values.yaml @@ -121,11 +121,11 @@ component: # The pod resource requirements. You can adjust these up and down for your environment resources: requests: - memory: "64Mi" - cpu: "50m" - limits: memory: "128Mi" cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context @@ -201,11 +201,11 @@ component: # The pod resource requirements. You can adjust these up and down for your environment resources: requests: - memory: "64Mi" - cpu: "50m" - limits: memory: "128Mi" cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context