use supertokens
ci / build (push) Failing after 1s
Details
ci / build (push) Failing after 1s
Details
This commit is contained in:
parent
4c71649c76
commit
255503acb6
|
@ -48,4 +48,6 @@ In other words, pick something for a name and roll with the punches.
|
|||
### Never Settle
|
||||
|
||||
> "But it's also about looking at things anew and what they could be instead of what they are"
|
||||
> -- Rodney Mullen
|
||||
> -- Rodney Mullen
|
||||
|
||||
### Success requires continuing even when it's painful
|
6
Makefile
6
Makefile
|
@ -13,10 +13,10 @@ secrets:
|
|||
flux:
|
||||
./scripts/flux-bootstrap.sh
|
||||
|
||||
chisel:
|
||||
./scripts/k8s-chisel.sh
|
||||
cluster: echoenv kind namespaces gateway secrets velero flux metrics chisel
|
||||
|
||||
cluster: echoenv kind namespaces secrets velero flux metrics chisel
|
||||
gateway:
|
||||
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
|
||||
|
||||
metrics:
|
||||
./scripts/k8s-metrics.sh
|
||||
|
|
333
Tiltfile
333
Tiltfile
|
@ -9,6 +9,18 @@ secret_settings(
|
|||
disable_scrub=True
|
||||
)
|
||||
|
||||
## @warning Don't use kubefwd, it's unreliable. In my testing, it deleted important /etc/hosts entries.
|
||||
## Our workaround for SSL in dev is to use a VPS with caddy and chisel.
|
||||
## Caddy handles SSL certs/termination and chisel proxies into our cluster.
|
||||
## This means that cert-manager is only used in staging and production env (not development.)
|
||||
## This also means Gateway and HTTPRoute is only used in staging and production.
|
||||
## @todo Caddy/Chisel is not ideal since that setup is out-of-scope of the monorepo. For now it's the best solution because it unblocks our DX
|
||||
##
|
||||
## @see https://blog.tilt.dev/2021/09/09/kubefwd-operator.html
|
||||
# v1alpha1.extension_repo(name='default', url='https://github.com/tilt-dev/tilt-extensions')
|
||||
# v1alpha1.extension(name='kubefwd:config', repo_name='default', repo_path='kubefwd')
|
||||
|
||||
|
||||
## helm_remote and deploy_cert_manager are BANNED because they use too much bandwidth and crash my computer
|
||||
##
|
||||
## cert-manager slows down Tilt updates so I prefer to keep it commented unless I specifically need to test certs
|
||||
|
@ -26,6 +38,17 @@ load('ext://dotenv', 'dotenv')
|
|||
dotenv(fn='.env.development')
|
||||
|
||||
|
||||
## Right now we use Tilt/Helm in dev and Flux/Kustomize/Helm in production.
|
||||
## It is a pipedream to use the same deployment/templating tool in development as we do in production. This vastly simplifies deployment.
|
||||
## We can't use Flux in development unless we figure out a way for flux/kustomize to reference our fp Helm chart as a relative directory.
|
||||
## Right now, we reference gitea.futureporn.net (kind: GitRepository) where Kustomize downloads the fp Helm chart.
|
||||
## We could possibly rewrite our fp Helm chart as a Kustomization and then deprecate Helm in development.
|
||||
## k8s_yaml(kustomize('./flux/apps/development'))
|
||||
## We are constrained to CrossNamespaceObjectReference kind list
|
||||
## @see https://fluxcd.io/flux/components/helm/api/v2/#helm.toolkit.fluxcd.io/v2.CrossNamespaceObjectReference
|
||||
## @see https://github.com/fluxcd/helm-controller/blob/c8ae4b6ad225d37b19bacb634db784d6096908ac/api/v2beta2/reference_types.go#L53
|
||||
|
||||
|
||||
# helm_remote(
|
||||
# 'velero',
|
||||
# repo_name='velero',
|
||||
|
@ -64,13 +87,8 @@ dotenv(fn='.env.development')
|
|||
# namespace='futureporn',
|
||||
# version='7.1.4',
|
||||
# )
|
||||
# helm_remote(
|
||||
# 'frp-operator',
|
||||
# repo_name='frp-operator',
|
||||
# repo_url='https://zufardhiyaulhaq.com/frp-operator/charts/releases/',
|
||||
# namespace='futureporn',
|
||||
# version='1.0.0'
|
||||
# )
|
||||
|
||||
|
||||
# helm_remote(
|
||||
# 'kubernetes-ingress-controller',
|
||||
# repo_name='kubernetes-ingress-controller',
|
||||
|
@ -91,18 +109,23 @@ dotenv(fn='.env.development')
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
k8s_yaml(helm(
|
||||
'./charts/traefik/traefik',
|
||||
namespace='futureporn',
|
||||
values=[
|
||||
'./charts/traefik/values-overrides.yaml'
|
||||
]
|
||||
))
|
||||
k8s_yaml(helm(
|
||||
'./charts/fp',
|
||||
values=['./charts/fp/values.yaml'],
|
||||
))
|
||||
## we are using a local helm chart instead of using helm_remote because that command makes the tilt builds Hella slow.
|
||||
## to download this chart, we used the following commands.
|
||||
## future re-pulling is needed to keep things up-to-date.
|
||||
##
|
||||
## helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
## helm pull bitnami/postgresql --untar --destination ./charts/postgresql
|
||||
# we are using a local helm chart instead of using helm_remote because that command makes the tilt builds Hella slow.
|
||||
# to download this chart, we used the following commands.
|
||||
# future re-pulling is needed to keep things up-to-date.
|
||||
#
|
||||
# helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
# helm pull bitnami/postgresql --untar --destination ./charts/postgresql
|
||||
k8s_yaml(helm(
|
||||
'./charts/postgresql/postgresql',
|
||||
namespace='futureporn',
|
||||
|
@ -120,6 +143,32 @@ k8s_yaml(helm(
|
|||
]
|
||||
))
|
||||
|
||||
|
||||
|
||||
# k8s_yaml(helm(
|
||||
# './charts/drupal/drupal',
|
||||
# namespace='futureporn',
|
||||
# values=[
|
||||
# './charts/drupal/values-overrides.yaml'
|
||||
# ]
|
||||
# ))
|
||||
|
||||
# k8s_yaml(helm(
|
||||
# './charts/phpmyadmin/phpmyadmin',
|
||||
# namespace='futureporn',
|
||||
# values=[
|
||||
# './charts/phpmyadmin/values-overrides.yaml'
|
||||
# ]
|
||||
# ))
|
||||
|
||||
# k8s_yaml(helm(
|
||||
# './charts/mariadb/mariadb',
|
||||
# namespace='futureporn',
|
||||
# values=[
|
||||
# './charts/mariadb/values-overrides.yaml'
|
||||
# ]
|
||||
# ))
|
||||
|
||||
# k8s_yaml(helm(
|
||||
# './charts/external-secrets/external-secrets',
|
||||
# namespace='futureporn',
|
||||
|
@ -127,19 +176,11 @@ k8s_yaml(helm(
|
|||
|
||||
|
||||
|
||||
k8s_yaml(helm(
|
||||
'./charts/traefik/traefik',
|
||||
namespace='futureporn',
|
||||
values=[
|
||||
'./charts/traefik/values-overrides.yaml'
|
||||
]
|
||||
))
|
||||
|
||||
|
||||
## redis is for uppy
|
||||
## before you think of switching to valkey, dragonfly, or one of the other redis alternatives, STOP. Uppy is picky.
|
||||
## I tested dragonfly, valkey, and KeyDB. Uppy's ioredis client was unable to connect. "ECONNREFUSED" ...
|
||||
## Uppy was only happy connecting to official redis.
|
||||
# ## redis is for uppy
|
||||
# ## before you think of switching to valkey, dragonfly, or one of the other redis alternatives, STOP. Uppy is picky.
|
||||
# ## I tested dragonfly, valkey, and KeyDB. Uppy's ioredis client was unable to connect. "ECONNREFUSED" ...
|
||||
# ## Uppy was only happy connecting to official redis.
|
||||
k8s_yaml(helm(
|
||||
'./charts/redis/redis',
|
||||
namespace='futureporn',
|
||||
|
@ -154,14 +195,15 @@ k8s_yaml(helm(
|
|||
values=['./charts/cert-manager/values-overrides.yaml']
|
||||
))
|
||||
|
||||
## chisel-operator helm chart is not ready for general use. It has an invalid DNS name, "v1.1" that prevents successful deployment
|
||||
## instead, we use kustomize to deploy
|
||||
## @see ./Makefile
|
||||
# k8s_yaml(helm(
|
||||
# './charts/chisel-operator/chisel-operator',
|
||||
# namespace='futureporn',
|
||||
# values=['./charts/chisel-operator/values-overrides.yaml']
|
||||
# ))
|
||||
k8s_yaml(helm(
|
||||
'./charts/chisel-operator/chisel-operator',
|
||||
namespace='futureporn',
|
||||
values=['./charts/chisel-operator/values-overrides.yaml']
|
||||
))
|
||||
k8s_resource(
|
||||
workload='chisel-operator',
|
||||
labels=['networking'],
|
||||
)
|
||||
|
||||
## ngrok
|
||||
# k8s_yaml(helm(
|
||||
|
@ -172,24 +214,7 @@ k8s_yaml(helm(
|
|||
|
||||
|
||||
# docker_build('fp/link2cid', './packages/link2cid')
|
||||
docker_build(
|
||||
'fp/strapi',
|
||||
'.',
|
||||
dockerfile='./dockerfiles/strapi.dockerfile',
|
||||
target='strapi',
|
||||
only=[
|
||||
'./.npmrc',
|
||||
'./package.json',
|
||||
'./pnpm-lock.yaml',
|
||||
'./pnpm-workspace.yaml',
|
||||
'./services/strapi',
|
||||
'./packages/types',
|
||||
],
|
||||
live_update=[
|
||||
sync('./services/strapi', '/usr/src/app')
|
||||
],
|
||||
pull=False,
|
||||
)
|
||||
|
||||
|
||||
docker_build(
|
||||
'fp/bot',
|
||||
|
@ -239,6 +264,12 @@ docker_build(
|
|||
|
||||
load('ext://uibutton', 'cmd_button')
|
||||
|
||||
cmd_button('supertokens:seed',
|
||||
argv=['./scripts/supertokens-seed.sh'],
|
||||
resource='supertokens',
|
||||
icon_name='start',
|
||||
text='create supertokens database',
|
||||
)
|
||||
cmd_button('postgres:restore',
|
||||
argv=['./scripts/postgres-restore.sh'],
|
||||
resource='postgresql-primary',
|
||||
|
@ -265,6 +296,12 @@ cmd_button('capture-worker:create',
|
|||
icon_name='send',
|
||||
text='Recording Integration Test'
|
||||
)
|
||||
# cmd_button('drupal:init',
|
||||
# argv=['./scripts/drupal-init-wrapper.sh'],
|
||||
# resource='drupal',
|
||||
# icon_name='send',
|
||||
# text='Initialize Drupal'
|
||||
# )
|
||||
|
||||
cmd_button('postgres:migrate',
|
||||
argv=['./scripts/postgres-migrations.sh'],
|
||||
|
@ -304,9 +341,6 @@ docker_build(
|
|||
'.',
|
||||
dockerfile='dockerfiles/next.dockerfile',
|
||||
target='dev',
|
||||
build_args={
|
||||
'NEXT_PUBLIC_STRAPI_URL': 'https://strapi.fp.sbtp.xyz',
|
||||
},
|
||||
live_update=[
|
||||
sync('./services/next', '/app/services/next')
|
||||
],
|
||||
|
@ -314,12 +348,12 @@ docker_build(
|
|||
)
|
||||
|
||||
docker_build(
|
||||
'fp/build',
|
||||
'fp/factory',
|
||||
'.',
|
||||
dockerfile='./dockerfiles/build.dockerfile',
|
||||
dockerfile='./dockerfiles/factory.dockerfile',
|
||||
target='dev',
|
||||
live_update=[
|
||||
sync('./services/build', '/app/services/build')
|
||||
sync('./services/factory', '/app/services/factory')
|
||||
],
|
||||
pull=False,
|
||||
)
|
||||
|
@ -327,30 +361,30 @@ docker_build(
|
|||
|
||||
|
||||
|
||||
docker_build(
|
||||
'fp/mailbox',
|
||||
'.',
|
||||
dockerfile='dockerfiles/mailbox.dockerfile',
|
||||
target='mailbox',
|
||||
only=[
|
||||
'./.npmrc',
|
||||
'./package.json',
|
||||
'./pnpm-lock.yaml',
|
||||
'./pnpm-workspace.yaml',
|
||||
'./services/mailbox',
|
||||
'./packages/types',
|
||||
'./packages/utils',
|
||||
'./packages/fetchers',
|
||||
'./packages/video',
|
||||
'./packages/storage',
|
||||
],
|
||||
live_update=[
|
||||
sync('./services/mailbox', '/app'),
|
||||
run('cd /app && pnpm i', trigger=['./services/mailbox/package.json', './services/mailbox/pnpm-lock.yaml']),
|
||||
],
|
||||
pull=False,
|
||||
# entrypoint='pnpm nodemon --ext js,ts,json,yaml --exec node --no-warnings=ExperimentalWarning --loader ts-node/esm ./src/index.ts'
|
||||
)
|
||||
# docker_build(
|
||||
# 'fp/mailbox',
|
||||
# '.',
|
||||
# dockerfile='dockerfiles/mailbox.dockerfile',
|
||||
# target='mailbox',
|
||||
# only=[
|
||||
# './.npmrc',
|
||||
# './package.json',
|
||||
# './pnpm-lock.yaml',
|
||||
# './pnpm-workspace.yaml',
|
||||
# './services/mailbox',
|
||||
# './packages/types',
|
||||
# './packages/utils',
|
||||
# './packages/fetchers',
|
||||
# './packages/video',
|
||||
# './packages/storage',
|
||||
# ],
|
||||
# live_update=[
|
||||
# sync('./services/mailbox', '/app'),
|
||||
# run('cd /app && pnpm i', trigger=['./services/mailbox/package.json', './services/mailbox/pnpm-lock.yaml']),
|
||||
# ],
|
||||
# pull=False,
|
||||
# # entrypoint='pnpm nodemon --ext js,ts,json,yaml --exec node --no-warnings=ExperimentalWarning --loader ts-node/esm ./src/index.ts'
|
||||
# )
|
||||
|
||||
|
||||
|
||||
|
@ -380,30 +414,11 @@ docker_build(
|
|||
|
||||
|
||||
|
||||
# k8s_resource(
|
||||
# workload='kubernetes-ingress-controller-manager',
|
||||
# links=[
|
||||
# link(os.getenv('NGROK_URL'), 'Endpoint')
|
||||
# ],
|
||||
# labels='ngrok'
|
||||
# )
|
||||
# k8s_resource(
|
||||
# workload='frp-operator-controller-manager',
|
||||
# labels='tunnel'
|
||||
# )
|
||||
# k8s_resource(
|
||||
# workload='echo',
|
||||
# links=[
|
||||
# link('https://echo.fp.sbtp.xyz'),
|
||||
# link('http://echo.futureporn.svc.cluster.local:8001')
|
||||
# ],
|
||||
# labels='debug'
|
||||
# )
|
||||
|
||||
k8s_resource(
|
||||
workload='scout',
|
||||
resource_deps=['postgresql-primary'],
|
||||
port_forwards=['8134'],
|
||||
# port_forwards=['8134'],
|
||||
labels=['backend'],
|
||||
)
|
||||
k8s_resource(
|
||||
|
@ -416,32 +431,16 @@ k8s_resource(
|
|||
)
|
||||
k8s_resource(
|
||||
workload='next',
|
||||
port_forwards=['3000'],
|
||||
links=[
|
||||
link('https://next.fp.sbtp.xyz'),
|
||||
link('https://next.fp.sbtp.xyz/api/auth/dashboard'),
|
||||
],
|
||||
resource_deps=['postgrest', 'postgresql-primary'],
|
||||
labels=['frontend'],
|
||||
)
|
||||
k8s_resource(
|
||||
workload='strapi',
|
||||
port_forwards=['1339'],
|
||||
links=[
|
||||
link('https://strapi.fp.sbtp.xyz/admin'),
|
||||
link('https://strapi.fp.sbtp.xyz'),
|
||||
],
|
||||
resource_deps=['postgresql-primary'],
|
||||
labels=['backend'],
|
||||
)
|
||||
|
||||
k8s_resource(
|
||||
workload='game-2048',
|
||||
port_forwards=['8088:80'],
|
||||
labels=['frontend'],
|
||||
links=[
|
||||
link('https://game-2048.fp.sbtp.xyz/')
|
||||
]
|
||||
)
|
||||
|
||||
# whoami is for testing routing
|
||||
k8s_resource(
|
||||
workload='whoami',
|
||||
labels=['frontend'],
|
||||
|
@ -451,7 +450,7 @@ k8s_resource(
|
|||
)
|
||||
k8s_resource(
|
||||
workload='postgresql-primary',
|
||||
port_forwards=['5432'],
|
||||
# port_forwards=['5432'],
|
||||
labels=['database'],
|
||||
)
|
||||
k8s_resource(
|
||||
|
@ -459,18 +458,65 @@ k8s_resource(
|
|||
labels=['database']
|
||||
)
|
||||
|
||||
# k8s_resource(
|
||||
# workload='mariadb',
|
||||
# labels=['database']
|
||||
# )
|
||||
# k8s_resource(
|
||||
# workload='drupal',
|
||||
# resource_deps=['mariadb'],
|
||||
# labels=['backend'],
|
||||
# port_forwards=['9797:8080'],
|
||||
# links=[
|
||||
# link('https://drupal.fp.sbtp.xyz'),
|
||||
# ],
|
||||
# )
|
||||
k8s_resource(
|
||||
workload='mailbox',
|
||||
resource_deps=['postgresql-primary', 'strapi'],
|
||||
workload='chart-velero',
|
||||
resource_deps=['postgresql-primary'],
|
||||
labels=['backend'],
|
||||
)
|
||||
k8s_resource(
|
||||
workload='build',
|
||||
resource_deps=['postgrest'],
|
||||
workload='chart-velero-upgrade-crds',
|
||||
resource_deps=['postgresql-primary'],
|
||||
labels=['backend'],
|
||||
)
|
||||
|
||||
|
||||
# k8s_resource(
|
||||
# workload='logto',
|
||||
# port_forwards=['3001', '3002'],
|
||||
# links=[
|
||||
# link('https://logto.fp.sbtp.xyz'),
|
||||
# link('https://logto-admin.fp.sbtp.xyz'),
|
||||
# ],
|
||||
# labels=['backend'],
|
||||
# )
|
||||
# k8s_resource(
|
||||
# workload='logto-database-seed',
|
||||
# labels=['database'],
|
||||
# )
|
||||
# k8s_resource(
|
||||
# workload='phpmyadmin',
|
||||
# port_forwards=['5151:8080'],
|
||||
# labels=['database'],
|
||||
# )
|
||||
|
||||
k8s_resource(
|
||||
workload='supertokens',
|
||||
links=[
|
||||
link('https://supertokens.fp.sbtp.xyz'),
|
||||
],
|
||||
labels=['backend'],
|
||||
)
|
||||
|
||||
|
||||
# k8s_resource(
|
||||
# workload='mailbox',
|
||||
# resource_deps=['postgresql-primary', 'postgrest'],
|
||||
# labels=['backend'],
|
||||
# )
|
||||
|
||||
# k8s_resource(
|
||||
# workload='nitter',
|
||||
# port_forwards=['6060:10606'],
|
||||
|
@ -507,10 +553,11 @@ k8s_resource(
|
|||
labels=['networking'],
|
||||
)
|
||||
|
||||
# k8s_resource(
|
||||
# workload='ngrok-manager',
|
||||
# labels=['networking'],
|
||||
# )
|
||||
|
||||
k8s_resource(
|
||||
workload='factory',
|
||||
labels=['backend'],
|
||||
)
|
||||
|
||||
k8s_resource(
|
||||
workload='redis-master',
|
||||
|
@ -526,20 +573,30 @@ k8s_resource(
|
|||
labels=['backend'],
|
||||
resource_deps=['postgrest', 'postgresql-primary'],
|
||||
)
|
||||
k8s_resource(
|
||||
workload='chihaya',
|
||||
labels=['backend']
|
||||
)
|
||||
# k8s_resource(
|
||||
# workload='chihaya',
|
||||
# labels=['backend']
|
||||
# )
|
||||
k8s_resource(
|
||||
workload='postgrest',
|
||||
port_forwards=['9000'],
|
||||
# port_forwards=['9000'],
|
||||
labels=['database'],
|
||||
links=[
|
||||
link('https://postgrest.fp.sbtp.xyz'),
|
||||
],
|
||||
resource_deps=['postgresql-primary'],
|
||||
)
|
||||
|
||||
k8s_resource(
|
||||
workload='traefik',
|
||||
links=[
|
||||
link('https://traefik.fp.sbtp.xyz/whoami'),
|
||||
link('https://traefik.fp.sbtp.xyz/postgrest'),
|
||||
],
|
||||
labels=['networking'],
|
||||
)
|
||||
k8s_resource(
|
||||
workload='pgadmin4',
|
||||
port_forwards=['5050:80'],
|
||||
# port_forwards=['5050:80'],
|
||||
labels=['database'],
|
||||
)
|
||||
k8s_resource(
|
||||
|
|
|
@ -35,7 +35,7 @@ We override default values in the parent folder.
|
|||
|
||||
### chisel-operator
|
||||
|
||||
pnpx tiged 'https://github.com/FyraLabs/chisel-operator/charts/chisel-operator#v0.3.4' ./charts/chisel-operator/chisel-operator
|
||||
helm pull oci://ghcr.io/fyralabs/chisel-operator/chisel-operator --version 0.1.0 --untar --destination ./charts/chisel-operator
|
||||
|
||||
### ngrok
|
||||
|
||||
|
@ -45,7 +45,7 @@ We override default values in the parent folder.
|
|||
### traefik
|
||||
|
||||
helm repo add traefik https://traefik.github.io/charts
|
||||
helm pull traefik/traefik --version 30.0.2 --untar --destination ./charts/traefik
|
||||
helm pull traefik/traefik --version 33.0.0 --untar --destination ./charts/traefik
|
||||
|
||||
### velero
|
||||
|
||||
|
@ -55,4 +55,17 @@ We override default values in the parent folder.
|
|||
### external-secrets-operator
|
||||
|
||||
helm repo add external-secrets https://charts.external-secrets.io
|
||||
helm pull external-secrets/external-secrets --version 0.10.2 --untar --destination ./charts/external-secrets
|
||||
helm pull external-secrets/external-secrets --version 0.10.2 --untar --destination ./charts/external-secrets
|
||||
|
||||
### drupal
|
||||
|
||||
helm pull oci://registry-1.docker.io/bitnamicharts/drupal --version 20.0.10 --untar --destination ./charts/drupal
|
||||
|
||||
### mariadb
|
||||
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami --force-update
|
||||
helm pull bitnami/mariadb --untar --destination ./charts/mariadb
|
||||
|
||||
### phpmyadmin
|
||||
|
||||
helm pull bitnami/phpmyadmin --version 17.0.7 --untar --destination ./charts/phpmyadmin
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: v2
|
||||
appVersion: v0.4.1
|
||||
description: Kubernetes Operator for deploying Chisel reverse proxies
|
||||
name: chisel-operator
|
||||
type: application
|
||||
version: 0.1.0
|
|
@ -0,0 +1,62 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "chisel-operator.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "chisel-operator.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "chisel-operator.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "chisel-operator.labels" -}}
|
||||
helm.sh/chart: {{ include "chisel-operator.chart" . }}
|
||||
{{ include "chisel-operator.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "chisel-operator.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "chisel-operator.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "chisel-operator.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "chisel-operator.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,101 @@
|
|||
|
||||
|
||||
{{- if .Values.createCrds }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: exitnodeprovisioners.chisel-operator.io
|
||||
spec:
|
||||
group: chisel-operator.io
|
||||
names:
|
||||
categories: []
|
||||
kind: ExitNodeProvisioner
|
||||
plural: exitnodeprovisioners
|
||||
shortNames: []
|
||||
singular: exitnodeprovisioner
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns: []
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Auto-generated derived type for ExitNodeProvisionerSpec via `CustomResource`
|
||||
properties:
|
||||
spec:
|
||||
description: ExitNodeProvisioner is a custom resource that represents a Chisel exit node provisioner on a cloud provider.
|
||||
oneOf:
|
||||
- required:
|
||||
- DigitalOcean
|
||||
- required:
|
||||
- Linode
|
||||
- required:
|
||||
- AWS
|
||||
properties:
|
||||
AWS:
|
||||
properties:
|
||||
auth:
|
||||
description: Reference to a secret containing the AWS access key ID and secret access key, under the `access_key_id` and `secret_access_key` secret keys
|
||||
type: string
|
||||
region:
|
||||
description: Region ID for the AWS region to provision the exit node in See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
|
||||
type: string
|
||||
security_group:
|
||||
description: Security group name to use for the exit node, uses the default security group if not specified
|
||||
nullable: true
|
||||
type: string
|
||||
size:
|
||||
default: t2.micro
|
||||
description: Size for the EC2 instance See https://aws.amazon.com/ec2/instance-types/
|
||||
type: string
|
||||
required:
|
||||
- auth
|
||||
- region
|
||||
type: object
|
||||
DigitalOcean:
|
||||
properties:
|
||||
auth:
|
||||
description: Reference to a secret containing the DigitalOcean API token, under the `DIGITALOCEAN_TOKEN` secret key
|
||||
type: string
|
||||
region:
|
||||
default: ''
|
||||
description: Region ID of the DigitalOcean datacenter to provision the exit node in If empty, DigitalOcean will randomly select a region for you, which might not be what you want See https://slugs.do-api.dev/
|
||||
type: string
|
||||
size:
|
||||
default: s-1vcpu-1gb
|
||||
description: Size for the DigitalOcean droplet See https://slugs.do-api.dev/
|
||||
type: string
|
||||
ssh_fingerprints:
|
||||
default: []
|
||||
description: SSH key fingerprints to add to the exit node
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- auth
|
||||
type: object
|
||||
Linode:
|
||||
properties:
|
||||
auth:
|
||||
description: Name of the secret containing the Linode API token, under the `LINODE_TOKEN` secret key
|
||||
type: string
|
||||
region:
|
||||
description: Region ID of the Linode datacenter to provision the exit node in See https://api.linode.com/v4/regions
|
||||
type: string
|
||||
size:
|
||||
default: g6-nanode-1
|
||||
description: Size for the Linode instance See https://api.linode.com/v4/linode/
|
||||
type: string
|
||||
required:
|
||||
- auth
|
||||
- region
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
title: ExitNodeProvisioner
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
||||
{{- end }}
|
|
@ -0,0 +1,84 @@
|
|||
{{- if .Values.createCrds -}}
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: exitnodes.chisel-operator.io
|
||||
spec:
|
||||
group: chisel-operator.io
|
||||
names:
|
||||
categories: []
|
||||
kind: ExitNode
|
||||
plural: exitnodes
|
||||
shortNames: []
|
||||
singular: exitnode
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns: []
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Auto-generated derived type for ExitNodeSpec via `CustomResource`
|
||||
properties:
|
||||
spec:
|
||||
description: ExitNode is a custom resource that represents a Chisel exit node. It will be used as the reverse proxy for all services in the cluster.
|
||||
properties:
|
||||
auth:
|
||||
description: Optional authentication secret name to connect to the control plane
|
||||
nullable: true
|
||||
type: string
|
||||
chisel_image:
|
||||
description: Optional value for the chisel client image used to connect to the chisel server If not provided, jpillora/chisel:latest is used
|
||||
nullable: true
|
||||
type: string
|
||||
default_route:
|
||||
default: false
|
||||
description: Optional boolean value for whether to make the exit node the default route for the cluster If true, the exit node will be the default route for the cluster default value is false
|
||||
type: boolean
|
||||
external_host:
|
||||
description: Optional real external hostname/IP of exit node If not provided, the host field will be used
|
||||
nullable: true
|
||||
type: string
|
||||
fingerprint:
|
||||
description: Optional but highly recommended fingerprint to perform host-key validation against the server's public key
|
||||
nullable: true
|
||||
type: string
|
||||
host:
|
||||
description: Hostname or IP address of the chisel server
|
||||
type: string
|
||||
port:
|
||||
description: Control plane port of the chisel server
|
||||
format: uint16
|
||||
minimum: 0.0
|
||||
type: integer
|
||||
required:
|
||||
- host
|
||||
- port
|
||||
type: object
|
||||
status:
|
||||
nullable: true
|
||||
properties:
|
||||
id:
|
||||
nullable: true
|
||||
type: string
|
||||
ip:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
provider:
|
||||
type: string
|
||||
required:
|
||||
- ip
|
||||
- name
|
||||
- provider
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
title: ExitNode
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
|
||||
{{- end -}}
|
|
@ -0,0 +1,49 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "chisel-operator.fullname" . }}
|
||||
labels:
|
||||
name: {{- include "chisel-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount}}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "chisel-operator.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "chisel-operator.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
serviceAccountName: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
automountServiceAccountToken: true # This is required
|
||||
{{- end }}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "chisel-operator.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "chisel-operator.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments", "deployments/*"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "services/status", "services/finalizers"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: ["chisel-operator.io"]
|
||||
resources: ["*"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "list", "create", "update", "patch", "delete"]
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "chisel-operator.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ include "chisel-operator.serviceAccountName" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
|
||||
{{- end }}
|
|
@ -0,0 +1,51 @@
|
|||
# Default values for chisel-operator.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
replicaCount: 1 # Right now only 1 replica is supported
|
||||
# LeaderElection and multiple replicas may be supported in the future.
|
||||
# For now, we recommend running only 1 replica else Chisel Operator may constantly
|
||||
# recreate resources, wasting your API resources and costing you money.
|
||||
|
||||
image:
|
||||
repository: ghcr.io/fyralabs/chisel-operator
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
# tag:
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
# Annotations to add to the service account
|
||||
annotations: {}
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name: ""
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
# Create CRDs for Chisel Operator
|
||||
createCrds: true
|
|
@ -0,0 +1,3 @@
|
|||
## drupal notes
|
||||
|
||||
To initialize drupal with all the modules we need, use the "Initialize Drupal" button in Tilt's UI. Or see the script it executes in ../../scripts/drupal-init.sh
|
|
@ -0,0 +1,25 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# img folder
|
||||
img/
|
||||
# Changelog
|
||||
CHANGELOG.md
|
|
@ -0,0 +1,9 @@
|
|||
dependencies:
|
||||
- name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.0.7
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.24.0
|
||||
digest: sha256:1a41985df21415bc1a7fdd62b58daa1b60b31f2c2ebda4b9506e099a372b338c
|
||||
generated: "2024-10-03T11:38:53.545931255Z"
|
|
@ -0,0 +1,42 @@
|
|||
annotations:
|
||||
category: CMS
|
||||
images: |
|
||||
- name: apache-exporter
|
||||
image: docker.io/bitnami/apache-exporter:1.0.9-debian-12-r1
|
||||
- name: drupal
|
||||
image: docker.io/bitnami/drupal:11.0.5-debian-12-r1
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:12-debian-12-r31
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 11.0.5
|
||||
dependencies:
|
||||
- condition: mariadb.enabled
|
||||
name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.x.x
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
- bitnami-common
|
||||
version: 2.x.x
|
||||
description: Drupal is one of the most versatile open source content management systems
|
||||
in the world. It is pre-configured with the Ctools and Views modules, Drush and
|
||||
Let's Encrypt auto-configuration support.
|
||||
home: https://bitnami.com
|
||||
icon: https://bitnami.com/assets/stacks/drupal/img/drupal-stack-220x234.png
|
||||
keywords:
|
||||
- drupal
|
||||
- cms
|
||||
- blog
|
||||
- http
|
||||
- web
|
||||
- application
|
||||
- php
|
||||
maintainers:
|
||||
- name: Broadcom, Inc. All Rights Reserved.
|
||||
url: https://github.com/bitnami/charts
|
||||
name: drupal
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/drupal
|
||||
version: 20.0.10
|
|
@ -0,0 +1,586 @@
|
|||
<!--- app-name: Drupal -->
|
||||
|
||||
# Bitnami package for Drupal
|
||||
|
||||
Drupal is one of the most versatile open source content management systems in the world. It is pre-configured with the Ctools and Views modules, Drush and Let's Encrypt auto-configuration support.
|
||||
|
||||
[Overview of Drupal](http://drupal.org)
|
||||
|
||||
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
|
||||
|
||||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/drupal
|
||||
```
|
||||
|
||||
Looking to use Drupal in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [Drupal](https://github.com/bitnami/containers/tree/main/bitnami/drupal) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/tree/main/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment as a database for the Drupal application.
|
||||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.23+
|
||||
- Helm 3.8.0+
|
||||
- PV provisioner support in the underlying infrastructure
|
||||
- ReadWriteMany volumes for deployment scaling
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/drupal
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The command deploys Drupal on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
||||
## Configuration and installation details
|
||||
|
||||
### Resource requests and limits
|
||||
|
||||
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
|
||||
|
||||
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
|
||||
|
||||
### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html)
|
||||
|
||||
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
|
||||
|
||||
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
|
||||
|
||||
### Image
|
||||
|
||||
The `image` parameter allows specifying which image will be pulled for the chart.
|
||||
|
||||
#### Private registry
|
||||
|
||||
If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod).
|
||||
|
||||
1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret.
|
||||
2. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as:
|
||||
|
||||
```yaml
|
||||
imagePullSecrets:
|
||||
- name: SECRET_NAME
|
||||
```
|
||||
|
||||
3. Install the chart
|
||||
|
||||
### Setting Pod's affinity
|
||||
|
||||
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
|
||||
|
||||
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
|
||||
|
||||
## Persistence
|
||||
|
||||
The [Bitnami Drupal](https://github.com/bitnami/containers/tree/main/bitnami/drupal) image stores the Drupal data and configurations at the `/bitnami/drupal` path of the container.
|
||||
|
||||
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
|
||||
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
|
||||
|
||||
### Existing PersistentVolumeClaim
|
||||
|
||||
1. Create the PersistentVolume
|
||||
2. Create the PersistentVolumeClaim
|
||||
3. Install the chart
|
||||
|
||||
```console
|
||||
helm install my-release --set persistence.existingClaim=PVC_NAME oci://REGISTRY_NAME/REPOSITORY_NAME/drupal
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
### Host path
|
||||
|
||||
#### System compatibility
|
||||
|
||||
- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox.
|
||||
- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://minikube.sigs.k8s.io/docs/handbook/mount/) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync).
|
||||
|
||||
#### Mounting steps
|
||||
|
||||
1. The specified `hostPath` directory must already exist (create one if it does not).
|
||||
2. Install the chart
|
||||
|
||||
```console
|
||||
helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT oci://REGISTRY_NAME/REPOSITORY_NAME/drupal
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
This will mount the `drupal-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch.
|
||||
3. Because the container cannot control the host machine's directory permissions, you must set the Drupal file directory permissions yourself and disable or clear Drupal cache. See Drupal Core's [INSTALL.txt](https://cgit.drupalcode.org/drupal/tree/core/INSTALL.txt?h=8.3.x#n152) for setting file permissions, and see [Drupal handbook page](https://www.drupal.org/node/2598914) to disable the cache, or [Drush handbook](https://drushcommands.com/drush-8x/cache/cache-rebuild/) to clear cache.
|
||||
|
||||
## Parameters
|
||||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----- |
|
||||
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
|
||||
| `nameOverride` | String to partially override drupal.fullname template (will maintain the release name) | `""` |
|
||||
| `fullnameOverride` | String to fully override drupal.fullname template | `""` |
|
||||
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
|
||||
| `commonAnnotations` | Common annotations to add to all Drupal resources (sub-charts are not considered). Evaluated as a template | `{}` |
|
||||
| `commonLabels` | Common labels to add to all Drupal resources (sub-charts are not considered). Evaluated as a template | `{}` |
|
||||
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` |
|
||||
|
||||
### Drupal parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `image.registry` | Drupal image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | Drupal Image name | `REPOSITORY_NAME/drupal` |
|
||||
| `image.digest` | Drupal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Drupal image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `replicaCount` | Number of Drupal Pods to run (requires ReadWriteMany PVC support) | `1` |
|
||||
| `drupalProfile` | Drupal installation profile | `standard` |
|
||||
| `drupalSkipInstall` | Skip Drupal installation wizard. Useful for migrations and restoring from SQL dump | `false` |
|
||||
| `drupalUsername` | User of the application | `user` |
|
||||
| `drupalPassword` | Application password | `""` |
|
||||
| `drupalEmail` | Admin email | `user@example.com` |
|
||||
| `allowEmptyPassword` | Allow DB blank passwords | `true` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
|
||||
| `priorityClassName` | Drupal pods' priorityClassName | `""` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `extraEnvVars` | Extra environment variables | `[]` |
|
||||
| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
|
||||
| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` |
|
||||
| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` |
|
||||
| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` |
|
||||
| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` |
|
||||
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
|
||||
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
|
||||
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. | `""` |
|
||||
| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `serviceAccount.create` | Specifies whether a service account should be created | `true` |
|
||||
| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` |
|
||||
| `serviceAccount.annotations` | Add annotations | `{}` |
|
||||
| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` |
|
||||
| `existingSecret` | Name of a secret with the application password | `""` |
|
||||
| `smtpHost` | SMTP host | `""` |
|
||||
| `smtpPort` | SMTP port | `""` |
|
||||
| `smtpUser` | SMTP user | `""` |
|
||||
| `smtpPassword` | SMTP password | `""` |
|
||||
| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` |
|
||||
| `containerPorts` | Container ports | `{}` |
|
||||
| `extraContainerPorts` | Optionally specify extra list of additional ports for Drupal container(s) | `[]` |
|
||||
| `sessionAffinity` | Control where client requests go, to the same pod or round-robin. Values: ClientIP or None | `None` |
|
||||
| `persistence.enabled` | Enable persistence using PVC | `true` |
|
||||
| `persistence.storageClass` | PVC Storage Class for Drupal volume | `""` |
|
||||
| `persistence.accessModes` | PVC Access Mode for Drupal volume | `["ReadWriteOnce"]` |
|
||||
| `persistence.size` | PVC Storage Request for Drupal volume | `8Gi` |
|
||||
| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` |
|
||||
| `persistence.hostPath` | If defined, the drupal-data volume will mount to the specified hostPath. | `""` |
|
||||
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `podSecurityContext.enabled` | Enable Drupal pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `podSecurityContext.fsGroup` | Drupal pods' group ID | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled Drupal containers' Security Context | `true` |
|
||||
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `containerSecurityContext.runAsUser` | Set Drupal containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsGroup` | Set Drupal containers' Security Context runAsGroup | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set Drupal container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set Drupal container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set Drupal container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.path` | Request path for startupProbe | `/user/login` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.path` | Request path for readinessProbe | `/user/login` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` |
|
||||
| `podAnnotations` | Pod annotations | `{}` |
|
||||
| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Kubernetes Service type | `LoadBalancer` |
|
||||
| `service.ports.http` | Service HTTP port | `80` |
|
||||
| `service.ports.https` | Service HTTPS port | `443` |
|
||||
| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` |
|
||||
| `service.loadBalancerIP` | loadBalancerIP for the Drupal Service (optional, cloud specific) | `""` |
|
||||
| `service.nodePorts` | Kubernetes node port | `{}` |
|
||||
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `service.clusterIP` | %%MAIN_CONTAINER_NAME%% service Cluster IP | `""` |
|
||||
| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `service.annotations` | Additional custom annotations for %%MAIN_CONTAINER_NAME%% service | `{}` |
|
||||
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `ingress.enabled` | Enable ingress controller resource | `false` |
|
||||
| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` |
|
||||
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress resource | `drupal.local` |
|
||||
| `ingress.path` | The Path to Drupal. You may need to set this to '/*' in order to use this | `/` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
|
||||
| `ingress.tlsWwwPrefix` | Adds www subdomain to default cert | `false` |
|
||||
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
|
||||
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
|
||||
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
|
||||
|
||||
### Database parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
|
||||
| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` |
|
||||
| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` |
|
||||
| `mariadb.auth.database` | Database name to create | `bitnami_drupal` |
|
||||
| `mariadb.auth.username` | Database user to create | `bn_drupal` |
|
||||
| `mariadb.auth.password` | Password for the database | `""` |
|
||||
| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` |
|
||||
| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
|
||||
| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` |
|
||||
| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` |
|
||||
| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` |
|
||||
| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
|
||||
| `externalDatabase.host` | Host of the existing database | `""` |
|
||||
| `externalDatabase.port` | Port of the existing database | `3306` |
|
||||
| `externalDatabase.user` | Existing username in the external db | `bn_drupal` |
|
||||
| `externalDatabase.password` | Password for the above username. Ignored if existing secret is provided | `""` |
|
||||
| `externalDatabase.database` | Name of the existing database | `bitnami_drupal` |
|
||||
| `externalDatabase.existingSecret` | Name of a secret with the database password. (externalDatabase.password will be ignored and picked up from this secret). The secret has to contain the key db-password | `""` |
|
||||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
|
||||
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
|
||||
| `metrics.enabled` | Start a exporter side-car | `false` |
|
||||
| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` |
|
||||
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` |
|
||||
| `metrics.service.type` | Drupal exporter service type | `ClusterIP` |
|
||||
| `metrics.service.ports.metrics` | Drupal exporter service port | `9117` |
|
||||
| `metrics.service.externalTrafficPolicy` | Drupal exporter service external traffic policy | `Cluster` |
|
||||
| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `metrics.service.loadBalancerIP` | Drupal exporter service Load Balancer IP | `""` |
|
||||
| `metrics.service.loadBalancerSourceRanges` | Drupal exporter service Load Balancer sources | `[]` |
|
||||
| `metrics.service.annotations` | Additional custom annotations for Drupal exporter service | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` |
|
||||
| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` |
|
||||
| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` |
|
||||
| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` |
|
||||
|
||||
### Certificate injection parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ---------------------------------------- |
|
||||
| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` |
|
||||
| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `secret-name` |
|
||||
| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `secret-key` |
|
||||
| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` |
|
||||
| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` |
|
||||
| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` |
|
||||
| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` |
|
||||
| `certificates.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `certificates.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` |
|
||||
| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
|
||||
| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` |
|
||||
| `certificates.image.registry` | Container sidecar registry | `REGISTRY_NAME` |
|
||||
| `certificates.image.repository` | Container sidecar image | `REPOSITORY_NAME/os-shell` |
|
||||
| `certificates.image.digest` | Container sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` |
|
||||
| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` |
|
||||
|
||||
### NetworkPolicy parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | --------------------------------------------------------------- | ------ |
|
||||
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
|
||||
The above parameters map to the env variables defined in [bitnami/drupal](https://github.com/bitnami/containers/tree/main/bitnami/drupal). For more information please refer to the [bitnami/drupal](https://github.com/bitnami/containers/tree/main/bitnami/drupal) image documentation.
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set drupalUsername=admin,drupalPassword=password,mariadb.auth.rootPassword=secretpassword \
|
||||
oci://REGISTRY_NAME/REPOSITORY_NAME/drupal
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the Drupal administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
|
||||
|
||||
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/drupal
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/drupal/values.yaml)
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 19.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.4. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-11-3-to-mariadb-11-4/) for upgrading from MariaDB 11.3 to 11.4. No major issues are expected during the upgrade.
|
||||
|
||||
### To 18.0.0
|
||||
|
||||
This major bump changes the following security defaults:
|
||||
|
||||
- `runAsGroup` is changed from `0` to `1001`
|
||||
- `readOnlyRootFilesystem` is set to `true`
|
||||
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
|
||||
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
|
||||
- The `networkPolicy` section has been normalized amongst all Bitnami charts. Compared to the previous approach, the values section has been simplified (check the Parameters section) and now it set to `enabled=true` by default. Egress traffic is allowed by default and ingress traffic is allowed by all pods but only to the ports set in `containerPorts` and `extraContainerPorts`.
|
||||
|
||||
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
|
||||
|
||||
Also, this major release bumps the MariaDB chart version to [18.x.x](https://github.com/bitnami/charts/pull/24804); no major issues are expected during the upgrade.
|
||||
|
||||
### To 17.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.2. No major issues are expected during the upgrade.
|
||||
|
||||
### To 16.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.1. No major issues are expected during the upgrade.
|
||||
|
||||
### To 15.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade.
|
||||
|
||||
### To 14.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade.
|
||||
|
||||
### To 12.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) for upgrading from MariaDB 10.5 to 10.6. No major issues are expected during the upgrade.
|
||||
|
||||
### To 11.0.0
|
||||
|
||||
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
|
||||
|
||||
Affected values:
|
||||
|
||||
- `service.port` was deprecated, we recommend using `service.ports.http` instead.
|
||||
- `service.httpsPort` was deprecated, we recommend using `service.ports.https` instead.
|
||||
- `persistence.accessMode` has been deprecated, we recommend using `persistence.accessModes` instead.
|
||||
|
||||
Additionally also updates the MariaDB subchart to it newest major, 10.0.0, which contains similar changes.
|
||||
|
||||
### To 10.0.0
|
||||
|
||||
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
|
||||
|
||||
#### What changes were introduced in this major version?
|
||||
|
||||
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
|
||||
- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
|
||||
- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
|
||||
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
|
||||
|
||||
#### Considerations when upgrading to this version
|
||||
|
||||
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
|
||||
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
|
||||
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
|
||||
|
||||
#### Useful links
|
||||
|
||||
- <https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-resolve-helm2-helm3-post-migration-issues-index.html>
|
||||
- <https://helm.sh/docs/topics/v2_v3_migration/>
|
||||
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
|
||||
|
||||
### To 9.0.0
|
||||
|
||||
MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-800) for more information.
|
||||
|
||||
To upgrade to `9.0.0`, you have two alternatives:
|
||||
|
||||
- Install a new Drupal chart, and migrate your Drupal site using backup/restore tools such as [Drupal Backup and Migrate](https://www.drupal.org/project/backup_migrate).
|
||||
- Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `drupal`):
|
||||
|
||||
> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x
|
||||
|
||||
Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release:
|
||||
|
||||
```console
|
||||
export DRUPAL_PASSWORD=$(kubectl get secret --namespace default drupal -o jsonpath="{.data.drupal-password}" | base64 -d)
|
||||
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default drupal-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
|
||||
export MARIADB_PASSWORD=$(kubectl get secret --namespace default drupal-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d)
|
||||
export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=drupal -o jsonpath="{.items[0].metadata.name}")
|
||||
```
|
||||
|
||||
Upgrade your release (maintaining the version) disabling MariaDB and scaling Drupal replicas to 0:
|
||||
|
||||
```console
|
||||
helm upgrade drupal oci://REGISTRY_NAME/REPOSITORY_NAME/drupal --set drupalPassword=$DRUPAL_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.2.1
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
Finally, upgrade you release to 9.0.0 reusing the existing PVC, and enabling back MariaDB:
|
||||
|
||||
```console
|
||||
helm upgrade drupal oci://REGISTRY_NAME/REPOSITORY_NAME/drupal --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set drupalPassword=$DRUPAL_PASSWORD
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
You should see the lines below in MariaDB container logs:
|
||||
|
||||
```console
|
||||
$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=drupal,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}")
|
||||
...
|
||||
mariadb 12:13:24.98 INFO ==> Using persisted data
|
||||
mariadb 12:13:25.01 INFO ==> Running mysql_upgrade
|
||||
...
|
||||
```
|
||||
|
||||
### To 8.0.0
|
||||
|
||||
The [Bitnami Drupal](https://github.com/bitnami/containers/tree/main/bitnami/drupal) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`.
|
||||
|
||||
Consequences:
|
||||
|
||||
- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`.
|
||||
- Backwards compatibility is not guaranteed.
|
||||
|
||||
To upgrade to `8.0.0`, backup Drupal data and the previous MariaDB databases, install a new Drupal chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume.
|
||||
|
||||
This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information.
|
||||
|
||||
### To 6.0.0
|
||||
|
||||
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
|
||||
|
||||
In <https://github.com/helm/charts/pull/17295> the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
|
||||
|
||||
This major version signifies this change.
|
||||
|
||||
### To 2.0.0
|
||||
|
||||
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
|
||||
Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is drupal:
|
||||
|
||||
```console
|
||||
kubectl patch deployment drupal-drupal --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
|
||||
kubectl delete statefulset drupal-mariadb --cascade=false
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
<http://www.apache.org/licenses/LICENSE-2.0>
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,88 @@
|
|||
CHART NAME: {{ .Chart.Name }}
|
||||
CHART VERSION: {{ .Chart.Version }}
|
||||
APP VERSION: {{ .Chart.AppVersion }}
|
||||
|
||||
{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
|
||||
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
1. Get the Drupal URL:
|
||||
|
||||
{{- if .Values.ingress.enabled }}
|
||||
|
||||
You should be able to access your new Drupal installation through
|
||||
|
||||
http://{{- .Values.ingress.hostname }}/
|
||||
|
||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
||||
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "common.names.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
|
||||
{{- $port:=(coalesce .Values.service.ports.http .Values.service.port) | toString }}
|
||||
echo "Drupal URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ coalesce .Values.service.ports.http .Values.service.port }}{{ end }}/"
|
||||
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
|
||||
echo "Drupal URL: http://127.0.0.1:8080/"
|
||||
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} 8080:{{ coalesce .Values.service.ports.http .Values.service.port }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.service.type "NodePort" }}
|
||||
|
||||
Or running:
|
||||
|
||||
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo "Drupal URL: http://$NODE_IP:$NODE_PORT/"
|
||||
|
||||
{{- end }}
|
||||
|
||||
2. Get your Drupal login credentials by running:
|
||||
|
||||
echo Username: {{ .Values.drupalUsername }}
|
||||
echo Password: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "drupal.secretName" . }} -o jsonpath="{.data.drupal-password}" | base64 -d)
|
||||
|
||||
{{- else -}}
|
||||
|
||||
########################################################################################
|
||||
### ERROR: You did not provide an external database host in your 'helm install' call ###
|
||||
########################################################################################
|
||||
|
||||
This deployment will be incomplete until you configure Drupal with a resolvable database
|
||||
host. To configure Drupal to use and external database host:
|
||||
|
||||
1. Complete your Drupal deployment by running:
|
||||
|
||||
export APP_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "drupal.secretName" . }} -o jsonpath="{.data.drupal-password}" | base64 -d)
|
||||
|
||||
## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
|
||||
|
||||
helm upgrade --namespace {{ include "common.names.namespace" . }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/{{ .Chart.Name }} \
|
||||
--set drupalPassword=$APP_PASSWORD,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- include "common.warnings.rollingTag" .Values.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.certificates.image }}
|
||||
|
||||
{{- $passwordValidationErrors := list -}}
|
||||
{{- if not .Values.existingSecret -}}
|
||||
{{- $secretName := include "drupal.secretName" . -}}
|
||||
{{- $requiredDrupalPassword := dict "valueKey" "drupalPassword" "secret" $secretName "field" "drupal-password" "context" $ -}}
|
||||
{{- $requiredDrupalPasswordError := include "common.validations.values.single.empty" $requiredDrupalPassword -}}
|
||||
{{- $passwordValidationErrors = append $passwordValidationErrors $requiredDrupalPasswordError -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $mariadbSecretName := include "drupal.databaseSecretName" . -}}
|
||||
{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}}
|
||||
{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}}
|
||||
|
||||
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "volumePermissions") "context" $) }}
|
||||
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.certificates.image) "context" $) }}
|
|
@ -0,0 +1,144 @@
|
|||
{{/*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "drupal.mariadb.fullname" -}}
|
||||
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper certificate image name
|
||||
*/}}
|
||||
{{- define "certificates.image" -}}
|
||||
{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Drupal image name
|
||||
*/}}
|
||||
{{- define "drupal.image" -}}
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the metrics image)
|
||||
*/}}
|
||||
{{- define "drupal.metrics.image" -}}
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the init container volume-permissions image)
|
||||
*/}}
|
||||
{{- define "drupal.volumePermissions.image" -}}
|
||||
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "drupal.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Storage Class
|
||||
*/}}
|
||||
{{- define "drupal.storageClass" -}}
|
||||
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Drupal credential secret name
|
||||
*/}}
|
||||
{{- define "drupal.secretName" -}}
|
||||
{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the MariaDB Hostname
|
||||
*/}}
|
||||
{{- define "drupal.databaseHost" -}}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
{{- if eq .Values.mariadb.architecture "replication" }}
|
||||
{{- printf "%s-%s" (include "drupal.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "drupal.mariadb.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" .Values.externalDatabase.host -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the MariaDB Port
|
||||
*/}}
|
||||
{{- define "drupal.databasePort" -}}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
{{- printf "3306" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%d" (.Values.externalDatabase.port | int ) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the MariaDB Database Name
|
||||
*/}}
|
||||
{{- define "drupal.databaseName" -}}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
{{- printf "%s" .Values.mariadb.auth.database -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" .Values.externalDatabase.database -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the MariaDB User
|
||||
*/}}
|
||||
{{- define "drupal.databaseUser" -}}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
{{- printf "%s" .Values.mariadb.auth.username -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" .Values.externalDatabase.user -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the MariaDB Secret Name
|
||||
*/}}
|
||||
{{- define "drupal.databaseSecretName" -}}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
{{- printf "%s" (include "drupal.mariadb.fullname" .) -}}
|
||||
{{- else if .Values.externalDatabase.existingSecret -}}
|
||||
{{- printf "%s" .Values.externalDatabase.existingSecret -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the database password key
|
||||
*/}}
|
||||
{{- define "drupal.databasePasswordKey" -}}
|
||||
{{- if .Values.mariadb.enabled -}}
|
||||
mariadb-password
|
||||
{{- else -}}
|
||||
db-password
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "drupal.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,384 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
template:
|
||||
metadata:
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
|
||||
annotations:
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "drupal.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "drupal.serviceAccountName" . }}
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: {{ .Values.schedulerName }}
|
||||
{{- end }}
|
||||
{{- if .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
|
||||
{{- end }}
|
||||
priorityClassName: {{ .Values.priorityClassName | quote }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
|
||||
{{- if .Values.hostAliases }}
|
||||
# yamllint disable rule:indentation
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
|
||||
# yamllint enable rule:indentation
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: prepare-base-dir
|
||||
image: {{ include "drupal.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.resources }}
|
||||
resources: {{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- else if ne .Values.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
#!/bin/bash
|
||||
|
||||
. /opt/bitnami/scripts/liblog.sh
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
|
||||
info "Copying base dir to empty dir"
|
||||
# In order to not break the application functionality (such as upgrades or plugins) we need
|
||||
# to make the base directory writable, so we need to copy it to an empty dir volume
|
||||
cp -r --preserve=mode /opt/bitnami/drupal /emptydir/app-base-dir
|
||||
|
||||
info "Copying symlinks to stdout/stderr"
|
||||
# We copy the logs folder because it has symlinks to stdout and stderr
|
||||
if ! is_dir_empty /opt/bitnami/apache/logs; then
|
||||
cp -r /opt/bitnami/apache/logs /emptydir/apache-logs-dir
|
||||
fi
|
||||
info "Copy operation completed"
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /emptydir
|
||||
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "drupal.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
mkdir -p "/bitnami/drupal"
|
||||
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/drupal"
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: drupal-data
|
||||
mountPath: /bitnami/drupal
|
||||
{{- end }}
|
||||
{{- if .Values.certificates.customCAs }}
|
||||
- name: certificates
|
||||
image: {{ template "certificates.image" . }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }}
|
||||
imagePullSecrets:
|
||||
{{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
command:
|
||||
{{- if .Values.certificates.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }}
|
||||
{{- else if .Values.certificates.customCertificate.certificateSecret }}
|
||||
- sh
|
||||
- -c
|
||||
- install_packages ca-certificates openssl
|
||||
{{- else }}
|
||||
- sh
|
||||
- -c
|
||||
- install_packages ca-certificates openssl
|
||||
&& openssl req -new -x509 -days 3650 -nodes -sha256
|
||||
-subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
|
||||
-out /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
-keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req
|
||||
{{- end }}
|
||||
{{- if .Values.certificates.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }}
|
||||
envFrom:
|
||||
{{- if .Values.certificates.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.certificates.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: etc-ssl-certs
|
||||
mountPath: /etc/ssl/certs
|
||||
readOnly: false
|
||||
- name: etc-ssl-private
|
||||
mountPath: /etc/ssl/private
|
||||
readOnly: false
|
||||
- name: custom-ca-certificates
|
||||
mountPath: /usr/local/share/ca-certificates
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ include "common.names.fullname" . }}
|
||||
image: {{ template "drupal.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" .Values.image.debug | quote }}
|
||||
- name: ALLOW_EMPTY_PASSWORD
|
||||
value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }}
|
||||
- name: APACHE_HTTP_PORT_NUMBER
|
||||
value: {{ .Values.containerPorts.http | quote }}
|
||||
- name: APACHE_HTTPS_PORT_NUMBER
|
||||
value: {{ .Values.containerPorts.https | quote }}
|
||||
- name: DRUPAL_DATABASE_HOST
|
||||
value: {{ include "drupal.databaseHost" . | quote }}
|
||||
- name: DRUPAL_DATABASE_PORT_NUMBER
|
||||
value: {{ include "drupal.databasePort" . | quote }}
|
||||
- name: DRUPAL_DATABASE_NAME
|
||||
value: {{ include "drupal.databaseName" . | quote }}
|
||||
- name: DRUPAL_DATABASE_USER
|
||||
value: {{ include "drupal.databaseUser" . | quote }}
|
||||
- name: DRUPAL_DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "drupal.databaseSecretName" . }}
|
||||
key: {{ include "drupal.databasePasswordKey" . | quote }}
|
||||
- name: DRUPAL_SKIP_BOOTSTRAP
|
||||
value: {{ ternary "yes" "no" .Values.drupalSkipInstall | quote }}
|
||||
- name: DRUPAL_PROFILE
|
||||
value: {{ .Values.drupalProfile | quote }}
|
||||
- name: DRUPAL_USERNAME
|
||||
value: {{ .Values.drupalUsername | quote }}
|
||||
- name: DRUPAL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "drupal.secretName" . }}
|
||||
key: drupal-password
|
||||
- name: DRUPAL_EMAIL
|
||||
value: {{ .Values.drupalEmail | quote }}
|
||||
{{- if .Values.smtpHost }}
|
||||
- name: SMTP_HOST
|
||||
value: {{ .Values.smtpHost | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.smtpPort }}
|
||||
- name: SMTP_PORT
|
||||
value: {{ .Values.smtpPort | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.smtpUser }}
|
||||
- name: SMTP_USER
|
||||
value: {{ .Values.smtpUser | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.smtpPassword }}
|
||||
- name: SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "drupal.secretName" . }}
|
||||
key: smtp-password
|
||||
{{- end }}
|
||||
{{- if .Values.smtpProtocol }}
|
||||
- name: SMTP_PROTOCOL
|
||||
value: {{ .Values.smtpProtocol | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- if .Values.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.containerPorts.http }}
|
||||
- name: https
|
||||
containerPort: {{ .Values.containerPorts.https }}
|
||||
{{- if .Values.extraContainerPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.customStartupProbe }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.startupProbe.enabled }}
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.startupProbe.path }}
|
||||
port: http
|
||||
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.startupProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.customLivenessProbe }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.customReadinessProbe }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.readinessProbe.path }}
|
||||
port: http
|
||||
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.resources }}
|
||||
resources: {{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- else if ne .Values.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apache/conf
|
||||
subPath: apache-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apache/logs
|
||||
subPath: apache-logs-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apache/var/run
|
||||
subPath: apache-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/php/etc
|
||||
subPath: php-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/php/tmp
|
||||
subPath: php-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/php/var
|
||||
subPath: php-var-dir
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/drupal
|
||||
subPath: app-base-dir
|
||||
- name: drupal-data
|
||||
mountPath: /bitnami/drupal
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- name: metrics
|
||||
image: {{ template "drupal.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ]
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9117
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 1
|
||||
{{- if .Values.metrics.resourcesPreset }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: drupal-data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-drupal" (include "common.names.fullname" .)) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,19 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and (not .Values.mariadb.enabled) (not .Values.externalDatabase.existingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
|
||||
{{- end }}
|
|
@ -0,0 +1,9 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- range .Values.extraDeploy }}
|
||||
---
|
||||
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
|
||||
{{- end }}
|
|
@ -0,0 +1,66 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.ingress.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.ingress.certManager }}
|
||||
kubernetes.io/tls-acme: "true"
|
||||
{{- end }}
|
||||
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.ingress.hostname }}
|
||||
- host: {{ .Values.ingress.hostname }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ .Values.ingress.path }}
|
||||
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
|
||||
pathType: {{ .Values.ingress.pathType }}
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- if .Values.ingress.extraPaths }}
|
||||
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range (coalesce .Values.ingress.extraHosts .Values.ingress.hosts) }}
|
||||
- host: {{ .name | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ default "/" .path }}
|
||||
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
|
||||
pathType: {{ default "ImplementationSpecific" .pathType }}
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.extraRules }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if .Values.ingress.tls }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
{{- if and (or (.Values.ingress.tlsWwwPrefix) (eq (index .Values.ingress.annotations "nginx.ingress.kubernetes.io/from-to-www-redirect") "true" )) (not (contains "www." .Values.ingress.hostname)) }}
|
||||
- {{ printf "www.%s" (tpl .Values.ingress.hostname $) | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.extraTls }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,39 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.metrics.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ printf "%s-metrics" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.metrics.service.type }}
|
||||
{{- if eq .Values.metrics.service.type "LoadBalancer" }}
|
||||
externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
port: {{ .Values.metrics.service.ports.metrics }}
|
||||
protocol: TCP
|
||||
targetPort: metrics
|
||||
{{- if .Values.metrics.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,80 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
# Allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# Allow outbound connections to MariaDB
|
||||
- ports:
|
||||
- port: {{ include "drupal.databasePort" . }}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: mariadb
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.containerPorts.http }}
|
||||
- port: {{ .Values.containerPorts.https }}
|
||||
{{- range .Values.extraContainerPorts }}
|
||||
- port: {{ . }}
|
||||
{{- end }}
|
||||
{{- if not .Values.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "common.names.fullname" . }}-client: "true"
|
||||
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,26 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.pdb.create }}
|
||||
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.pdb.minAvailable }}
|
||||
minAvailable: {{ .Values.pdb.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if or .Values.pdb.maxUnavailable (not .Values.pdb.minAvailable) }}
|
||||
maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,23 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.metrics.prometheusRule.additionalLabels }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
groups:
|
||||
- name: {{ include "common.names.fullname" . }}
|
||||
rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,23 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ printf "%s-drupal" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
capacity:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
hostPath:
|
||||
path: {{ .Values.persistence.hostPath | quote }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,33 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ printf "%s-drupal" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.persistence.hostPath }}
|
||||
storageClassName: ""
|
||||
{{- end }}
|
||||
accessModes:
|
||||
{{- if not (empty .Values.persistence.accessModes) }}
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- include "drupal.storageClass" . | nindent 2 }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,26 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if not .Values.existingSecret }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if .Values.drupalPassword }}
|
||||
drupal-password: {{ default "" .Values.drupalPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
drupal-password: {{ randAlphaNum 10 | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.smtpPassword }}
|
||||
smtp-password: {{ .Values.smtpPassword | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,18 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "drupal.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end }}
|
|
@ -0,0 +1,43 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- if .Values.metrics.serviceMonitor.interval }}
|
||||
interval: {{ .Values.metrics.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.honorLabels }}
|
||||
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.relabellings }}
|
||||
relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
{{- end }}
|
|
@ -0,0 +1,57 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if .Values.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
|
||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
|
||||
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ coalesce .Values.service.ports.http .Values.service.port }}
|
||||
targetPort: http
|
||||
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }}
|
||||
nodePort: {{ .Values.service.nodePorts.http }}
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
- name: https
|
||||
port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }}
|
||||
targetPort: https
|
||||
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
|
||||
nodePort: {{ .Values.service.nodePorts.https }}
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
{{- if .Values.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
|
@ -0,0 +1,22 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range .Values.ingress.secrets }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ include "common.names.namespace" $ | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if $.Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ .certificate | b64enc }}
|
||||
tls.key: {{ .key | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,233 @@
|
|||
{
|
||||
"$schema": "http://json-schema.org/schema#",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"drupalUsername": {
|
||||
"type": "string",
|
||||
"title": "Username",
|
||||
"form": true
|
||||
},
|
||||
"drupalPassword": {
|
||||
"type": "string",
|
||||
"title": "Password",
|
||||
"form": true,
|
||||
"description": "Defaults to a random 10-character alphanumeric string if not set"
|
||||
},
|
||||
"drupalEmail": {
|
||||
"type": "string",
|
||||
"title": "Admin email",
|
||||
"form": true
|
||||
},
|
||||
"persistence": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"drupal": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"size": {
|
||||
"type": "string",
|
||||
"title": "Persistent Volume Size",
|
||||
"form": true,
|
||||
"render": "slider",
|
||||
"sliderMin": 1,
|
||||
"sliderMax": 100,
|
||||
"sliderUnit": "Gi"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"ingress": {
|
||||
"type": "object",
|
||||
"form": true,
|
||||
"title": "Ingress Configuration",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"form": true,
|
||||
"title": "Use a custom hostname",
|
||||
"description": "Enable the ingress resource that allows you to access the Drupal installation."
|
||||
},
|
||||
"hostname": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"title": "Hostname",
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "ingress/enabled"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"service": {
|
||||
"type": "object",
|
||||
"form": true,
|
||||
"title": "Service Configuration",
|
||||
"properties": {
|
||||
"type": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"title": "Service Type",
|
||||
"description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\""
|
||||
}
|
||||
}
|
||||
},
|
||||
"mariadb": {
|
||||
"type": "object",
|
||||
"title": "MariaDB Details",
|
||||
"form": true,
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"title": "Use a new MariaDB database hosted in the cluster",
|
||||
"form": true,
|
||||
"description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details"
|
||||
},
|
||||
"primary": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"persistence": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"size": {
|
||||
"type": "string",
|
||||
"title": "Volume Size",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "mariadb/enabled"
|
||||
},
|
||||
"render": "slider",
|
||||
"sliderMin": 1,
|
||||
"sliderMax": 100,
|
||||
"sliderUnit": "Gi"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"externalDatabase": {
|
||||
"type": "object",
|
||||
"title": "External Database Details",
|
||||
"description": "If MariaDB is disabled. Use this section to specify the external database details",
|
||||
"form": true,
|
||||
"hidden": "mariadb/enabled",
|
||||
"properties": {
|
||||
"host": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"title": "Database Host"
|
||||
},
|
||||
"user": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"title": "Database Username"
|
||||
},
|
||||
"password": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"title": "Database Password"
|
||||
},
|
||||
"database": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"title": "Database Name"
|
||||
},
|
||||
"port": {
|
||||
"type": "integer",
|
||||
"form": true,
|
||||
"title": "Database Port"
|
||||
}
|
||||
}
|
||||
},
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"title": "Requested Resources",
|
||||
"description": "Configure resource requests",
|
||||
"form": true,
|
||||
"properties": {
|
||||
"requests": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"memory": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"render": "slider",
|
||||
"title": "Memory Request",
|
||||
"sliderMin": 10,
|
||||
"sliderMax": 2048,
|
||||
"sliderUnit": "Mi"
|
||||
},
|
||||
"cpu": {
|
||||
"type": "string",
|
||||
"form": true,
|
||||
"render": "slider",
|
||||
"title": "CPU Request",
|
||||
"sliderMin": 10,
|
||||
"sliderMax": 2000,
|
||||
"sliderUnit": "m"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"metrics": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"title": "Enable Metrics",
|
||||
"description": "Prometheus Exporter / Metrics",
|
||||
"form": true
|
||||
},
|
||||
"serviceMonitor": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"title": "Create Prometheus Operator ServiceMonitor",
|
||||
"description": "Create a ServiceMonitor to track metrics using Prometheus Operator",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "metrics/enabled"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"serviceAccount": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"drupal": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"create": {
|
||||
"type": "string",
|
||||
"title": "Specifies whether a service account should be created",
|
||||
"form": true
|
||||
},
|
||||
"name": {
|
||||
"type": "string",
|
||||
"title": "The name of the service account to use",
|
||||
"form": true
|
||||
},
|
||||
"annotations": {
|
||||
"type": "string",
|
||||
"title": "Add annotations",
|
||||
"form": true
|
||||
},
|
||||
"automountServiceAccountToken": {
|
||||
"type": "string",
|
||||
"title": "Automount API credentials for a service account",
|
||||
"form": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,982 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
|
||||
## @section Global parameters
|
||||
## Global Docker image parameters
|
||||
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
||||
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
||||
|
||||
## @param global.imageRegistry Global Docker image registry
|
||||
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
||||
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
|
||||
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
|
||||
##
|
||||
global:
|
||||
imageRegistry: ""
|
||||
## E.g.
|
||||
## imagePullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
imagePullSecrets: []
|
||||
defaultStorageClass: ""
|
||||
storageClass: ""
|
||||
## Compatibility adaptations for Kubernetes platforms
|
||||
##
|
||||
compatibility:
|
||||
## Compatibility adaptations for Openshift
|
||||
##
|
||||
openshift:
|
||||
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
|
||||
##
|
||||
adaptSecurityContext: auto
|
||||
## @section Common parameters
|
||||
|
||||
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
|
||||
##
|
||||
kubeVersion: ""
|
||||
## @param nameOverride String to partially override drupal.fullname template (will maintain the release name)
|
||||
##
|
||||
nameOverride: ""
|
||||
## @param fullnameOverride String to fully override drupal.fullname template
|
||||
##
|
||||
fullnameOverride: ""
|
||||
## @param namespaceOverride String to fully override common.names.namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
## @param commonAnnotations Common annotations to add to all Drupal resources (sub-charts are not considered). Evaluated as a template
|
||||
##
|
||||
commonAnnotations: {}
|
||||
## @param commonLabels Common labels to add to all Drupal resources (sub-charts are not considered). Evaluated as a template
|
||||
##
|
||||
commonLabels: {}
|
||||
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
|
||||
##
|
||||
extraDeploy: []
|
||||
## @section Drupal parameters
|
||||
|
||||
## Bitnami Drupal image version
|
||||
## ref: https://hub.docker.com/r/bitnami/drupal/tags/
|
||||
## @param image.registry [default: REGISTRY_NAME] Drupal image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/drupal] Drupal Image name
|
||||
## @skip image.tag Drupal Image tag
|
||||
## @param image.digest Drupal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy Drupal image pull policy
|
||||
## @param image.pullSecrets Specify docker-registry secret names as an array
|
||||
## @param image.debug Specify if debug logs should be enabled
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/drupal
|
||||
tag: 11.0.5-debian-12-r1
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## Set to true if you would like to see extra information on logs
|
||||
##
|
||||
debug: false
|
||||
## @param replicaCount Number of Drupal Pods to run (requires ReadWriteMany PVC support)
|
||||
##
|
||||
replicaCount: 1
|
||||
## @param drupalProfile Drupal installation profile
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal#configuration
|
||||
##
|
||||
drupalProfile: standard
|
||||
## @param drupalSkipInstall Skip Drupal installation wizard. Useful for migrations and restoring from SQL dump
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal#configuration
|
||||
##
|
||||
drupalSkipInstall: false
|
||||
## @param drupalUsername User of the application
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal#configuration
|
||||
##
|
||||
drupalUsername: user
|
||||
## @param drupalPassword Application password
|
||||
## Defaults to a random 10-character alphanumeric string if not set
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal#configuration
|
||||
##
|
||||
drupalPassword: ""
|
||||
## @param drupalEmail Admin email
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal#configuration
|
||||
##
|
||||
drupalEmail: user@example.com
|
||||
## @param allowEmptyPassword Allow DB blank passwords
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal#environment-variables
|
||||
##
|
||||
allowEmptyPassword: true
|
||||
## @param command Override default container command (useful when using custom images)
|
||||
##
|
||||
command: []
|
||||
## @param args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
|
||||
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
|
||||
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
|
||||
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
|
||||
##
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
## @param priorityClassName Drupal pods' priorityClassName
|
||||
##
|
||||
priorityClassName: ""
|
||||
## @param schedulerName Name of the k8s scheduler (other than default)
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
schedulerName: ""
|
||||
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
|
||||
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
||||
## The value is evaluated as a template
|
||||
##
|
||||
topologySpreadConstraints: []
|
||||
## @param automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param hostAliases [array] Add deployment host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
hostAliases:
|
||||
## Necessary for apache-exporter to work
|
||||
##
|
||||
- ip: "127.0.0.1"
|
||||
hostnames:
|
||||
- "status.localhost"
|
||||
## @param extraEnvVars Extra environment variables
|
||||
## For example:
|
||||
##
|
||||
extraEnvVars: []
|
||||
# - name: BEARER_AUTH
|
||||
# value: true
|
||||
## @param extraEnvVarsCM ConfigMap containing extra env vars
|
||||
##
|
||||
extraEnvVarsCM: ""
|
||||
## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
|
||||
##
|
||||
extraEnvVarsSecret: ""
|
||||
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
|
||||
##
|
||||
extraVolumes: []
|
||||
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
|
||||
##
|
||||
extraVolumeMounts: []
|
||||
## @param initContainers Add additional init containers to the pod (evaluated as a template)
|
||||
##
|
||||
initContainers: []
|
||||
## Pod Disruption Budget configuration
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
||||
## @param pdb.create Enable/disable a Pod Disruption Budget creation
|
||||
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
||||
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
|
||||
##
|
||||
pdb:
|
||||
create: true
|
||||
minAvailable: ""
|
||||
maxUnavailable: ""
|
||||
## @param sidecars Attach additional containers to the pod (evaluated as a template)
|
||||
##
|
||||
sidecars: []
|
||||
## @param tolerations Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
serviceAccount:
|
||||
## @param serviceAccount.create Specifies whether a service account should be created
|
||||
##
|
||||
create: true
|
||||
## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template
|
||||
##
|
||||
name: ""
|
||||
## @param serviceAccount.annotations Add annotations
|
||||
##
|
||||
annotations: {}
|
||||
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param existingSecret Name of a secret with the application password
|
||||
##
|
||||
existingSecret: ""
|
||||
## SMTP mail delivery configuration
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/drupal/#smtp-configuration
|
||||
## @param smtpHost SMTP host
|
||||
## @param smtpPort SMTP port
|
||||
## @param smtpUser SMTP user
|
||||
## @param smtpPassword SMTP password
|
||||
## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil)
|
||||
##
|
||||
smtpHost: ""
|
||||
smtpPort: ""
|
||||
smtpUser: ""
|
||||
smtpPassword: ""
|
||||
smtpProtocol: ""
|
||||
## @param containerPorts [object] Container ports
|
||||
##
|
||||
containerPorts:
|
||||
http: 8080
|
||||
https: 8443
|
||||
## @param extraContainerPorts Optionally specify extra list of additional ports for Drupal container(s)
|
||||
## e.g:
|
||||
## extraContainerPorts:
|
||||
## - name: myservice
|
||||
## containerPort: 9090
|
||||
##
|
||||
extraContainerPorts: []
|
||||
## @param sessionAffinity Control where client requests go, to the same pod or round-robin. Values: ClientIP or None
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
||||
##
|
||||
sessionAffinity: "None"
|
||||
## Enable persistence using Persistent Volume Claims
|
||||
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
|
||||
##
|
||||
persistence:
|
||||
## @param persistence.enabled Enable persistence using PVC
|
||||
##
|
||||
enabled: true
|
||||
## @param persistence.storageClass PVC Storage Class for Drupal volume
|
||||
## If defined, storageClassName: <storageClass>
|
||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||
## If undefined (the default) or set to null, no storageClassName spec is
|
||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||||
## GKE, AWS & OpenStack)
|
||||
##
|
||||
storageClass: ""
|
||||
## @param persistence.accessModes PVC Access Mode for Drupal volume
|
||||
## Requires persistence.enabled: true
|
||||
## If defined, PVC must be created manually before volume will be bound
|
||||
##
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
## @param persistence.size PVC Storage Request for Drupal volume
|
||||
##
|
||||
size: 8Gi
|
||||
## @param persistence.existingClaim A manually managed Persistent Volume Claim
|
||||
## Requires persistence.enabled: true
|
||||
## If defined, PVC must be created manually before volume will be bound
|
||||
##
|
||||
existingClaim: ""
|
||||
## @param persistence.hostPath If defined, the drupal-data volume will mount to the specified hostPath.
|
||||
## Requires persistence.enabled: true
|
||||
## Requires persistence.existingClaim: nil|false
|
||||
## Default: nil.
|
||||
##
|
||||
hostPath: ""
|
||||
## @param persistence.annotations Persistent Volume Claim annotations
|
||||
##
|
||||
annotations: {}
|
||||
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||||
##
|
||||
podAffinityPreset: ""
|
||||
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
||||
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||||
##
|
||||
podAntiAffinityPreset: soft
|
||||
## Node affinity preset
|
||||
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
||||
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
||||
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
|
||||
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
|
||||
##
|
||||
nodeAffinityPreset:
|
||||
type: ""
|
||||
## E.g.
|
||||
## key: "kubernetes.io/e2e-az-name"
|
||||
##
|
||||
key: ""
|
||||
## E.g.
|
||||
## values:
|
||||
## - e2e-az1
|
||||
## - e2e-az2
|
||||
##
|
||||
values: []
|
||||
## @param affinity Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
|
||||
##
|
||||
affinity: {}
|
||||
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## Drupal container's resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
## choice for the user. This also increases chances charts run on environments with little
|
||||
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "micro"
|
||||
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param podSecurityContext.enabled Enable Drupal pods' Security Context
|
||||
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param podSecurityContext.fsGroup Drupal pods' group ID
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context (only main container)
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled Drupal containers' Security Context
|
||||
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param containerSecurityContext.runAsUser Set Drupal containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsGroup Set Drupal containers' Security Context runAsGroup
|
||||
## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set Drupal container's Security Context privileged
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set Drupal container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set Drupal container's Security Context readOnlyRootFilesystem
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Configure extra options for startup probe
|
||||
## Drupal core exposes /user/login to unauthenticated requests, making it a good
|
||||
## default startup and readiness path. However, that may not always be the
|
||||
## case. For example, if the image value is overridden to an image containing a
|
||||
## module that alters that route, or an image that does not auto-install Drupal.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
||||
## @param startupProbe.enabled Enable startupProbe
|
||||
## @param startupProbe.path Request path for startupProbe
|
||||
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
||||
## @param startupProbe.periodSeconds Period seconds for startupProbe
|
||||
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
||||
## @param startupProbe.failureThreshold Failure threshold for startupProbe
|
||||
## @param startupProbe.successThreshold Success threshold for startupProbe
|
||||
##
|
||||
startupProbe:
|
||||
enabled: false
|
||||
path: /user/login
|
||||
initialDelaySeconds: 600
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
## Configure extra options for liveness probe
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
||||
## @param livenessProbe.enabled Enable livenessProbe
|
||||
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
||||
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
|
||||
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
||||
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
|
||||
## @param livenessProbe.successThreshold Success threshold for livenessProbe
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 600
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
## Configure extra options for readiness probe
|
||||
## Drupal core exposes /user/login to unauthenticated requests, making it a good
|
||||
## default startup and readiness path. However, that may not always be the
|
||||
## case. For example, if the image value is overridden to an image containing a
|
||||
## module that alters that route, or an image that does not auto-install Drupal.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
||||
## @param readinessProbe.enabled Enable readinessProbe
|
||||
## @param readinessProbe.path Request path for readinessProbe
|
||||
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
||||
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
|
||||
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
||||
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
|
||||
## @param readinessProbe.successThreshold Success threshold for readinessProbe
|
||||
##
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
path: /user/login
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
## @param customStartupProbe Override default startup probe
|
||||
##
|
||||
customStartupProbe: {}
|
||||
## @param customLivenessProbe Override default liveness probe
|
||||
##
|
||||
customLivenessProbe: {}
|
||||
## @param customReadinessProbe Override default readiness probe
|
||||
##
|
||||
customReadinessProbe: {}
|
||||
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param podAnnotations Pod annotations
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
## @param podLabels Add additional labels to the pod (evaluated as a template)
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
||||
##
|
||||
podLabels: {}
|
||||
## @section Traffic Exposure Parameters
|
||||
|
||||
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
|
||||
##
|
||||
service:
|
||||
## @param service.type Kubernetes Service type
|
||||
##
|
||||
type: LoadBalancer
|
||||
## @param service.ports.http Service HTTP port
|
||||
## @param service.ports.https Service HTTPS port
|
||||
##
|
||||
ports:
|
||||
http: 80
|
||||
https: 443
|
||||
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
|
||||
## e.g:
|
||||
## loadBalancerSourceRanges:
|
||||
## - 0.0.0.0/0
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## @param service.loadBalancerIP loadBalancerIP for the Drupal Service (optional, cloud specific)
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
||||
loadBalancerIP: ""
|
||||
## @param service.nodePorts [object] Kubernetes node port
|
||||
## nodePorts:
|
||||
## http: <to set explicitly, choose port between 30000-32767>
|
||||
## https: <to set explicitly, choose port between 30000-32767>
|
||||
##
|
||||
nodePorts:
|
||||
http: ""
|
||||
https: ""
|
||||
## @param service.externalTrafficPolicy Enable client source IP preservation
|
||||
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
##
|
||||
externalTrafficPolicy: Cluster
|
||||
## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
|
||||
## e.g.:
|
||||
## clusterIP: None
|
||||
##
|
||||
clusterIP: ""
|
||||
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
|
||||
##
|
||||
extraPorts: []
|
||||
## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service
|
||||
##
|
||||
annotations: {}
|
||||
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
|
||||
## If "ClientIP", consecutive client requests will be directed to the same Pod
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
|
||||
##
|
||||
sessionAffinity: None
|
||||
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
|
||||
## sessionAffinityConfig:
|
||||
## clientIP:
|
||||
## timeoutSeconds: 300
|
||||
##
|
||||
sessionAffinityConfig: {}
|
||||
## Configure the ingress resource that allows you to access the
|
||||
## Drupal installation. Set up the URL
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
||||
##
|
||||
ingress:
|
||||
## @param ingress.enabled Enable ingress controller resource
|
||||
##
|
||||
enabled: false
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: false
|
||||
##
|
||||
|
||||
## @param ingress.pathType Ingress Path type
|
||||
##
|
||||
pathType: ImplementationSpecific
|
||||
## @param ingress.apiVersion Override API Version (automatically detected if not set)
|
||||
##
|
||||
apiVersion: ""
|
||||
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
||||
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
||||
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
||||
##
|
||||
ingressClassName: ""
|
||||
## @param ingress.hostname Default host for the ingress resource
|
||||
##
|
||||
hostname: drupal.local
|
||||
## @param ingress.path The Path to Drupal. You may need to set this to '/*' in order to use this
|
||||
## with ALB ingress controllers.
|
||||
##
|
||||
path: /
|
||||
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
|
||||
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
|
||||
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
|
||||
##
|
||||
tls: false
|
||||
## @param ingress.tlsWwwPrefix Adds www subdomain to default cert
|
||||
## Creates tls host with ingress.hostname: {{ print "www.%s" .Values.ingress.hostname }}
|
||||
## Is enabled if "nginx.ingress.kubernetes.io/from-to-www-redirect" is "true"
|
||||
tlsWwwPrefix: false
|
||||
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
||||
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
||||
## extraHosts:
|
||||
## - name: drupal.local
|
||||
## path: /
|
||||
extraHosts: []
|
||||
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
|
||||
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
|
||||
## extraPaths:
|
||||
## - path: /*
|
||||
## backend:
|
||||
## serviceName: ssl-redirect
|
||||
## servicePort: use-annotation
|
||||
extraPaths: []
|
||||
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
||||
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
||||
## extraTls:
|
||||
## - hosts:
|
||||
## - drupal.local
|
||||
## secretName: drupal.local-tls
|
||||
extraTls: []
|
||||
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
||||
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
||||
## -----BEGIN RSA PRIVATE KEY-----
|
||||
##
|
||||
## name should line up with a tlsSecret set further up
|
||||
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
||||
##
|
||||
## It is also possible to create and manage the certificates outside of this helm chart
|
||||
## Please see README.md for more information
|
||||
## Example:
|
||||
## - name: drupal.local-tls
|
||||
## key:
|
||||
## certificate:
|
||||
##
|
||||
secrets: []
|
||||
## @param ingress.extraRules Additional rules to be covered with this ingress record
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
||||
## e.g:
|
||||
## extraRules:
|
||||
## - host: example.local
|
||||
## http:
|
||||
## path: /
|
||||
## backend:
|
||||
## service:
|
||||
## name: example-svc
|
||||
## port:
|
||||
## name: http
|
||||
##
|
||||
extraRules: []
|
||||
## @section Database parameters
|
||||
|
||||
## MariaDB chart configuration
|
||||
## https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml
|
||||
##
|
||||
mariadb:
|
||||
## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements
|
||||
## To use an external database set this to false and configure the externalDatabase parameters
|
||||
##
|
||||
enabled: true
|
||||
## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`)
|
||||
##
|
||||
architecture: standalone
|
||||
## MariaDB Authentication parameters
|
||||
## @param mariadb.auth.rootPassword Password for the MariaDB `root` user
|
||||
## @param mariadb.auth.database Database name to create
|
||||
## @param mariadb.auth.username Database user to create
|
||||
## @param mariadb.auth.password Password for the database
|
||||
##
|
||||
auth:
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run
|
||||
##
|
||||
rootPassword: ""
|
||||
## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run
|
||||
##
|
||||
database: bitnami_drupal
|
||||
## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run
|
||||
##
|
||||
username: bn_drupal
|
||||
password: ""
|
||||
primary:
|
||||
## Enable persistence using Persistent Volume Claims
|
||||
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
|
||||
## @param mariadb.primary.persistence.enabled Enable database persistence using PVC
|
||||
## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class
|
||||
## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes
|
||||
## @param mariadb.primary.persistence.size Database Persistent Volume Size
|
||||
## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production)
|
||||
## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas
|
||||
##
|
||||
persistence:
|
||||
enabled: true
|
||||
## mariadb data Persistent Volume Storage Class
|
||||
## If defined, storageClassName: <storageClass>
|
||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||
## If undefined (the default) or set to null, no storageClassName spec is
|
||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||||
## GKE, AWS & OpenStack)
|
||||
##
|
||||
storageClass: ""
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
size: 8Gi
|
||||
hostPath: ""
|
||||
existingClaim: ""
|
||||
## External database configuration
|
||||
## @param externalDatabase.host Host of the existing database
|
||||
## @param externalDatabase.port Port of the existing database
|
||||
## @param externalDatabase.user Existing username in the external db
|
||||
## @param externalDatabase.password Password for the above username. Ignored if existing secret is provided
|
||||
## @param externalDatabase.database Name of the existing database
|
||||
## @param externalDatabase.existingSecret Name of a secret with the database password. (externalDatabase.password will be ignored and picked up from this secret). The secret has to contain the key db-password
|
||||
##
|
||||
externalDatabase:
|
||||
host: ""
|
||||
port: 3306
|
||||
user: bn_drupal
|
||||
password: ""
|
||||
database: bitnami_drupal
|
||||
existingSecret: ""
|
||||
## @section Volume Permissions parameters
|
||||
|
||||
## Init containers parameters:
|
||||
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
|
||||
##
|
||||
volumePermissions:
|
||||
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
|
||||
##
|
||||
enabled: false
|
||||
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
|
||||
## @skip volumePermissions.image.tag Init container volume-permissions image tag
|
||||
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
||||
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 12-debian-12-r31
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## Init containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
## choice for the user. This also increases chances charts run on environments with little
|
||||
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## @section Metrics parameters
|
||||
|
||||
## Prometheus Exporter / Metrics
|
||||
##
|
||||
metrics:
|
||||
## @param metrics.enabled Start a exporter side-car
|
||||
##
|
||||
enabled: false
|
||||
## @param metrics.image.registry [default: REGISTRY_NAME] Apache exporter image registry
|
||||
## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache exporter image repository
|
||||
## @skip metrics.image.tag Apache exporter image tag
|
||||
## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param metrics.image.pullPolicy Image pull policy
|
||||
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/apache-exporter
|
||||
tag: 1.0.9-debian-12-r1
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
##
|
||||
resources: {}
|
||||
##
|
||||
## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod
|
||||
##
|
||||
podAnnotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "9117"
|
||||
## Drupal exporter service parameters
|
||||
##
|
||||
service:
|
||||
## @param metrics.service.type Drupal exporter service type
|
||||
##
|
||||
type: ClusterIP
|
||||
## @param metrics.service.ports.metrics Drupal exporter service port
|
||||
##
|
||||
ports:
|
||||
metrics: 9117
|
||||
## @param metrics.service.externalTrafficPolicy Drupal exporter service external traffic policy
|
||||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
##
|
||||
externalTrafficPolicy: Cluster
|
||||
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
|
||||
##
|
||||
extraPorts: []
|
||||
## @param metrics.service.loadBalancerIP Drupal exporter service Load Balancer IP
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
loadBalancerIP: ""
|
||||
## @param metrics.service.loadBalancerSourceRanges Drupal exporter service Load Balancer sources
|
||||
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||||
## e.g.
|
||||
## loadBalancerSourceRanges:
|
||||
## - 10.10.10.0/24
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## @param metrics.service.annotations Additional custom annotations for Drupal exporter service
|
||||
##
|
||||
annotations: {}
|
||||
## Prometheus Service Monitor
|
||||
## ref: https://github.com/coreos/prometheus-operator
|
||||
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
||||
##
|
||||
serviceMonitor:
|
||||
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
|
||||
##
|
||||
enabled: false
|
||||
## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created
|
||||
##
|
||||
namespace: ""
|
||||
## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped
|
||||
##
|
||||
interval: 30s
|
||||
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
|
||||
##
|
||||
scrapeTimeout: ""
|
||||
## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
|
||||
##
|
||||
relabellings: []
|
||||
## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
|
||||
##
|
||||
metricRelabelings: []
|
||||
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
|
||||
##
|
||||
honorLabels: false
|
||||
## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus
|
||||
##
|
||||
additionalLabels: {}
|
||||
## Custom PrometheusRule to be defined
|
||||
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
|
||||
##
|
||||
prometheusRule:
|
||||
## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator
|
||||
##
|
||||
enabled: false
|
||||
## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created
|
||||
##
|
||||
namespace: ""
|
||||
## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
|
||||
##
|
||||
additionalLabels: {}
|
||||
## @param metrics.prometheusRule.rules Custom Prometheus rules
|
||||
## e.g:
|
||||
## rules:
|
||||
## - alert: ApacheDown
|
||||
## expr: apache_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
|
||||
## for: 2m
|
||||
## labels:
|
||||
## severity: error
|
||||
## annotations:
|
||||
## summary: Drupal instance {{ "{{ $labels.instance }}" }} down
|
||||
## description: Drupal instance {{ "{{ $labels.instance }}" }} is down
|
||||
##
|
||||
rules: []
|
||||
## @section Certificate injection parameters
|
||||
|
||||
## Add custom certificates and certificate authorities to drupal container
|
||||
##
|
||||
certificates:
|
||||
## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add
|
||||
## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain
|
||||
## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret
|
||||
## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate
|
||||
## @param certificates.customCertificate.keyLocation Location in the container to store the private key
|
||||
## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain
|
||||
##
|
||||
customCertificate:
|
||||
certificateSecret: ""
|
||||
chainSecret:
|
||||
name: secret-name
|
||||
key: secret-key
|
||||
certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||
chainLocation: /etc/ssl/certs/mychain.pem
|
||||
## @param certificates.customCAs Defines a list of secrets to import into the container trust store
|
||||
##
|
||||
customCAs: []
|
||||
## @param certificates.command Override default container command (useful when using custom images)
|
||||
##
|
||||
command: []
|
||||
## @param certificates.args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param certificates.extraEnvVars Container sidecar extra environment variables (eg proxy)
|
||||
##
|
||||
extraEnvVars: []
|
||||
## @param certificates.extraEnvVarsCM ConfigMap containing extra env vars
|
||||
##
|
||||
extraEnvVarsCM: ""
|
||||
## @param certificates.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
|
||||
##
|
||||
extraEnvVarsSecret: ""
|
||||
## @param certificates.image.registry [default: REGISTRY_NAME] Container sidecar registry
|
||||
## @param certificates.image.repository [default: REPOSITORY_NAME/os-shell] Container sidecar image
|
||||
## @skip certificates.image.tag Container sidecar image tag
|
||||
## @param certificates.image.digest Container sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param certificates.image.pullPolicy Container sidecar image pull policy
|
||||
## @param certificates.image.pullSecrets Container sidecar image pull secrets
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 12-debian-12-r31
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
## e.g:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## @section NetworkPolicy parameters
|
||||
|
||||
## Network Policy configuration
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||
##
|
||||
networkPolicy:
|
||||
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
||||
##
|
||||
enabled: true
|
||||
## @param networkPolicy.allowExternal Don't require server label for connections
|
||||
## The Policy model to apply. When set to false, only pods with the correct
|
||||
## server label will have network access to the ports server is listening
|
||||
## on. When true, server will accept connections from any source
|
||||
## (with the correct destination port).
|
||||
##
|
||||
allowExternal: true
|
||||
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||
##
|
||||
allowExternalEgress: true
|
||||
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraIngress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## from:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
extraIngress: []
|
||||
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraEgress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## to:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
##
|
||||
extraEgress: []
|
||||
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
||||
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
||||
##
|
||||
ingressNSMatchLabels: {}
|
||||
ingressNSPodMatchLabels: {}
|
|
@ -0,0 +1,15 @@
|
|||
# @see https://artifacthub.io/packages/helm/bitnami/drupal?modal=values
|
||||
|
||||
fullnameOverride: drupal
|
||||
mariadb:
|
||||
enabled: false
|
||||
allowEmptyPassword: true
|
||||
externalDatabase:
|
||||
host: "mariadb.futureporn.svc.cluster.local"
|
||||
port: 3306
|
||||
user: drupal
|
||||
database: drupal
|
||||
existingSecret: externaldb
|
||||
image:
|
||||
debug: true
|
||||
tag: 10.3.6-debian-12-r1
|
|
@ -0,0 +1,39 @@
|
|||
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: chihaya
|
||||
# namespace: futureporn
|
||||
# annotations:
|
||||
# external-dns.alpha.kubernetes.io/hostname: "{{ .Values.chihaya.hostname }}"
|
||||
# spec:
|
||||
# type: LoadBalancer
|
||||
# selector:
|
||||
# app: chihaya
|
||||
# ports:
|
||||
# - name: http
|
||||
# port: 80
|
||||
# targetPort: 80
|
||||
|
||||
# ---
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: chihaya
|
||||
# spec:
|
||||
# replicas: 1
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: chihaya
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: chihaya
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: chihaya
|
||||
# image: "quay.io/jzelinskie/chihaya-git:latest"
|
||||
# ports:
|
||||
# - containerPort: 80
|
||||
|
|
@ -1,79 +0,0 @@
|
|||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: chihaya
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: "{{ .Values.chihaya.hostname }}"
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: chihaya
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: chihaya
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: chihaya
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: chihaya
|
||||
spec:
|
||||
containers:
|
||||
- name: chihaya
|
||||
image: "quay.io/jzelinskie/chihaya-git:latest"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: chihaya-http
|
||||
namespace: futureporn
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`chihaya.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: redirect
|
||||
namespace: futureporn
|
||||
services:
|
||||
- name: chihaya
|
||||
port: web
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: chihaya-https
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`chihaya.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: chihaya
|
||||
namespace: futureporn
|
||||
port: web
|
||||
tls:
|
||||
secretName: chihaya-tls
|
||||
|
|
@ -1,23 +1,14 @@
|
|||
{{ if ne .Values.environment "production" }}
|
||||
|
||||
## chisel-operator acts on all Services of type LoadBalancer, randomly assigning them to an available ExitNode.
|
||||
## Thus, we need to create lots of ExitNodes to ensure that
|
||||
## each services gets an ExitNode
|
||||
|
||||
|
||||
{{- $exitNodeCount := 9 }} # Define the number of ExitNodes you need
|
||||
|
||||
{{- range $i := until $exitNodeCount }}
|
||||
---
|
||||
apiVersion: chisel-operator.io/v1
|
||||
kind: ExitNode
|
||||
metadata:
|
||||
name: exit-node-{{ $i }}
|
||||
name: vault-exit-node
|
||||
namespace: futureporn
|
||||
spec:
|
||||
host: "155.138.254.201"
|
||||
host: {{ quote .Values.chisel.exitNode.host }}
|
||||
port: 9090
|
||||
auth: chisel
|
||||
{{- end }}
|
||||
|
||||
{{ end }}
|
|
@ -3,23 +3,23 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: build
|
||||
name: factory
|
||||
namespace: futureporn
|
||||
labels:
|
||||
app.kubernetes.io/name: build
|
||||
app.kubernetes.io/name: factory
|
||||
spec:
|
||||
replicas: {{ .Values.build.replicas }}
|
||||
replicas: {{ .Values.factory.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: build
|
||||
app: factory
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: build
|
||||
app: factory
|
||||
spec:
|
||||
containers:
|
||||
- name: build
|
||||
image: "{{ .Values.build.imageName }}"
|
||||
- name: factory
|
||||
image: "{{ .Values.factory.imageName }}"
|
||||
volumeMounts:
|
||||
- name: capture-worker-cache
|
||||
mountPath: "{{ .Values.capture.cache.dir }}"
|
||||
|
@ -34,6 +34,16 @@ spec:
|
|||
secretKeyRef:
|
||||
name: postgrest
|
||||
key: automationUserJwt
|
||||
- name: PATREON_CREATOR_ACCESS_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: patreon
|
||||
key: creatorAccessToken
|
||||
- name: PATREON_CREATOR_REFRESH_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: patreon
|
||||
key: creatorRefreshToken
|
||||
- name: POSTGREST_URL
|
||||
value: "{{ .Values.postgrest.url }}"
|
||||
- name: SCOUT_URL
|
|
@ -1,102 +0,0 @@
|
|||
|
||||
# ---
|
||||
# apiVersion: networking.k8s.io/v1
|
||||
# kind: Ingress
|
||||
# metadata:
|
||||
# name: game-2048
|
||||
# namespace: futureporn
|
||||
# spec:
|
||||
# ingressClassName: ngrok
|
||||
# rules:
|
||||
# - host: "{{ .Values.ngrok.hostname }}"
|
||||
# http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
# backend:
|
||||
# service:
|
||||
# name: game-2048
|
||||
# port:
|
||||
# number: 80
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: game-2048-http
|
||||
namespace: futureporn
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`game-2048.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: redirect
|
||||
namespace: futureporn
|
||||
services:
|
||||
- name: game-2048
|
||||
port: 80
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: game-2048-https
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`game-2048.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: game-2048
|
||||
namespace: futureporn
|
||||
port: 80
|
||||
tls:
|
||||
secretName: game-2048-tls
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: game-2048
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: "{{ .Values.game2048.hostname }}"
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: game-2048
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: game-2048
|
||||
namespace: futureporn
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: game-2048
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: game-2048
|
||||
spec:
|
||||
containers:
|
||||
- name: game-2048
|
||||
image: alexwhen/docker-2048
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: example-gateway
|
||||
namespace: futureporn
|
||||
spec:
|
||||
gatewayClassName: example-class
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
|
@ -1,44 +1,4 @@
|
|||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: next-http
|
||||
namespace: futureporn
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`next.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: redirect
|
||||
namespace: futureporn
|
||||
services:
|
||||
- name: next
|
||||
port: web
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: next-https
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`next.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: next
|
||||
namespace: futureporn
|
||||
port: web
|
||||
tls:
|
||||
secretName: next-tls
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -57,6 +17,29 @@ spec:
|
|||
value: 0.0.0.0
|
||||
- name: NEXT_PUBLIC_UPPY_COMPANION_URL
|
||||
value: "{{ .Values.uppy.url }}"
|
||||
- name: NEXT_PUBLIC_POSTGREST_URL
|
||||
value: "{{ .Values.postgrest.url }}"
|
||||
- name: NEXT_PUBLIC_WEBSITE_DOMAIN
|
||||
value: {{ printf "https://%s" .Values.next.hostname | quote }}
|
||||
- name: NEXT_PUBLIC_API_DOMAIN
|
||||
value: {{ .Values.next.hostname | quote }}
|
||||
- name: PATREON_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: patreon
|
||||
key: clientId
|
||||
- name: PATREON_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: patreon
|
||||
key: clientSecret
|
||||
- name: SUPERTOKENS_API_KEYS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: supertokens
|
||||
key: apiKeys
|
||||
- name: SUPERTOKENS_URL
|
||||
value: {{ printf "https://%s" .Values.supertokens.hostname | quote }}
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 3000
|
||||
|
|
|
@ -43,7 +43,7 @@ metadata:
|
|||
name: pgadmin4
|
||||
namespace: futureporn
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 5050
|
||||
targetPort: 80
|
||||
|
|
|
@ -1,18 +1,41 @@
|
|||
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: postgrest-httproute
|
||||
namespace: futureporn
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: example-gateway
|
||||
hostnames:
|
||||
- "{{ .Values.postgrest.hostname }}"
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: postgrest
|
||||
port: {{ .Values.postgrest.port }}
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: postgrest
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: "{{ .Values.postgrest.hostname }}"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: postgrest
|
||||
ports:
|
||||
- name: web
|
||||
- name: http
|
||||
port: {{ .Values.postgrest.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.postgrest.port }}
|
||||
|
||||
|
||||
---
|
||||
|
|
|
@ -1,227 +0,0 @@
|
|||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: strapi-http
|
||||
namespace: futureporn
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`strapi.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: redirect
|
||||
namespace: futureporn
|
||||
services:
|
||||
- name: strapi
|
||||
port: http
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: strapi-https
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`strapi.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: strapi
|
||||
namespace: futureporn
|
||||
port: http
|
||||
tls:
|
||||
secretName: strapi-tls
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: strapi
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: "{{ .Values.strapi.hostname }}"
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: strapi
|
||||
ports:
|
||||
- name: http
|
||||
port: 1339
|
||||
targetPort: http
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: strapi
|
||||
namespace: futureporn
|
||||
labels:
|
||||
app.kubernetes.io/name: strapi
|
||||
spec:
|
||||
replicas: {{ .Values.strapi.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: strapi
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: strapi
|
||||
spec:
|
||||
containers:
|
||||
- name: strapi
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
image: "{{ .Values.strapi.imageName }}"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 1339
|
||||
env:
|
||||
- name: NODE_EXTRA_CA_CERTS
|
||||
value: "{{ .Values.strapi.nodeExtraCaCerts }}"
|
||||
- name: ADMIN_JWT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: adminJwtSecret
|
||||
- name: API_TOKEN_SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: apiTokenSalt
|
||||
- name: APP_KEYS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: appKeys
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: databaseUrl
|
||||
- name: CDN_BUCKET_USC_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: cdnBucketUscUrl
|
||||
- name: DATABASE_CLIENT
|
||||
value: postgres
|
||||
- name: DATABASE_HOST
|
||||
value: postgresql.futureporn.svc.cluster.local
|
||||
- name: DATABASE_NAME
|
||||
value: futureporn-strapi
|
||||
- name: JWT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: jwtSecret
|
||||
- name: MUX_PLAYBACK_RESTRICTION_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: muxPlaybackRestrictionId
|
||||
- name: MUX_SIGNING_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: muxSigningKeyId
|
||||
- name: MUX_SIGNING_KEY_PRIVATE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: muxSigningKeyPrivateKey
|
||||
- name: NODE_ENV
|
||||
value: production
|
||||
- name: S3_USC_BUCKET_APPLICATION_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: s3UscBucketApplicationKey
|
||||
- name: S3_USC_BUCKET_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: s3UscBucketEndpoint
|
||||
- name: S3_USC_BUCKET_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: s3UscBucketKeyId
|
||||
- name: S3_USC_BUCKET_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: s3UscBucketName
|
||||
- name: S3_USC_BUCKET_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: s3UscBucketRegion
|
||||
- name: SENDGRID_API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: sendgridApiKey
|
||||
- name: TRANSFER_TOKEN_SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: strapi
|
||||
key: transferTokenSalt
|
||||
- name: STRAPI_URL
|
||||
value: "{{ .Values.strapi.url }}"
|
||||
- name: PORT
|
||||
value: "{{ .Values.strapi.port }}"
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 2Gi
|
||||
restartPolicy: Always
|
||||
|
||||
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: PersistentVolumeClaim
|
||||
# metadata:
|
||||
# name: strapi
|
||||
# namespace: futureporn
|
||||
# annotations:
|
||||
# meta.helm.sh/release-name: fp
|
||||
# meta.helm.sh/release-namespace: futureporn
|
||||
# labels:
|
||||
# app.kubernetes.io/managed-by: {{ .Values.managedBy }}
|
||||
# spec:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 100Gi
|
||||
# storageClassName: {{ .Values.storageClassName }}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: strapi
|
||||
namespace: futureporn
|
||||
spec:
|
||||
secretName: strapi-tls
|
||||
issuerRef:
|
||||
name: "{{ .Values.certManager.issuer }}"
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- "{{ .Values.strapi.hostname }}"
|
||||
|
|
@ -0,0 +1,138 @@
|
|||
|
||||
# ---
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: IngressRoute
|
||||
# metadata:
|
||||
# name: supertokens-http
|
||||
# namespace: futureporn
|
||||
# spec:
|
||||
# entryPoints:
|
||||
# - web
|
||||
# routes:
|
||||
# - match: Host(`auth.fp.sbtp.xyz`)
|
||||
# kind: Rule
|
||||
# middlewares:
|
||||
# - name: redirect
|
||||
# namespace: futureporn
|
||||
# services:
|
||||
# - name: supertokens
|
||||
# port: 3567
|
||||
|
||||
# ---
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: IngressRoute
|
||||
# metadata:
|
||||
# name: supertokens-https
|
||||
# namespace: futureporn
|
||||
# annotations:
|
||||
# cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
|
||||
# spec:
|
||||
# entryPoints:
|
||||
# - websecure
|
||||
# routes:
|
||||
# - match: Host(`auth.fp.sbtp.xyz`)
|
||||
# kind: Rule
|
||||
# services:
|
||||
# - name: supertokens
|
||||
# namespace: futureporn
|
||||
# port: 3567
|
||||
# tls:
|
||||
# secretName: supertokens-tls
|
||||
|
||||
# ---
|
||||
# apiVersion: batch/v1
|
||||
# kind: Job
|
||||
# metadata:
|
||||
# name: supertokens-database-seed
|
||||
# namespace: futureporn
|
||||
# spec:
|
||||
# template:
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: supertokens-database-seed
|
||||
# image: postgres:latest
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# env:
|
||||
# - name: DB_DATABASE
|
||||
# value: postgres
|
||||
|
||||
# # valueFrom:
|
||||
# # secretKeyRef:
|
||||
# # name: supertokens
|
||||
# # key: postgresqlUri
|
||||
# command:
|
||||
# - /bin/sh
|
||||
# - -c
|
||||
# - psql -a -f CREATE DATABASE supertokens;
|
||||
# restartPolicy: OnFailure
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: supertokens
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: "{{ .Values.supertokens.hostname }}"
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: supertokens
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.supertokens.port }}
|
||||
targetPort: {{ .Values.supertokens.port }}
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: supertokens
|
||||
namespace: futureporn
|
||||
spec:
|
||||
replicas: {{ .Values.supertokens.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: supertokens
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: supertokens
|
||||
spec:
|
||||
containers:
|
||||
- name: supertokens
|
||||
image: registry.supertokens.io/supertokens/supertokens-postgresql
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.supertokens.port }}
|
||||
# livenessProbe:
|
||||
# httpGet:
|
||||
# path: /hello
|
||||
# port: http
|
||||
# failureThreshold: 3
|
||||
# initialDelaySeconds: 10
|
||||
# periodSeconds: 10
|
||||
# readinessProbe:
|
||||
# httpGet:
|
||||
# path: /hello
|
||||
# port: http
|
||||
# failureThreshold: 3
|
||||
# initialDelaySeconds: 10
|
||||
# periodSeconds: 10
|
||||
# timeoutSeconds: 30
|
||||
env:
|
||||
## @see https://github.com/supertokens/supertokens-docker-postgresql/blob/master/README.md
|
||||
- name: DISABLE_TELEMETRY
|
||||
value: "true"
|
||||
- name: SUPERTOKENS_PORT
|
||||
value: "{{ .Values.supertokens.port }}"
|
||||
- name: POSTGRESQL_CONNECTION_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: supertokens
|
||||
key: postgresqlUri
|
||||
- name: API_KEYS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: supertokens
|
||||
key: apiKeys
|
|
@ -1,11 +1,115 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: redirect
|
||||
namespace: futureporn
|
||||
# ---
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: Middleware
|
||||
# metadata:
|
||||
# name: redirect
|
||||
# namespace: futureporn
|
||||
|
||||
# spec:
|
||||
# redirectScheme:
|
||||
# scheme: https
|
||||
# permanent: true
|
||||
|
||||
|
||||
# ---
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: Middleware
|
||||
# metadata:
|
||||
# name: traefik-dashboard-basicauth
|
||||
# namespace: futureporn
|
||||
|
||||
# spec:
|
||||
# basicAuth:
|
||||
# secret: traefik-dashboard-auth
|
||||
|
||||
# ---
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: IngressRoute
|
||||
# metadata:
|
||||
# name: traefik-dashboard-custom
|
||||
# namespace: futureporn
|
||||
|
||||
# spec:
|
||||
# entryPoints:
|
||||
# - websecure
|
||||
# - web
|
||||
# routes:
|
||||
# - match: PathPrefix(`/board`)
|
||||
# kind: Rule
|
||||
# # priority: 2147483647
|
||||
# # middlewares:
|
||||
# # - name: traefik-dashboard-basicauth
|
||||
# # namespace: traefik
|
||||
# services:
|
||||
# - name: dashboard@internal
|
||||
# kind: TraefikService
|
||||
|
||||
# ---
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: IngressRoute
|
||||
# metadata:
|
||||
# name: traefik-api-custom
|
||||
# namespace: futureporn
|
||||
|
||||
# spec:
|
||||
# entryPoints:
|
||||
# - websecure
|
||||
# - web
|
||||
# routes:
|
||||
# - match: PathPrefix(`/api`)
|
||||
# kind: Rule
|
||||
# # priority: 2147483647
|
||||
# # middlewares:
|
||||
# # - name: traefik-dashboard-basicauth
|
||||
# # namespace: traefik
|
||||
# services:
|
||||
# - name: api@internal
|
||||
# kind: TraefikService
|
||||
|
||||
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: whoami-httproute
|
||||
namespace: futureporn
|
||||
spec:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
permanent: true
|
||||
parentRefs:
|
||||
- name: traefik-gateway
|
||||
hostnames:
|
||||
- traefik.futureporn.svc.cluster.local
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /whoami
|
||||
filters:
|
||||
- type: ResponseHeaderModifier
|
||||
responseHeaderModifier:
|
||||
add:
|
||||
- name: x-cj-was-here
|
||||
value: "true"
|
||||
backendRefs:
|
||||
- name: whoami
|
||||
port: 8888
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /postgrest
|
||||
backendRefs:
|
||||
- name: postgrest
|
||||
port: 9000
|
||||
|
||||
# ---
|
||||
# apiVersion: gateway.networking.k8s.io/v1
|
||||
# kind: HTTPRoute
|
||||
# metadata:
|
||||
# name: whoami-httproute
|
||||
# namespace: futureporn
|
||||
# spec:
|
||||
# parentRefs:
|
||||
# - name: traefik-gateway
|
||||
# hostnames:
|
||||
# - traefik.futureporn.svc.cluster.local
|
||||
# rules:
|
||||
# - matches:
|
||||
|
|
|
@ -3,45 +3,27 @@
|
|||
|
||||
{{ if ne .Values.environment "production" }}
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: whoami-http
|
||||
namespace: futureporn
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`whoami.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: redirect
|
||||
namespace: futureporn
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: whoami-https
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`whoami.fp.sbtp.xyz`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
namespace: futureporn
|
||||
port: 80
|
||||
tls:
|
||||
secretName: whoami-tls
|
||||
# ---
|
||||
# apiVersion: gateway.networking.k8s.io/v1
|
||||
# kind: HTTPRoute
|
||||
# metadata:
|
||||
# name: whoami-httproute
|
||||
# namespace: futureporn
|
||||
# spec:
|
||||
# parentRefs:
|
||||
# - name: traefik-gateway
|
||||
# hostnames:
|
||||
# - traefik.futureporn
|
||||
# rules:
|
||||
# - matches:
|
||||
# - path:
|
||||
# type: PathPrefix
|
||||
# value: /whoami
|
||||
# backendRefs:
|
||||
# - name: whoami
|
||||
# port: {{ .Values.whoami.port }}
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -56,8 +38,8 @@ spec:
|
|||
selector:
|
||||
app: whoami
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
- port: {{ .Values.whoami.port }}
|
||||
targetPort: {{ .Values.whoami.port }}
|
||||
|
||||
|
||||
---
|
||||
|
@ -79,8 +61,10 @@ spec:
|
|||
containers:
|
||||
- name: whoami
|
||||
image: containous/whoami
|
||||
args:
|
||||
- --port={{ .Values.whoami.port }}
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- containerPort: {{ .Values.whoami.port }}
|
||||
|
||||
|
||||
{{ end }}
|
|
@ -33,9 +33,9 @@ mailbox:
|
|||
cdnBucketUrl: https://fp-dev.b-cdn.net
|
||||
s3BucketName: fp-dev
|
||||
port: 5000
|
||||
build:
|
||||
factory:
|
||||
replicas: 1
|
||||
imageName: fp/build
|
||||
imageName: fp/factory
|
||||
strapi:
|
||||
replicas: 1
|
||||
imageName: fp/strapi
|
||||
|
@ -79,25 +79,32 @@ scout:
|
|||
imageName: fp/scout
|
||||
replicas: 1
|
||||
port: 8134
|
||||
url: http://scout.futureporn.svc.cluster.local:8134
|
||||
url: http://scout.fp.sbtp.xyz
|
||||
postgrest:
|
||||
url: http://postgrest.futureporn.svc.cluster.local:9000
|
||||
hostname: postgrest.fp.sbtp.xyz
|
||||
image: postgrest/postgrest
|
||||
replicas: 1
|
||||
port: 9000
|
||||
schemas: api
|
||||
# postgresql:
|
||||
# image: postgres:16
|
||||
# replicas: 1
|
||||
# user: futureporn
|
||||
# port: 5432
|
||||
chisel:
|
||||
exitNode:
|
||||
host: "155.138.254.201"
|
||||
port: 9090
|
||||
game2048:
|
||||
hostname: game-2048.fp.sbtp.xyz
|
||||
supertokens:
|
||||
port: 3348
|
||||
hostname: supertokens.fp.sbtp.xyz
|
||||
replicas: 1
|
||||
logto:
|
||||
admin:
|
||||
port: 3002
|
||||
hostname: logto-admin.fp.sbtp.xyz
|
||||
main:
|
||||
port: 3001
|
||||
hostname: logto.fp.sbtp.xyz
|
||||
whoami:
|
||||
hostname: whoami.fp.sbtp.xyz
|
||||
port: 8888
|
||||
migrations:
|
||||
imageName: fp/migrations
|
||||
imageName: fp/migrations
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# img folder
|
||||
img/
|
||||
# Changelog
|
||||
CHANGELOG.md
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.23.0
|
||||
digest: sha256:fbd6439f12ded949c04553b9c52a4c8153a8f2790147d972b314ddcd46921a14
|
||||
generated: "2024-09-23T12:24:39.221888112Z"
|
|
@ -0,0 +1,36 @@
|
|||
annotations:
|
||||
category: Database
|
||||
images: |
|
||||
- name: mariadb
|
||||
image: docker.io/bitnami/mariadb:11.4.3-debian-12-r1
|
||||
- name: mysqld-exporter
|
||||
image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-12-r34
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:12-debian-12-r30
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 11.4.3
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
- bitnami-common
|
||||
version: 2.x.x
|
||||
description: MariaDB is an open source, community-developed SQL database server that
|
||||
is widely in use around the world due to its enterprise features, flexibility, and
|
||||
collaboration with leading tech firms.
|
||||
home: https://bitnami.com
|
||||
icon: https://bitnami.com/assets/stacks/mariadb/img/mariadb-stack-220x234.png
|
||||
keywords:
|
||||
- mariadb
|
||||
- mysql
|
||||
- database
|
||||
- sql
|
||||
- prometheus
|
||||
maintainers:
|
||||
- name: Broadcom, Inc. All Rights Reserved.
|
||||
url: https://github.com/bitnami/charts
|
||||
name: mariadb
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
|
||||
version: 19.1.0
|
|
@ -0,0 +1,650 @@
|
|||
<!--- app-name: MariaDB -->
|
||||
|
||||
# Bitnami package for MariaDB
|
||||
|
||||
MariaDB is an open source, community-developed SQL database server that is widely in use around the world due to its enterprise features, flexibility, and collaboration with leading tech firms.
|
||||
|
||||
[Overview of MariaDB](https://mariadb.org/)
|
||||
|
||||
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
|
||||
|
||||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/mariadb
|
||||
```
|
||||
|
||||
Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) replication cluster deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
MariaDB is developed as open source software and as a relational database it provides an SQL interface for accessing data. The latest versions of MariaDB also include GIS and JSON features.
|
||||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.23+
|
||||
- Helm 3.8.0+
|
||||
- PV provisioner support in the underlying infrastructure
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
||||
## Configuration and installation details
|
||||
|
||||
### Resource requests and limits
|
||||
|
||||
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
|
||||
|
||||
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
|
||||
|
||||
### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html)
|
||||
|
||||
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
|
||||
|
||||
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
|
||||
|
||||
### Change MariaDB version
|
||||
|
||||
To modify the MariaDB version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/mariadb/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters.
|
||||
|
||||
### Initialize a fresh instance
|
||||
|
||||
The [Bitnami MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter.
|
||||
|
||||
The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
|
||||
|
||||
These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `.sql.gz` files.
|
||||
|
||||
When using a `.sh` script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below:
|
||||
|
||||
```yaml
|
||||
initdbScripts:
|
||||
my_init_script.sh: |
|
||||
#!/bin/sh
|
||||
if [[ $(hostname) == *primary* ]]; then
|
||||
echo "Primary node"
|
||||
mysql -P 3306 -uroot -prandompassword -e "create database new_database";
|
||||
else
|
||||
echo "No primary node"
|
||||
fi
|
||||
```
|
||||
|
||||
### Sidecars and Init Containers
|
||||
|
||||
If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter.
|
||||
|
||||
```yaml
|
||||
sidecars:
|
||||
- name: your-image-name
|
||||
image: your-image
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: portname
|
||||
containerPort: 1234
|
||||
```
|
||||
|
||||
If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
|
||||
|
||||
```yaml
|
||||
service:
|
||||
extraPorts:
|
||||
- name: extraPort
|
||||
port: 11311
|
||||
targetPort: 11311
|
||||
```
|
||||
|
||||
> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers.
|
||||
|
||||
If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
|
||||
|
||||
```yaml
|
||||
initContainers:
|
||||
- name: your-image-name
|
||||
image: your-image
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: portname
|
||||
containerPort: 1234
|
||||
```
|
||||
|
||||
Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
|
||||
|
||||
## Persistence
|
||||
|
||||
The [Bitnami MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image stores the MariaDB data and configurations at the `/bitnami/mariadb` path of the container.
|
||||
|
||||
The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning, by default. An existing PersistentVolumeClaim can also be defined.
|
||||
|
||||
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
|
||||
|
||||
### Adjust permissions of persistent volume mountpoint
|
||||
|
||||
As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it.
|
||||
|
||||
By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions.
|
||||
|
||||
As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. You can enable this initContainer by setting `volumePermissions.enabled` to `true`.
|
||||
|
||||
## Parameters
|
||||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
|
||||
| `global.imageRegistry` | Global Docker Image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------- | --------------------------------------------------------------------------------------- | --------------- |
|
||||
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
|
||||
| `nameOverride` | String to partially override mariadb.fullname | `""` |
|
||||
| `fullnameOverride` | String to fully override mariadb.fullname | `""` |
|
||||
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
|
||||
| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` |
|
||||
| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` |
|
||||
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
|
||||
| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` |
|
||||
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
|
||||
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
|
||||
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
|
||||
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
|
||||
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
|
||||
|
||||
### MariaDB common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
|
||||
| `image.registry` | MariaDB image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
|
||||
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MariaDB replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
|
||||
| `auth.forcePassword` | Force users to specify required passwords | `false` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
|
||||
### MariaDB Primary parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
|
||||
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
|
||||
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
|
||||
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
|
||||
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
|
||||
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `primary.hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `primary.containerPorts.mysql` | Container port for mysql | `3306` |
|
||||
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
|
||||
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
|
||||
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
|
||||
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
|
||||
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
|
||||
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
|
||||
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
|
||||
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
|
||||
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
|
||||
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
|
||||
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
|
||||
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
|
||||
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
|
||||
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
|
||||
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
|
||||
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
|
||||
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
|
||||
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
|
||||
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
|
||||
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB primary container | `1001` |
|
||||
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
|
||||
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
|
||||
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro` |
|
||||
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
|
||||
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
|
||||
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
|
||||
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
|
||||
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
|
||||
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
|
||||
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
|
||||
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
|
||||
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
|
||||
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
|
||||
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
|
||||
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
|
||||
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
|
||||
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
|
||||
| `primary.persistence.labels` | Labels for the PVC | `{}` |
|
||||
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
|
||||
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
|
||||
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
|
||||
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
|
||||
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
|
||||
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
|
||||
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
|
||||
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
|
||||
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
|
||||
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
|
||||
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
|
||||
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
|
||||
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
|
||||
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
|
||||
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
|
||||
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
|
||||
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `true` |
|
||||
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `""` |
|
||||
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty. | `""` |
|
||||
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
|
||||
|
||||
### MariaDB Secondary parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
|
||||
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
|
||||
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
|
||||
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
|
||||
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
|
||||
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
|
||||
| `secondary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `secondary.containerPorts.mysql` | Container port for mysql | `3306` |
|
||||
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
|
||||
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
|
||||
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
|
||||
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
|
||||
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
|
||||
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
|
||||
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
|
||||
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
|
||||
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
|
||||
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
|
||||
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
|
||||
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
|
||||
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
|
||||
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
|
||||
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
|
||||
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
|
||||
| `secondary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `secondary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
|
||||
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
|
||||
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
|
||||
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB secondary container | `1001` |
|
||||
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
|
||||
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
|
||||
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `micro` |
|
||||
| `secondary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
|
||||
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
|
||||
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
|
||||
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
|
||||
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
|
||||
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
|
||||
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
|
||||
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
|
||||
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
|
||||
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
|
||||
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
|
||||
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
|
||||
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
|
||||
| `secondary.persistence.labels` | Labels for the PVC | `{}` |
|
||||
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
|
||||
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
|
||||
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
|
||||
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
|
||||
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
|
||||
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
|
||||
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
|
||||
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
|
||||
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
|
||||
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
|
||||
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
|
||||
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
|
||||
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
|
||||
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
|
||||
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
|
||||
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
|
||||
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `true` |
|
||||
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `""` |
|
||||
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable. Defaults to `1` if both `secondary.pdb.minAvailable` and `secondary.pdb.maxUnavailable` are empty. | `""` |
|
||||
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
|
||||
|
||||
### RBAC parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | -------------------------------------------------------------- | ------- |
|
||||
| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` |
|
||||
| `serviceAccount.name` | Name of the created ServiceAccount | `""` |
|
||||
| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` |
|
||||
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||
| `rbac.create` | Whether to create and use RBAC resources or not | `false` |
|
||||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
|
||||
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
|
||||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Exporter image repository | `REPOSITORY_NAME/mysqld-exporter` |
|
||||
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
|
||||
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
|
||||
| `metrics.containerPorts.http` | Container port for http | `9104` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MariaDB metrics container | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
|
||||
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
|
||||
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
|
||||
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
|
||||
|
||||
### NetworkPolicy parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | --------------------------------------------------------------- | ------ |
|
||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
|
||||
| `networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
||||
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
|
||||
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set auth.rootPassword=secretpassword,auth.database=app_database \
|
||||
oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`.
|
||||
|
||||
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mariadb/values.yaml)
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
|
||||
|
||||
## Upgrading
|
||||
|
||||
It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:
|
||||
|
||||
```console
|
||||
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb --set auth.rootPassword=[ROOT_PASSWORD]
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
|
||||
|
||||
### To 17.0.0
|
||||
|
||||
This major bump changes the following security defaults:
|
||||
|
||||
- `runAsGroup` is changed from `0` to `1001`
|
||||
- `readOnlyRootFilesystem` is set to `true`
|
||||
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
|
||||
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
|
||||
|
||||
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
|
||||
|
||||
### To 16.0.0
|
||||
|
||||
This section enables NetworkPolicies by default to increase security of the application. It also adapts the values in the `networkPolicy` section to the current Bitnami standards. The removed sections are `networkPolicy.metrics.*`, `networkPolicy.ingressRules.*` and `networkPolicy.egressRules.*`. Check the Parameters table for the new structure.
|
||||
|
||||
### To 14.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.1. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-between-minor-versions-on-linux/) for upgrading from MariaDB 11.0 to 11.1. No major issues are expected during the upgrade.
|
||||
|
||||
### To 13.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade.
|
||||
|
||||
### To 11.0.0
|
||||
|
||||
This major release bumps default MariaDB branch to 10.6. Follow the [official instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) from upgrading between 10.5 and 10.6.
|
||||
|
||||
No major issues are expected during the upgrade.
|
||||
|
||||
### To 10.0.0
|
||||
|
||||
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
|
||||
|
||||
Affected values:
|
||||
|
||||
- `primary.service.port` was deprecated, we recommend using `primary.service.ports.mysql` instead.
|
||||
- `primary.service.nodePort` was deprecated, we recommend using `primary.service.nodePorts.mysql` instead.
|
||||
- `secondary.service.port` was deprecated, we recommend using `secondary.service.ports.mysql` instead.
|
||||
- `secondary.service.nodePort` was deprecated, we recommend using `secondary.service.nodePorts.mysql` instead.
|
||||
- `metrics.serviceMonitor.additionalLabels` was deprecated, we recommend using `metrics.serviceMonitor.selector` instead.
|
||||
- `primary.pdb.enabled` renamed as `primary.pdb.create`.
|
||||
- `secondary.pdb.enabled` renamed as `secondary.pdb.create`.
|
||||
- `primary.updateStrategy` changed from String type (previously default to 'rollingUpdate') to Object type, allowing users to configure other updateStrategy parameters, similar to other charts.
|
||||
- Removed value `primary.rollingUpdatePartition`, now configured using `primary.updateStrategy` setting `primary.updateStrategy.rollingUpdate.partition`.
|
||||
- `secondary.updateStrategy` changed from String type (previously default to 'rollingUpdate') to Object type, allowing users to configure other updateStrategy parameters, similar to other charts.
|
||||
- Removed value `secondary.rollingUpdatePartition`, now configured using `secondary.updateStrategy` setting `secondary.updateStrategy.rollingUpdate.partition`.
|
||||
- `metrics.serviceMonitor.relabellings`, previously used to configure ServiceMonitor metricRelabelings, has been replaced with the value `metrics.serviceMonitor.metricRelabelings`, and new value `metrics.serviceMonitor.relabelings` can be used to set ServiceMonitor relabelings parameter
|
||||
|
||||
### To 9.0.0
|
||||
|
||||
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
|
||||
|
||||
### To 8.0.0
|
||||
|
||||
- Several parameters were renamed or disappeared in favor of new ones on this major version:
|
||||
- The terms _master_ and _slave_ have been replaced by the terms _primary_ and _secondary_. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively.
|
||||
- `securityContext.*` is deprecated in favor of `primary.podSecurityContext`, `primary.containerSecurityContext`, `secondary.podSecurityContext`, and `secondary.containerSecurityContext`.
|
||||
- Credentials parameter are reorganized under the `auth` parameter.
|
||||
- `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`.
|
||||
- The default MariaDB version was updated from 10.3 to 10.5. According to the official documentation, upgrading from 10.3 should be painless. However, there are some things that have changed which could affect an upgrade:
|
||||
- [Incompatible changes upgrading from MariaDB 10.3 to MariaDB 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104).
|
||||
- [Incompatible changes upgrading from MariaDB 10.4 to MariaDB 10.5](https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105).
|
||||
- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels).
|
||||
- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
|
||||
|
||||
Consequences:
|
||||
|
||||
Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MariaDB chart, and migrate the data from your previous release. You have 2 alternatives to do so:
|
||||
|
||||
- Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/).
|
||||
- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`:
|
||||
|
||||
```console
|
||||
helm install mariadb oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release.
|
||||
|
||||
### To 7.0.0
|
||||
|
||||
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
|
||||
|
||||
In <https://github.com/helm/charts/pull/17308> the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
|
||||
|
||||
This major version bump signifies this change.
|
||||
|
||||
### To 6.0.0
|
||||
|
||||
MariaDB version was updated from 10.1 to 10.3, there are no changes in the chart itself. According to the official documentation, upgrading from 10.1 should be painless. However, there are some things that have changed which could affect an upgrade:
|
||||
|
||||
- [Incompatible changes upgrading from MariaDB 10.1 to MariaDB 10.2](https://mariadb.com/kb/en/library/upgrading-from-mariadb-101-to-mariadb-102//#incompatible-changes-between-101-and-102)
|
||||
- [Incompatible changes upgrading from MariaDB 10.2 to MariaDB 10.3](https://mariadb.com/kb/en/library/upgrading-from-mariadb-102-to-mariadb-103/#incompatible-changes-between-102-and-103)
|
||||
|
||||
### To 5.0.0
|
||||
|
||||
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
|
||||
Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is mariadb:
|
||||
|
||||
```console
|
||||
kubectl delete statefulset opencart-mariadb --cascade=false
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
<http://www.apache.org/licenses/LICENSE-2.0>
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,77 @@
|
|||
CHART NAME: {{ .Chart.Name }}
|
||||
CHART VERSION: {{ .Chart.Version }}
|
||||
APP VERSION: {{ .Chart.AppVersion }}
|
||||
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
|
||||
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
|
||||
|
||||
Get the list of pods by executing:
|
||||
|
||||
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
|
||||
|
||||
Access the pod you want to debug by executing
|
||||
|
||||
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
|
||||
|
||||
In order to replicate the container startup scripts execute this command:
|
||||
|
||||
/opt/bitnami/scripts/mariadb/entrypoint.sh /opt/bitnami/scripts/mariadb/run.sh
|
||||
|
||||
{{- else }}
|
||||
|
||||
Tip:
|
||||
|
||||
Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
|
||||
|
||||
Services:
|
||||
|
||||
echo Primary: {{ include "mariadb.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ coalesce .Values.primary.service.ports.mysql .Values.primary.service.port }}
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
echo Secondary: {{ include "mariadb.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ coalesce .Values.secondary.service.ports.mysql .Values.secondary.service.port }}
|
||||
{{- end }}
|
||||
|
||||
Administrator credentials:
|
||||
|
||||
Username: root
|
||||
Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
|
||||
|
||||
To connect to your database:
|
||||
|
||||
1. Run a pod that you can use as a client:
|
||||
|
||||
kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mariadb.image" . }} --namespace {{ .Release.Namespace }} --command -- bash
|
||||
|
||||
2. To connect to primary service (read/write):
|
||||
|
||||
mysql -h {{ include "mariadb.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.auth.database }}
|
||||
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
|
||||
3. To connect to secondary service (read-only):
|
||||
|
||||
mysql -h {{ include "mariadb.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.auth.database }}
|
||||
{{- end }}
|
||||
|
||||
To upgrade this helm chart:
|
||||
|
||||
1. Obtain the password as described on the 'Administrator credentials' section and set the 'auth.rootPassword' parameter as shown below:
|
||||
|
||||
ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
|
||||
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=$ROOT_PASSWORD
|
||||
|
||||
{{- include "common.warnings.rollingTag" .Values.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
|
||||
{{- include "mariadb.validateValues" . }}
|
||||
{{- if not .Values.auth.customPasswordFiles -}}
|
||||
{{- $passwordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" (include "common.names.fullname" .) "context" $) -}}
|
||||
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "metrics" "primary" "secondary" "volumePermissions") "context" $) }}
|
||||
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }}
|
|
@ -0,0 +1,164 @@
|
|||
{{/*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{- define "mariadb.primary.fullname" -}}
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- include "common.names.fullname" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "mariadb.secondary.fullname" -}}
|
||||
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.secondary.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper MariaDB image name
|
||||
*/}}
|
||||
{{- define "mariadb.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper metrics image name
|
||||
*/}}
|
||||
{{- define "mariadb.metrics.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the init container volume-permissions image)
|
||||
*/}}
|
||||
{{- define "mariadb.volumePermissions.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "mariadb.imagePullSecrets" -}}
|
||||
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{ template "mariadb.initdbScriptsCM" . }}
|
||||
{{/*
|
||||
Get the initialization scripts ConfigMap name.
|
||||
*/}}
|
||||
{{- define "mariadb.initdbScriptsCM" -}}
|
||||
{{- if .Values.initdbScriptsConfigMap -}}
|
||||
{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-init-scripts" (include "mariadb.primary.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "mariadb.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the configmap with the MariaDB Primary configuration
|
||||
*/}}
|
||||
{{- define "mariadb.primary.configmapName" -}}
|
||||
{{- if .Values.primary.existingConfigmap -}}
|
||||
{{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "mariadb.primary.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a configmap object should be created for MariaDB Secondary
|
||||
*/}}
|
||||
{{- define "mariadb.primary.createConfigmap" -}}
|
||||
{{- if and .Values.primary.configuration (not .Values.primary.existingConfigmap) }}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the configmap with the MariaDB Primary configuration
|
||||
*/}}
|
||||
{{- define "mariadb.secondary.configmapName" -}}
|
||||
{{- if .Values.secondary.existingConfigmap -}}
|
||||
{{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "mariadb.secondary.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a configmap object should be created for MariaDB Secondary
|
||||
*/}}
|
||||
{{- define "mariadb.secondary.createConfigmap" -}}
|
||||
{{- if and (eq .Values.architecture "replication") .Values.secondary.configuration (not .Values.secondary.existingConfigmap) }}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the secret with MariaDB credentials
|
||||
*/}}
|
||||
{{- define "mariadb.secretName" -}}
|
||||
{{- if .Values.auth.existingSecret -}}
|
||||
{{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a secret object should be created for MariaDB
|
||||
*/}}
|
||||
{{- define "mariadb.createSecret" -}}
|
||||
{{- if not (or .Values.auth.existingSecret .Values.auth.customPasswordFiles) }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
*/}}
|
||||
{{- define "mariadb.validateValues" -}}
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "mariadb.validateValues.architecture" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
{{- if $message -}}
|
||||
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of MariaDB - must provide a valid architecture */}}
|
||||
{{- define "mariadb.validateValues.architecture" -}}
|
||||
{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}}
|
||||
mariadb: architecture
|
||||
Invalid architecture selected. Valid values are "standalone" and
|
||||
"replication". Please set a valid architecture (--set architecture="xxxx")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get existing password to access MariaDB
|
||||
*/}}
|
||||
{{- define "mariadb.secret.existPassword" -}}
|
||||
{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "mariadb.secretName" .)).data -}}
|
||||
{{- if hasKey $secret "mariadb-password" }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,9 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- range .Values.extraDeploy }}
|
||||
---
|
||||
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
|
||||
{{- end }}
|
|
@ -0,0 +1,76 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
# Allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# Allow connection to other cluster pods
|
||||
- ports:
|
||||
- port: {{ .Values.primary.containerPorts.mysql }}
|
||||
- port: {{ .Values.secondary.containerPorts.mysql }}
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
{{- if .Values.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.primary.containerPorts.mysql }}
|
||||
- port: {{ .Values.secondary.containerPorts.mysql }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- port: {{ .Values.metrics.containerPorts.http }}
|
||||
{{- end }}
|
||||
{{- if not .Values.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "common.names.fullname" . }}-client: "true"
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if (include "mariadb.primary.createConfigmap" .) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "mariadb.primary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
my.cnf: |-
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,19 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-init-scripts" (include "mariadb.primary.fullname" .) }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }}
|
||||
{{ end }}
|
|
@ -0,0 +1,28 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.primary.pdb.create }}
|
||||
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "mariadb.primary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.primary.pdb.minAvailable }}
|
||||
minAvailable: {{ .Values.primary.pdb.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if or .Values.primary.pdb.maxUnavailable (not .Values.primary.pdb.minAvailable) }}
|
||||
maxUnavailable: {{ .Values.primary.pdb.maxUnavailable | default 1 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- end }}
|
|
@ -0,0 +1,443 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "mariadb.primary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: {{ .Values.primary.revisionHistoryLimit }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: primary
|
||||
serviceName: {{ include "mariadb.primary.fullname" . }}
|
||||
{{- if .Values.primary.updateStrategy }}
|
||||
updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if (include "mariadb.primary.createConfigmap" .) }}
|
||||
checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
app.kubernetes.io/component: primary
|
||||
spec:
|
||||
{{- include "mariadb.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.primary.automountServiceAccountToken }}
|
||||
{{- if .Values.primary.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.primary.schedulerName .Values.schedulerName }}
|
||||
schedulerName: {{ (coalesce .Values.primary.schedulerName .Values.schedulerName) | quote }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "mariadb.serviceAccountName" . }}
|
||||
{{- if .Values.primary.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.schedulerName }}
|
||||
schedulerName: {{ .Values.primary.schedulerName }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.priorityClassName }}
|
||||
priorityClassName: {{ .Values.primary.priorityClassName | quote }}
|
||||
{{- else if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.runtimeClassName }}
|
||||
runtimeClassName: {{ .Values.primary.runtimeClassName | quote }}
|
||||
{{- else if .Values.runtimeClassName }}
|
||||
runtimeClassName: {{ .Values.runtimeClassName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: preserve-logs-symlinks
|
||||
image: {{ include "mariadb.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.primary.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.resources }}
|
||||
resources: {{ toYaml .Values.primary.resources | nindent 12 }}
|
||||
{{- else if ne .Values.primary.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
#!/bin/bash
|
||||
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
# We copy the logs folder because it has symlinks to stdout and stderr
|
||||
if ! is_dir_empty /opt/bitnami/mariadb/logs; then
|
||||
cp -r /opt/bitnami/mariadb/logs /emptydir/app-logs-dir
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /emptydir
|
||||
{{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "mariadb.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /bitnami/mariadb
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /bitnami/mariadb
|
||||
{{- if .Values.primary.persistence.subPath }}
|
||||
subPath: {{ .Values.primary.persistence.subPath }}
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- end }}
|
||||
{{- if .Values.primary.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: mariadb
|
||||
image: {{ include "mariadb.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.primary.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
{{- else if .Values.primary.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else if .Values.primary.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_ROOT_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }}
|
||||
{{- else }}
|
||||
- name: MARIADB_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-root-password
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.auth.username) }}
|
||||
- name: MARIADB_USER
|
||||
value: {{ .Values.auth.username | quote }}
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-password" .Values.auth.customPasswordFiles.user }}
|
||||
{{- else }}
|
||||
- name: MARIADB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-password
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: MARIADB_DATABASE
|
||||
value: {{ .Values.auth.database | quote }}
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
- name: MARIADB_REPLICATION_MODE
|
||||
value: "master"
|
||||
- name: MARIADB_REPLICATION_USER
|
||||
value: {{ .Values.auth.replicationUser | quote }}
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_REPLICATION_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-replication-password" .Values.auth.customPasswordFiles.replicator }}
|
||||
{{- else }}
|
||||
- name: MARIADB_REPLICATION_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-replication-password
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.extraFlags }}
|
||||
- name: MARIADB_EXTRA_FLAGS
|
||||
value: "{{ .Values.primary.extraFlags }}"
|
||||
{{- end }}
|
||||
{{- if .Values.primary.startupWaitOptions }}
|
||||
- name: MARIADB_STARTUP_WAIT_RETRIES
|
||||
value: "{{ .Values.primary.startupWaitOptions.retries | default 300 }}"
|
||||
- name: MARIADB_STARTUP_WAIT_SLEEP_TIME
|
||||
value: "{{ .Values.primary.startupWaitOptions.sleepTime | default 2 }}"
|
||||
{{- end }}
|
||||
{{- if .Values.primary.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }}
|
||||
envFrom:
|
||||
{{- if .Values.primary.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ .Values.primary.extraEnvVarsCM }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.primary.extraEnvVarsSecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: mysql
|
||||
containerPort: {{ .Values.primary.containerPorts.mysql }}
|
||||
{{- if not .Values.diagnosticMode.enabled }}
|
||||
{{- if .Values.primary.customStartupProbe }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.primary.startupProbe.enabled }}
|
||||
startupProbe: {{- omit .Values.primary.startupProbe "enabled" | toYaml | nindent 12 }}
|
||||
exec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
mariadb-admin ping -uroot -p"${password_aux}"
|
||||
{{- end }}
|
||||
{{- if .Values.primary.customLivenessProbe }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.primary.livenessProbe.enabled }}
|
||||
livenessProbe: {{- omit .Values.primary.livenessProbe "enabled" | toYaml | nindent 12 }}
|
||||
exec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
mariadb-admin status -uroot -p"${password_aux}"
|
||||
{{- end }}
|
||||
{{- if .Values.primary.customReadinessProbe }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.primary.readinessProbe.enabled }}
|
||||
readinessProbe: {{- omit .Values.primary.readinessProbe "enabled" | toYaml | nindent 12 }}
|
||||
exec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
mariadb-admin ping -uroot -p"${password_aux}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.resources }}
|
||||
resources: {{ toYaml .Values.primary.resources | nindent 12 }}
|
||||
{{- else if ne .Values.primary.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /bitnami/mariadb
|
||||
{{- if .Values.primary.persistence.subPath }}
|
||||
subPath: {{ .Values.primary.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
|
||||
- name: custom-init-scripts
|
||||
mountPath: /docker-entrypoint-initdb.d
|
||||
{{- end }}
|
||||
{{- if or .Values.primary.configuration .Values.primary.existingConfigmap }}
|
||||
- name: config
|
||||
mountPath: /opt/bitnami/mariadb/conf/my.cnf
|
||||
subPath: my.cnf
|
||||
{{- end }}
|
||||
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }}
|
||||
- name: mariadb-credentials
|
||||
mountPath: /opt/bitnami/mariadb/secrets/
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mariadb/conf
|
||||
subPath: app-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mariadb/tmp
|
||||
subPath: app-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mariadb/logs
|
||||
subPath: app-logs-dir
|
||||
{{- if .Values.primary.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- name: metrics
|
||||
image: {{ include "mariadb.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
{{- if .Values.metrics.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_ROOT_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }}
|
||||
{{- else }}
|
||||
- name: MARIADB_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-root-password
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:{{ .Values.primary.containerPorts.mysql }} --mysqld.username=root --web.listen-address=:{{ .Values.metrics.containerPorts.http }} {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.metrics.containerPorts.http }}
|
||||
{{- if not .Values.diagnosticMode.enabled }}
|
||||
{{- if .Values.metrics.livenessProbe.enabled }}
|
||||
livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }}
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.readinessProbe.enabled }}
|
||||
readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }}
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.resources }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }}
|
||||
- name: mariadb-credentials
|
||||
mountPath: /opt/bitnami/mysqld-exporter/secrets/
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.extraVolumeMounts.primary }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts.primary "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.sidecars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if or .Values.primary.configuration .Values.primary.existingConfigmap }}
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ include "mariadb.primary.configmapName" . }}
|
||||
{{- end }}
|
||||
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
|
||||
- name: custom-init-scripts
|
||||
configMap:
|
||||
name: {{ template "mariadb.initdbScriptsCM" . }}
|
||||
{{- end }}
|
||||
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }}
|
||||
- name: mariadb-credentials
|
||||
secret:
|
||||
secretName: {{ template "mariadb.secretName" . }}
|
||||
items:
|
||||
- key: mariadb-root-password
|
||||
path: mariadb-root-password
|
||||
- key: mariadb-password
|
||||
path: mariadb-password
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
- key: mariadb-replication-password
|
||||
path: mariadb-replication-password
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ tpl .Values.primary.persistence.existingClaim . }}
|
||||
{{- else if not .Values.primary.persistence.enabled }}
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
{{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.primary.persistence.annotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.primary.persistence.annotations "context" $ ) | nindent 10 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.primary.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.primary.persistence.size | quote }}
|
||||
{{ include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) }}
|
||||
{{- if .Values.primary.persistence.selector }}
|
||||
selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
|
@ -0,0 +1,62 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "mariadb.primary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
||||
annotations:
|
||||
{{- if or .Values.primary.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.annotations }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.primary.service.type }}
|
||||
{{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.primary.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if and .Values.primary.service.externalTrafficPolicy (or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort")) }}
|
||||
externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{ end }}
|
||||
{{- if (and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP))) }}
|
||||
loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.primary.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: mysql
|
||||
port: {{ coalesce .Values.primary.service.ports.mysql .Values.primary.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: mysql
|
||||
{{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) (coalesce .Values.primary.service.nodePorts.mysql .Values.primary.service.nodePort)) }}
|
||||
nodePort: {{ coalesce .Values.primary.service.nodePorts.mysql .Values.primary.service.nodePort }}
|
||||
{{- else if eq .Values.primary.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled (gt (.Values.primary.service.ports.metrics | int) 0) }}
|
||||
- name: metrics
|
||||
port: {{ .Values.primary.service.ports.metrics }}
|
||||
protocol: TCP
|
||||
targetPort: metrics
|
||||
{{- end }}
|
||||
{{- if .Values.primary.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
|
@ -0,0 +1,24 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
{{- if .Values.metrics.prometheusRule.additionalLabels }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
groups:
|
||||
- name: {{ include "common.names.fullname" . }}
|
||||
rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,23 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
{{- end }}
|
|
@ -0,0 +1,23 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: RoleBinding
|
||||
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "mariadb.serviceAccountName" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "common.names.fullname" . -}}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if (include "mariadb.secondary.createConfigmap" .) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "mariadb.secondary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
my.cnf: |-
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.secondary.configuration "context" $ ) | nindent 4 }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,28 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.create }}
|
||||
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "mariadb.secondary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.secondary.pdb.minAvailable }}
|
||||
minAvailable: {{ .Values.secondary.pdb.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if or .Values.secondary.pdb.maxUnavailable (not .Values.secondary.pdb.minAvailable) }}
|
||||
maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable | default 1 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
{{- end }}
|
|
@ -0,0 +1,414 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "mariadb.secondary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.secondary.replicaCount }}
|
||||
revisionHistoryLimit: {{ .Values.secondary.revisionHistoryLimit }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
serviceName: {{ include "mariadb.secondary.fullname" . }}
|
||||
podManagementPolicy: {{ .Values.secondary.podManagementPolicy }}
|
||||
{{- if .Values.secondary.updateStrategy }}
|
||||
updateStrategy: {{- toYaml .Values.secondary.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if (include "mariadb.secondary.createConfigmap" .) }}
|
||||
checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
spec:
|
||||
{{- include "mariadb.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if or .Values.secondary.schedulerName .Values.schedulerName }}
|
||||
schedulerName: {{ (coalesce .Values.secondary.schedulerName .Values.schedulerName) | quote }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "mariadb.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.secondary.automountServiceAccountToken }}
|
||||
{{- if .Values.secondary.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "component" "secondary" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "component" "secondary" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.topologySpreadConstraints "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.priorityClassName }}
|
||||
priorityClassName: {{ .Values.secondary.priorityClassName | quote }}
|
||||
{{- else if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.runtimeClassName }}
|
||||
runtimeClassName: {{ .Values.secondary.runtimeClassName | quote }}
|
||||
{{- else if .Values.runtimeClassName }}
|
||||
runtimeClassName: {{ .Values.runtimeClassName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.secondary.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: preserve-logs-symlinks
|
||||
image: {{ include "mariadb.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.secondary.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.resources }}
|
||||
resources: {{ toYaml .Values.secondary.resources | nindent 12 }}
|
||||
{{- else if ne .Values.secondary.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.secondary.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
#!/bin/bash
|
||||
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
# We copy the logs folder because it has symlinks to stdout and stderr
|
||||
if ! is_dir_empty /opt/bitnami/mariadb/logs; then
|
||||
cp -r /opt/bitnami/mariadb/logs /emptydir/app-logs-dir
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /emptydir
|
||||
{{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "mariadb.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
chown -R {{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }} /bitnami/mariadb
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /bitnami/mariadb
|
||||
{{- if .Values.secondary.persistence.subPath }}
|
||||
subPath: {{ .Values.secondary.persistence.subPath }}
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: mariadb
|
||||
image: {{ include "mariadb.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.secondary.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.secondary.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
{{- else if .Values.secondary.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else if .Values.secondary.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
|
||||
- name: MARIADB_REPLICATION_MODE
|
||||
value: "slave"
|
||||
- name: MARIADB_MASTER_HOST
|
||||
value: {{ include "mariadb.primary.fullname" . }}
|
||||
- name: MARIADB_MASTER_PORT_NUMBER
|
||||
value: {{ coalesce .Values.primary.service.ports.mysql .Values.primary.service.port | quote }}
|
||||
- name: MARIADB_MASTER_ROOT_USER
|
||||
value: "root"
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_MASTER_ROOT_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }}
|
||||
{{- else }}
|
||||
- name: MARIADB_MASTER_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-root-password
|
||||
{{- end }}
|
||||
- name: MARIADB_REPLICATION_USER
|
||||
value: {{ .Values.auth.replicationUser | quote }}
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_REPLICATION_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-replication-password" .Values.auth.customPasswordFiles.replicator }}
|
||||
{{- else }}
|
||||
- name: MARIADB_REPLICATION_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-replication-password
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.extraFlags }}
|
||||
- name: MARIADB_EXTRA_FLAGS
|
||||
value: "{{ .Values.secondary.extraFlags }}"
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.startupWaitOptions }}
|
||||
- name: MARIADB_STARTUP_WAIT_RETRIES
|
||||
value: "{{ .Values.secondary.startupWaitOptions.retries | default 300 }}"
|
||||
- name: MARIADB_STARTUP_WAIT_SLEEP_TIME
|
||||
value: "{{ .Values.secondary.startupWaitOptions.sleepTime | default 2 }}"
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.secondary.extraEnvVarsCM .Values.secondary.extraEnvVarsSecret }}
|
||||
envFrom:
|
||||
{{- if .Values.secondary.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ .Values.secondary.extraEnvVarsCM }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.secondary.extraEnvVarsSecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: mysql
|
||||
containerPort: {{ .Values.secondary.containerPorts.mysql }}
|
||||
{{- if not .Values.diagnosticMode.enabled }}
|
||||
{{- if .Values.secondary.customStartupProbe }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customStartupProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.secondary.startupProbe.enabled }}
|
||||
startupProbe: {{- omit .Values.secondary.startupProbe "enabled" | toYaml | nindent 12 }}
|
||||
exec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
mariadb-admin ping -uroot -p"${password_aux}"
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.customLivenessProbe }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.secondary.livenessProbe.enabled }}
|
||||
livenessProbe: {{- omit .Values.secondary.livenessProbe "enabled" | toYaml | nindent 12 }}
|
||||
exec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
mariadb-admin status -uroot -p"${password_aux}"
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.customReadinessProbe }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.secondary.readinessProbe.enabled }}
|
||||
readinessProbe: {{- omit .Values.secondary.readinessProbe "enabled" | toYaml | nindent 12 }}
|
||||
exec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
mariadb-admin ping -uroot -p"${password_aux}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.resources }}
|
||||
resources: {{ toYaml .Values.secondary.resources | nindent 12 }}
|
||||
{{- else if ne .Values.secondary.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.secondary.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /bitnami/mariadb
|
||||
{{- if .Values.secondary.persistence.subPath }}
|
||||
subPath: {{ .Values.secondary.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }}
|
||||
- name: config
|
||||
mountPath: /opt/bitnami/mariadb/conf/my.cnf
|
||||
subPath: my.cnf
|
||||
{{- end }}
|
||||
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }}
|
||||
- name: mariadb-credentials
|
||||
mountPath: /opt/bitnami/mariadb/secrets/
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mariadb/conf
|
||||
subPath: app-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mariadb/tmp
|
||||
subPath: app-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mariadb/logs
|
||||
subPath: app-logs-dir
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- name: metrics
|
||||
image: {{ include "mariadb.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
{{- if .Values.metrics.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: MARIADB_ROOT_PASSWORD_FILE
|
||||
value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }}
|
||||
{{- else }}
|
||||
- name: MARIADB_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mariadb.secretName" . }}
|
||||
key: mariadb-root-password
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -ec
|
||||
- |
|
||||
password_aux="${MARIADB_ROOT_PASSWORD:-}"
|
||||
if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then
|
||||
password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE")
|
||||
fi
|
||||
MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:{{ .Values.secondary.containerPorts.mysql }} --mysqld.username=root --web.listen-address=:{{ .Values.metrics.containerPorts.http }} {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.metrics.containerPorts.http }}
|
||||
{{- if not .Values.diagnosticMode.enabled }}
|
||||
{{- if .Values.metrics.livenessProbe.enabled }}
|
||||
livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }}
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.readinessProbe.enabled }}
|
||||
readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }}
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.resources }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }}
|
||||
- name: mariadb-credentials
|
||||
mountPath: /opt/bitnami/mysqld-exporter/secrets/
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: app-tmp-dir
|
||||
{{- if .Values.metrics.extraVolumeMounts.secondary }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts.secondary "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.sidecars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }}
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ include "mariadb.secondary.configmapName" . }}
|
||||
{{- end }}
|
||||
{{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }}
|
||||
- name: mariadb-credentials
|
||||
secret:
|
||||
secretName: {{ template "mariadb.secretName" . }}
|
||||
items:
|
||||
- key: mariadb-root-password
|
||||
path: mariadb-root-password
|
||||
- key: mariadb-replication-password
|
||||
path: mariadb-replication-password
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.secondary.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if not .Values.secondary.persistence.enabled }}
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- else }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
{{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.persistence.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
{{- if .Values.secondary.persistence.annotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.persistence.annotations "context" $ ) | nindent 10 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.secondary.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.secondary.persistence.size | quote }}
|
||||
{{ include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) }}
|
||||
{{- if .Values.secondary.persistence.selector }}
|
||||
selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,64 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "mariadb.secondary.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
annotations:
|
||||
{{- if or .Values.secondary.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.annotations }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.secondary.service.type }}
|
||||
{{- if and .Values.secondary.service.clusterIP (eq .Values.secondary.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.secondary.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if and .Values.secondary.service.externalTrafficPolicy (or (eq .Values.secondary.service.type "LoadBalancer") (eq .Values.secondary.service.type "NodePort")) }}
|
||||
externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{ end }}
|
||||
{{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerIP)) }}
|
||||
loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.secondary.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: mysql
|
||||
port: {{ coalesce .Values.secondary.service.ports.mysql .Values.secondary.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: mysql
|
||||
{{- if (and (or (eq .Values.secondary.service.type "NodePort") (eq .Values.secondary.service.type "LoadBalancer")) (coalesce .Values.secondary.service.nodePorts.mysql .Values.secondary.service.nodePort)) }}
|
||||
nodePort: {{ coalesce .Values.secondary.service.nodePorts.mysql .Values.secondary.service.nodePort }}
|
||||
{{- else if eq .Values.secondary.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled (gt (.Values.secondary.service.ports.metrics | int) 0) }}
|
||||
- name: metrics
|
||||
port: {{ .Values.secondary.service.ports.metrics }}
|
||||
protocol: TCP
|
||||
targetPort: metrics
|
||||
{{- end }}
|
||||
{{- if .Values.secondary.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.secondary.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: secondary
|
||||
{{- end }}
|
|
@ -0,0 +1,98 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- $host := include "mariadb.primary.fullname" . }}
|
||||
{{- $port := print .Values.primary.service.ports.mysql }}
|
||||
{{- $rootPassword := include "common.secrets.passwords.manage" ( dict "secret" ( include "mariadb.secretName" . ) "key" "mariadb-root-password" "providedValues" ( list "auth.rootPassword" ) "context" $ ) | trimAll "\"" | b64dec }}
|
||||
{{- $password := .Values.auth.password }}
|
||||
{{- if and .Values.auth.username ( include "mariadb.secret.existPassword" . ) }}
|
||||
{{- $password = include "common.secrets.passwords.manage" ( dict "secret" ( include "mariadb.secretName" . ) "key" "mariadb-password" "providedValues" ( list "auth.password" ) "context" $ ) | trimAll "\"" | b64dec }}
|
||||
{{- else if ( and .Values.auth.username ( not .Values.auth.forcePassword ) ( empty .Values.auth.password ) ) }}
|
||||
{{- $password = randAlphaNum 10 }}
|
||||
{{- end }}
|
||||
{{- if eq ( include "mariadb.createSecret" . ) "true" }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if ( not .Values.auth.forcePassword ) }}
|
||||
mariadb-root-password: {{ print $rootPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.auth.username }}
|
||||
{{- if ( not .Values.auth.forcePassword ) }}
|
||||
mariadb-password: {{ print $password | b64enc | quote }}
|
||||
{{- else }}
|
||||
mariadb-password: {{ required "A MariaDB Database Password is required!" $password | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
{{- if ( not .Values.auth.forcePassword ) }}
|
||||
mariadb-replication-password: {{ include "common.secrets.passwords.manage" ( dict "secret" ( include "common.names.fullname" . ) "key" "mariadb-replication-password" "providedValues" ( list "auth.replicationPassword" ) "context" $ ) }}
|
||||
{{- else }}
|
||||
mariadb-replication-password: {{ required "A MariaDB Replication Password is required!" .Values.auth.replicationPassword | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.serviceBindings.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-svcbind-root
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: servicebinding.io/mysql
|
||||
data:
|
||||
provider: {{ print "bitnami" | b64enc | quote }}
|
||||
type: {{ print "mysql" | b64enc | quote }}
|
||||
host: {{ print $host | b64enc | quote }}
|
||||
port: {{ print $port | b64enc | quote }}
|
||||
username: {{ print "root" | b64enc | quote }}
|
||||
password: {{ print $rootPassword | b64enc | quote }}
|
||||
uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }}
|
||||
|
||||
{{- if .Values.auth.username }}
|
||||
{{- $database := .Values.auth.database }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-svcbind-custom-user
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: servicebinding.io/mysql
|
||||
data:
|
||||
provider: {{ print "bitnami" | b64enc | quote }}
|
||||
type: {{ print "mysql" | b64enc | quote }}
|
||||
host: {{ print $host | b64enc | quote }}
|
||||
port: {{ print $port | b64enc | quote }}
|
||||
username: {{ print .Values.auth.username | b64enc | quote }}
|
||||
{{- if $database }}
|
||||
database: {{ print $database | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if and .Values.auth.forcePassword ( empty $password ) }}
|
||||
password: {{ required "A MariaDB Database Password is required!" $password | b64enc | quote }}
|
||||
{{- else }}
|
||||
password: {{ print $password | b64enc | quote }}
|
||||
{{- end }}
|
||||
uri: {{ printf "mysql://%s:%s@%s:%s/%s" .Values.auth.username $password $host $port $database | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,18 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "mariadb.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end }}
|
|
@ -0,0 +1,44 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- if .Values.metrics.serviceMonitor.interval }}
|
||||
interval: {{ .Values.metrics.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.honorLabels }}
|
||||
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.relabelings }}
|
||||
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace | quote }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
|
||||
{{- if .Values.metrics.serviceMonitor.selector }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,176 @@
|
|||
{
|
||||
"$schema": "http://json-schema.org/schema#",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"architecture": {
|
||||
"type": "string",
|
||||
"title": "MariaDB architecture",
|
||||
"form": true,
|
||||
"description": "Allowed values: `standalone` or `replication`"
|
||||
},
|
||||
"auth": {
|
||||
"type": "object",
|
||||
"title": "Authentication configuration",
|
||||
"form": true,
|
||||
"properties": {
|
||||
"rootPassword": {
|
||||
"type": "string",
|
||||
"title": "MariaDB root password",
|
||||
"form": true,
|
||||
"description": "Defaults to a random 10-character alphanumeric string if not set"
|
||||
},
|
||||
"database": {
|
||||
"type": "string",
|
||||
"title": "MariaDB custom database",
|
||||
"description": "Name of the custom database to be created during the 1st initialization of MariaDB",
|
||||
"form": true
|
||||
},
|
||||
"username": {
|
||||
"type": "string",
|
||||
"title": "MariaDB custom user",
|
||||
"description": "Name of the custom user to be created during the 1st initialization of MariaDB. This user only has permissions on the MariaDB custom database",
|
||||
"form": true
|
||||
},
|
||||
"password": {
|
||||
"type": "string",
|
||||
"title": "Password for MariaDB custom user",
|
||||
"description": "Defaults to a random 10-character alphanumeric string if not set",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "usePassword"
|
||||
}
|
||||
},
|
||||
"replicationUser": {
|
||||
"type": "string",
|
||||
"title": "MariaDB replication user",
|
||||
"description": "Name of user used to manage replication.",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": "standalone",
|
||||
"path": "architecture"
|
||||
}
|
||||
},
|
||||
"replicationPassword": {
|
||||
"type": "string",
|
||||
"title": "Password for MariaDB replication user",
|
||||
"description": "Defaults to a random 10-character alphanumeric string if not set",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": "standalone",
|
||||
"path": "architecture"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"primary": {
|
||||
"type": "object",
|
||||
"title": "Primary replicas settings",
|
||||
"form": true,
|
||||
"properties": {
|
||||
"persistence": {
|
||||
"type": "object",
|
||||
"title": "Persistence for primary replicas",
|
||||
"form": true,
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"form": true,
|
||||
"title": "Enable persistence",
|
||||
"description": "Enable persistence using Persistent Volume Claims"
|
||||
},
|
||||
"size": {
|
||||
"type": "string",
|
||||
"title": "Persistent Volume Size",
|
||||
"form": true,
|
||||
"render": "slider",
|
||||
"sliderMin": 1,
|
||||
"sliderMax": 100,
|
||||
"sliderUnit": "Gi",
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "persistence/enabled"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"secondary": {
|
||||
"type": "object",
|
||||
"title": "Secondary replicas settings",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "replication/enabled"
|
||||
},
|
||||
"properties": {
|
||||
"persistence": {
|
||||
"type": "object",
|
||||
"title": "Persistence for secondary replicas",
|
||||
"form": true,
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"form": true,
|
||||
"title": "Enable persistence",
|
||||
"description": "Enable persistence using Persistent Volume Claims"
|
||||
},
|
||||
"size": {
|
||||
"type": "string",
|
||||
"title": "Persistent Volume Size",
|
||||
"form": true,
|
||||
"render": "slider",
|
||||
"sliderMin": 1,
|
||||
"sliderMax": 100,
|
||||
"sliderUnit": "Gi",
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "persistence/enabled"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"volumePermissions": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"form": true,
|
||||
"title": "Enable Init Containers",
|
||||
"description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination"
|
||||
}
|
||||
}
|
||||
},
|
||||
"metrics": {
|
||||
"type": "object",
|
||||
"form": true,
|
||||
"title": "Prometheus metrics details",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"title": "Create Prometheus metrics exporter",
|
||||
"description": "Create a side-car container to expose Prometheus metrics",
|
||||
"form": true
|
||||
},
|
||||
"serviceMonitor": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"title": "Create Prometheus Operator ServiceMonitor",
|
||||
"description": "Create a ServiceMonitor to track metrics using Prometheus Operator",
|
||||
"form": true,
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "metrics/enabled"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,8 @@
|
|||
# @see https://artifacthub.io/packages/helm/bitnami/mariadb?modal=values
|
||||
fullnameOverride: mariadb
|
||||
# architecture: replication
|
||||
architecture: standalone
|
||||
auth:
|
||||
username: drupal
|
||||
database: drupal
|
||||
existingSecret: mariadb
|
|
@ -0,0 +1,25 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# img folder
|
||||
img/
|
||||
# Changelog
|
||||
CHANGELOG.md
|
|
@ -0,0 +1,9 @@
|
|||
dependencies:
|
||||
- name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.0.6
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.23.0
|
||||
digest: sha256:8626b452b34cfdd615a5e97ad13de70344e5fd14ee39db107795e20d5006b3c8
|
||||
generated: "2024-09-19T09:40:39.92295583Z"
|
|
@ -0,0 +1,38 @@
|
|||
annotations:
|
||||
category: Infrastructure
|
||||
images: |
|
||||
- name: apache-exporter
|
||||
image: docker.io/bitnami/apache-exporter:1.0.8-debian-12-r9
|
||||
- name: phpmyadmin
|
||||
image: docker.io/bitnami/phpmyadmin:5.2.1-debian-12-r42
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 5.2.1
|
||||
dependencies:
|
||||
- condition: db.bundleTestDB
|
||||
name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
- phpmyadmin-database
|
||||
version: 19.x.x
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
- bitnami-common
|
||||
version: 2.x.x
|
||||
description: phpMyAdmin is a free software tool written in PHP, intended to handle
|
||||
the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations
|
||||
on MySQL and MariaDB.
|
||||
home: https://bitnami.com
|
||||
icon: https://bitnami.com/assets/stacks/phpmyadmin/img/phpmyadmin-stack-220x234.png
|
||||
keywords:
|
||||
- mariadb
|
||||
- mysql
|
||||
- phpmyadmin
|
||||
maintainers:
|
||||
- name: Broadcom, Inc. All Rights Reserved.
|
||||
url: https://github.com/bitnami/charts
|
||||
name: phpmyadmin
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/phpmyadmin
|
||||
version: 17.0.7
|
|
@ -0,0 +1,588 @@
|
|||
<!--- app-name: phpMyAdmin -->
|
||||
|
||||
# Bitnami package for phpMyAdmin
|
||||
|
||||
phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB.
|
||||
|
||||
[Overview of phpMyAdmin](https://www.phpmyadmin.net/)
|
||||
|
||||
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
|
||||
|
||||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/phpmyadmin
|
||||
```
|
||||
|
||||
Looking to use phpMyAdmin in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [phpMyAdmin](https://github.com/bitnami/containers/tree/main/bitnami/phpmyadmin) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
As a portable web application written primarily in PHP, phpMyAdmin has become one of the most popular MySQL administration tools, especially for web hosting services.
|
||||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.23+
|
||||
- Helm 3.8.0+
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/phpmyadmin
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The command deploys phpMyAdmin on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
||||
## Configuration and installation details
|
||||
|
||||
### Resource requests and limits
|
||||
|
||||
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
|
||||
|
||||
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
|
||||
|
||||
### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html)
|
||||
|
||||
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
|
||||
|
||||
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
|
||||
|
||||
### Ingress
|
||||
|
||||
This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.
|
||||
|
||||
To enable ingress integration, please set `ingress.enabled` to `true`.
|
||||
|
||||
#### Hosts
|
||||
|
||||
Most likely you will only want to have one hostname that maps to this phpMyAdmin installation. If that's your case, the property `ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object can be specified as an array. You can also use `ingress.extraTLS` to add the TLS configuration for extra hosts.
|
||||
|
||||
For each host indicated at `ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about.
|
||||
|
||||
For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers.
|
||||
|
||||
### TLS Secrets
|
||||
|
||||
This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are some common use cases:
|
||||
|
||||
- Helm generates and manages certificate secrets (default).
|
||||
- User generates certificates and helm manages secrets.
|
||||
- User generates and manages certificates separately.
|
||||
- An additional tool (like [cert-manager](https://github.com/jetstack/cert-manager/)) manages the secrets for the application.
|
||||
|
||||
In the second case, a certificate and a key are needed. We would expect them to look like this:
|
||||
|
||||
- certificate files should look like (and there can be more than one certificate if there is a certificate chain)
|
||||
|
||||
```console
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
|
||||
...
|
||||
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
|
||||
-----END CERTIFICATE-----
|
||||
```
|
||||
|
||||
- keys should look like:
|
||||
|
||||
```console
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
|
||||
...
|
||||
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
```
|
||||
|
||||
If you are going to generate certificates yourself and want helm to manage the secret, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry.
|
||||
|
||||
If you want to manage TLS secrets outside of Helm, please know that you can create a TLS secret and pass its name via the parameter `ingress.existingSecretName`.
|
||||
|
||||
To make use of cert-manager, you need to add the the `cert-manager.io/cluster-issuer:` annotation to the ingress object via `ingress.annotations`.
|
||||
|
||||
### Adding extra environment variables
|
||||
|
||||
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
|
||||
|
||||
```yaml
|
||||
extraEnvVars:
|
||||
- name: LOG_LEVEL
|
||||
value: DEBUG
|
||||
```
|
||||
|
||||
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values.
|
||||
|
||||
### Sidecars and Init Containers
|
||||
|
||||
If you have a need for additional containers to run within the same pod as the PhpMyAdmin app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
|
||||
|
||||
```yaml
|
||||
sidecars:
|
||||
- name: your-image-name
|
||||
image: your-image
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: portname
|
||||
containerPort: 1234
|
||||
```
|
||||
|
||||
Similarly, you can add extra init containers using the `initContainers` parameter.
|
||||
|
||||
```yaml
|
||||
initContainers:
|
||||
- name: your-image-name
|
||||
image: your-image
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: portname
|
||||
containerPort: 1234
|
||||
```
|
||||
|
||||
### Deploying extra resources
|
||||
|
||||
There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter.
|
||||
|
||||
### Setting Pod's affinity
|
||||
|
||||
This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
|
||||
|
||||
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `XpodAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
|
||||
|
||||
## Parameters
|
||||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------- | -------------------------------------------------------------------------------------------- | --------------- |
|
||||
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
|
||||
| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` |
|
||||
| `fullnameOverride` | String to fully override common.names.fullname template | `""` |
|
||||
| `commonLabels` | Add labels to all the deployed resources | `{}` |
|
||||
| `commonAnnotations` | Add annotations to all the deployed resources | `{}` |
|
||||
| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` |
|
||||
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
|
||||
|
||||
### phpMyAdmin parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------------------- |
|
||||
| `image.registry` | phpMyAdmin image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | phpMyAdmin image repository | `REPOSITORY_NAME/phpmyadmin` |
|
||||
| `image.digest` | phpMyAdmin image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Enable phpmyadmin image debug mode | `false` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `lifecycleHooks` | for the phpmyadmin container(s) to automate configuration before or after startup | `{}` |
|
||||
| `extraEnvVars` | Extra environment variables to be set on PhpMyAdmin container | `[]` |
|
||||
| `extraEnvVarsCM` | Name of a existing ConfigMap containing extra env vars | `""` |
|
||||
| `extraEnvVarsSecret` | Name of a existing Secret containing extra env vars | `""` |
|
||||
|
||||
### phpMyAdmin deployment parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `containerPorts.http` | HTTP port to expose at container level | `8080` |
|
||||
| `containerPorts.https` | HTTPS port to expose at container level | `8443` |
|
||||
| `extraContainerPorts` | Optionally specify extra list of additional ports for phpMyAdmin container(s) | `[]` |
|
||||
| `updateStrategy.type` | Strategy to use to update Pods | `RollingUpdate` |
|
||||
| `podSecurityContext.enabled` | Enable phpMyAdmin pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `podSecurityContext.fsGroup` | User ID for the container | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `replicas` | Number of replicas | `1` |
|
||||
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.httpGet.path` | Request path for startupProbe | `/` |
|
||||
| `startupProbe.httpGet.port` | Port for startupProbe | `http` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `30` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.tcpSocket.port` | Port for livenessProbe | `http` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/` |
|
||||
| `readinessProbe.httpGet.port` | Port for readinessProbe | `http` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `podLabels` | Extra labels for PhpMyAdmin pods | `{}` |
|
||||
| `podAnnotations` | Annotations for PhpMyAdmin pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
||||
| `priorityClassName` | phpmyadmin pods' priorityClassName | `""` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for PhpMyAdmin pods | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for PhpMyAdmin container(s) | `[]` |
|
||||
| `initContainers` | Add init containers to the PhpMyAdmin pods | `[]` |
|
||||
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
|
||||
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
|
||||
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. | `""` |
|
||||
| `sidecars` | Add sidecar containers to the PhpMyAdmin pods | `[]` |
|
||||
|
||||
### Traffic Exposure parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `service.ports.http` | Service HTTP port | `80` |
|
||||
| `service.ports.https` | Service HTTPS port | `443` |
|
||||
| `service.nodePorts.http` | Kubernetes http node port | `""` |
|
||||
| `service.nodePorts.https` | Kubernetes https node port | `""` |
|
||||
| `service.clusterIP` | PhpMyAdmin service clusterIP IP | `""` |
|
||||
| `service.loadBalancerIP` | Load balancer IP for the phpMyAdmin Service (optional, cloud specific) | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `service.annotations` | Provide any additional annotations that may be required for the PhpMyAdmin service | `{}` |
|
||||
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `ingress.enabled` | Set to true to enable ingress record generation | `false` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `phpmyadmin.local` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.secrets` | If you're providing your own certificates and want to manage the secret via helm, | `[]` |
|
||||
| `ingress.existingSecretName` | If you're providing your own certificate and want to manage the secret yourself, | `""` |
|
||||
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
|
||||
|
||||
### Database parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------- | ------- |
|
||||
| `db.allowArbitraryServer` | Enable connection to arbitrary MySQL server | `true` |
|
||||
| `db.port` | Database port to use to connect | `3306` |
|
||||
| `db.chartName` | Database suffix if included in the same release | `""` |
|
||||
| `db.host` | Database Hostname. Ignored when `db.chartName` is set. | `""` |
|
||||
| `db.bundleTestDB` | Deploy a MariaDB instance for testing purposes | `false` |
|
||||
| `db.enableSsl` | Enable SSL for the connection between phpMyAdmin and the database | `false` |
|
||||
| `db.ssl.clientKey` | Client key file when using SSL | `""` |
|
||||
| `db.ssl.clientCertificate` | Client certificate file when using SSL | `""` |
|
||||
| `db.ssl.caCertificate` | CA file when using SSL | `""` |
|
||||
| `db.ssl.ciphers` | List of allowable ciphers for connections when using SSL | `[]` |
|
||||
| `db.ssl.verify` | Enable SSL certificate validation | `true` |
|
||||
| `mariadb` | MariaDB chart configuration | `{}` |
|
||||
|
||||
### Other Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
|
||||
| `serviceAccount.create` | Enable creation of ServiceAccount for PhpMyAdmin pod | `true` |
|
||||
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
|
||||
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
|
||||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` |
|
||||
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` |
|
||||
| `metrics.service.port` | Prometheus metrics service port | `9117` |
|
||||
| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` |
|
||||
| `metrics.service.clusterIP` | phpmyadmin service Cluster IP | `""` |
|
||||
| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` | `""` |
|
||||
| `metrics.service.loadBalancerSourceRanges` | phpmyadmin service Load Balancer sources | `[]` |
|
||||
| `metrics.service.externalTrafficPolicy` | phpmyadmin service external traffic policy | `Cluster` |
|
||||
| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` |
|
||||
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
|
||||
|
||||
### NetworkPolicy parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | --------------------------------------------------------------- | ------ |
|
||||
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
|
||||
For more information please refer to the [bitnami/phpmyadmin](https://github.com/bitnami/containers/tree/main/bitnami/phpmyadmin) image documentation.
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set db.host=mymariadb,db.port=3306 oci://REGISTRY_NAME/REPOSITORY_NAME/phpmyadmin
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the phpMyAdmin to connect to a database in `mymariadb` host and `3306` port respectively.
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/phpmyadmin
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/phpmyadmin/values.yaml)
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 17.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.4. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-11-3-to-mariadb-11-4/) for upgrading from MariaDB 11.3 to 11.4. No major issues are expected during the upgrade.
|
||||
|
||||
### To 16.0.0
|
||||
|
||||
This major bump changes the following security defaults:
|
||||
|
||||
- `runAsGroup` is changed from `0` to `1001`
|
||||
- `readOnlyRootFilesystem` is set to `true`
|
||||
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
|
||||
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
|
||||
- The `networkPolicy` section has been normalized amongst all Bitnami charts. Compared to the previous approach, the values section has been simplified (check the Parameters section) and now it set to `enabled=true` by default. Egress traffic is allowed by default and ingress traffic is allowed by all pods but only to the ports set in `containerPorts` and `extraContainerPorts`.
|
||||
|
||||
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
|
||||
|
||||
### To 15.0.0
|
||||
|
||||
This major release bumps the MariaDB chart version to [18.x.x](https://github.com/bitnami/charts/pull/24804); no major issues are expected during the upgrade.
|
||||
|
||||
### To 14.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.2. No major issues are expected during the upgrade.
|
||||
|
||||
### To 13.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.1. No major issues are expected during the upgrade.
|
||||
|
||||
### To 12.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade.
|
||||
|
||||
### To 11.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade.
|
||||
|
||||
### To 10.0.0
|
||||
|
||||
This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) for upgrading from MariaDB 10.5 to 10.6. No major issues are expected during the upgrade.
|
||||
|
||||
### To 9.0.0
|
||||
|
||||
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
|
||||
|
||||
Affected values:
|
||||
|
||||
- `service.port` was deprecated. We recommend using `service.ports.http` instead.
|
||||
- `service.httpsPort` was deprecated. We recommend using `service.ports.https` instead.
|
||||
- `metrics.serviceMonitor.additionalLabels` renamed as `metrics.serviceMonitor.labels`
|
||||
|
||||
Additionally updates the MariaDB subchart to it newest major, 10.0.0, which contains similar changes. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-1000) for more information.
|
||||
|
||||
### To 8.0.0
|
||||
|
||||
- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels).
|
||||
|
||||
Consequences:
|
||||
|
||||
- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing PhpMyAdmin deployment before upgrading (the following example assumes that the release name is `phpmyadmin`):
|
||||
|
||||
```console
|
||||
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
|
||||
export MARIADB_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d)
|
||||
kubectl delete deployments.apps phpmyadmin
|
||||
helm upgrade phpmyadmin oci://REGISTRY_NAME/REPOSITORY_NAME/phpmyadmin --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
### To 7.0.0
|
||||
|
||||
In this major there were two main changes introduced:
|
||||
|
||||
1. Adaptation to Helm v2 EOL
|
||||
2. Updated MariaDB dependency version
|
||||
|
||||
Please read the update notes carefully.
|
||||
|
||||
#### 1. Adaptation to Helm v2 EOL
|
||||
|
||||
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
|
||||
|
||||
##### What changes were introduced in this major version?
|
||||
|
||||
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
|
||||
- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
|
||||
- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
|
||||
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
|
||||
|
||||
##### Considerations when upgrading to this version
|
||||
|
||||
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
|
||||
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
|
||||
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
|
||||
|
||||
##### Useful links
|
||||
|
||||
- <https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-resolve-helm2-helm3-post-migration-issues-index.html>
|
||||
- <https://helm.sh/docs/topics/v2_v3_migration/>
|
||||
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
|
||||
|
||||
#### 2. Updated MariaDB dependency version
|
||||
|
||||
In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-800) for more information.
|
||||
|
||||
To upgrade to `7.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and phpMyAdmin data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `phpmyadmin` and that `db.bundleTestDB=true` when the chart was first installed):
|
||||
|
||||
> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x
|
||||
|
||||
Obtain the credentials and the names of the PVCs used to hold both the MariaDB and phpMyAdmin data on your current release:
|
||||
|
||||
```console
|
||||
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
|
||||
export MARIADB_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d)
|
||||
export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=phpmyadmin -o jsonpath="{.items[0].metadata.name}")
|
||||
```
|
||||
|
||||
Delete the phpMyAdmin deployment and delete the MariaDB statefulsets:
|
||||
|
||||
```console
|
||||
kubectl delete deployments.apps phpmyadmin
|
||||
|
||||
kubectl delete statefulsets.apps phpmyadmin-mariadb-master
|
||||
|
||||
kubectl delete statefulsets.apps phpmyadmin-mariadb-slave
|
||||
|
||||
```
|
||||
|
||||
Now the upgrade works:
|
||||
|
||||
```console
|
||||
helm upgrade phpmyadmin oci://REGISTRY_NAME/REPOSITORY_NAME/phpmyadmin --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set db.bundleTestDB=true
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
Finally, you should see the lines below in MariaDB container logs:
|
||||
|
||||
```console
|
||||
$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=phpmyadmin,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}")
|
||||
...
|
||||
mariadb 12:13:24.98 INFO ==> Using persisted data
|
||||
mariadb 12:13:25.01 INFO ==> Running mysql_upgrade
|
||||
...
|
||||
```
|
||||
|
||||
### To 6.0.0
|
||||
|
||||
The [Bitnami phpMyAdmin](https://github.com/bitnami/containers/tree/main/bitnami/phpmyadmin) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`.
|
||||
Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices.
|
||||
|
||||
Consequences:
|
||||
|
||||
- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`.
|
||||
- No writing permissions will be granted on `config.inc.php` by default.
|
||||
- Backwards compatibility is not guaranteed.
|
||||
|
||||
To upgrade to `6.0.0`, backup your previous MariaDB databases, install a new phpMyAdmin chart and import the MariaDB backups.
|
||||
|
||||
This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
|
||||
|
||||
### To 1.0.0
|
||||
|
||||
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
|
||||
Use the workaround below to upgrade from versions previous to `1.0.0`. The following example assumes that the release name is `phpmyadmin`:
|
||||
|
||||
```console
|
||||
kubectl patch deployment phpmyadmin-phpmyadmin --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
<http://www.apache.org/licenses/LICENSE-2.0>
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,69 @@
|
|||
CHART NAME: {{ .Chart.Name }}
|
||||
CHART VERSION: {{ .Chart.Version }}
|
||||
APP VERSION: {{ .Chart.AppVersion }}
|
||||
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
1. Get the application URL by running these commands:
|
||||
|
||||
{{- if .Values.ingress.enabled }}
|
||||
|
||||
You should be able to access your new phpMyAdmin installation through
|
||||
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/
|
||||
|
||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
||||
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
{{- $port:=( coalesce .Values.service.ports.http .Values.service.port) | toString }}
|
||||
echo "phpMyAdmin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{coalesce .Values.service.ports.http .Values.service.port }}{{ end }}/"
|
||||
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}'
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo "phpMyAdmin URL: http://$NODE_IP:$NODE_PORT"
|
||||
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
|
||||
echo "phpMyAdmin URL: http://127.0.0.1:{{coalesce .Values.service.ports.http .Values.service.port }}"
|
||||
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{coalesce .Values.service.ports.http .Values.service.port }}:{{coalesce .Values.service.ports.http .Values.service.port }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
2. How to log in
|
||||
{{- if or (.Values.db.chartName) (.Values.db.host) }}
|
||||
|
||||
phpMyAdmin has been configured to connect to a database in {{ if .Values.db.chartName }}{{ template "phpmyadmin.dbfullname" . }}{{ else }}{{ .Values.db.host }}{{ end }}
|
||||
{{- if .Values.db.port }}with port {{ .Values.db.port }} {{ end }}
|
||||
Please login using a database username and password.
|
||||
{{- else if .Values.db.bundleTestDB }}
|
||||
For testing purposes, phpMyAdmin has been configured to point to a test MariaDB
|
||||
instance. Please login using the following credentials:
|
||||
|
||||
Username: root
|
||||
Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "phpmyadmin.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
|
||||
|
||||
{{- else }}
|
||||
phpMyAdmin has not been configure to point to a specific database. Please provide the db host,
|
||||
username and password at log in or upgrade the release with a specific database:
|
||||
|
||||
$ helm upgrade {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/phpmyadmin --set db.host=mydb
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- include "phpmyadmin.validateValues" . -}}
|
||||
{{- include "phpmyadmin.checkRollingTags" . -}}
|
||||
|
||||
{{- $passwordValidationErrors := list -}}
|
||||
{{- if .Values.mariadb.enabled }}
|
||||
{{- $mariadbSecretName := include "magento.databaseSecretName" . -}}
|
||||
{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}}
|
||||
{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}}
|
||||
{{- end }}
|
||||
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "metrics" "") "context" $) }}
|
||||
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.metrics.image) "context" $) }}
|
|
@ -0,0 +1,86 @@
|
|||
{{/*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return the proper PHPMyAdmin image name
|
||||
*/}}
|
||||
{{- define "phpmyadmin.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the metrics image)
|
||||
*/}}
|
||||
{{- define "phpmyadmin.metrics.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "phpmyadmin.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "phpmyadmin.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "phpmyadmin.mariadb.fullname" -}}
|
||||
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a fully qualified database name if the database is part of the same release than phpmyadmin.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "phpmyadmin.dbfullname" -}}
|
||||
{{- printf "%s-%s" .Release.Name .Values.db.chartName | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
*/}}
|
||||
{{- define "phpmyadmin.validateValues" -}}
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "phpmyadmin.validateValues.db.ssl" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
{{- if $message -}}
|
||||
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of phpMyAdmin - must provide a valid database ssl configuration */}}
|
||||
{{- define "phpmyadmin.validateValues.db.ssl" -}}
|
||||
{{- if and .Values.db.enableSsl (empty .Values.db.ssl.clientKey) (empty .Values.db.ssl.clientCertificate) (empty .Values.db.ssl.caCertificate) -}}
|
||||
phpMyAdmin: db.ssl
|
||||
Invalid database ssl configuration. You enabled SSL for the connection
|
||||
between phpMyAdmin and the database but no key/certificates were provided
|
||||
(--set db.ssl.clientKey="xxxx", --set db.ssl.clientCertificate="yyyy")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Check if there are rolling tags in the images
|
||||
*/}}
|
||||
{{- define "phpmyadmin.checkRollingTags" -}}
|
||||
{{- include "common.warnings.rollingTag" .Values.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,27 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.db.enableSsl }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-certs" (include "common.names.fullname" .) }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if not (empty .Values.db.ssl.clientKey) }}
|
||||
server_key.pem: {{ .Values.db.ssl.clientKey | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.db.ssl.clientCertificate) }}
|
||||
server_certificate.pem: {{ .Values.db.ssl.clientCertificate | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.db.ssl.caCertificate) }}
|
||||
ca_certificate.pem: {{ .Values.db.ssl.caCertificate | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,306 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
|
||||
template:
|
||||
metadata:
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
|
||||
annotations:
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "phpmyadmin.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
|
||||
{{- if .Values.hostAliases }}
|
||||
# yamllint disable rule:indentation
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
|
||||
# yamllint enable rule:indentation
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: {{ .Values.schedulerName }}
|
||||
{{- end }}
|
||||
{{- if .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
|
||||
{{- end }}
|
||||
priorityClassName: {{ .Values.priorityClassName | quote }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
serviceAccountName: {{ template "phpmyadmin.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: prepare-base-dir
|
||||
image: {{ include "phpmyadmin.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.resources }}
|
||||
resources: {{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- else if ne .Values.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
#!/bin/bash
|
||||
|
||||
. /opt/bitnami/scripts/liblog.sh
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
|
||||
info "Copying base dir to empty dir"
|
||||
# In order to not break the application functionality (such as upgrades or plugins) we need
|
||||
# to make the base directory writable, so we need to copy it to an empty dir volume
|
||||
cp -r --preserve=mode /opt/bitnami/phpmyadmin /emptydir/app-base-dir
|
||||
|
||||
info "Copying symlinks to stdout/stderr"
|
||||
# We copy the logs folder because it has symlinks to stdout and stderr
|
||||
if ! is_dir_empty /opt/bitnami/apache/logs; then
|
||||
cp -r /opt/bitnami/apache/logs /emptydir/apache-logs-dir
|
||||
fi
|
||||
info "Copying php var directory"
|
||||
# PhpMyAdmin will fail to start if the php var folder is not populated
|
||||
if ! is_dir_empty /opt/bitnami/php/var; then
|
||||
cp -r /opt/bitnami/php/var /emptydir/php-var-dir
|
||||
fi
|
||||
info "Copy operation completed"
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /emptydir
|
||||
{{- if .Values.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: {{ template "phpmyadmin.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" .Values.image.debug | quote }}
|
||||
- name: DATABASE_PORT_NUMBER
|
||||
value: {{ .Values.db.port | quote }}
|
||||
{{- if .Values.db.chartName }}
|
||||
- name: DATABASE_HOST
|
||||
value: {{ (include "phpmyadmin.dbfullname" .) | quote }}
|
||||
{{- else if .Values.db.bundleTestDB }}
|
||||
- name: DATABASE_HOST
|
||||
value: {{ (include "phpmyadmin.mariadb.fullname" .) | quote }}
|
||||
{{- else }}
|
||||
- name: DATABASE_HOST
|
||||
value: {{ .Values.db.host | quote }}
|
||||
{{- end }}
|
||||
{{- if and (not .Values.db.chartName) (not .Values.db.host) }}
|
||||
- name: PHPMYADMIN_ALLOW_NO_PASSWORD
|
||||
value: "true"
|
||||
- name: PHPMYADMIN_ALLOW_ARBITRARY_SERVER
|
||||
value: {{ .Values.db.allowArbitraryServer | quote }}
|
||||
{{- else }}
|
||||
- name: PHPMYADMIN_ALLOW_NO_PASSWORD
|
||||
value: "false"
|
||||
{{- end }}
|
||||
- name: DATABASE_ENABLE_SSL
|
||||
value: {{ ternary "yes" "no" .Values.db.enableSsl | quote }}
|
||||
{{- if .Values.db.enableSsl }}
|
||||
{{- if not (empty .Values.db.ssl.clientKey) }}
|
||||
- name: DATABASE_SSL_KEY
|
||||
value: "/db_certs/server_key.pem"
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.db.ssl.clientCertificate) }}
|
||||
- name: DATABASE_SSL_CERT
|
||||
value: "/db_certs/server_certificate.pem"
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.db.ssl.caCertificate) }}
|
||||
- name: DATABASE_SSL_CA
|
||||
value: "/db_certs/ca_certificate.pem"
|
||||
{{- end }}
|
||||
{{- if .Values.db.ssl.ciphers }}
|
||||
- name: DATABASE_SSL_CIPHERS
|
||||
values: {{ .Values.db.ssl.ciphers | quote }}
|
||||
{{- end }}
|
||||
- name: DATABASE_SSL_VERIFY
|
||||
value: {{ ternary "yes" "no" .Values.db.ssl.verify | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
|
||||
envFrom:
|
||||
{{- if .Values.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.containerPorts.http }}
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: {{ .Values.containerPorts.https }}
|
||||
protocol: TCP
|
||||
{{- if .Values.extraContainerPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.customStartupProbe }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.startupProbe.enabled }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.customLivenessProbe }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.livenessProbe.enabled }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.customReadinessProbe }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.readinessProbe.enabled }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.resources }}
|
||||
resources: {{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- else if ne .Values.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apache/conf
|
||||
subPath: apache-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apache/logs
|
||||
subPath: apache-logs-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apache/var/run
|
||||
subPath: apache-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/php/etc
|
||||
subPath: php-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/php/tmp
|
||||
subPath: php-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/php/var
|
||||
subPath: php-var-dir
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/phpmyadmin
|
||||
subPath: app-base-dir
|
||||
{{- if .Values.db.enableSsl }}
|
||||
- name: ssl-certs
|
||||
mountPath: /db_certs
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- name: metrics
|
||||
image: {{ template "phpmyadmin.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
command: ['/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:8080/server-status/?auto']
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9117
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: metrics
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 1
|
||||
{{- if .Values.metrics.resources }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.db.enableSsl }}
|
||||
- name: ssl-certs
|
||||
secret:
|
||||
secretName: {{ printf "%s-certs" (include "common.names.fullname" .) }}
|
||||
items:
|
||||
{{- if not (empty .Values.db.ssl.clientKey) }}
|
||||
- key: server_key.pem
|
||||
path: server_key.pem
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.db.ssl.clientCertificate) }}
|
||||
- key: server_certificate.pem
|
||||
path: server_certificate.pem
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.db.ssl.caCertificate) }}
|
||||
- key: ca_certificate.pem
|
||||
path: ca_certificate.pem
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,9 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- range .Values.extraDeploy }}
|
||||
---
|
||||
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
|
||||
{{- end }}
|
|
@ -0,0 +1,65 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.ingress.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }}
|
||||
annotations:
|
||||
{{- if .Values.ingress.certManager }}
|
||||
kubernetes.io/tls-acme: "true"
|
||||
{{- end }}
|
||||
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.ingress.hostname }}
|
||||
- host: {{ .Values.ingress.hostname }}
|
||||
http:
|
||||
paths:
|
||||
{{- if .Values.ingress.extraPaths }}
|
||||
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.ingress.path }}
|
||||
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
|
||||
pathType: {{ .Values.ingress.pathType }}
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- range .Values.ingress.extraHosts }}
|
||||
- host: {{ .name | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ default "/" .path }}
|
||||
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
|
||||
pathType: {{ default "ImplementationSpecific" .pathType }}
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.extraRules }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if .Values.ingress.tls }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname }}
|
||||
secretName: {{ .Values.ingress.existingSecretName | default (printf "%s-tls" .Values.ingress.hostname) }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.extraTls }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,45 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.metrics.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.metrics.service.type }}
|
||||
{{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.metrics.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if (or (eq .Values.metrics.service.type "LoadBalancer") (eq .Values.metrics.service.type "NodePort")) }}
|
||||
externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.metrics.service.type "LoadBalancer" }}
|
||||
loadBalancerSourceRanges: {{ .Values.metrics.service.loadBalancerSourceRanges }}
|
||||
{{- end }}
|
||||
{{- if (and (eq .Values.metrics.service.type "LoadBalancer") (not (empty .Values.metrics.service.loadBalancerIP))) }}
|
||||
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.metrics.service.port }}
|
||||
targetPort: metrics
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,80 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
# Allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# Allow outbound connections to MariaDB
|
||||
- ports:
|
||||
- port: {{ .Values.db.port }}
|
||||
{{- if .Values.db.bundleTestDB }}
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: mariadb
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.containerPorts.http }}
|
||||
- port: {{ .Values.containerPorts.https }}
|
||||
{{- range .Values.extraContainerPorts }}
|
||||
- port: {{ . }}
|
||||
{{- end }}
|
||||
{{- if not .Values.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "common.names.fullname" . }}-client: "true"
|
||||
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,26 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.pdb.create }}
|
||||
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.pdb.minAvailable }}
|
||||
minAvailable: {{ .Values.pdb.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }}
|
||||
maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,59 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
|
||||
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
|
||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ coalesce .Values.service.ports.http .Values.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
{{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }}
|
||||
nodePort: {{ .Values.service.nodePorts.http }}
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
- name: https
|
||||
port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }}
|
||||
protocol: TCP
|
||||
targetPort: https
|
||||
{{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }}
|
||||
nodePort: {{ .Values.service.nodePorts.https }}
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
{{- if .Values.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
|
@ -0,0 +1,18 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
metadata:
|
||||
name: {{ template "phpmyadmin.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,46 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- if .Values.metrics.serviceMonitor.interval }}
|
||||
interval: {{ .Values.metrics.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.honorLabels }}
|
||||
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.relabelings }}
|
||||
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace | quote }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
{{- if .Values.metrics.serviceMonitor.selector }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,43 @@
|
|||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.ingress.enabled (not .Values.ingress.existingSecretName) }}
|
||||
{{- if .Values.ingress.secrets }}
|
||||
{{- range .Values.ingress.secrets }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ $.Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if $.Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ .certificate | b64enc }}
|
||||
tls.key: {{ .key | b64enc }}
|
||||
---
|
||||
{{- end }}
|
||||
{{- else if and .Values.ingress.tls (and (not (hasKey .Values.ingress.annotations "cert-manager.io/cluster-issuer")) (not .Values.ingress.certManager)) }}
|
||||
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
|
||||
{{- $ca := genCA "phpmyadmin-ca" 365 }}
|
||||
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
|
||||
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
|
||||
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,803 @@
|
|||
# Copyright Broadcom, Inc. All Rights Reserved.
|
||||
# SPDX-License-Identifier: APACHE-2.0
|
||||
|
||||
## @section Global parameters
|
||||
## Global Docker image parameters
|
||||
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
||||
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
||||
|
||||
## @param global.imageRegistry Global Docker image registry
|
||||
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
||||
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
|
||||
##
|
||||
global:
|
||||
imageRegistry: ""
|
||||
## E.g.
|
||||
## imagePullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
imagePullSecrets: []
|
||||
defaultStorageClass: ""
|
||||
## Compatibility adaptations for Kubernetes platforms
|
||||
##
|
||||
compatibility:
|
||||
## Compatibility adaptations for Openshift
|
||||
##
|
||||
openshift:
|
||||
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
|
||||
##
|
||||
adaptSecurityContext: disabled
|
||||
## @section Common parameters
|
||||
|
||||
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
|
||||
##
|
||||
kubeVersion: ""
|
||||
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
|
||||
##
|
||||
nameOverride: ""
|
||||
## @param fullnameOverride String to fully override common.names.fullname template
|
||||
##
|
||||
fullnameOverride: ""
|
||||
## @param commonLabels Add labels to all the deployed resources
|
||||
##
|
||||
commonLabels: {}
|
||||
## @param commonAnnotations Add annotations to all the deployed resources
|
||||
##
|
||||
commonAnnotations: {}
|
||||
## @param clusterDomain Kubernetes Cluster Domain
|
||||
##
|
||||
clusterDomain: cluster.local
|
||||
## @param extraDeploy Array of extra objects to deploy with the release
|
||||
##
|
||||
extraDeploy: []
|
||||
## @section phpMyAdmin parameters
|
||||
|
||||
## Bitnami PhpMyAdmin image version
|
||||
## ref: https://hub.docker.com/r/bitnami/phpmyadmin/tags/
|
||||
## @param image.registry [default: REGISTRY_NAME] phpMyAdmin image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/phpmyadmin] phpMyAdmin image repository
|
||||
## @skip image.tag phpMyAdmin image tag (immutable tags are recommended)
|
||||
## @param image.digest phpMyAdmin image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy Image pull policy
|
||||
## @param image.pullSecrets Specify docker-registry secret names as an array
|
||||
## @param image.debug Enable phpmyadmin image debug mode
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/phpmyadmin
|
||||
tag: 5.2.1-debian-12-r42
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## Example:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## Enable debug mode
|
||||
##
|
||||
debug: false
|
||||
## @param command Override default container command (useful when using custom images)
|
||||
##
|
||||
command: []
|
||||
## @param args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param lifecycleHooks for the phpmyadmin container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param extraEnvVars Extra environment variables to be set on PhpMyAdmin container
|
||||
## For example:
|
||||
## extraEnvVars:
|
||||
## - name: PHP_UPLOAD_MAX_FILESIZE
|
||||
## value: "80M"
|
||||
##
|
||||
extraEnvVars: []
|
||||
## @param extraEnvVarsCM Name of a existing ConfigMap containing extra env vars
|
||||
##
|
||||
extraEnvVarsCM: ""
|
||||
## @param extraEnvVarsSecret Name of a existing Secret containing extra env vars
|
||||
##
|
||||
extraEnvVarsSecret: ""
|
||||
## @section phpMyAdmin deployment parameters
|
||||
|
||||
## @param automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param hostAliases [array] Deployment pod host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
hostAliases:
|
||||
## Necessary for apache-exporter to work
|
||||
##
|
||||
- ip: "127.0.0.1"
|
||||
hostnames:
|
||||
- "status.localhost"
|
||||
## phpMyAdmin container ports to open
|
||||
## @param containerPorts.http HTTP port to expose at container level
|
||||
## @param containerPorts.https HTTPS port to expose at container level
|
||||
##
|
||||
containerPorts:
|
||||
http: 8080
|
||||
https: 8443
|
||||
## @param extraContainerPorts Optionally specify extra list of additional ports for phpMyAdmin container(s)
|
||||
## e.g:
|
||||
## extraContainerPorts:
|
||||
## - name: myservice
|
||||
## containerPort: 9090
|
||||
##
|
||||
extraContainerPorts: []
|
||||
## @param updateStrategy.type Strategy to use to update Pods
|
||||
##
|
||||
updateStrategy:
|
||||
## StrategyType
|
||||
## Can be set to RollingUpdate or OnDelete
|
||||
##
|
||||
type: RollingUpdate
|
||||
## phpMyAdmin pods' Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param podSecurityContext.enabled Enable phpMyAdmin pods' Security Context
|
||||
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param podSecurityContext.fsGroup User ID for the container
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## phpMyAdmin containers' Security Context (only main container)
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## phpMyAdmin number of pod replicas
|
||||
## @param replicas Number of replicas
|
||||
replicas: 1
|
||||
## phpMyAdmin containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
## choice for the user. This also increases chances charts run on environments with little
|
||||
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "micro"
|
||||
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## phpMyAdmin containers' startup probe. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
||||
## @param startupProbe.enabled Enable startupProbe
|
||||
## @param startupProbe.httpGet.path Request path for startupProbe
|
||||
## @param startupProbe.httpGet.port Port for startupProbe
|
||||
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
||||
## @param startupProbe.periodSeconds Period seconds for startupProbe
|
||||
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
||||
## @param startupProbe.failureThreshold Failure threshold for startupProbe
|
||||
## @param startupProbe.successThreshold Success threshold for startupProbe
|
||||
##
|
||||
startupProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
## phpMyAdmin containers' liveness probe. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
||||
## @param livenessProbe.enabled Enable livenessProbe
|
||||
## @param livenessProbe.tcpSocket.port Port for livenessProbe
|
||||
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
||||
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
|
||||
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
||||
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
|
||||
## @param livenessProbe.successThreshold Success threshold for livenessProbe
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
tcpSocket:
|
||||
port: http
|
||||
## phpMyAdmin containers' readiness probes. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
||||
## @param readinessProbe.enabled Enable readinessProbe
|
||||
## @param readinessProbe.httpGet.path Request path for readinessProbe
|
||||
## @param readinessProbe.httpGet.port Port for readinessProbe
|
||||
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
||||
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
|
||||
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
||||
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
|
||||
## @param readinessProbe.successThreshold Success threshold for readinessProbe
|
||||
##
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
## @param customStartupProbe Override default startup probe
|
||||
##
|
||||
customStartupProbe: {}
|
||||
## @param customLivenessProbe Override default liveness probe
|
||||
##
|
||||
customLivenessProbe: {}
|
||||
## @param customReadinessProbe Override default readiness probe
|
||||
##
|
||||
customReadinessProbe: {}
|
||||
## @param podLabels Extra labels for PhpMyAdmin pods
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
||||
##
|
||||
podLabels: {}
|
||||
## @param podAnnotations Annotations for PhpMyAdmin pods
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||||
##
|
||||
podAffinityPreset: ""
|
||||
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||||
##
|
||||
podAntiAffinityPreset: soft
|
||||
## Node affinity preset
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
||||
##
|
||||
nodeAffinityPreset:
|
||||
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
||||
##
|
||||
type: ""
|
||||
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
|
||||
## E.g.
|
||||
## key: "kubernetes.io/e2e-az-name"
|
||||
##
|
||||
key: ""
|
||||
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
|
||||
## E.g.
|
||||
## values:
|
||||
## - e2e-az1
|
||||
## - e2e-az2
|
||||
##
|
||||
values: []
|
||||
## @param affinity Affinity for pod assignment. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
|
||||
##
|
||||
affinity: {}
|
||||
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## @param tolerations Tolerations for pod assignment. Evaluated as a template.
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
## @param priorityClassName phpmyadmin pods' priorityClassName
|
||||
##
|
||||
priorityClassName: ""
|
||||
## @param schedulerName Name of the k8s scheduler (other than default)
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
schedulerName: ""
|
||||
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
|
||||
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
||||
## The value is evaluated as a template
|
||||
##
|
||||
topologySpreadConstraints: []
|
||||
## @param extraVolumes Optionally specify extra list of additional volumes for PhpMyAdmin pods
|
||||
##
|
||||
extraVolumes: []
|
||||
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for PhpMyAdmin container(s)
|
||||
##
|
||||
extraVolumeMounts: []
|
||||
## @param initContainers Add init containers to the PhpMyAdmin pods
|
||||
## Example:
|
||||
## initContainers:
|
||||
## - name: your-image-name
|
||||
## image: your-image
|
||||
## imagePullPolicy: Always
|
||||
## ports:
|
||||
## - name: portname
|
||||
## containerPort: 1234
|
||||
##
|
||||
initContainers: []
|
||||
## Pod Disruption Budget configuration
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
||||
## @param pdb.create Enable/disable a Pod Disruption Budget creation
|
||||
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
||||
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
|
||||
##
|
||||
pdb:
|
||||
create: true
|
||||
minAvailable: ""
|
||||
maxUnavailable: ""
|
||||
## @param sidecars Add sidecar containers to the PhpMyAdmin pods
|
||||
## Example:
|
||||
## sidecars:
|
||||
## - name: your-image-name
|
||||
## image: your-image
|
||||
## imagePullPolicy: Always
|
||||
## ports:
|
||||
## - name: portname
|
||||
## containerPort: 1234
|
||||
##
|
||||
sidecars: []
|
||||
## @section Traffic Exposure parameters
|
||||
|
||||
## Service configuration
|
||||
##
|
||||
service:
|
||||
## @param service.type Kubernetes Service type
|
||||
##
|
||||
type: ClusterIP
|
||||
## @param service.ports.http Service HTTP port
|
||||
## @param service.ports.https Service HTTPS port
|
||||
##
|
||||
ports:
|
||||
http: 80
|
||||
https: 443
|
||||
## Specify the nodePort values for the LoadBalancer and NodePort service types
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
## @param service.nodePorts.http Kubernetes http node port
|
||||
## @param service.nodePorts.https Kubernetes https node port
|
||||
##
|
||||
nodePorts:
|
||||
http: ""
|
||||
https: ""
|
||||
## @param service.clusterIP PhpMyAdmin service clusterIP IP
|
||||
## e.g:
|
||||
## clusterIP: None
|
||||
##
|
||||
clusterIP: ""
|
||||
## @param service.loadBalancerIP Load balancer IP for the phpMyAdmin Service (optional, cloud specific)
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
||||
##
|
||||
loadBalancerIP: ""
|
||||
## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
|
||||
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||||
## Example:
|
||||
## loadBalancerSourceRanges:
|
||||
## - 10.10.10.0/24
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## @param service.externalTrafficPolicy Enable client source IP preservation
|
||||
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
##
|
||||
externalTrafficPolicy: Cluster
|
||||
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
|
||||
##
|
||||
extraPorts: []
|
||||
## @param service.annotations Provide any additional annotations that may be required for the PhpMyAdmin service
|
||||
##
|
||||
annotations: {}
|
||||
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
|
||||
## If "ClientIP", consecutive client requests will be directed to the same Pod
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
|
||||
##
|
||||
sessionAffinity: None
|
||||
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
|
||||
## sessionAffinityConfig:
|
||||
## clientIP:
|
||||
## timeoutSeconds: 300
|
||||
##
|
||||
sessionAffinityConfig: {}
|
||||
## Ingress configuration
|
||||
##
|
||||
ingress:
|
||||
## @param ingress.enabled Set to true to enable ingress record generation
|
||||
##
|
||||
enabled: false
|
||||
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
||||
##
|
||||
apiVersion: ""
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: false
|
||||
##
|
||||
|
||||
## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created
|
||||
##
|
||||
hostname: phpmyadmin.local
|
||||
## @param ingress.pathType Ingress path type
|
||||
##
|
||||
pathType: ImplementationSpecific
|
||||
## @param ingress.path Default path for the ingress record
|
||||
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
||||
##
|
||||
path: /
|
||||
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
|
||||
## e.g:
|
||||
## extraPaths:
|
||||
## - path: /*
|
||||
## backend:
|
||||
## serviceName: ssl-redirect
|
||||
## servicePort: use-annotation
|
||||
##
|
||||
extraPaths: []
|
||||
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter
|
||||
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
|
||||
## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
|
||||
## let the chart create self-signed certificates for you
|
||||
##
|
||||
tls: false
|
||||
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
||||
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
||||
## Example:
|
||||
## extraHosts:
|
||||
## - name: phpmyadmin.local
|
||||
## path: /
|
||||
##
|
||||
extraHosts: []
|
||||
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
||||
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
||||
## Example:
|
||||
## extraTls:
|
||||
## - hosts:
|
||||
## - phpmyadmin.local
|
||||
## secretName: phpmyadmin.local-tls
|
||||
##
|
||||
extraTls: []
|
||||
## @param ingress.secrets If you're providing your own certificates and want to manage the secret via helm,
|
||||
## please use this to add the certificates as secrets key and certificate should start with
|
||||
## -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY-----
|
||||
## name should line up with a secretName set further up
|
||||
##
|
||||
## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you
|
||||
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created
|
||||
## It is also possible to create and manage the certificates outside of this helm chart
|
||||
## Please see README.md for more information
|
||||
##
|
||||
## Example
|
||||
## secrets:
|
||||
## - name: phpmyadmin.local-tls
|
||||
## key: ""
|
||||
## certificate: ""
|
||||
##
|
||||
secrets: []
|
||||
## @param ingress.existingSecretName If you're providing your own certificate and want to manage the secret yourself,
|
||||
## please provide the name of the secret with this parameter. This secret will then be used for tls termination.
|
||||
## It has higher priority than the cert-manager or the generation of the certificate from the chart.
|
||||
##
|
||||
## Example:
|
||||
## existingSecretName: "byo-phpmyadmin-tls"
|
||||
##
|
||||
existingSecretName: ""
|
||||
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
||||
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
||||
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
||||
##
|
||||
ingressClassName: ""
|
||||
## @param ingress.extraRules Additional rules to be covered with this ingress record
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
||||
## e.g:
|
||||
## extraRules:
|
||||
## - host: phpmyadmin.local
|
||||
## http:
|
||||
## path: /
|
||||
## backend:
|
||||
## service:
|
||||
## name: phpmyadmin-svc
|
||||
## port:
|
||||
## name: http
|
||||
##
|
||||
extraRules: []
|
||||
## @section Database parameters
|
||||
|
||||
## Database configuration
|
||||
##
|
||||
db:
|
||||
## @param db.allowArbitraryServer Enable connection to arbitrary MySQL server
|
||||
## If you do not want the user to be able to specify an arbitrary MySQL server at login time, set this to false
|
||||
##
|
||||
allowArbitraryServer: true
|
||||
## @param db.port Database port to use to connect
|
||||
##
|
||||
port: 3306
|
||||
## @param db.chartName Database suffix if included in the same release
|
||||
## If you are deploying phpMyAdmin as part of a release and the database is part
|
||||
## of the release, you can pass a suffix that will be used to find the database
|
||||
## in releasename-dbSuffix. Please note that this setting precedes db.host
|
||||
## e.g:
|
||||
## chartName: mariadb
|
||||
##
|
||||
chartName: ""
|
||||
## @param db.host Database Hostname. Ignored when `db.chartName` is set.
|
||||
## e.g:
|
||||
## host: foo
|
||||
##
|
||||
host: ""
|
||||
## @param db.bundleTestDB Deploy a MariaDB instance for testing purposes
|
||||
##
|
||||
bundleTestDB: false
|
||||
## @param db.enableSsl Enable SSL for the connection between phpMyAdmin and the database
|
||||
##
|
||||
enableSsl: false
|
||||
ssl:
|
||||
## @param db.ssl.clientKey Client key file when using SSL
|
||||
##
|
||||
clientKey: ""
|
||||
## @param db.ssl.clientCertificate Client certificate file when using SSL
|
||||
##
|
||||
clientCertificate: ""
|
||||
## @param db.ssl.caCertificate CA file when using SSL
|
||||
##
|
||||
caCertificate: ""
|
||||
## @param db.ssl.ciphers List of allowable ciphers for connections when using SSL
|
||||
##
|
||||
ciphers: []
|
||||
## @param db.ssl.verify Enable SSL certificate validation
|
||||
##
|
||||
verify: true
|
||||
## @param mariadb MariaDB chart configuration
|
||||
## https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml
|
||||
##
|
||||
mariadb: {}
|
||||
## @section Other Parameters
|
||||
|
||||
## Service account for PhpMyAdmin to use.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||
##
|
||||
serviceAccount:
|
||||
## @param serviceAccount.create Enable creation of ServiceAccount for PhpMyAdmin pod
|
||||
##
|
||||
create: true
|
||||
## @param serviceAccount.name The name of the ServiceAccount to use.
|
||||
## If not set and create is true, a name is generated using the common.names.fullname template
|
||||
##
|
||||
name: ""
|
||||
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
|
||||
## Can be set to false if pods using this serviceAccount do not need to use K8s API
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
|
||||
##
|
||||
annotations: {}
|
||||
## @section Metrics parameters
|
||||
|
||||
## Prometheus Exporter / Metrics
|
||||
##
|
||||
metrics:
|
||||
## @param metrics.enabled Start a side-car prometheus exporter
|
||||
##
|
||||
enabled: false
|
||||
## @param metrics.image.registry [default: REGISTRY_NAME] Apache exporter image registry
|
||||
## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache exporter image repository
|
||||
## @skip metrics.image.tag Apache exporter image tag (immutable tags are recommended)
|
||||
## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param metrics.image.pullPolicy Image pull policy
|
||||
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/apache-exporter
|
||||
tag: 1.0.8-debian-12-r9
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## Example:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "nano"
|
||||
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
##
|
||||
resources: {}
|
||||
## Prometheus Exporter service configuration
|
||||
##
|
||||
service:
|
||||
## @param metrics.service.type Prometheus metrics service type
|
||||
##
|
||||
type: ClusterIP
|
||||
## @param metrics.service.port Prometheus metrics service port
|
||||
##
|
||||
port: 9117
|
||||
## @param metrics.service.annotations [object] Annotations for Prometheus metrics service
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "{{ .Values.metrics.service.port }}"
|
||||
## @param metrics.service.clusterIP phpmyadmin service Cluster IP
|
||||
## e.g.:
|
||||
## clusterIP: None
|
||||
##
|
||||
clusterIP: ""
|
||||
## @param metrics.service.loadBalancerIP Load Balancer IP if the Prometheus metrics server type is `LoadBalancer`
|
||||
## Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank
|
||||
##
|
||||
loadBalancerIP: ""
|
||||
## @param metrics.service.loadBalancerSourceRanges phpmyadmin service Load Balancer sources
|
||||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||||
## e.g:
|
||||
## loadBalancerSourceRanges:
|
||||
## - 10.10.10.0/24
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## @param metrics.service.externalTrafficPolicy phpmyadmin service external traffic policy
|
||||
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
##
|
||||
externalTrafficPolicy: Cluster
|
||||
## @param metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
|
||||
## If "ClientIP", consecutive client requests will be directed to the same Pod
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
|
||||
##
|
||||
sessionAffinity: None
|
||||
## @param metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
|
||||
## sessionAffinityConfig:
|
||||
## clientIP:
|
||||
## timeoutSeconds: 300
|
||||
##
|
||||
sessionAffinityConfig: {}
|
||||
## Prometheus Service Monitor
|
||||
## ref: https://github.com/coreos/prometheus-operator
|
||||
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
||||
##
|
||||
serviceMonitor:
|
||||
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
|
||||
##
|
||||
enabled: false
|
||||
## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created
|
||||
##
|
||||
namespace: ""
|
||||
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
|
||||
##
|
||||
jobLabel: ""
|
||||
## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped
|
||||
##
|
||||
interval: 30s
|
||||
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
|
||||
## e.g:
|
||||
## scrapeTimeout: 30s
|
||||
##
|
||||
scrapeTimeout: ""
|
||||
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
|
||||
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
|
||||
##
|
||||
relabelings: []
|
||||
## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint
|
||||
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
|
||||
##
|
||||
metricRelabelings: []
|
||||
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
||||
##
|
||||
labels: {}
|
||||
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
|
||||
##
|
||||
honorLabels: false
|
||||
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
|
||||
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
|
||||
##
|
||||
## selector:
|
||||
## prometheus: my-prometheus
|
||||
##
|
||||
selector: {}
|
||||
## @section NetworkPolicy parameters
|
||||
|
||||
## Network Policy configuration
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||
##
|
||||
networkPolicy:
|
||||
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
||||
##
|
||||
enabled: true
|
||||
## @param networkPolicy.allowExternal Don't require server label for connections
|
||||
## The Policy model to apply. When set to false, only pods with the correct
|
||||
## server label will have network access to the ports server is listening
|
||||
## on. When true, server will accept connections from any source
|
||||
## (with the correct destination port).
|
||||
##
|
||||
allowExternal: true
|
||||
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||
##
|
||||
allowExternalEgress: true
|
||||
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraIngress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## from:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
extraIngress: []
|
||||
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraEgress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## to:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
##
|
||||
extraEgress: []
|
||||
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
||||
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
||||
##
|
||||
ingressNSMatchLabels: {}
|
||||
ingressNSPodMatchLabels: {}
|
|
@ -0,0 +1,6 @@
|
|||
fullnameOverride: phpmyadmin
|
||||
db:
|
||||
allowArbitraryServer: false
|
||||
port: 3306
|
||||
host: "mariadb.futureporn.svc.cluster.local"
|
||||
bundleTestDB: false
|
File diff suppressed because it is too large
Load Diff
|
@ -1,8 +1,20 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: "- \"fix(Traefik Hub): missing RBACs for Traefik Hub\"\n-
|
||||
\"chore(release): \U0001F680 publish v30.0.2\"\n"
|
||||
artifacthub.io/changes: "- \"fix: \U0001F41B http3 with internal service\"\n- \"fix:
|
||||
use correct children indentation for logs.access.filters\"\n- \"fix(schema): :bug:
|
||||
targetPort can also be a string\"\n- \"fix(certificateResolvers)!: :boom: :bug:
|
||||
use same syntax in Chart and in Traefik\"\n- \"fix(Traefik)!: :boom: set 8080
|
||||
as default port for `traefik` entrypoint\"\n- \"fix(Traefik Hub): RBAC for distributedAcme\"\n-
|
||||
\"fix(Kubernetes Ingress)!: :boom: :sparkles: enable publishedService by default\"\n-
|
||||
\"fix(Gateway API): :bug: add missing required RBAC for v3.2 with experimental
|
||||
Channel\"\n- \"fix(Env Variables)!: allow extending env without overwrite\"\n-
|
||||
\"feat(deps): update traefik docker tag to v3.2.0\"\n- \"feat(deps): update traefik
|
||||
docker tag to v3.1.6\"\n- \"feat(Traefik): ✨ support Gateway API statusAddress\"\n-
|
||||
\"feat(Traefik Proxy): CRDs for v3.2+\"\n- \"feat(Gateway API): :sparkles: standard
|
||||
install CRD v1.2.0\"\n- \"feat(Gateway API): :sparkles: add infrastructure in
|
||||
the values\"\n- \"chore: allow TRACE log level\"\n- \"chore(release): \U0001F680
|
||||
publish v33.0.0\"\n- \"Update topology spread constraints comments\"\n"
|
||||
apiVersion: v2
|
||||
appVersion: v3.1.0
|
||||
appVersion: v3.2.0
|
||||
description: A Traefik based Kubernetes ingress controller
|
||||
home: https://traefik.io/
|
||||
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
|
||||
|
@ -24,4 +36,4 @@ sources:
|
|||
- https://github.com/traefik/traefik
|
||||
- https://github.com/traefik/traefik-helm-chart
|
||||
type: application
|
||||
version: 30.0.2
|
||||
version: 33.0.0
|
||||
|
|
|
@ -97,10 +97,10 @@ ingressRoute:
|
|||
The traefik admin port can be forwarded locally:
|
||||
|
||||
```bash
|
||||
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
|
||||
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 8080:8080
|
||||
```
|
||||
|
||||
This command makes the dashboard accessible on the url: http://127.0.0.1:9000/dashboard/
|
||||
This command makes the dashboard accessible on the url: http://127.0.0.1:8080/dashboard/
|
||||
|
||||
# Publish and protect Traefik Dashboard with basic Auth
|
||||
|
||||
|
@ -173,7 +173,7 @@ extraObjects:
|
|||
ports:
|
||||
- port: 8080
|
||||
name: traefik
|
||||
targetPort: 9000
|
||||
targetPort: 8080
|
||||
protocol: TCP
|
||||
|
||||
- apiVersion: v1
|
||||
|
@ -305,7 +305,7 @@ extraObjects:
|
|||
config:
|
||||
type: HTTP
|
||||
httpHealthCheck:
|
||||
port: 9000
|
||||
port: 8080
|
||||
requestPath: /ping
|
||||
targetRef:
|
||||
group: ""
|
||||
|
@ -331,14 +331,15 @@ Here is a more complete example, using also native Let's encrypt feature of Trae
|
|||
persistence:
|
||||
enabled: true
|
||||
size: 128Mi
|
||||
certResolvers:
|
||||
certificatesResolvers:
|
||||
letsencrypt:
|
||||
email: "{{ letsencrypt_email }}"
|
||||
#caServer: https://acme-v02.api.letsencrypt.org/directory # Production server
|
||||
caServer: https://acme-staging-v02.api.letsencrypt.org/directory # Staging server
|
||||
dnsChallenge:
|
||||
provider: azuredns
|
||||
storage: /data/acme.json
|
||||
acme:
|
||||
email: "{{ letsencrypt_email }}"
|
||||
#caServer: https://acme-v02.api.letsencrypt.org/directory # Production server
|
||||
caServer: https://acme-staging-v02.api.letsencrypt.org/directory # Staging server
|
||||
dnsChallenge:
|
||||
provider: azuredns
|
||||
storage: /data/acme.json
|
||||
env:
|
||||
- name: AZURE_CLIENT_ID
|
||||
value: "{{ azure_dns_challenge_application_id }}"
|
||||
|
@ -416,6 +417,17 @@ ports:
|
|||
enabled: true
|
||||
```
|
||||
|
||||
You can also create two `Service`, one for TCP and one for UDP:
|
||||
|
||||
```yaml
|
||||
ports:
|
||||
websecure:
|
||||
http3:
|
||||
enabled: true
|
||||
service:
|
||||
single: false
|
||||
```
|
||||
|
||||
# Use PROXY protocol on Digital Ocean
|
||||
|
||||
PROXY protocol is a protocol for sending client connection information, such as origin IP addresses and port numbers, to the final backend server, rather than discarding it at the load balancer.
|
||||
|
@ -480,7 +492,7 @@ See [#396](https://github.com/traefik/traefik-helm-chart/issues/396) for more de
|
|||
Once the provider is ready, it can be used in an `IngressRoute`:
|
||||
|
||||
```yaml
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: [...]
|
||||
|
@ -491,6 +503,8 @@ spec:
|
|||
certResolver: letsencrypt
|
||||
```
|
||||
|
||||
:information_source: Change `apiVersion` to `traefik.containo.us/v1alpha1` for charts prior to v28.0.0
|
||||
|
||||
See [the list of supported providers](https://doc.traefik.io/traefik/https/acme/#providers) for others.
|
||||
|
||||
## Example with CloudFlare
|
||||
|
@ -516,11 +530,12 @@ stringData:
|
|||
persistence:
|
||||
enabled: true
|
||||
storageClass: xxx
|
||||
certResolvers:
|
||||
certificatesResolvers:
|
||||
letsencrypt:
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
storage: /data/acme.json
|
||||
acme:
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
storage: /data/acme.json
|
||||
env:
|
||||
- name: CF_DNS_API_TOKEN
|
||||
valueFrom:
|
||||
|
@ -540,6 +555,9 @@ podSecurityContext:
|
|||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
```
|
||||
|
||||
>[!NOTE]
|
||||
> With [Traefik Hub](https://traefik.io/traefik-hub/), certificates can be stored as a `Secret` on Kubernetes with `distributedAcme` resolver.
|
||||
|
||||
# Provide default certificate with cert-manager and CloudFlare DNS
|
||||
|
||||
Setup:
|
||||
|
@ -683,7 +701,7 @@ spec:
|
|||
app.kubernetes.io/name: traefik
|
||||
app.kubernetes.io/instance: traefik-traefik
|
||||
ports:
|
||||
- port: 9000
|
||||
- port: 8080
|
||||
name: "traefik"
|
||||
targetPort: traefik
|
||||
protocol: TCP
|
||||
|
@ -822,8 +840,6 @@ metrics:
|
|||
One can use the new stable kubernetes gateway API provider setting the following _values_:
|
||||
|
||||
```yaml
|
||||
image:
|
||||
tag: v3.1.0-rc3
|
||||
providers:
|
||||
kubernetesGateway:
|
||||
enabled: true
|
||||
|
@ -891,6 +907,8 @@ Once it's applied, whoami should be accessible on http://whoami.docker.localhost
|
|||
|
||||
</details>
|
||||
|
||||
:information_source: In this example, `Deployment` and `HTTPRoute` should be deployed in the same namespace as the Traefik Gateway: Chart namespace.
|
||||
|
||||
# Use Kubernetes Gateway API with cert-manager
|
||||
|
||||
One can use the new stable kubernetes gateway API provider with automatic TLS certificates delivery (with cert-manager) setting the following _values_:
|
||||
|
@ -906,6 +924,8 @@ gateway:
|
|||
listeners:
|
||||
websecure:
|
||||
hostname: whoami.docker.localhost
|
||||
port: 8443
|
||||
protocol: HTTPS
|
||||
certificateRefs:
|
||||
- name: whoami-tls
|
||||
```
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue