From edd7cca681c31944dd113e54dfa180f5e3ab0d95 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Mon, 4 Dec 2023 10:20:35 -0600 Subject: [PATCH] Updates ready for v0.1.8-Beta (#64) * Fixing tag overrides. Updating Application Gateway README steps. Increasing resources for API and Identity pods * Apply suggestions from code review Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update charts/self-host/templates/helpers.tpl --------- Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- charts/self-host/README.md | 40 +++++++++++-------- charts/self-host/templates/admin.yaml | 2 +- charts/self-host/templates/api.yaml | 2 +- charts/self-host/templates/attachments.yaml | 2 +- charts/self-host/templates/events.yaml | 2 +- charts/self-host/templates/icons.yaml | 2 +- charts/self-host/templates/identity.yaml | 2 +- charts/self-host/templates/notifications.yaml | 2 +- .../post-install-db-migrator-job.yaml | 2 +- .../pre-install-db-migrator-job.yaml | 2 +- charts/self-host/templates/scim.yaml | 2 +- charts/self-host/templates/sso.yaml | 2 +- charts/self-host/templates/web.yaml | 2 +- charts/self-host/values.yaml | 12 +++--- 14 files changed, 42 insertions(+), 34 deletions(-) diff --git a/charts/self-host/README.md b/charts/self-host/README.md index e632c7a4..89ea0884 100644 --- a/charts/self-host/README.md +++ b/charts/self-host/README.md @@ -561,43 +561,51 @@ secrets: secretProviderClass: bitwarden-azure-keyvault-csi #metadata.name in example ``` +### Create Empty Azure Application Gateway Rewrite Set + +Application Gateway ingress deployments have a few more required steps for Bitwarden to function correctly. If you are using another ingress controller, you may skip to the next section. + +We will need to create a rewrite set on the Application Gateway. There are various ways of doing this, but we will discuss using the Azure Portal. For now we are creating an empty set for the Helm deployment to work. We will add the rewrite rule after deploying Helm. + + 1. Navigate to the Application Gateway in the Azure Portal + 2. Once in the Application Gateway, find the "Rewrites" blade in the left-hand navigation menu. + 3. Click the "+ Rewrite set" button at the top of the main page section to add a new rewrite set + 4. On the "Update rewrite set" page in the "Name and Association" tab set the `Name` field to the same value specified in the `appgw.ingress.kubernetes.io/rewrite-rule-set` ingress annotation + 5. Click Next + 6. Click Create + ### Helm ```shell helm upgrade bitwarden bitwarden/self-host --install --devel --namespace bitwarden --values my-values.yaml ``` -### Azure Application Gateway Rewrite Set +### Update Azure Application Gateway Rewrite Set Application Gateway ingress deployments have one more required step for Bitwarden to function correctly. If you are using another ingress controller, you may skip to the next section. -We will need to create a rewrite set on the Application Gateway. There are various ways of doing this, but we will discuss using the Azure Portal. +We will need to finish the rewrite set on the Application Gateway we created earlier. - 1. Navigate to the Application Gateway in the Azure Portal - 2. Once in the Application Gateway, find the "Rewrites" blade in the left-hand navigation menu. - 3. Click the "+ Rewrite set" button at the top of the main page section to add a new rewrite set - 4. On the "Update rewrite set" page in the "Name and Association" tab: - - Set the Name field to the same value specified in the `appgw.ingress.kubernetes.io/rewrite-rule-set` ingress annotation - - Select all routing rules that start with something similar to "pr-bitwarden-bitwarden-ingress-rule-*" - 5. Click Next - 6. On the "Rewrite rule configuration" tab, click the "Add rewrite rule" button - 7. Enter a name for the rule. This can be anything that helps you with organization. Something simlar to "bitwarden-rewrite" will work. - 8. The rule sequence value does not matter for this purpose. - 9. Add a condition and set the following values: + 1. Reopen the rewrite set you created earlier. + 2. On the "Update rewrite set" page in the "Name and Association" tab, select all routing paths that begin with pr-bitwarden-self-host-ingress... , deselect any that do not begin with that prefix, and then select Next. + 3. On the "Rewrite rule configuration" tab, click the "Add rewrite rule" button. + 4. Enter a name for the rule. This can be anything that helps you with organization. Something similar to "bitwarden-rewrite" will work. + 5. The rule sequence value does not matter for this purpose. + 6. Add a condition and set the following values: - Type of variable to check: Server variable - Server variable: uri_path - Case-sensitive: No - Operator: equal (=) - Pattern to match: `^(\/(?!admin)[^\/]*)\/(.*)` - Click OK - 10. Add an action and set the following values: + 7. Add an action and set the following values: - Rewrite type: URL - Action type: Set - Components: URL path - URL path value: `/{var_uri_path_2}` - Re-evalueate path map: Unchecked - Click OK - 11. Click "Create" at the bottom of the screen + 8. Click "Update" at the bottom of the screen. ### Pointing your DNS @@ -853,7 +861,7 @@ oc create secret generic custom-secret -n bitwarden \ --from-literal=globalSettings__yubico__clientId="REPLACE" \ --from-literal=globalSettings__yubico__key="REPLACE" \ --from-literal=SA_PASSWORD="REPLACE" # If using SQL pod - # --from-literal="REPLACE" # If using your own SQL server + # --from-literal=globalSettings__sqlServer__connectionString="REPLACE" # If using your own SQL server ``` ### Create a service account diff --git a/charts/self-host/templates/admin.yaml b/charts/self-host/templates/admin.yaml index fd2ee66c..62133132 100644 --- a/charts/self-host/templates/admin.yaml +++ b/charts/self-host/templates/admin.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.admin" . }} - image: "{{ .Values.component.admin.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.admin.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/api.yaml b/charts/self-host/templates/api.yaml index fd448da8..d01e1ab9 100644 --- a/charts/self-host/templates/api.yaml +++ b/charts/self-host/templates/api.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.api" . }} - image: "{{ .Values.component.api.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.api.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/attachments.yaml b/charts/self-host/templates/attachments.yaml index 931cea3e..ed207511 100644 --- a/charts/self-host/templates/attachments.yaml +++ b/charts/self-host/templates/attachments.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.attachments" . }} - image: "{{ .Values.component.attachments.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.attachments.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/events.yaml b/charts/self-host/templates/events.yaml index 61390460..de9b1798 100644 --- a/charts/self-host/templates/events.yaml +++ b/charts/self-host/templates/events.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.events" . }} - image: "{{ .Values.component.events.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.events.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/icons.yaml b/charts/self-host/templates/icons.yaml index 5911ad59..60e21242 100644 --- a/charts/self-host/templates/icons.yaml +++ b/charts/self-host/templates/icons.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.icons" . }} - image: "{{ .Values.component.icons.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.icons.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/identity.yaml b/charts/self-host/templates/identity.yaml index 22656f5f..17690c38 100644 --- a/charts/self-host/templates/identity.yaml +++ b/charts/self-host/templates/identity.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.identity" . }} - image: "{{ .Values.component.identity.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.identity.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/notifications.yaml b/charts/self-host/templates/notifications.yaml index d8fea8fa..77409dfc 100644 --- a/charts/self-host/templates/notifications.yaml +++ b/charts/self-host/templates/notifications.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.notifications" . }} - image: "{{ .Values.component.notifications.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.notifications.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/post-install-db-migrator-job.yaml b/charts/self-host/templates/post-install-db-migrator-job.yaml index ed9a1188..cf58e81e 100644 --- a/charts/self-host/templates/post-install-db-migrator-job.yaml +++ b/charts/self-host/templates/post-install-db-migrator-job.yaml @@ -63,7 +63,7 @@ spec: name: "{{ .Values.secrets.secretName }}" {{- end }} key: globalSettings__sqlServer__connectionString - image: "bitwarden/mssqlmigratorutility:{{ template "bitwarden.coreVersion" }}" + image: "bitwarden/mssqlmigratorutility:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" volumeMounts: {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline diff --git a/charts/self-host/templates/pre-install-db-migrator-job.yaml b/charts/self-host/templates/pre-install-db-migrator-job.yaml index e113657b..71317034 100644 --- a/charts/self-host/templates/pre-install-db-migrator-job.yaml +++ b/charts/self-host/templates/pre-install-db-migrator-job.yaml @@ -35,7 +35,7 @@ spec: name: "{{ .Values.secrets.secretName }}" {{- end }} key: globalSettings__sqlServer__connectionString - image: "bitwarden/mssqlmigratorutility:{{ template "bitwarden.coreVersion" }}" + image: "bitwarden/mssqlmigratorutility:{{default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" volumeMounts: {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline diff --git a/charts/self-host/templates/scim.yaml b/charts/self-host/templates/scim.yaml index 0a615211..087f34dc 100644 --- a/charts/self-host/templates/scim.yaml +++ b/charts/self-host/templates/scim.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.scim" . }} - image: "{{ .Values.component.scim.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.scim.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/sso.yaml b/charts/self-host/templates/sso.yaml index 3e713e71..f1b7791f 100644 --- a/charts/self-host/templates/sso.yaml +++ b/charts/self-host/templates/sso.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.sso" . }} - image: "{{ .Values.component.sso.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.sso.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/web.yaml b/charts/self-host/templates/web.yaml index aed477e1..55b75752 100644 --- a/charts/self-host/templates/web.yaml +++ b/charts/self-host/templates/web.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.web" . }} - image: "{{ .Values.component.web.image.name }}:{{ template "bitwarden.webVersion" }}" + image: "{{ .Values.component.web.image.name }}:{{ default ( include "bitwarden.webVersionDefault" nil ) .Values.general.webVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/values.yaml b/charts/self-host/values.yaml index 2df275f0..4bc1f09c 100644 --- a/charts/self-host/values.yaml +++ b/charts/self-host/values.yaml @@ -121,11 +121,11 @@ component: # The pod resource requirements. You can adjust these up and down for your environment resources: requests: - memory: "64Mi" - cpu: "50m" - limits: memory: "128Mi" cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context @@ -201,11 +201,11 @@ component: # The pod resource requirements. You can adjust these up and down for your environment resources: requests: - memory: "64Mi" - cpu: "50m" - limits: memory: "128Mi" cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context