Skip to content

lmacka/helm-snappass

BranchesTags

Repository files navigation

helm-snappass

Artifact Hub

A Helm chart for deploying Pinterest's Snappass - a secure way to share passwords and secrets with a time-based expiration. At the time of writing, pintrest don't have a regular build pipeline for their helm chart, so this is a community maintained chart based off the image build pipeline here: https://github.com/lmacka/helm-snappass

Overview

Snappass is a secure password sharing tool that automatically expires shared secrets after a specified time. This Helm chart provides a production-ready deployment of Snappass on Kubernetes, including:

  • Built-in Redis backend (optional)
  • Ingress support
  • Security hardening
  • Horizontal Pod Autoscaling
  • Health checks and monitoring

Prerequisites

  • Kubernetes 1.21+
  • Helm 3.x
  • Ingress controller (optional, but recommended)

Quick Start

# Add the helm repository
helm repo add snappass https://lmacka.github.io/helm-snappass/
helm repo update

# Install with default configuration
helm install snappass snappass/snappass

Configuration

Minimal Configuration

For a basic installation with ingress enabled:

ingress:
  enabled: true
  className: "nginx"
  hosts:
    - host: snappass.yourdomain.com
      paths:
        - path: /
          pathType: Prefix

Production Configuration

For a production setup with TLS and resource limits:

ingress:
  enabled: true
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  hosts:
    - host: snappass.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: snappass-tls
      hosts:
        - snappass.yourdomain.com

resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 200m
    memory: 256Mi

redis:
  enabled: true
  master:
    persistence:
      enabled: true
      size: 100Mi

Parameters

Global Parameters

Parameter Description Default
replicaCount Number of Snappass replicas 1
image.repository Snappass image repository lmacka/snappass
image.tag Snappass image tag latest
image.pullPolicy Image pull policy IfNotPresent

Redis Configuration

Parameter Description Default
redis.enabled Deploy Redis as part of the release true
redis.architecture Redis architecture (standalone/replication) standalone
externalRedis.host External Redis host (if redis.enabled=false) ""
externalRedis.port External Redis port 6379

Ingress Configuration

Parameter Description Default
ingress.enabled Enable ingress true
ingress.className Ingress class name nginx
ingress.hosts Array of host configurations []
ingress.tls TLS configuration []

Security Considerations

The chart implements several security best practices:

  • Non-root container execution
  • ReadOnly root filesystem
  • Dropped capabilities
  • Resource limits
  • Network policies (optional)

Monitoring

The deployment includes readiness and liveness probes configured for the Snappass service. Default probe settings can be adjusted through values.yaml.

Uninstalling

To remove the deployment:

helm uninstall snappass

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Helm chart for Snappass

artifacthub.io/packages/helm/snappass/snappass

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 8

snappass-0.1.8 Latest
Nov 20, 2024
+ 7 releases

Packages

No packages published

Languages