Releases: passbolt/charts-passbolt
1.1.1
1.1.0
1.0.0
Announcing the immediate availability of passbolt's helm chart 1.0.0.
This is a major release that introduces some breaking changes contributed
by the community.
Thanks to all the community members that helped us to improve this chart
and reach version 1.0.0!! 🎉
Following there is a list of breaking changes and possible migration paths
from previous chart versions. Please keep in mind that we can't cover all
possible scenarios.
If you are having issues upgrading from older chart versions please let us
known by opening an issue in Github
TL;DR
List of breaking changes:
- Global
tls
value has been removed in favour ofingress.tls
andapp.tls
ingress.tls[].secretName
has been removed in favour ofingress.tls[].existingSecret
extraVolumes
andextraVolumeMounts
values are now a list instead of a string.- Expose the HTTP port in the service.
service.port
,service.name
and
service.targetPort
have been removed in favour ofservice.ports
in order to expose configurable http and https ports.
Ingress and TLS related changes
Global tls
value has been removed to allow users to have different TLS
certificates injected on ingress objects and passbolt containers.
Ingress TLS is now managed with ingress.tls
value, while passbolt TLS
is managed with app.tls
field in the values file.
Migrate from old TLS configuration
ingress.tls[].secretName
has been removed in favour of
ingress.tls[].existingSecret
for clarity.
Inject same SSL certificate on ingress and service
Users that were injecting the same secret on Ingress objects and passbolt
container will have to migrate to a configuration similar to:
ingress.tls:
- autogenerate: false
existingSecret: mySSLSecret
hosts: [yourhost.com]
app.tls:
- autogenerate: false
existingSecret: mySSLSecret
Inject separate certificates on ingress and service
Users who want to inject different SSL certificates on ingress objects and passbolt
containers now they have a way to do it by setting:
ingress.tls:
- autogenerate: false
existingSecret: myIngressSSLSecret
hosts: [yourhost.com]
app.tls:
- autogenerate: false
existingSecret: mypassboltSSLSecret
Using new auto-generated TLS certificate function
Users coming from previous installations that use auto-generated certificates from
this chart will experience a renewal of such certificates when upgrading to version 1.0.0
0.7.2
0.7.1
Announcing the immediate availability of passbolt's official helm chart 0.7.1.
This release contains support for providing external secrets for JWT keys
as well as automatic support to download kubectl binaries based on host
cpu architecture.
Thanks to all the community members involved in this release!
0.7.0
Announcing the immediate availability of passbolt's official helm chart 0.7.0.
First of all, thanks to @Kuruyia for the contributions made to this new release.
One of them adds the ability to inject the GPG key pair from an existing secret
and another one to add some defaults values on the email configuration.
The release also brings a new field to toggle the initContainer that waits for
the database to be ready, so users that use service mesh or they have already a
running database can disable it.
0.6.1
0.6.0
Announcing the immediate availability of passbolt's official helm chart 0.6.0.
With this release comes a fix for a long time bug related with the automatic
creation of JWT keys by the chart.
A new job has been introduced named job-create-jwt
that will output valid
JWT keys and store them in a Kubernetes secret.
Users with already valid JWT keys stored as base64 in their values.yaml
jwtServerPrivate
and jwtServerPublic
won't have to do anything special.
The new job will detect your custom JWT keys and won't update them.
Users that don't have stored any JWT key in jwtServerPrivate
and
jwtServerPublic
Will be blocked upgrading to 0.6.0. There are two
options for these users:
Disable JWT auth
Chances are if you have not realized about this bug means you are
not using JWT authentication at all so you can disable it by editing
your values.yaml
and set passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED
to false
You can also use a --set
flag:
helm upgrade RELEASE_NAME my-repo/passbolt --set passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED=false
Force the generation of new JWT keys
Set jwtCreateKeysForced
to true
before upgrading to 0.6.0 version of
this chart.
Execute an upgrade as usual, this will patch your current JWT secret
with new keys.
Collect the new generated JWT key from the Kubernetes cluster and store it in
your values.yaml
in jwtServerPrivate
and jwtServerPublic
:
For jwtServerPrivate
take the output of this command and update your values.yaml
kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.key}"`
For jwtServerPublic
take the output of this command and update your values.yaml
:
kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.pem}"
Or use again a --set
flag:
export JWT_PRIVATE_KEY=$(kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.key}")
export JWT_PUBLIC_KEY=$(kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.pem}")
helm upgrade RELEASE_NAME my-repo/passbolt --set jwtServerPrivate=$JWT_PRIVATE_KEY --set jwtServerPublic=$JWT_PUBLIC_KEY
Where RELEASE_NAME
is the name of your helm release
For more information please check our changelog
0.5.0
We are happy to announce the availability of the version 0.5.0 of
the official Passbolt helm chart.
This release comes with a well requested feature: PostgreSQL support.
Users will be able to plug their external PostgreSQL instances or
use the bundled dependency in this chart.
PostgreSQL is an opt-in feature, by default Passbolt helm chart
still relies on MariaDB. However, it should be easy for users to plug
one or the other.
Thanks to all the community members for your feedback and support.
For more information please check our changelog