I'm having a tough time getting Vaultwarden installed on Talos using Rancher and Helm. I followed the `guerzon/vaultwarden` setup, but I'm hitting roadblocks with no clear errors to guide me on what's going wrong. I'm pretty new to Kubernetes, so I might be missing some key steps. I already created a volume and a PVC named 'test' in the Vaultwarden namespace, but that's about it. Also, I was advised to add some security context settings like `fsGroup: 65534`, `runAsUser: 65534`, and `runAsGroup: 65534`. Below, you'll find my current values.yaml configuration. It seems like I'm not implementing something correctly, and any help would be greatly appreciated!
4 Answers
Just a heads up: using unofficial images can lead to issues. You might want to stick with the official `vaultwarden/server` image instead.
It might be a good idea to check your storage class too. Sometimes it doesn’t apply the right permissions when creating the necessary PV/PVC.
To be honest, Grok can be pretty chaotic and may not be the best resource for this. You should know that Vaultwarden typically runs as UID 0 by default, which goes against Talos's security policies and causes it to fail. You've got a few options: 1) Rebuild the Vaultwarden image to run as a different UID/GID; 2) Adjust your values.yaml to set the UID/GID correctly; or 3) Apply a label to your namespace to enforce privileged access, but be cautious about the security risks that come with that.
Consider simplifying your values.yaml by removing most of the default values. It could help make the file more readable and easier to troubleshoot.
That makes sense! I’ll try cleaning it up.
First off, it would help to have more specifics. What exact issues are you facing? Is Helm failing to install? Are there pods being created, and if so, what’s their status? Running `kubectl describe pod ` can give you more details on what's happening. You might also want to remove the security context settings for now and see if that makes a difference. Not every container image supports running as any user, so it may be the root of your problems.
Isn't `vaultwarden/server` the official one?