services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

moving everything to active or retired vs incubating and graduated
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
Details

Browse Source
This commit is contained in:
Reese Wells
2025-04-19 18:46:40 -04:00
parent 6e393d90ee
commit ef9104c796
234 changed files with 456 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
active/kubernetes_bitwarden/bitwarden.md Normal file
View File

@@ -0,0 +1,29 @@
# Bitwarden
- [Bitwarden](#bitwarden)
- [Install](#install)
## Install
<https://bitwarden.com/help/self-host-with-helm/>
```bash
helm repo add bitwarden https://charts.bitwarden.com/
helm repo update
kubectl create namespace bitwarden
helm show values bitwarden/self-host > active/kubernetes_bitwarden/values.yaml
# Installation ID: https://bitwarden.com/host/
# Optional argument for Have I Been Pwned: --from-literal=globalSettings__hibpApiKey="REPLACE" \
kubectl create secret generic custom-secret -n bitwarden \
--from-file=globalSettings__installation__id=./secrets/bitwarden/installation_id \
--from-file=globalSettings__installation__key=./secrets/bitwarden/installation_key \
--from-file=globalSettings__mail__smtp__username=./secrets/bitwarden/smtp_username \
--from-file=globalSettings__mail__smtp__password=./secrets/bitwarden/smtp_password \
--from-file=globalSettings__yubico__clientId=./secrets/bitwarden/yubico_id \
--from-file=globalSettings__yubico__key=./secrets/bitwarden/yubico_secret \
--from-file=SA_PASSWORD=./secrets/bitwarden/sa_password
helm upgrade bitwarden bitwarden/self-host --install --namespace bitwarden --values active/kubernetes_bitwarden/values.yaml
```

427
active/kubernetes_bitwarden/values.yaml Normal file
View File

@@ -0,0 +1,427 @@
# Optional - Override the chart name if desired
fullnameOverride: ""
nameOverride: ""
general:
# Domain name for the service
domain: bitwarden.reeseapps.com
ingress:
# Set to false if using a custom ingress
enabled: true
# Current supported values for ingress type include: nginx
className: "nginx"
## - Annotations to add to the Ingress resource.
annotations:
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/rewrite-target: /$1
## - Labels to add to the Ingress resource
labels: {}
# Certificate options
tls:
# TLS certificate secret name
name: bitwarden
# Cluster cert issuer (ex. Let's Encrypt) name if one exists
clusterIssuer: letsencrypt
# Ingress path configuration - The samples provided are for Nginx. Examples with other Ingress providers are in the chart Readme on GitHub
paths:
web:
path: /(.*)
pathType: ImplementationSpecific
attachments:
path: /attachments/(.*)
pathType: ImplementationSpecific
api:
path: /api/(.*)
pathType: ImplementationSpecific
icons:
path: /icons/(.*)
pathType: ImplementationSpecific
notifications:
path: /notifications/(.*)
pathType: ImplementationSpecific
events:
path: /events/(.*)
pathType: ImplementationSpecific
scim:
path: /scim/(.*)
pathType: ImplementationSpecific
sso:
path: /(sso/.*)
pathType: ImplementationSpecific
identity:
path: /(identity/.*)
pathType: ImplementationSpecific
admin:
path: /(admin/?.*)
pathType: ImplementationSpecific
# Override application container version tags. Theses will be versioned with the chart and need not be changed in most circumstances.
coreVersionOverride: ""
webVersionOverride: ""
# Disable account registration on web vault
disableUserRegistration: "false"
# Comma-separated list of email addresses for Admin users
admins: "false"
email:
# Email address used for invitations, typically no-reply@smtp-host
replyToEmail: "no-reply@reeseapps.com"
# Your SMTP server hostname (recommended) or IP address
smtpHost: "email-smtp.us-east-1.amazonaws.com"
# The SMTP port used by the SMTP server
smtpPort: "587"
# Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS
smtpSsl: "true"
# Custom labels to add throughout the installation
labels: {}
# Specifies the access mode for persistent volume claims. This should not be changed in most cases, and the allowable
# values are only ReadWriteMany and ReadWriteOnce. Please read https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
# to better understand these options before changing this value.
volumeAccessMode: "ReadWriteMany"
# Set to true to allow communication between your server and our cloud system. Doing so enables billing and license sync. Please see: https://bitwarden.com/help/self-host-an-organization/#step-4-setup-billing-and-license-sync
enableCloudCommunication: false
# Cloud region for sync. Please see: https://bitwarden.com/help/families-for-enterprise-self-hosted/#step-1-enable-cloud-communication
cloudRegion: US
# Specify the name of the shared storage class
# This storage class requires ReadWriteMany. You will need to provide your own storage class. Storage classes with automatic volume previsioners are recommended.
sharedStorageClassName: "ssd"
# Secrets are required. Review the chart README on GitHub for details on creating these secrets
secrets:
secretName: custom-secret
# Secrets can either be created via 'kubectl create secrets' or by using a secret provider class. If using the latter, specify the name here
secretProviderClass:
# Settings for individual service containers
component:
# The Admin component
admin:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/admin
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
api:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/api
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
attachments:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/attachments
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
events:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/events
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
icons:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/icons
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
identity:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/identity
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
notifications:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/notifications
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
scim:
# SCIM is disabled by default. To use this service, enable it below and set an appropriate Ingress path
enabled: false
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/scim
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
sso:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/sso
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
web:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/web
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
# Images used for jobs and init containers
supportComponents:
dbMigrator:
image:
name: bitwarden/mssqlmigratorutility
certGenerator:
image:
name: docker.io/nginx
tag: 1.25.3
kubectl:
image:
name: bitnami/kubectl
tag: 1.21
# Data volume sizes for shared PVCs
volume:
dataprotection:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: "1Gi"
labels: {}
attachments:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
licenses:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
logs:
# Logs are disabled by default
enabled: false
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
#
# Configure service account for pre- and post-install hooks
#
serviceAccount:
name: service-account
# Certain instances will prequire the creation of a pre-deployed service account. For instance, AWS IAM enabled service accounts need to be created outside
# of the chart to allow for setting of permissions on other AWS services like Secrets Manager
deployRolesOnly: false
#
# Configure database
#
database:
# deploy the database pod? if false, a connection string to a SQL Server will need to be provided through one of the configuration providers.
enabled: true
# Labels to add to the MSSQL deployment
labels: {}
# Image name, tag, and pull policy
image:
name: mcr.microsoft.com/mssql/server
# Tag of the image to use. (Defaults to general.coreVersion)
tag: 2022-CU13-ubuntu-22.04
# The container is limited to the resources below. Adjust for your environment.
resources:
requests:
memory: "2G"
cpu: "100m"
limits:
memory: "2G"
cpu: "500m"
# The MSSQL volumes for the PVCs
volume:
backups:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
data:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 10Gi
labels: {}
log:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 10Gi
labels: {}
# Specifies the strategy used to replace old Pods by new ones. The value can be "OnDelete" or "RollingUpdate". "OnDelete" is the default value.
# When set to OnDelete, the SQL pod will not be recreated automatically on update. It must be manually deleted to update.
updateStrategy: OnDelete
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
# You can specify raw Kubernetes manifests that will be applied before or after the base Helm install.
# Please see the chart README in GitHub for more information and examples.
rawManifests:
preInstall: []
postInstall: []