Skeen · sebtiz13 · Nov 1, 2022 · Nov 7, 2022 · Nov 7, 2022 · Nov 7, 2022
diff --git a/charts/bitwarden/Chart.yaml b/charts/bitwarden/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: 1.21.0
+appVersion: 1.26.0
 description: A Helm chart to install bitwarden_rs
 name: bitwarden
-version: 0.5.0
+version: 0.6.0
 home: https://github.com/Skeen/helm-bitwarden_rs
 maintainers:
 - name: Skeen

diff --git a/charts/bitwarden/templates/_helpers.tpl b/charts/bitwarden/templates/_helpers.tpl
@@ -31,8 +31,19 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+
 {{/*
-Create chart name and version as used by the chart label.
+Generate config hash to checksum for automatic restart
+*/}}
+{{- define "bitwarden.config-hash" -}}
+{{- $config := print (toJson .Values.bitwarden) "-" (toJson .Values.storage) -}}
+{{- $database := print (toJson .Values.database) -}}
+{{- $smtp := print (toJson .Values.smtp) -}}
+{{- print $config "-" $database "-" $smtp -}}
+{{- end -}}
+
+{{/*
+Define default ingress annotations if are not provided
 */}}
 {{- define "bitwarden.ingress.annotations" -}}
 {{- if .Values.ingress.annotations -}}

diff --git a/charts/bitwarden/templates/configmap.yaml b/charts/bitwarden/templates/configmap.yaml
@@ -16,3 +16,38 @@ data:
   {{ if .Values.storage.enabled -}}
   DATA_FOLDER: {{ .Values.storage.path }}
   {{ end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $fullName }}-scripts
+  labels:
+    app.kubernetes.io/name: {{ include "bitwarden.name" . }}
+    helm.sh/chart: {{ include "bitwarden.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  update-config.sh: >-
+    #!/bin/sh
+
+    CONFIG_FILE="${DATA_FOLDER}/config.json";
+
+    if [ ! -f "${CONFIG_FILE}" ]; then
+      echo "File \"${CONFIG_FILE}\" doesn't exist";
+      exit;
+    fi
+
+    JSON_KEYS=$(cat "${CONFIG_FILE}" | sed -e 's/[{}]/''/g' | awk '{gsub("\"","");gsub(":",""); print $1}');
+
+    for KEY in ${JSON_KEYS}; do
+      VAR=$(echo "${KEY}" | tr '[a-z]' '[A-Z]');
+      VALUE="$(eval "echo \"\$${VAR}\"")";
+
+      if [ -n "${VALUE}" ]; then
+        echo "${VAR}: ${VALUE}";
+
+        sed -i "s|\"${KEY}\": \(true\|false\),|\"${KEY}\": ${VALUE},|g" "${CONFIG_FILE}";
+        sed -i "s|\"${KEY}\": [0-9]*,|\"${KEY}\": ${VALUE},|g" "${CONFIG_FILE}";
+        sed -i "s|\"${KEY}\": \"\(.*\)\",|\"${KEY}\": \"${VALUE}\",|g" "${CONFIG_FILE}";
+      fi
+    done
diff --git a/charts/bitwarden/templates/deployment.yaml b/charts/bitwarden/templates/deployment.yaml
@@ -19,6 +19,8 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "bitwarden.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        bitwarden-config-hash: {{ include "bitwarden.config-hash" . | sha256sum }}
     spec:
       {{- if .Values.securityContext.enabled }}
       securityContext:
@@ -39,6 +41,14 @@ spec:
             name: {{ $fullName }}-database
           {{- end }}
         {{- end }}
+        {{- if .Values.smtp.enabled }}
+        - secretRef:
+          {{- if .Values.smtp.existingSecret }}
+            name: {{ .Values.smtp.existingSecret }}
+          {{- else }}
+            name: {{ $fullName }}-smtp
+          {{- end }}
+        {{- end }}
         {{- if .Values.deployment.secrets }}
         {{- range .Values.deployment.secrets }}
         - secretRef:
@@ -72,12 +82,45 @@ spec:
         - mountPath: {{ .Values.storage.path }}
           name: data-storage
         {{ end }}
-      {{- with .Values.deployment.resources }}
+        {{- with .Values.deployment.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      initContainers:
+      - name: update-config
+        image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+        imagePullPolicy: {{ .Values.deployment.image.pullPolicy }}
+        command:
+          - sh
+          - /scripts/update-config.sh
+        envFrom:
+        - configMapRef:
+            name: {{ $fullName }}-conf
+        - secretRef:
+          {{- if .Values.smtp.existingSecret }}
+            name: {{ .Values.smtp.existingSecret }}
+          {{- else }}
+            name: {{ $fullName }}-smtp
+          {{- end }}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /scripts
+          name: conf-scripts
+        {{ if .Values.storage.enabled -}}
+        - mountPath: {{ .Values.storage.path }}
+          name: data-storage
+        {{ end }}
+        {{- with .Values.deployment.resources }}
         resources:
           {{- toYaml . | nindent 10 }}
         {{- end }}
-      {{ if .Values.storage.enabled -}}
       volumes:
+      - name: conf-scripts
+        configMap:
+          defaultMode: 493
+          name: {{ $fullName }}-scripts
+      {{ if .Values.storage.enabled -}}
       - name: data-storage
         persistentVolumeClaim:
          claimName: {{ $fullName }}-pv

diff --git a/charts/bitwarden/templates/secret.yaml b/charts/bitwarden/templates/secret.yaml
@@ -1,6 +1,6 @@
+{{- $fullName := include "bitwarden.fullname" . -}}
 {{- if or (eq .Values.database.type "mysql") (eq .Values.database.type "postgresql") -}}
 {{- if not .Values.database.existingSecret -}}
-{{- $fullName := include "bitwarden.fullname" . -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -15,3 +15,33 @@ data:
 ---
 {{- end }}
 {{- end }}
+{{- if .Values.smtp.enabled -}}
+{{- if not .Values.smtp.existingSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $fullName }}-smtp
+  labels:
+    app.kubernetes.io/name: {{ include "bitwarden.name" . }}
+    helm.sh/chart: {{ include "bitwarden.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  SMTP_HOST: {{ .Values.smtp.host | b64enc }}
+  SMTP_FROM: {{ .Values.smtp.from | b64enc }}
+  {{- if .Values.smtp.port }}
+  SMTP_PORT: {{ .Values.smtp.port | toString | b64enc }}
+  {{- end }}
+  SMTP_SECURITY: {{ .Values.smtp.security | default "starttls" | b64enc }}
+  {{- if .Values.smtp.username }}
+  SMTP_USERNAME: {{ .Values.smtp.username | b64enc }}
+  {{- end }}
+  {{- if .Values.smtp.password }}
+  SMTP_PASSWORD: {{ .Values.smtp.password | b64enc }}
+  {{- end }}
+  {{- if .Values.smtp.mechanism }}
+  SMTP_AUTH_MECHANISM: {{ .Values.smtp.mechanism | b64enc }}
+  {{- end }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/bitwarden/values.yaml b/charts/bitwarden/values.yaml
@@ -47,7 +47,8 @@ bitwarden:
   # rocket_workers: 10
 
   # # SMTP settings, for sending out emails
-  # # See: https://github.com/dani-garcia/bitwarden_rs/blob/master/README.md#smtp-configuration
+  # @deprecated prefer stmp values to use secret for better security
+  # # See: https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration
   # smtp_host: smtp.domain.tld
   # smtp_from: [email protected]
   # smtp_port: 587
@@ -91,12 +92,25 @@ database:
   # Otherwise you can use an existing secret with key `DATABASE_URL`
   existingSecret: null
 
+# SMTP settings, for sending out emails
+# See: https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration
+smtp:
+  enabled: false
+  existingSecret: null
+  host: smtp.domain.tld
+  from: [email protected]
+  port: 587
+  security: starttls
+  username: username
+  password: password
+  mechanism: ""
+
 deployment:
   # Image used for the deployment
   # See: https://www.github.com/dani-garcia/bitwarden_rs
   image:
     repository: vaultwarden/server
-    tag: 1.21.0
+    tag: 1.26.0
     pullPolicy: IfNotPresent
   # Resources, etc, for the deployment pod
   resources: {}