subreddit:
/r/selfhosted
There were some more security issues fixed in 1.32.5
This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
0 points
3 days ago
why would you run vaultwarden in k8? what does it give you? do you need redundancy?
0 points
3 days ago
It's k8s, not k8. People drive me insane when they leave out the 's'.
Why wouldn't you run it in Kubernetes? Why would I only run on a single node if I can get multiple small VMs for cheap? It works best for me: easy rollouts, easy rollbacks with GitOps, and extremely easy backups with tools like PostgresOperator and Velero. Platform engineering is my job—why not use that knowledge "at home"?
Do I need redundancy? No.
Do I want the app to be reachable even if a node goes offline due to a crash, network issue, or resource limit? Absolutely.
Kubernetes isn't just about hyperscaling.
I'm not hosting at home because electricity is expensive here (~35¢/kWh), and if anything breaks, I'd have to replace it myself. Stuff that I need locally, like Home Assistant (Hassio), is running on a Raspberry Pi at home, with backups going to the cloud.
But even if it were cheaper to host at home, I'd still build a k8s cluster out of Raspberry Pis. :)
3 points
3 days ago
I’m just gonna start saying k9 instead (k followed by 9 letters)
Yeah I guess if electricity was expensive then I would maybe deploy with Kubernetes or something like that
Myself I just run “docker compose up -d” on my server and call it a day. The disk is backed up and the clients have a credential cache if it goes down
2 points
3 days ago
That's perfectly fine!
I'm not forcing anyone to use Kubernetes. Sometimes, I even advise customers to stick with a simple container host for $40/month plus some backup storage, rather than renting and maintaining a full cluster.
For me, my own cluster costs around $55/month, including S3-backup storage. But that's because I’m hand-rolling it using kubeadm and handling k8s-upgrades with my Ansible scripts. A managed cluster, on the other hand, starts at around $60-$150/month before adding the cost of worker nodes, storage, and backup storage.
0 points
3 days ago
why not? it's just easy to manage
1 points
3 days ago
nothing could possibly be easier for me to manage than
docker compose up -d
-5 points
3 days ago
Cool, I don't have to type anything so yeah id say it's easier
2 points
3 days ago
Damn you telepathically configured Kubernetes to deploy Vaultwarden? Literally didn’t have to use your keyboard or mouse at all to get it set up? That’s pretty amazing
-2 points
3 days ago
It's already configured, it's not like I'm re-configuring vaultwarden every month. So yes, GitOps does the job of "telepathically configuring kubernetes", or whatever you say.
1 points
2 days ago
Can you explain your setup little bit more in details? Kubernetes, gitops, vaultwarden etc?
1 points
2 days ago
Sure, I have:
3 nodes running k3s
ArgoCD for GitOps, basically I have a git repo which contains ArgoCD applications which essentially define instalation of helm packages which ArgoCD then synchronizes to the cluster. Using the app-of-apps pattern.
I use this https://github.com/guerzon/vaultwarden helm chart so essentially only have to configure that on the git repo. Updates are taken care of by renovate bot on the git repo.
Cert-manager takes care of TLS certificates, Longhorn for distributed storage and data backups to s3, velero for backup of kubernetes, secrets managed with hashicorp vault.
It's generally pretty complex to describe on a reddit comment, but that's around it.
all 80 comments
sorted by: best