From dfa0d7469689ec93729fd7bbeb1dfc0b175c1577 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Thu, 30 Nov 2023 08:40:51 -0600 Subject: [PATCH 01/24] Fixing tag overrides. Updating Application Gateway README steps. Increasing resources for API and Identity pods --- charts/self-host/README.md | 40 +++++++++++-------- charts/self-host/templates/admin.yaml | 2 +- charts/self-host/templates/api.yaml | 2 +- charts/self-host/templates/attachments.yaml | 2 +- charts/self-host/templates/events.yaml | 2 +- charts/self-host/templates/helpers.tpl | 2 +- charts/self-host/templates/icons.yaml | 2 +- charts/self-host/templates/identity.yaml | 2 +- charts/self-host/templates/notifications.yaml | 2 +- .../post-install-db-migrator-job.yaml | 2 +- .../pre-install-db-migrator-job.yaml | 2 +- charts/self-host/templates/scim.yaml | 2 +- charts/self-host/templates/sso.yaml | 2 +- charts/self-host/templates/web.yaml | 2 +- charts/self-host/values.yaml | 12 +++--- 15 files changed, 43 insertions(+), 35 deletions(-) diff --git a/charts/self-host/README.md b/charts/self-host/README.md index e632c7a4..10d69512 100644 --- a/charts/self-host/README.md +++ b/charts/self-host/README.md @@ -561,43 +561,51 @@ secrets: secretProviderClass: bitwarden-azure-keyvault-csi #metadata.name in example ``` +### Create Empty Azure Application Gateway Rewrite Set + +Application Gateway ingress deployments have a few more required step for Bitwarden to function correctly. If you are using another ingress controller, you may skip to the next section. + +We will need to create a rewrite set on the Application Gateway. There are various ways of doing this, but we will discuss using the Azure Portal. For now we are creating an empty set for the Helm deployment to work. We will add the rewrite rule after deploying Helm. + + 1. Navigate to the Application Gateway in the Azure Portal + 2. Once in the Application Gateway, find the "Rewrites" blade in the left-hand navigation menu. + 3. Click the "+ Rewrite set" button at the top of the main page section to add a new rewrite set + 4. On the "Update rewrite set" page in the "Name and Association" tab set the `Name` field to the same value specified in the `appgw.ingress.kubernetes.io/rewrite-rule-set` ingress annotation + 5. Click Next + 6. Click Create + ### Helm ```shell helm upgrade bitwarden bitwarden/self-host --install --devel --namespace bitwarden --values my-values.yaml ``` -### Azure Application Gateway Rewrite Set +### Update Azure Application Gateway Rewrite Set Application Gateway ingress deployments have one more required step for Bitwarden to function correctly. If you are using another ingress controller, you may skip to the next section. -We will need to create a rewrite set on the Application Gateway. There are various ways of doing this, but we will discuss using the Azure Portal. +We will need finish the rewrite set on the Application Gateway we created earlier. - 1. Navigate to the Application Gateway in the Azure Portal - 2. Once in the Application Gateway, find the "Rewrites" blade in the left-hand navigation menu. - 3. Click the "+ Rewrite set" button at the top of the main page section to add a new rewrite set - 4. On the "Update rewrite set" page in the "Name and Association" tab: - - Set the Name field to the same value specified in the `appgw.ingress.kubernetes.io/rewrite-rule-set` ingress annotation - - Select all routing rules that start with something similar to "pr-bitwarden-bitwarden-ingress-rule-*" - 5. Click Next - 6. On the "Rewrite rule configuration" tab, click the "Add rewrite rule" button - 7. Enter a name for the rule. This can be anything that helps you with organization. Something simlar to "bitwarden-rewrite" will work. - 8. The rule sequence value does not matter for this purpose. - 9. Add a condition and set the following values: + 1. Reopen the rewrite set you created earlier. + 2. On the "Update rewrite set" page in the "Name and Association" tab, select all routing paths that begin with pr-bitwarden-self-host-ingress... , de-select any that do not begin with that prefix, and select Next + 3. On the "Rewrite rule configuration" tab, click the "Add rewrite rule" button + 4. Enter a name for the rule. This can be anything that helps you with organization. Something simlar to "bitwarden-rewrite" will work. + 5. The rule sequence value does not matter for this purpose. + 6. Add a condition and set the following values: - Type of variable to check: Server variable - Server variable: uri_path - Case-sensitive: No - Operator: equal (=) - Pattern to match: `^(\/(?!admin)[^\/]*)\/(.*)` - Click OK - 10. Add an action and set the following values: + 7. Add an action and set the following values: - Rewrite type: URL - Action type: Set - Components: URL path - URL path value: `/{var_uri_path_2}` - Re-evalueate path map: Unchecked - Click OK - 11. Click "Create" at the bottom of the screen + 8. Click "Update" at the bottom of the screen ### Pointing your DNS @@ -853,7 +861,7 @@ oc create secret generic custom-secret -n bitwarden \ --from-literal=globalSettings__yubico__clientId="REPLACE" \ --from-literal=globalSettings__yubico__key="REPLACE" \ --from-literal=SA_PASSWORD="REPLACE" # If using SQL pod - # --from-literal="REPLACE" # If using your own SQL server + # --from-literal=globalSettings__sqlServer__connectionString="REPLACE" # If using your own SQL server ``` ### Create a service account diff --git a/charts/self-host/templates/admin.yaml b/charts/self-host/templates/admin.yaml index fd2ee66c..13cfbab4 100644 --- a/charts/self-host/templates/admin.yaml +++ b/charts/self-host/templates/admin.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.admin" . }} - image: "{{ .Values.component.admin.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.admin.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/api.yaml b/charts/self-host/templates/api.yaml index fd448da8..a815fc14 100644 --- a/charts/self-host/templates/api.yaml +++ b/charts/self-host/templates/api.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.api" . }} - image: "{{ .Values.component.api.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.api.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/attachments.yaml b/charts/self-host/templates/attachments.yaml index 931cea3e..18162a62 100644 --- a/charts/self-host/templates/attachments.yaml +++ b/charts/self-host/templates/attachments.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.attachments" . }} - image: "{{ .Values.component.attachments.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.attachments.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/events.yaml b/charts/self-host/templates/events.yaml index 61390460..a3d4b732 100644 --- a/charts/self-host/templates/events.yaml +++ b/charts/self-host/templates/events.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.events" . }} - image: "{{ .Values.component.events.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.events.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/helpers.tpl b/charts/self-host/templates/helpers.tpl index 3719adc3..9c4cadf8 100644 --- a/charts/self-host/templates/helpers.tpl +++ b/charts/self-host/templates/helpers.tpl @@ -16,7 +16,7 @@ Get the coreVersion for image tags Get the webVersion for image tags */}} {{- define "bitwarden.webVersion" -}} -{{- default ( include "bitwarden.webVersionDefault" nil ) .Values.general.webVersionOverride -}} +{{- default ( include "bitwarden.webVersionDefault" nil ) .Values.webVersionOverride -}} {{- end -}} {{/* diff --git a/charts/self-host/templates/icons.yaml b/charts/self-host/templates/icons.yaml index 5911ad59..b4f51aab 100644 --- a/charts/self-host/templates/icons.yaml +++ b/charts/self-host/templates/icons.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.icons" . }} - image: "{{ .Values.component.icons.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.icons.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/identity.yaml b/charts/self-host/templates/identity.yaml index 22656f5f..d219c364 100644 --- a/charts/self-host/templates/identity.yaml +++ b/charts/self-host/templates/identity.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.identity" . }} - image: "{{ .Values.component.identity.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.identity.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/notifications.yaml b/charts/self-host/templates/notifications.yaml index d8fea8fa..caea757a 100644 --- a/charts/self-host/templates/notifications.yaml +++ b/charts/self-host/templates/notifications.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.notifications" . }} - image: "{{ .Values.component.notifications.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.notifications.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/post-install-db-migrator-job.yaml b/charts/self-host/templates/post-install-db-migrator-job.yaml index ed9a1188..441e7acc 100644 --- a/charts/self-host/templates/post-install-db-migrator-job.yaml +++ b/charts/self-host/templates/post-install-db-migrator-job.yaml @@ -63,7 +63,7 @@ spec: name: "{{ .Values.secrets.secretName }}" {{- end }} key: globalSettings__sqlServer__connectionString - image: "bitwarden/mssqlmigratorutility:{{ template "bitwarden.coreVersion" }}" + image: "bitwarden/mssqlmigratorutility:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" volumeMounts: {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline diff --git a/charts/self-host/templates/pre-install-db-migrator-job.yaml b/charts/self-host/templates/pre-install-db-migrator-job.yaml index e113657b..a25e584d 100644 --- a/charts/self-host/templates/pre-install-db-migrator-job.yaml +++ b/charts/self-host/templates/pre-install-db-migrator-job.yaml @@ -35,7 +35,7 @@ spec: name: "{{ .Values.secrets.secretName }}" {{- end }} key: globalSettings__sqlServer__connectionString - image: "bitwarden/mssqlmigratorutility:{{ template "bitwarden.coreVersion" }}" + image: "bitwarden/mssqlmigratorutility:{{default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" volumeMounts: {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline diff --git a/charts/self-host/templates/scim.yaml b/charts/self-host/templates/scim.yaml index 0a615211..401f464f 100644 --- a/charts/self-host/templates/scim.yaml +++ b/charts/self-host/templates/scim.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.scim" . }} - image: "{{ .Values.component.scim.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.scim.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/sso.yaml b/charts/self-host/templates/sso.yaml index 3e713e71..4a31945c 100644 --- a/charts/self-host/templates/sso.yaml +++ b/charts/self-host/templates/sso.yaml @@ -45,7 +45,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.sso" . }} - image: "{{ .Values.component.sso.image.name }}:{{ template "bitwarden.coreVersion" }}" + image: "{{ .Values.component.sso.image.name }}:{{ default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride}}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/templates/web.yaml b/charts/self-host/templates/web.yaml index aed477e1..55b75752 100644 --- a/charts/self-host/templates/web.yaml +++ b/charts/self-host/templates/web.yaml @@ -31,7 +31,7 @@ spec: {{- end }} containers: - name: {{ template "bitwarden.web" . }} - image: "{{ .Values.component.web.image.name }}:{{ template "bitwarden.webVersion" }}" + image: "{{ .Values.component.web.image.name }}:{{ default ( include "bitwarden.webVersionDefault" nil ) .Values.general.webVersionOverride }}" envFrom: - configMapRef: name: {{ .Release.Name }}-config-map diff --git a/charts/self-host/values.yaml b/charts/self-host/values.yaml index 2df275f0..4bc1f09c 100644 --- a/charts/self-host/values.yaml +++ b/charts/self-host/values.yaml @@ -121,11 +121,11 @@ component: # The pod resource requirements. You can adjust these up and down for your environment resources: requests: - memory: "64Mi" - cpu: "50m" - limits: memory: "128Mi" cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context @@ -201,11 +201,11 @@ component: # The pod resource requirements. You can adjust these up and down for your environment resources: requests: - memory: "64Mi" - cpu: "50m" - limits: memory: "128Mi" cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" # Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value. deploymentStrategy: RollingUpdate # This will set the Kubernetes container security context From 0bfa75c9294af7633a929901f620a7aebb744772 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Thu, 30 Nov 2023 10:19:30 -0600 Subject: [PATCH 02/24] Adding new test to update version to check if the versions have been pushed to Docker Hub --- .github/workflows/update-versions.yml | 31 +++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index f836abc5..8b97e7bf 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -74,6 +74,37 @@ jobs: fi working-directory: charts/self-host/templates + - name: Verify if image versions are on Docker Hub + id: web-update + env: + COREVERSION: ${{ steps.get-core.outputs.version }} + WEBVERSION: ${{ steps.get-web.outputs.version }} + run: | + coreimages=( "admin" "api" "attachments" "events" "icons" "identity" "notifications" "scim" "sso" "mssqlmigratorutility" ) + + test_image() { + image=$1 + version=$2 + + tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version) + if [[ -z "$tag" ]]; then + echo "$image - $version - NOT FOUND!" + echo "Stopping..." + exit 1 + else + echo "$image - $tag - FOUND" + fi + } + + for key in "${!coreimages[@]}" + do + image=${coreimages[$key]} + + test_image $image $COREVERSION + done + + test_image "web" $WEBVERSION + update-versions: name: "Update Versions" if: | From ea61bdc44ae4a64d03beb2ff58958d2fa814e74c Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:23:46 -0600 Subject: [PATCH 03/24] Fixing step name for version verification --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index 8b97e7bf..baf987c0 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -75,7 +75,7 @@ jobs: working-directory: charts/self-host/templates - name: Verify if image versions are on Docker Hub - id: web-update + id: verify-versions env: COREVERSION: ${{ steps.get-core.outputs.version }} WEBVERSION: ${{ steps.get-web.outputs.version }} From c471fdd4d2fe18fc8ccc1f0e8c3625aeb16c5df0 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:28:17 -0600 Subject: [PATCH 04/24] Changing exit code for testing purposes --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index baf987c0..427143d1 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -90,7 +90,7 @@ jobs: if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" echo "Stopping..." - exit 1 + exit 127 else echo "$image - $tag - FOUND" fi From 31653c3f22c2f10dae3dc19186d451527340a66e Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:39:35 -0600 Subject: [PATCH 05/24] Adding some test logging --- .github/workflows/update-versions.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index 427143d1..047ffda8 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -80,8 +80,10 @@ jobs: COREVERSION: ${{ steps.get-core.outputs.version }} WEBVERSION: ${{ steps.get-web.outputs.version }} run: | + echo "Checking..." + coreimages=( "admin" "api" "attachments" "events" "icons" "identity" "notifications" "scim" "sso" "mssqlmigratorutility" ) - + test_image() { image=$1 version=$2 @@ -96,6 +98,8 @@ jobs: fi } + echo "Core Images..." + for key in "${!coreimages[@]}" do image=${coreimages[$key]} @@ -103,6 +107,8 @@ jobs: test_image $image $COREVERSION done + echo "Web Image..." + test_image "web" $WEBVERSION update-versions: From 3b4060ad9b2327e73cc720f54b0f06218e0d3985 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:43:21 -0600 Subject: [PATCH 06/24] Adding further logging --- .github/workflows/update-versions.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index 047ffda8..d285efb0 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -98,7 +98,7 @@ jobs: fi } - echo "Core Images..." + echo "Core Images ($COREVERSION)..." for key in "${!coreimages[@]}" do @@ -107,7 +107,7 @@ jobs: test_image $image $COREVERSION done - echo "Web Image..." + echo "Web Image ($WEBVERSION)..." test_image "web" $WEBVERSION From a7b798d94f1be4fcc5f97e7f9a2d20b6e4c18456 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:46:24 -0600 Subject: [PATCH 07/24] Debug logging --- .github/workflows/update-versions.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index d285efb0..f542e56c 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -102,9 +102,11 @@ jobs: for key in "${!coreimages[@]}" do + echo "here" image=${coreimages[$key]} - + echo "there" test_image $image $COREVERSION + echo "everywhere" done echo "Web Image ($WEBVERSION)..." From feca621f00e4de1e6a351b919f17b3bde96d8b94 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:49:30 -0600 Subject: [PATCH 08/24] More test logging --- .github/workflows/update-versions.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index f542e56c..6eef15d8 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -85,9 +85,10 @@ jobs: coreimages=( "admin" "api" "attachments" "events" "icons" "identity" "notifications" "scim" "sso" "mssqlmigratorutility" ) test_image() { + echo "test_image" image=$1 version=$2 - + echo "$image - $version" tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version) if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" @@ -105,6 +106,7 @@ jobs: echo "here" image=${coreimages[$key]} echo "there" + echo $image test_image $image $COREVERSION echo "everywhere" done From ddc2800e3d8c01cf0c27cb6201827f436219044e Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:52:37 -0600 Subject: [PATCH 09/24] Some more logging and a sleep to make sure the log gets flushed. --- .github/workflows/update-versions.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index 6eef15d8..de6b3cab 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -90,9 +90,11 @@ jobs: version=$2 echo "$image - $version" tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version) + echo "tag: $tag" if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" echo "Stopping..." + sleep 1 exit 127 else echo "$image - $tag - FOUND" From db8eab959f1800a26082eead24d00c61a467926b Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:54:20 -0600 Subject: [PATCH 10/24] Removing silent flag from curl to view actual output --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index de6b3cab..cc74a2d6 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -89,7 +89,7 @@ jobs: image=$1 version=$2 echo "$image - $version" - tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version) + tag=$(curl "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version) echo "tag: $tag" if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" From 008124d34308403696695c0b2c84a3b5d1834c05 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:01:16 -0600 Subject: [PATCH 11/24] Cat-ing grep output to avoid the exit code --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index cc74a2d6..b1caa12b 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -89,7 +89,7 @@ jobs: image=$1 version=$2 echo "$image - $version" - tag=$(curl "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version) + tag=$(curl "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version | cat) echo "tag: $tag" if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" From 9f3781b2138991c235b88b1816f12450e10457d9 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:09:21 -0600 Subject: [PATCH 12/24] Cleaning up --- .github/workflows/update-versions.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index b1caa12b..cf5cd5db 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -85,17 +85,13 @@ jobs: coreimages=( "admin" "api" "attachments" "events" "icons" "identity" "notifications" "scim" "sso" "mssqlmigratorutility" ) test_image() { - echo "test_image" image=$1 version=$2 - echo "$image - $version" tag=$(curl "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version | cat) - echo "tag: $tag" if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" echo "Stopping..." - sleep 1 - exit 127 + exit 1 else echo "$image - $tag - FOUND" fi @@ -105,12 +101,8 @@ jobs: for key in "${!coreimages[@]}" do - echo "here" image=${coreimages[$key]} - echo "there" - echo $image test_image $image $COREVERSION - echo "everywhere" done echo "Web Image ($WEBVERSION)..." From bc22dce87a87e2e45d4c89616c3ce714ea68148e Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:10:32 -0600 Subject: [PATCH 13/24] Adding silent flag back to curl --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index cf5cd5db..66043c06 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -87,7 +87,7 @@ jobs: test_image() { image=$1 version=$2 - tag=$(curl "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version | cat) + tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version | cat) if [[ -z "$tag" ]]; then echo "$image - $version - NOT FOUND!" echo "Stopping..." From 33443557eb32205659d44053872d21d28b0c2f2e Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:34:36 -0600 Subject: [PATCH 14/24] Using test values --- .github/workflows/update-versions.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index 66043c06..2627467a 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -77,8 +77,8 @@ jobs: - name: Verify if image versions are on Docker Hub id: verify-versions env: - COREVERSION: ${{ steps.get-core.outputs.version }} - WEBVERSION: ${{ steps.get-web.outputs.version }} + COREVERSION: 2023.10.2 #${{ steps.get-core.outputs.version }} + WEBVERSION: 2023.10.2 #${{ steps.get-web.outputs.version }} run: | echo "Checking..." From e0d22acc0de8af92fcc3ba8b6d403f5f7cec6b23 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:36:59 -0600 Subject: [PATCH 15/24] Reverting web version test value --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index 2627467a..d7fd2015 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -78,7 +78,7 @@ jobs: id: verify-versions env: COREVERSION: 2023.10.2 #${{ steps.get-core.outputs.version }} - WEBVERSION: 2023.10.2 #${{ steps.get-web.outputs.version }} + WEBVERSION: ${{ steps.get-web.outputs.version }} run: | echo "Checking..." From ffe08cee8c41230a5e76234bacc7c8345336f409 Mon Sep 17 00:00:00 2001 From: Joel Beskow <25747008+jhbeskow@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:41:49 -0600 Subject: [PATCH 16/24] Reverting core version test values --- .github/workflows/update-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml index d7fd2015..66043c06 100644 --- a/.github/workflows/update-versions.yml +++ b/.github/workflows/update-versions.yml @@ -77,7 +77,7 @@ jobs: - name: Verify if image versions are on Docker Hub id: verify-versions env: - COREVERSION: 2023.10.2 #${{ steps.get-core.outputs.version }} + COREVERSION: ${{ steps.get-core.outputs.version }} WEBVERSION: ${{ steps.get-web.outputs.version }} run: | echo "Checking..." From cb4e45379a1ebf4bd70e1c910a44b7b9ffdcbfa6 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Fri, 1 Dec 2023 08:29:10 -0600 Subject: [PATCH 17/24] Fixing backup mount location --- charts/self-host/templates/mssql.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/self-host/templates/mssql.yaml b/charts/self-host/templates/mssql.yaml index 088b3927..1864e031 100644 --- a/charts/self-host/templates/mssql.yaml +++ b/charts/self-host/templates/mssql.yaml @@ -55,7 +55,7 @@ spec: - name: mssql-log mountPath: /var/opt/mssql/log - name: mssql-backups - mountPath: /etc/bitwarden/mssql/backups + mountPath: /var/opt/mssql/backups {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline mountPath: "/mnt/secrets-store" From bd58d7eb1635bb759a8a765d30e81442b5622dd7 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Fri, 1 Dec 2023 15:27:21 -0600 Subject: [PATCH 18/24] Adding example database backup and restore scripts. Cleaning up extraneous volume --- .../pre-install-db-migrator-job.yaml | 5 -- examples/backup/backup.sh | 5 ++ examples/database-backup/backup-job.yaml | 46 +++++++++++++++++++ examples/database-backup/db-backup.sh | 10 ++++ examples/database-restore/db-restore.sh | 10 ++++ examples/database-restore/restore-job.yaml | 45 ++++++++++++++++++ 6 files changed, 116 insertions(+), 5 deletions(-) create mode 100644 examples/backup/backup.sh create mode 100644 examples/database-backup/backup-job.yaml create mode 100644 examples/database-backup/db-backup.sh create mode 100644 examples/database-restore/db-restore.sh create mode 100644 examples/database-restore/restore-job.yaml diff --git a/charts/self-host/templates/pre-install-db-migrator-job.yaml b/charts/self-host/templates/pre-install-db-migrator-job.yaml index a25e584d..c971329e 100644 --- a/charts/self-host/templates/pre-install-db-migrator-job.yaml +++ b/charts/self-host/templates/pre-install-db-migrator-job.yaml @@ -44,11 +44,6 @@ spec: {{- end }} restartPolicy: Never volumes: - {{- if .Values.database.enabled }} - - name: mssql-data - persistentVolumeClaim: - claimName: {{ template "bitwarden.mssqlData" . }} - {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline csi: diff --git a/examples/backup/backup.sh b/examples/backup/backup.sh new file mode 100644 index 00000000..0d951a1b --- /dev/null +++ b/examples/backup/backup.sh @@ -0,0 +1,5 @@ +#!/bin/bash +kubectl delete job -n bitwarden -l app=bitwarden-backup +kubectl apply -n bitwarden -f $(dirname "$0")/backup-job.yaml +kubectl wait pod --for=condition=complete -l app=bitwarden-backup --timeout=1h +kubectl logs -l app=bitwarden-backup -n bitwarden -f \ No newline at end of file diff --git a/examples/database-backup/backup-job.yaml b/examples/database-backup/backup-job.yaml new file mode 100644 index 00000000..e41876aa --- /dev/null +++ b/examples/database-backup/backup-job.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "bitwarden-backup" + labels: + app.kubernetes.io/component: bitwarden-backup + app: bitwarden-backup +spec: + ttlSecondsAfterFinished: 10 + backoffLimit: 1 + template: + metadata: + name: "bitwarden-backup" + labels: + app.kubernetes.io/component: bitwarden-backup + app: bitwarden-backup + spec: + containers: + - name: backup-db + env: + - name: MSSQL_CONN_STRING + valueFrom: + secretKeyRef: + name: bitwarden-sql-connection-string + key: globalSettings__sqlServer__connectionString + image: "mcr.microsoft.com/mssql-tools" + volumeMounts: + - name: mssql-backups + mountPath: /backups + command: + - "/bin/bash" + - "-c" + args: [ + " + [ ! -f /backups/vault.bak ] || mv /backups/vault.bak \"/backups/vault.bak.$(date -r /backups/vault.bak -u +'%Y-%m-%dT%H:%M:%SZ')\"; + svr=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \"Data Source=tcp:\\K[^,]*(?=.*)\")\"; + pass=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \".*Password=\\K[^;]*(?=.*)\")\"; + echo \"$pass\" | /opt/mssql-tools/bin/sqlcmd -S $svr -U SA -q \"BACKUP DATABASE [vault] TO DISK = '/var/opt/mssql/backups/vault.bak' WITH FORMAT, INIT\" + " + ] + restartPolicy: Never + volumes: + - name: mssql-backups + persistentVolumeClaim: + claimName: bitwarden-self-host-mssqlbackups \ No newline at end of file diff --git a/examples/database-backup/db-backup.sh b/examples/database-backup/db-backup.sh new file mode 100644 index 00000000..fecf00cb --- /dev/null +++ b/examples/database-backup/db-backup.sh @@ -0,0 +1,10 @@ +#!/bin/bash +namespace="bitwarden" + +kubectl delete job -n $namespace -l app=bitwarden-backup +kubectl apply -n $namespace -f $(dirname "$0")/backup-job.yaml +echo -n "Starting job..." +while [[ $(kubectl get pods -n $namespace -l app=bitwarden-backup -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do echo -n "..."; sleep 1; done +echo "..." +echo "Backing up..." +kubectl logs -l app=bitwarden-backup -n $namespace -f \ No newline at end of file diff --git a/examples/database-restore/db-restore.sh b/examples/database-restore/db-restore.sh new file mode 100644 index 00000000..3a261eef --- /dev/null +++ b/examples/database-restore/db-restore.sh @@ -0,0 +1,10 @@ +#!/bin/bash +namespace="bitwarden" + +kubectl delete job -n $namespace -l app=bitwarden-restore +kubectl apply -n $namespace -f $(dirname "$0")/restore-job.yaml +echo -n "Starting job..." +while [[ $(kubectl get pods -n $namespace -l app=bitwarden-restore -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do echo -n "..."; sleep 1; done +echo "..." +echo "Restoring..." +kubectl logs -l app=bitwarden-restore -n $namespace -f \ No newline at end of file diff --git a/examples/database-restore/restore-job.yaml b/examples/database-restore/restore-job.yaml new file mode 100644 index 00000000..50124fdb --- /dev/null +++ b/examples/database-restore/restore-job.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "bitwarden-restore" + labels: + app.kubernetes.io/component: bitwarden-restore + app: bitwarden-restore +spec: + ttlSecondsAfterFinished: 10 + backoffLimit: 1 + template: + metadata: + name: "bitwarden-restore" + labels: + app.kubernetes.io/component: bitwarden-restore + app: bitwarden-restore + spec: + containers: + - name: restore-db + env: + - name: MSSQL_CONN_STRING + valueFrom: + secretKeyRef: + name: bitwarden-sql-connection-string + key: globalSettings__sqlServer__connectionString + image: "mcr.microsoft.com/mssql-tools" + volumeMounts: + - name: mssql-backups + mountPath: /backups + command: + - "/bin/bash" + - "-c" + args: [ + " + svr=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \"Data Source=tcp:\\K[^,]*(?=.*)\")\"; + pass=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \".*Password=\\K[^;]*(?=.*)\")\"; + echo \"$pass\" | /opt/mssql-tools/bin/sqlcmd -S $svr -U SA -q \"ALTER DATABASE [vault] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; RESTORE DATABASE [vault] FROM DISK = '/var/opt/mssql/backups/vault.bak' WITH REPLACE; ALTER DATABASE [vault] SET MULTI_USER;\" + " + ] + restartPolicy: Never + volumes: + - name: mssql-backups + persistentVolumeClaim: + claimName: bitwarden-self-host-mssqlbackups \ No newline at end of file From 28e09a461bae22c751f9029867cd39c4e8723413 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Fri, 1 Dec 2023 16:00:22 -0600 Subject: [PATCH 19/24] Removing file that was no longer in use --- examples/backup/backup.sh | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 examples/backup/backup.sh diff --git a/examples/backup/backup.sh b/examples/backup/backup.sh deleted file mode 100644 index 0d951a1b..00000000 --- a/examples/backup/backup.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -kubectl delete job -n bitwarden -l app=bitwarden-backup -kubectl apply -n bitwarden -f $(dirname "$0")/backup-job.yaml -kubectl wait pod --for=condition=complete -l app=bitwarden-backup --timeout=1h -kubectl logs -l app=bitwarden-backup -n bitwarden -f \ No newline at end of file From d9b5e3058e176ced4b378ae2d4fbd178c3fa227c Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Mon, 4 Dec 2023 11:01:27 -0600 Subject: [PATCH 20/24] Removing un-used helper templates --- charts/self-host/templates/helpers.tpl | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/charts/self-host/templates/helpers.tpl b/charts/self-host/templates/helpers.tpl index 9c4cadf8..30f95045 100644 --- a/charts/self-host/templates/helpers.tpl +++ b/charts/self-host/templates/helpers.tpl @@ -5,20 +5,6 @@ {{- "2023.10.2" -}} {{- end -}} -{{/* -Get the coreVersion for image tags -*/}} -{{- define "bitwarden.coreVersion" -}} -{{- default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride -}} -{{- end -}} - -{{/* -Get the webVersion for image tags -*/}} -{{- define "bitwarden.webVersion" -}} -{{- default ( include "bitwarden.webVersionDefault" nil ) .Values.webVersionOverride -}} -{{- end -}} - {{/* Expand the name of the chart. */}} From 368545bafad558a67fc0c19afe498698321c1186 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Mon, 4 Dec 2023 11:03:08 -0600 Subject: [PATCH 21/24] Adding end of file new lines --- examples/database-backup/backup-job.yaml | 2 +- examples/database-backup/db-backup.sh | 2 +- examples/database-restore/db-restore.sh | 2 +- examples/database-restore/restore-job.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/database-backup/backup-job.yaml b/examples/database-backup/backup-job.yaml index e41876aa..1410daba 100644 --- a/examples/database-backup/backup-job.yaml +++ b/examples/database-backup/backup-job.yaml @@ -43,4 +43,4 @@ spec: volumes: - name: mssql-backups persistentVolumeClaim: - claimName: bitwarden-self-host-mssqlbackups \ No newline at end of file + claimName: bitwarden-self-host-mssqlbackups diff --git a/examples/database-backup/db-backup.sh b/examples/database-backup/db-backup.sh index fecf00cb..b4148b09 100644 --- a/examples/database-backup/db-backup.sh +++ b/examples/database-backup/db-backup.sh @@ -7,4 +7,4 @@ echo -n "Starting job..." while [[ $(kubectl get pods -n $namespace -l app=bitwarden-backup -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do echo -n "..."; sleep 1; done echo "..." echo "Backing up..." -kubectl logs -l app=bitwarden-backup -n $namespace -f \ No newline at end of file +kubectl logs -l app=bitwarden-backup -n $namespace -f diff --git a/examples/database-restore/db-restore.sh b/examples/database-restore/db-restore.sh index 3a261eef..deb7639c 100644 --- a/examples/database-restore/db-restore.sh +++ b/examples/database-restore/db-restore.sh @@ -7,4 +7,4 @@ echo -n "Starting job..." while [[ $(kubectl get pods -n $namespace -l app=bitwarden-restore -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do echo -n "..."; sleep 1; done echo "..." echo "Restoring..." -kubectl logs -l app=bitwarden-restore -n $namespace -f \ No newline at end of file +kubectl logs -l app=bitwarden-restore -n $namespace -f diff --git a/examples/database-restore/restore-job.yaml b/examples/database-restore/restore-job.yaml index 50124fdb..0c89f573 100644 --- a/examples/database-restore/restore-job.yaml +++ b/examples/database-restore/restore-job.yaml @@ -42,4 +42,4 @@ spec: volumes: - name: mssql-backups persistentVolumeClaim: - claimName: bitwarden-self-host-mssqlbackups \ No newline at end of file + claimName: bitwarden-self-host-mssqlbackups From 6f9a8c9964fa50eb2e66964f5ebd0c11fd3306a6 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Mon, 4 Dec 2023 11:49:24 -0600 Subject: [PATCH 22/24] Adding some documentation around the backup and restore jobs --- charts/self-host/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/charts/self-host/README.md b/charts/self-host/README.md index 89ea0884..a7ab54ad 100644 --- a/charts/self-host/README.md +++ b/charts/self-host/README.md @@ -1224,3 +1224,11 @@ Update the other settings in `my-values.yaml` based on your environment. Follow ```shell helm upgrade bitwarden bitwarden/self-host --install --devel --namespace bitwarden --values my-values.yaml ``` + +## Database Pod Backup and Restore Examples + +We have provided two example jobs for backing up and restoring the database in the Bitwarden database pod. If you are using your own SQL Server instance that is not deployed as part of this Helm chart, please follow your corporate backup and restore policies. + +The example jobs for the database pod can be found in the `examples` folder in the root level of the repository. You will find `database-backup` and `database-restore` folders for the jobs in question. Note that the backup could be scheduled outside of the cluster to run at a regular interval, or it could be modified to create a CronJob object within Kubernetes for scheduling purposes. + +The backup job will create timestamped versions of the previous backups. The current backup is simply called `vault.bak`. These files are placed in the MS SQL backups persistent volume. The restore job will look for `vault.bak` in the same persistent volume. From 98abadf2ede6ff386d12a1646720264df6a1d61c Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Tue, 5 Dec 2023 09:13:01 -0600 Subject: [PATCH 23/24] Updated the README and added and examples README for the backup and restore scripts --- charts/self-host/README.md | 8 ++------ examples/README.md | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 6 deletions(-) create mode 100644 examples/README.md diff --git a/charts/self-host/README.md b/charts/self-host/README.md index a7ab54ad..b385e89c 100644 --- a/charts/self-host/README.md +++ b/charts/self-host/README.md @@ -1225,10 +1225,6 @@ Update the other settings in `my-values.yaml` based on your environment. Follow helm upgrade bitwarden bitwarden/self-host --install --devel --namespace bitwarden --values my-values.yaml ``` -## Database Pod Backup and Restore Examples +## Database Pod Backup and Restore -We have provided two example jobs for backing up and restoring the database in the Bitwarden database pod. If you are using your own SQL Server instance that is not deployed as part of this Helm chart, please follow your corporate backup and restore policies. - -The example jobs for the database pod can be found in the `examples` folder in the root level of the repository. You will find `database-backup` and `database-restore` folders for the jobs in question. Note that the backup could be scheduled outside of the cluster to run at a regular interval, or it could be modified to create a CronJob object within Kubernetes for scheduling purposes. - -The backup job will create timestamped versions of the previous backups. The current backup is simply called `vault.bak`. These files are placed in the MS SQL backups persistent volume. The restore job will look for `vault.bak` in the same persistent volume. +Please see the ["examples" README](../../examples/README.md) for information on how you might setup database backups for the provided SQL pod. diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..57656acb --- /dev/null +++ b/examples/README.md @@ -0,0 +1,15 @@ +# Example Files + +The files in this directory provide further examples for working with the Helm chart deployments. The scripts and other files here are provided as-is. + +## Self-host chart + +These following examples are for use with the `self-host` chart. + +### Database Pod Backup and Restore Examples + +We have provided two example jobs for backing up and restoring the database in the Bitwarden database pod. If you are using your own SQL Server instance that is not deployed as part of this Helm chart, please follow your corporate backup and restore policies. These are illustrative examples of what can be done. Database backups and backup policies are ultimately up to the implementor. + +The example jobs for the database pod can be found in the `database-backup` and `database-restore` folders under the `examples` directory. Note that the backup could be scheduled outside of the cluster to run at a regular interval, or it could be modified to create a CronJob object within Kubernetes for scheduling purposes. + +The backup job will create timestamped versions of the previous backups. The current backup is simply called `vault.bak`. These files are placed in the MS SQL backups persistent volume. The restore job will look for `vault.bak` in the same persistent volume. From d1814a03af698fc0f44d4711fe1703d692766a1d Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Tue, 5 Dec 2023 16:32:42 -0600 Subject: [PATCH 24/24] Fixing arg reference --- charts/self-host/templates/post-install-db-migrator-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/self-host/templates/post-install-db-migrator-job.yaml b/charts/self-host/templates/post-install-db-migrator-job.yaml index cf58e81e..174591e8 100644 --- a/charts/self-host/templates/post-install-db-migrator-job.yaml +++ b/charts/self-host/templates/post-install-db-migrator-job.yaml @@ -71,7 +71,7 @@ spec: readOnly: true {{- end }} {{- if or (not .Values.database.enabled) (and .Values.database.enabled .Release.IsUpgrade) }} - arg: [ "-f", "DbScripts_transition", "-r"] + args: [ "-f", "DbScripts_transition", "-r"] {{- end }} restartPolicy: Never volumes: