Passbolt Helm chart for Kubernetes installation


#1

Hi there!
Thank you for the great open source tool, I have just begun to use it.

I have created a Helm chart for installation self-hosted Passbolt server into Kubernetes cluster:

Maybe it would be interesting for someone…
I can add documentation about it if you want :slight_smile:


#2

very peculiar template
why not use the mysql helm template?
why stateful sets?
why initpods doing move and chown?
just curious


#3

why not use the mysql helm template?

it’s a good question. First of all, stable/mysql uses Deployments, and I am personally not a fan of using Deployments for databases when there are StatefulSets designed specially for that case. And the second reason is that I used my own mysql chart which I know well.

why stateful sets?

For mysql – because it’t database, for passbolt server – well, I found it easier to manage PVC with Helm when you have StatefulSet because in this case you can reuse volumes when you delete a chart and then recreate it. You cannot easily reuse pvc with Deployments (or maybe you can and I don’t know how?). Anyway, I can just add option for deploying it either as StatefulSet or as Deployment

why initpods doing move and chown?

I faced the following problem. We need a volume to persist images, mainly /var/www/passbolt/webroot/img directory. But when I mount empty volume to it then server doesn’t have default images in it; so that’s why copying. Chown – because after mounting new volume it has root ownership for files, and user www-data cannot write or read this directory.
Maybe there is another way to solve this and I am doing it the wrong way – if there is, pls help me :slight_smile: I would like to improve the chart and my k8s knowledge :slight_smile:


#4

actually, I found and add security context for passbolt pod:

securityContext:
  fsGroup: 33

#5

@gree-gorey, we have been thinking the same thing probably at the same time.
Suggest you take a look at mine https://github.com/kintohub/passbolt-k8s.
It can be improve a lot, there is a lack of documentation, it s not perfect. But at least it s using MySQL Helm Charts (I also don’t like using a custom chart when an official stable chart is already existing). And we can provide Passbolt config in a config map (meaning that we can enforce mutual SSL between Passbolt and MySQL, which is not possible with the current version of Passbolt).
I guess a mix of both repos could result something better and more configurable… and I could even use it. :smiley:

PS: IMHO, we don’t care about the PV for img, I am not using Passbolt for fancy stuff so sts and init are not mandatory here I would say.