I'm having a tough time getting Vaultwarden installed on Talos using Rancher and Helm. I followed the `guerzon/vaultwarden` setup, but I'm hitting roadblocks with no clear errors to guide me on what's going wrong. I'm pretty new to Kubernetes, so I might be missing some key steps. I already created a volume and a PVC named 'test' in the Vaultwarden namespace, but that's about it. Also, I was advised to add some security context settings like `fsGroup: 65534`, `runAsUser: 65534`, and `runAsGroup: 65534`. Below, you'll find my current values.yaml configuration. It seems like I'm not implementing something correctly, and any help would be greatly appreciated!
3 Answers
To be honest, Grok can be pretty chaotic and may not be the best resource for this. You should know that Vaultwarden typically runs as UID 0 by default, which goes against Talos's security policies and causes it to fail. You've got a few options: 1) Rebuild the Vaultwarden image to run as a different UID/GID; 2) Adjust your values.yaml to set the UID/GID correctly; or 3) Apply a label to your namespace to enforce privileged access, but be cautious about the security risks that come with that.
Consider simplifying your values.yaml by removing most of the default values. It could help make the file more readable and easier to troubleshoot.
First off, it would help to have more specifics. What exact issues are you facing? Is Helm failing to install? Are there pods being created, and if so, what’s their status? Running `kubectl describe pod ` can give you more details on what's happening. You might also want to remove the security context settings for now and see if that makes a difference. Not every container image supports running as any user, so it may be the root of your problems.
That makes sense! I’ll try cleaning it up.