Passbolt Helm chart for Kubernetes installation

Hi there!
Thank you for the great open source tool, I have just begun to use it.

I have created a Helm chart for installation self-hosted Passbolt server into Kubernetes cluster:

Maybe it would be interesting for someone…
I can add documentation about it if you want :slight_smile:

2 Likes

very peculiar template
why not use the mysql helm template?
why stateful sets?
why initpods doing move and chown?
just curious

why not use the mysql helm template?

it’s a good question. First of all, stable/mysql uses Deployments, and I am personally not a fan of using Deployments for databases when there are StatefulSets designed specially for that case. And the second reason is that I used my own mysql chart which I know well.

why stateful sets?

For mysql – because it’t database, for passbolt server – well, I found it easier to manage PVC with Helm when you have StatefulSet because in this case you can reuse volumes when you delete a chart and then recreate it. You cannot easily reuse pvc with Deployments (or maybe you can and I don’t know how?). Anyway, I can just add option for deploying it either as StatefulSet or as Deployment

why initpods doing move and chown?

I faced the following problem. We need a volume to persist images, mainly /var/www/passbolt/webroot/img directory. But when I mount empty volume to it then server doesn’t have default images in it; so that’s why copying. Chown – because after mounting new volume it has root ownership for files, and user www-data cannot write or read this directory.
Maybe there is another way to solve this and I am doing it the wrong way – if there is, pls help me :slight_smile: I would like to improve the chart and my k8s knowledge :slight_smile:

1 Like

actually, I found and add security context for passbolt pod:

securityContext:
  fsGroup: 33

@gree-gorey, we have been thinking the same thing probably at the same time.
Suggest you take a look at mine https://github.com/kintohub/passbolt-k8s.
It can be improve a lot, there is a lack of documentation, it s not perfect. But at least it s using MySQL Helm Charts (I also don’t like using a custom chart when an official stable chart is already existing). And we can provide Passbolt config in a config map (meaning that we can enforce mutual SSL between Passbolt and MySQL, which is not possible with the current version of Passbolt).
I guess a mix of both repos could result something better and more configurable… and I could even use it. :smiley:

PS: IMHO, we don’t care about the PV for img, I am not using Passbolt for fancy stuff so sts and init are not mandatory here I would say.

Once it’s up and running, how do we log in as the first user?

Little question will there be an update of the helmet chart?
There was the last update a year ago, and since then nothing has been done is a mere matter of interest.

Hi @Seros,

We didn’t see enough traction on this issue in order to prioritize it over others. However, recently we have seen some new interest on it. You can show your interest on the matter so we can schedule the work.

  • :pinching_hand: Could have: It would be nice to have a public helm chart
  • :point_up: Should have: It is important to me to have a public helm chart
  • :facepunch: Must have: It is critical to me to have a public helm chart
  • :no_good_woman: Won’t have: I don’t want a helm chart (Explain why)

0 voters

1 Like