feat(vaultwarden): support CNPG as database

sebastiangaiser · Sebastian Gaiser · commit 79be751d4e11 · 2025-12-30T16:44:32.000+01:00
Signed-off-by: Sebastian Gaiser &lt;sebastiangaiser@users.noreply.github.com&gt;
Signed-off-by: Sebastian Gaiser &lt;sebastian.gaiser@hetzner-cloud.de&gt;
diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml
@@ -0,0 +1,5 @@
+MD013:
+  line_length: 600
+MD060:
+  table-column-style: tight
+  aligned_delimiter: true
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -71,6 +71,11 @@ jobs:
           helm install prometheus-operator-crds oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds
         if: steps.list-changed.outputs.changed == 'true'
 
+      - name: Install CNPG
+        run: |
+          helm install --namespace cnpg-system --create-namespace --repo https://cloudnative-pg.github.io/charts cnpg cloudnative-pg
+        if: steps.list-changed.outputs.changed == 'true'
+
       - name: Run chart-testing (install)
         run: ct install --config .github/linters/ct.yaml
 
diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml
@@ -8,4 +8,4 @@ icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/icon.svg
 sources:
   - https://github.com/dani-garcia/vaultwarden
   - https://github.com/sebastiangaiser/helm-charts/
-version: 0.13.1
+version: 0.14.0
diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md
@@ -14,7 +14,11 @@ A Helm chart for deploying Vaultwarden to Kubernetes
 | additionalVolumeMounts | list | `[]` | Additional volume mounts |
 | additionalVolumes | object | `{}` | Additional volumes |
 | affinity | object | `{}` | Affinities |
+| cnpg.backup | object | `{}` |  |
 | cnpg.enabled | bool | `false` |  |
+| cnpg.instances | string | `"1"` |  |
+| cnpg.size | string | `"1Gi"` |  |
+| cnpg.version | string | `"18"` |  |
 | deploymentStrategy.type | string | `"Recreate"` |  |
 | fullnameOverride | string | `""` |  |
 | horizontalAutoscaling | object | `{"enabled":false,"maxReplicas":3,"minReplicas":1,"targetCPUUtilizationPercentage":75,"targetMemoryUtilizationPercentage":75}` | HPA configuration |
@@ -52,7 +56,7 @@ A Helm chart for deploying Vaultwarden to Kubernetes
 | zalandoPostgresql.resources.requests.cpu | string | `"250m"` |  |
 | zalandoPostgresql.resources.requests.memory | string | `"250Mi"` |  |
 | zalandoPostgresql.size | string | `"1Gi"` |  |
-| zalandoPostgresql.version | string | `"16"` |  |
+| zalandoPostgresql.version | string | `"18"` |  |
 
 ## Upgrading
 
diff --git a/charts/vaultwarden/templates/deployment.yaml b/charts/vaultwarden/templates/deployment.yaml
@@ -41,6 +41,34 @@ spec:
         {{- end }}
       {{- if ( or .Values.initContainers .Values.zalandoPostgresql.enabled ) }}
       initContainers:
+        {{- if .Values.cnpg.enabled }}
+        - name: check-postgresql-ready
+          image: "postgres:{{ .Values.cnpg.version }}"
+          command: ['bash', '-c',
+            'until pg_isready; do echo waiting for database be ready; sleep 2; done;']
+          args: []
+          env:
+            - name: PGHOST
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ include "vaultwarden.fullname" . }}-app"
+                  key: "hostname"
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ include "vaultwarden.fullname" . }}-app"
+                  key: "username"
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ include "vaultwarden.fullname" . }}-app"
+                  key: "password"
+            - name: PGDATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ include "vaultwarden.fullname" . }}-app"
+                  key: "database"
+        {{- end }}
         {{- if .Values.zalandoPostgresql.enabled }}
         - name: check-postgresql-ready
           image: "postgres:{{ .Values.zalandoPostgresql.version }}"
@@ -100,6 +128,13 @@ spec:
                   name: {{ template "vaultwarden.fullname" . }}-admin-token
                   key: admin-token
           {{- end }}
+          {{- if .Values.cnpg.enabled }}
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ include "vaultwarden.fullname" . }}-app"
+                  key: "database-url"
+          {{- end }}
           {{- if .Values.zalandoPostgresql.enabled }}
             - name: POSTGRES_HOST
               value: {{ .Values.zalandoPostgresql.teamId | default "acid" }}-{{ include "vaultwarden.fullname" . }}
diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml
@@ -117,11 +117,15 @@ affinity: {}
 ## -- CNPG database configuration
 cnpg:
   enabled: false
+  backup: {}
+  version: "18"
+  instances: "1"
+  size: 1Gi
 
 ## -- Zalando PostgreSQL database configuration
 zalandoPostgresql:
   enabled: false
-  version: "16"
+  version: "18"
   instances: 1
   size: 1Gi
   resources:
