README.md.gotmpl

# Passbolt Helm chart

<h3 align="center">
    <img src="./.assets/helm_passbolt.png" alt="passbolt sails kubernetes" width="500"/>
</h3>

{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}

Passbolt is an open source, security first password manager with strong focus on
collaboration.

## TL;DR

The following commands are not recommended for production deployments as they will
use default passwords for internal databases:

```bash
helm repo add my-repo https://download.passbolt.com/charts/passbolt
helm install my-release my-repo/passbolt
```

In case you prefer to use postgresql intead of mariadb, a sample config is provided in the examples directory:

```
helm repo add my-repo https://download.passbolt.com/charts/passbolt
helm install my-release my-repo/passbolt -f examples/postgresql.yaml
```

Production workloads should change the fields with values 'CHANGEME' on values.yaml
and deploy the chart as follows:

```bash
helm repo add my-repo https://download.passbolt.com/charts/passbolt
helm install my-release my-repo/passbolt -f values.yaml
```

Or using `--set` flags to modify certain chart options:

```bash
helm repo add my-repo https://download.passbolt.com/charts/passbolt
helm install my-release my-repo/passbolt \
  --set redis.auth.password=my_redis_password \
  --set passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD=my_redis_password \
  --set mariadb.auth.password=my_mariadb_password \
  --set passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD=my_mariadb_password
```

## Introduction

This chart deploys [passbolt](https://www.passbolt.com) on [kubernetes](https://kubernetes.io) using the [Helm](https://helm.sh/) package manager.

Passbolt comes in three editions:

- [Community edition](https://www.passbolt.com/ce/docker)
- [Professional edition](https://signup.passbolt.com/pricing/pro)
- [Cloud edition](https://signup.passbolt.com/pricing/cloud)

This chart supports the deployment of Community edition and Professional edition.

## Prerequisites

- Kubernetes 1.19+ or 1.23+ if you want to use hpa
- Helm 3.x
- Passbolt docker >= 3.12.2-1

## Installing the chart

Installing the chart under the name `my-release`:

```bash
helm install my-release my-repo
```

The above command deploys passbolt with default settings on your kubernetes cluster.
Check the [configuration](#Configuration) section to check which parameters you can fine tune.

## Use passbolt non-root image

In case you want to use the non-root passbolt image, there are a few changes that you have to introduce on your values file:

```bash
app:
  image:
    tag: <NON_ROOT_TAG>

service:
  ports:
    https:
      targetPort: 4433
    http:
      targetPort: 8080
```

With these changes you should be able to run passbolt on a container executed by www-data user.

## Creating first user

Once the chart is deployed, you can create your first user by running the following command:

```bash
kubectl exec -it <passbolt-pod-name> -- su -c "bin/cake passbolt register_user -u <email> -f <firstname> -l <lastname> -r admin" -s /bin/bash www-data
```

## Uninstalling the chart

To uninstall/delete the chart from your cluster:

```bash
helm delete my-release
```

The above command deletes all the kubernetes components associated with the
chart and deletes the release.

## Requirements

| Repository                                            | Name             | Version |
|-------------------------------------------------------|------------------|---------|
| https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7   |
| oci://registry-1.docker.io/bitnamicharts              | mariadb          | 11.5.7  |
| oci://registry-1.docker.io/bitnamicharts              | redis            | 17.15.2 |

{{ template "chart.valuesSection" . }}

## Running tests

In order to run the available tests, you can run the `run_tests.sh` script on the root of the project. This script runs both the unit and the integration tests.

```
$ bash run_tests.sh -h
Run the available tests for passbolt helm charts

Syntax: run_tests.sh [options]
run_tests.sh with no arguments will run all of the available tests.

options:
-h|--help                 Show this message.
-l|--lint                 Run helm lint.
-u|--unit                 Run helm unittest tests.
-i|--integration          Run integration tests.
-d|--database [option]    Database to run integration tests with [mariadb|postgresql]."
-no-clean                 Skip cleaning step.

```

### Unit tests

We rely on [helm unitttest](https://github.com/helm-unittest/helm-unittest) framework, so if you want to run it on your own, follow the installation steps in their [docs](https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install).

### Integration tests

The integration tests code is under the `tests/integration`. There are a list of tools that are required locally to run the integration tests ([kind](https://github.com/kubernetes-sigs/kind), [helm](https://github.com/helm/helm), [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl), [mkcert](https://github.com/FiloSottile/mkcert) and [passbolt go cli](https://github.com/passbolt/go-passbolt-cli))
and they will be downloaded during the tests execution if they are not installed in the system. Even though, there is a cleaning step that runs at the end of the execution to clean the directory.

## Updating README.md

We rely on the [helm-docs](https://github.com/norwoodj/helm-docs) helm plugin and [mdformat](https://github.com/executablebooks/mdformat) with [mdformat-tables](https://github.com/executablebooks/mdformat-tables) to generate and format the README.md on each release 

```
helm-docs -t README.md.gotmpl --dry-run | mdformat - > README.md  
```