1.1.1

Announcing the immediate availability of passbolt's helm chart 1.1.1

This is a minor change release that fixes bugs reported by the community when
using passbolt with an external postgresql database.

1.1.0

Announcing the immediate availability of passbolt's helm chart 1.1.0.

This is a minor change release that fixes a bug when forcing the passboltEnv.DATASOURCES_DEFAULT_PORT on values file
and adds the passbolt with postgresql integration tests.

1.0.0

Announcing the immediate availability of passbolt's helm chart 1.0.0.
This is a major release that introduces some breaking changes contributed
by the community.

Thanks to all the community members that helped us to improve this chart
and reach version 1.0.0!! 🎉

@chris968
@jouve
@Kuruyia

Following there is a list of breaking changes and possible migration paths
from previous chart versions. Please keep in mind that we can't cover all
possible scenarios.

If you are having issues upgrading from older chart versions please let us
known by opening an issue in Github

TL;DR

List of breaking changes:

• Global tls value has been removed in favour of ingress.tls and app.tls
• ingress.tls[].secretName has been removed in favour of ingress.tls[].existingSecret
• extraVolumes and extraVolumeMounts values are now a list instead of a string.
• Expose the HTTP port in the service. service.port, service.name and
  service.targetPort have been removed in favour of service.ports
  in order to expose configurable http and https ports.

Ingress and TLS related changes

Global tls value has been removed to allow users to have different TLS
certificates injected on ingress objects and passbolt containers.
Ingress TLS is now managed with ingress.tls value, while passbolt TLS
is managed with app.tls field in the values file.

Migrate from old TLS configuration

ingress.tls[].secretName has been removed in favour of
ingress.tls[].existingSecret for clarity.

Inject same SSL certificate on ingress and service

Users that were injecting the same secret on Ingress objects and passbolt
container will have to migrate to a configuration similar to:

ingress.tls:
  - autogenerate: false
    existingSecret: mySSLSecret
    hosts: [yourhost.com]

app.tls:
  - autogenerate: false
    existingSecret: mySSLSecret

Inject separate certificates on ingress and service

Users who want to inject different SSL certificates on ingress objects and passbolt
containers now they have a way to do it by setting:

ingress.tls:
  - autogenerate: false
    existingSecret: myIngressSSLSecret
    hosts: [yourhost.com]

app.tls:
  - autogenerate: false
    existingSecret: mypassboltSSLSecret

Using new auto-generated TLS certificate function

Users coming from previous installations that use auto-generated certificates from
this chart will experience a renewal of such certificates when upgrading to version 1.0.0

0.7.2

Announcing the immediate availability of passbolt's official helm chart 0.7.2.

This is a minor change release that fixes a bug when generating the postgresql
credentials secret.

0.7.1

Announcing the immediate availability of passbolt's official helm chart 0.7.1.

This release contains support for providing external secrets for JWT keys
as well as automatic support to download kubectl binaries based on host
cpu architecture.

Thanks to all the community members involved in this release!

@Kuruyia @ook

0.7.0

Announcing the immediate availability of passbolt's official helm chart 0.7.0.

First of all, thanks to @Kuruyia for the contributions made to this new release.
One of them adds the ability to inject the GPG key pair from an existing secret
and another one to add some defaults values on the email configuration.

The release also brings a new field to toggle the initContainer that waits for
the database to be ready, so users that use service mesh or they have already a
running database can disable it.

0.6.1

Announcing the immediate availability of passbolt's official helm chart 0.6.1.

This release removes a leak of the pgpass to the stdout when installing psql.

0.6.0

Announcing the immediate availability of passbolt's official helm chart 0.6.0.

With this release comes a fix for a long time bug related with the automatic
creation of JWT keys by the chart.

A new job has been introduced named job-create-jwt that will output valid
JWT keys and store them in a Kubernetes secret.

Users with already valid JWT keys stored as base64 in their values.yaml
jwtServerPrivate and jwtServerPublic won't have to do anything special.
The new job will detect your custom JWT keys and won't update them.

Users that don't have stored any JWT key in jwtServerPrivate and
jwtServerPublic Will be blocked upgrading to 0.6.0. There are two
options for these users:

Disable JWT auth

Chances are if you have not realized about this bug means you are
not using JWT authentication at all so you can disable it by editing
your values.yaml and set passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED to false

You can also use a --set flag:

helm upgrade RELEASE_NAME my-repo/passbolt --set passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED=false

Force the generation of new JWT keys

Set jwtCreateKeysForced to true before upgrading to 0.6.0 version of
this chart.

Execute an upgrade as usual, this will patch your current JWT secret
with new keys.

Collect the new generated JWT key from the Kubernetes cluster and store it in
your values.yaml in jwtServerPrivate and jwtServerPublic:

For jwtServerPrivate take the output of this command and update your values.yaml

kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.key}"`

For jwtServerPublic take the output of this command and update your values.yaml:

kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.pem}"

Or use again a --set flag:

export JWT_PRIVATE_KEY=$(kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.key}")
export JWT_PUBLIC_KEY=$(kubectl get secret RELEASE_NAME-passbolt-sec-jwt --namespace default -o jsonpath="{.data.jwt\.pem}")
helm upgrade RELEASE_NAME my-repo/passbolt --set jwtServerPrivate=$JWT_PRIVATE_KEY --set jwtServerPublic=$JWT_PUBLIC_KEY

Where RELEASE_NAME is the name of your helm release

For more information please check our changelog

0.5.0

We are happy to announce the availability of the version 0.5.0 of
the official Passbolt helm chart.
This release comes with a well requested feature: PostgreSQL support.
Users will be able to plug their external PostgreSQL instances or
use the bundled dependency in this chart.
PostgreSQL is an opt-in feature, by default Passbolt helm chart
still relies on MariaDB. However, it should be easy for users to plug
one or the other.
Thanks to all the community members for your feedback and support.

For more information please check our changelog

0.4.4

This is a small hotfix release that fixes issues reported
by the community regarding the imagePullPolicy on the
deployment resource.

For more information please check our changelog