Update versions test workflow, cleaning up un-used YAML/templates, an…

…d DB examples (#71)
bitwarden · Dec 5, 2023 · ab2cc23 · ab2cc23
1 parent a4b9933
commit ab2cc23
Show file tree

Hide file tree

Showing 10 changed files with 166 additions and 20 deletions.
diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml
@@ -74,6 +74,41 @@ jobs:
           fi
         working-directory: charts/self-host/templates
 
+      - name: Verify if image versions are on Docker Hub
+        id: verify-versions
+        env:
+          COREVERSION: ${{ steps.get-core.outputs.version }}
+          WEBVERSION: ${{ steps.get-web.outputs.version }}
+        run: |
+          echo "Checking..."
+          
+          coreimages=( "admin" "api" "attachments" "events" "icons" "identity" "notifications" "scim" "sso" "mssqlmigratorutility" )
+          
+          test_image() {
+              image=$1
+              version=$2
+              tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version | cat)
+              if [[ -z "$tag" ]]; then
+                  echo "$image - $version - NOT FOUND!"
+                  echo "Stopping..."
+                  exit 1
+              else
+                  echo "$image - $tag - FOUND"
+              fi
+          }
+
+          echo "Core Images ($COREVERSION)..."
+          
+          for key in "${!coreimages[@]}"
+          do
+              image=${coreimages[$key]}
+              test_image $image $COREVERSION
+          done
+
+          echo "Web Image ($WEBVERSION)..."
+          
+          test_image "web" $WEBVERSION
+
   update-versions:
     name: "Update Versions"
     if: |

diff --git a/charts/self-host/README.md b/charts/self-host/README.md
@@ -1224,3 +1224,7 @@ Update the other settings in `my-values.yaml` based on your environment.  Follow
 ```shell
 helm upgrade bitwarden bitwarden/self-host --install --devel --namespace bitwarden --values my-values.yaml
 ```
+
+## Database Pod Backup and Restore
+
+Please see the ["examples" README](../../examples/README.md) for information on how you might setup database backups for the provided SQL pod.
diff --git a/charts/self-host/templates/helpers.tpl b/charts/self-host/templates/helpers.tpl
@@ -5,20 +5,6 @@
 {{- "2023.10.2" -}}
 {{- end -}}
 
-{{/*
-Get the coreVersion for image tags
-*/}}
-{{- define "bitwarden.coreVersion" -}}
-{{- default ( include "bitwarden.coreVersionDefault" nil ) .Values.general.coreVersionOverride  -}}
-{{- end -}}
-
-{{/*
-Get the webVersion for image tags
-*/}}
-{{- define "bitwarden.webVersion" -}}
-{{- default ( include "bitwarden.webVersionDefault" nil ) .Values.general.webVersionOverride  -}}
-{{- end -}}
-
 {{/*
 Expand the name of the chart.
 */}}

diff --git a/charts/self-host/templates/mssql.yaml b/charts/self-host/templates/mssql.yaml
@@ -56,7 +56,7 @@ spec:
             - name: mssql-log
               mountPath: /var/opt/mssql/log
             - name: mssql-backups
-              mountPath: /etc/bitwarden/mssql/backups
+              mountPath: /var/opt/mssql/backups
             {{- if .Values.secrets.secretProviderClass}}
             - name: secrets-store-inline
               mountPath: "/mnt/secrets-store"

diff --git a/charts/self-host/templates/pre-install-db-migrator-job.yaml b/charts/self-host/templates/pre-install-db-migrator-job.yaml
@@ -44,11 +44,6 @@ spec:
         {{- end }}
       restartPolicy: Never
       volumes:
-        {{- if .Values.database.enabled }}
-        - name: mssql-data
-          persistentVolumeClaim:
-            claimName: {{ template "bitwarden.mssqlData" . }}
-        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           csi:

diff --git a/examples/README.md b/examples/README.md
@@ -0,0 +1,15 @@
+# Example Files
+
+The files in this directory provide further examples for working with the Helm chart deployments.  The scripts and other files here are provided as-is.
+
+## Self-host chart
+
+These following examples are for use with the `self-host` chart.
+
+### Database Pod Backup and Restore Examples
+
+We have provided two example jobs for backing up and restoring the database in the Bitwarden database pod.  If you are using your own SQL Server instance that is not deployed as part of this Helm chart, please follow your corporate backup and restore policies.  These are illustrative examples of what can be done.  Database backups and backup policies are ultimately up to the implementor.
+
+The example jobs for the database pod can be found in the `database-backup` and `database-restore` folders under the `examples` directory.  Note that the backup could be scheduled outside of the cluster to run at a regular interval, or it could be modified to create a CronJob object within Kubernetes for scheduling purposes.
+
+The backup job will create timestamped versions of the previous backups.  The current backup is simply called `vault.bak`.  These files are placed in the MS SQL backups persistent volume.  The restore job will look for `vault.bak` in the same persistent volume.
diff --git a/examples/database-backup/backup-job.yaml b/examples/database-backup/backup-job.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: "bitwarden-backup"
+  labels:
+    app.kubernetes.io/component: bitwarden-backup
+    app: bitwarden-backup
+spec:
+  ttlSecondsAfterFinished: 10
+  backoffLimit: 1
+  template:
+    metadata:
+      name: "bitwarden-backup"
+      labels:
+        app.kubernetes.io/component: bitwarden-backup
+        app: bitwarden-backup
+    spec:
+      containers:
+      - name: backup-db
+        env:
+        - name: MSSQL_CONN_STRING
+          valueFrom:
+            secretKeyRef:
+              name: bitwarden-sql-connection-string
+              key: globalSettings__sqlServer__connectionString
+        image: "mcr.microsoft.com/mssql-tools"
+        volumeMounts:
+          - name: mssql-backups
+            mountPath: /backups
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: [
+            "
+            [ ! -f /backups/vault.bak ] || mv /backups/vault.bak \"/backups/vault.bak.$(date -r /backups/vault.bak -u +'%Y-%m-%dT%H:%M:%SZ')\";
+            svr=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \"Data Source=tcp:\\K[^,]*(?=.*)\")\";
+            pass=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \".*Password=\\K[^;]*(?=.*)\")\";
+            echo \"$pass\" | /opt/mssql-tools/bin/sqlcmd -S $svr -U SA -q \"BACKUP DATABASE [vault] TO DISK = '/var/opt/mssql/backups/vault.bak' WITH FORMAT, INIT\"
+            "
+        ]
+      restartPolicy: Never
+      volumes:
+        - name: mssql-backups
+          persistentVolumeClaim:
+            claimName: bitwarden-self-host-mssqlbackups
diff --git a/examples/database-backup/db-backup.sh b/examples/database-backup/db-backup.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+namespace="bitwarden"
+
+kubectl delete job -n $namespace -l app=bitwarden-backup
+kubectl apply -n $namespace -f $(dirname "$0")/backup-job.yaml
+echo -n "Starting job..."
+while [[ $(kubectl get pods -n $namespace -l app=bitwarden-backup -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do echo -n "..."; sleep 1; done
+echo "..."
+echo "Backing up..."
+kubectl logs -l app=bitwarden-backup -n $namespace -f
diff --git a/examples/database-restore/db-restore.sh b/examples/database-restore/db-restore.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+namespace="bitwarden"
+
+kubectl delete job -n $namespace -l app=bitwarden-restore
+kubectl apply -n $namespace -f $(dirname "$0")/restore-job.yaml
+echo -n "Starting job..."
+while [[ $(kubectl get pods -n $namespace -l app=bitwarden-restore -o jsonpath="{.items[*].status.containerStatuses[*].ready}") != "true" ]]; do echo -n "..."; sleep 1; done
+echo "..."
+echo "Restoring..."
+kubectl logs -l app=bitwarden-restore -n $namespace -f
diff --git a/examples/database-restore/restore-job.yaml b/examples/database-restore/restore-job.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: "bitwarden-restore"
+  labels:
+    app.kubernetes.io/component: bitwarden-restore
+    app: bitwarden-restore
+spec:
+  ttlSecondsAfterFinished: 10
+  backoffLimit: 1
+  template:
+    metadata:
+      name: "bitwarden-restore"
+      labels:
+        app.kubernetes.io/component: bitwarden-restore
+        app: bitwarden-restore
+    spec:
+      containers:
+      - name: restore-db
+        env:
+        - name: MSSQL_CONN_STRING
+          valueFrom:
+            secretKeyRef:
+              name: bitwarden-sql-connection-string
+              key: globalSettings__sqlServer__connectionString
+        image: "mcr.microsoft.com/mssql-tools"
+        volumeMounts:
+          - name: mssql-backups
+            mountPath: /backups
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: [
+            "
+            svr=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \"Data Source=tcp:\\K[^,]*(?=.*)\")\";
+            pass=\"$(echo \"${MSSQL_CONN_STRING}\" | grep -Po \".*Password=\\K[^;]*(?=.*)\")\";
+            echo \"$pass\" | /opt/mssql-tools/bin/sqlcmd -S $svr -U SA -q \"ALTER DATABASE [vault] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; RESTORE DATABASE [vault] FROM DISK = '/var/opt/mssql/backups/vault.bak' WITH REPLACE; ALTER DATABASE [vault] SET MULTI_USER;\"
+            "
+        ]
+      restartPolicy: Never
+      volumes:
+        - name: mssql-backups
+          persistentVolumeClaim:
+            claimName: bitwarden-self-host-mssqlbackups