Merge pull request #14 from sebastiangaiser/feature/admin-token

feat(vaultwarden): add secret to store admin token
sebastiangaiser · Jun 8, 2022 · 1a47507 · 1a47507
2 parents ba0b7c4 + e130a66
commit 1a47507
Show file tree

Hide file tree

Showing 9 changed files with 39 additions and 4 deletions.
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -8,8 +8,6 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - 1.19.16
-          - 1.20.15
           - 1.21.12
           - 1.22.9
           - 1.23.6

diff --git a/README.md b/README.md
@@ -18,6 +18,11 @@ You can then run `helm search repo sebastiangaiser` to see all available charts.
 <!-- Keep full URL links to repo files because this README syncs from main to gh-pages.  -->
 Chart documentation is available in each [charts directory](https://github.com/sebastiangaiser/helm-charts/).
 
+## Helm docs
+
+[Helm docs](https://github.com/norwoodj/helm-docs) is used for automated documentation of each chart.
+You can easily update the documentation via the provided [pre-commit](https://pre-commit.com/) configuration.
+
 ## License
 
 <!-- Keep full URL links to repo files because this README syncs from main to gh-pages.  -->

diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml
@@ -7,6 +7,6 @@ icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/icon.svg
 sources:
   - https://github.com/dani-garcia/vaultwarden
   - https://github.com/sebastiangaiser/helm-charts/
-version: 0.6.0
+version: 0.7.0
 maintainers:
   - name: sebastiangaiser
diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md
@@ -1,6 +1,6 @@
 # vaultwarden
 
-![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square)
 
 A Helm chart for deploying Vaultwarden to Kubernetes
 
@@ -69,6 +69,7 @@ A Helm chart for deploying Vaultwarden to Kubernetes
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | tolerations | list | `[]` |  |
+| vaultwarden.adminToken.value | string | `"disabled"` |  |
 | vaultwarden.environment | string | `"production"` |  |
 | vaultwarden.extraEnvironmentVars | object | `{}` |  |
 | vaultwarden.rocketPort | int | `8080` |  |

diff --git a/charts/vaultwarden/ci/generated-admin-token-values.yaml b/charts/vaultwarden/ci/generated-admin-token-values.yaml
@@ -0,0 +1,3 @@
+vaultwarden:
+  adminToken:
+    value: "generated"
diff --git a/charts/vaultwarden/ci/specific-admin-token-values.yaml b/charts/vaultwarden/ci/specific-admin-token-values.yaml
@@ -0,0 +1,3 @@
+vaultwarden:
+  adminToken:
+    value: "changeit"
diff --git a/charts/vaultwarden/templates/admin-token-secret.yaml b/charts/vaultwarden/templates/admin-token-secret.yaml
@@ -0,0 +1,15 @@
+{{- if ne .Values.vaultwarden.adminToken.value "disabled" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "vaultwarden.fullname" . }}-admin-token
+  labels:
+    {{- include "vaultwarden.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- if eq .Values.vaultwarden.adminToken.value "generated" }}
+  admin-token: {{ randAlphaNum 48  | b64enc | quote }}
+  {{- else }}
+  admin-token: {{ .Values.vaultwarden.adminToken.value | b64enc | quote }}
+  {{- end }}
+{{- end }}
diff --git a/charts/vaultwarden/templates/deployment.yaml b/charts/vaultwarden/templates/deployment.yaml
@@ -77,6 +77,13 @@ spec:
           env:
             - name: ROCKET_PORT
               value: {{ .Values.vaultwarden.rocketPort | quote }}
+          {{- if ne .Values.vaultwarden.adminToken.value "disabled" }}
+            - name: ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "vaultwarden.fullname" . }}-admin-token
+                  key: admin-token
+          {{- end }}
           {{- if .Values.postgresql.enabled }}
             - name: POSTGRES_HOST
               value: {{ .Values.postgresql.teamId | default "acid" }}-{{ include "vaultwarden.fullname" . }}

diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml
@@ -10,6 +10,9 @@ image:
 vaultwarden:
   environment: "production"
   rocketPort: 8080
+  adminToken:
+    # possible values are 'generated', 'disabled' or any specific value
+    value: "disabled"
   extraEnvironmentVars: {}
 #    DOMAIN: "https://bitwarden.example.com"
 #    SIGNUPS_ALLOWED: false
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,8 +8,6 @@ jobs: @@
         strategy:
           matrix:
             k8s:
-              - 1.19.16
-              - 1.20.15
               - 1.21.12
               - 1.22.9
               - 1.23.6
@@ Expand Down @@