diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml index 91a7b47..d9da07b 100644 --- a/charts/vaultwarden/Chart.yaml +++ b/charts/vaultwarden/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: guerzon email: guerzon@proton.me url: https://github.com/guerzon -version: 0.24.4 +version: 0.25.0 kubeVersion: ">=1.12.0-0" diff --git a/charts/vaultwarden/templates/configmap.yaml b/charts/vaultwarden/templates/configmap.yaml index 478203e..9f93199 100644 --- a/charts/vaultwarden/templates/configmap.yaml +++ b/charts/vaultwarden/templates/configmap.yaml @@ -1,5 +1,12 @@ apiVersion: v1 kind: ConfigMap +metadata: + name: custom-headers-configmap +data: + Request-Id: $req_id +--- +apiVersion: v1 +kind: ConfigMap metadata: name: {{ include "vaultwarden.fullname" . }} namespace: {{ .Release.Namespace }} diff --git a/charts/vaultwarden/templates/ingress.yaml b/charts/vaultwarden/templates/ingress.yaml index b8e28f0..77ada7e 100644 --- a/charts/vaultwarden/templates/ingress.yaml +++ b/charts/vaultwarden/templates/ingress.yaml @@ -26,8 +26,7 @@ metadata: {{- toYaml $ingress.additionalAnnotations | nindent 4 }} {{- end }} {{- if $ingress.nginxIngressAnnotations }} - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Request-Id: $req_id"; + nginx.ingress.kubernetes.io/custom-headers: {{ $ingress.customHeadersConfigMap }} nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml index a08349f..835bbc9 100644 --- a/charts/vaultwarden/values.yaml +++ b/charts/vaultwarden/values.yaml @@ -101,13 +101,15 @@ serviceAccount: ## @param podSecurityContext Pod security options ## -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 1001 # supplementalGroups: # - 1001 ## @param securityContext Default security options to run vault as read only container without privilege escalation -securityContext: {} +securityContext: + {} # allowPrivilegeEscalation: false # privileged: false # readOnlyRootFilesystem: true @@ -122,7 +124,6 @@ securityContext: {} ## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config dnsConfig: {} - ## @section Reliability configuration ## @@ -194,7 +195,8 @@ startupProbe: ## @param resources Resource configurations ## -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -208,7 +210,8 @@ resources: {} ## @param strategy Resource configurations ## -strategy: {} +strategy: + {} # type: RollingUpdate # rollingUpdate: # maxSurge: 1 @@ -224,13 +227,13 @@ podDisruptionBudget: ## @param podDisruptionBudget.maxUnavailable Maximum number/percentage of pods that may be made unavailable maxUnavailable: null - ## @section Persistent data configuration ## ## @param data Data directory configuration, refer to values.yaml for parameters. ## -data: {} +data: + {} # name: "vaultwarden-data" # size: "15Gi" # class: "" @@ -241,7 +244,8 @@ data: {} ## @param attachments Attachments directory configuration, refer to values.yaml for parameters. ## By default, attachments/ is located inside the data directory. ## -attachments: {} +attachments: + {} # name: "vaultwarden-files" # size: "100Gi" # class: "" @@ -296,7 +300,6 @@ database: ## Supported since 1.29.0. ## Refer to https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification for details ## - pushNotifications: ## @param pushNotifications.enabled Enable the push notification service ## @@ -451,7 +454,6 @@ emailChangeAllowed: "true" ## showPassHint: "false" - ## @section Advanced settings ## @@ -529,14 +531,12 @@ adminRateLimitMaxBurst: "3" ## timeZone: "" - ## @section BETA Features ## ## @param orgGroupsEnabled Controls whether group support is enabled for organizations orgGroupsEnabled: "false" - ## @section MFA/2FA settings ## @@ -564,7 +564,6 @@ duo: ## hostname: "" - ## @section SMTP Configuration ## smtp: @@ -628,7 +627,6 @@ smtp: ## debug: false - ## @section Exposure settings ## @@ -667,7 +665,7 @@ ingress: # class: "nginx" ## @param ingress.nginxIngressAnnotations Add nginx specific ingress annotations - ## This annotations are only makes sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/) + ## These annotations only make sense for the kubernetes nginx ingress controller (https://kubernetes.github.io/ingress-nginx/) ## nginxIngressAnnotations: true ## @param ingress.additionalAnnotations Additional annotations for the ingress resource. @@ -698,6 +696,10 @@ ingress: ## @param ingress.nginxAllowList Comma-separated list of IP addresses and subnets to allow. ## nginxAllowList: "" + ## @param ingress.customHeadersConfigMap ConfigMap containing custom headers to be added to the ingress. + ## Defaults to "custom-headers-configmap", which sets a Request-ID header. + ## + customHeadersConfigMap: "custom-headers-configmap" ## TODO: ## - Add support for using cert-manager. ## - Support for multiple TLS hostnames.