From 1927888a361a230d84934775fce35e77d917cad4 Mon Sep 17 00:00:00 2001 From: stefanprodan Date: Tue, 7 Jan 2020 11:47:10 +0200 Subject: [PATCH] Update HelmReleases for Kubernetes 1.16 --- .circleci/config.yml | 4 +- charts/ghost/Chart.yaml | 8 +- charts/ghost/OWNERS | 8 + charts/ghost/README.md | 157 ++++++++++++----- charts/ghost/requirements.lock | 6 +- charts/ghost/requirements.yaml | 4 +- charts/ghost/templates/NOTES.txt | 41 +++-- charts/ghost/templates/_helpers.tpl | 153 +++++++++++++++- charts/ghost/templates/deployment.yaml | 109 +++++++++--- charts/ghost/templates/ingress.yaml | 43 +++++ charts/ghost/templates/pvc.yaml | 16 +- charts/ghost/templates/secrets.yaml | 16 +- charts/ghost/templates/svc.yaml | 33 ++-- charts/ghost/values.schema.json | 163 +++++++++++++++++ charts/ghost/values.yaml | 233 +++++++++++++++++++------ releases/ghost.yaml | 12 +- releases/mongodb.yaml | 4 +- releases/redis.yaml | 6 +- workloads/podinfo-dep.yaml | 34 ++-- 19 files changed, 847 insertions(+), 203 deletions(-) create mode 100755 charts/ghost/templates/ingress.yaml create mode 100755 charts/ghost/values.schema.json diff --git a/.circleci/config.yml b/.circleci/config.yml index 099ce8cbd1..240ae8a7b4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2.1 jobs: validate-yamls: docker: - - image: stefanprodan/hrval:v2.6.0 + - image: stefanprodan/hrval:v2.9.0 steps: - checkout - run: @@ -15,7 +15,7 @@ jobs: name: Validate releases environment: IGNORE_VALUES: "false" - KUBE_VER: "1.15.0" + KUBE_VER: "1.16.0" HELM_VER: "v2" command: | hrval releases/ $IGNORE_VALUES $KUBE_VER $HELM_VER diff --git a/charts/ghost/Chart.yaml b/charts/ghost/Chart.yaml index e567d869f1..f904da4e18 100755 --- a/charts/ghost/Chart.yaml +++ b/charts/ghost/Chart.yaml @@ -1,8 +1,8 @@ +apiVersion: v1 name: ghost -version: 2.1.16 -appVersion: 1.21.5 -description: A simple, powerful publishing platform that allows you to share your - stories with the world +version: 9.0.4 +appVersion: 3.1.1 +description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost - blog diff --git a/charts/ghost/OWNERS b/charts/ghost/OWNERS index 0d4d6f1291..f87e010777 100755 --- a/charts/ghost/OWNERS +++ b/charts/ghost/OWNERS @@ -2,7 +2,15 @@ approvers: - prydonius - tompizmor - sameersbn +- carrodher +- javsalgar +- juan131 +- miguelaeh reviewers: - prydonius - tompizmor - sameersbn +- carrodher +- javsalgar +- juan131 +- miguelaeh diff --git a/charts/ghost/README.md b/charts/ghost/README.md index dd99a94810..05bf4e4539 100755 --- a/charts/ghost/README.md +++ b/charts/ghost/README.md @@ -14,10 +14,14 @@ This chart bootstraps a [Ghost](https://github.com/bitnami/bitnami-docker-ghost) It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Ghost application. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + ## Prerequisites -- Kubernetes 1.4+ with Beta APIs enabled +- Kubernetes 1.12+ +- Helm 2.11+ or Helm 3.0-beta3+ - PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling ## Installing the Chart @@ -27,7 +31,7 @@ To install the chart with the release name `my-release`: $ helm install --name my-release stable/ghost ``` -The command deploys Ghost on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +The command deploys Ghost on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. > **Tip**: List all releases using `helm list` @@ -41,37 +45,79 @@ $ helm delete my-release The command removes all the Kubernetes components associated with the chart and deletes the release. -## Configuration - -The following tables lists the configurable parameters of the Ghost chart and their default values. - -| Parameter | Description | Default | -|-------------------------------|---------------------------------------------------------------|----------------------------------------------------------| -| `image` | Ghost image | `bitnami/ghost:{VERSION}` | -| `imagePullPolicy` | Image pull policy | `Always` if `image` tag is `latest`, else `IfNotPresent` | -| `ghostHost` | Ghost host to create application URLs | `nil` | -| `ghostPort` | Ghost port to create application URLs along with host | `80` | -| `ghostLoadBalancerIP` | `loadBalancerIP` for the Ghost Service | `nil` | -| `ghostUsername` | User of the application | `user@example.com` | -| `ghostPassword` | Application password | Randomly generated | -| `ghostEmail` | Admin email | `user@example.com` | -| `ghostBlogTitle` | Ghost Blog name | `User's Blog` | -| `allowEmptyPassword` | Allow DB blank passwords | `yes` | -| `externalDatabase.host` | Host of the external database | `nil` | -| `externalDatabase.user` | Existing username in the external db | `bn_ghost` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.database` | Name of the existing database | `bitnami_ghost` | -| `mariadb.enabled` | Whether or not to install MariaDB (disable if using external) | `true` | -| `mariadb.mariadbRootPassword` | MariaDB admin password | `nil` | -| `mariadb.mariadbDatabase` | MariaDB Database name to create | `bitnami_ghost` | -| `mariadb.mariadbUser` | MariaDB Database user to create | `bn_ghost` | -| `mariadb.mariadbPassword` | MariaDB Password for user | _random 10 character long alphanumeric string_ | -| `serviceType` | Kubernetes Service type | `LoadBalancer` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Ghost volume | `nil` (uses alpha storage annotation) | -| `persistence.accessMode` | PVC Access Mode for Ghost volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for Ghost volume | `8Gi` | -| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | +## Parameters + +The following table lists the configurable parameters of the Ghost chart and their default values. + +| Parameter | Description | Default | +|-------------------------------------|---------------------------------------------------------------|----------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | Ghost image registry | `docker.io` | +| `image.repository` | Ghost Image name | `bitnami/ghost` | +| `image.tag` | Ghost Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `nameOverride` | String to partially override ghost.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override ghost.fullname template with a string | `nil` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository`| Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.pullPolicy`| Init container volume-permissions image pull policy | `Always` | +| `ghostHost` | Ghost host to create application URLs | `nil` | +| `ghostPort` | Ghost port to use in application URLs (defaults to `service.port` if `nil`) | `nil` | +| `ghostProtocol` | Protocol (http or https) to use in the application URLs | `http` | +| `ghostPath` | Ghost path to create application URLs | `nil` | +| `ghostUsername` | User of the application | `user@example.com` | +| `ghostPassword` | Application password | Randomly generated | +| `ghostEmail` | Admin email | `user@example.com` | +| `ghostBlogTitle` | Ghost Blog name | `User's Blog` | +| `smtpHost` | SMTP host | `nil` | +| `smtpPort` | SMTP port | `nil` | +| `smtpUser` | SMTP user | `nil` | +| `smtpPassword` | SMTP password | `nil` | +| `smtpFromAddress` | SMTP from address | `nil` | +| `smtpService` | SMTP service | `nil` | +| `allowEmptyPassword` | Allow DB blank passwords | `yes` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `service.type` | Kubernetes Service type | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.nodePorts.http` | Kubernetes http node port | `""` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.loadBalancerIP` | LoadBalancerIP for the Ghost service | `` | +| `service.annotations` | Service annotations | `` | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.annotations` | Ingress annotations | `[]` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.hosts[0].name` | Hostname to your Ghost installation | `ghost.local` | +| `ingress.hosts[0].path` | Path within the url structure | `/` | +| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | +| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` | +| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `ghost.local-tls-secret` | +| `ingress.secrets[0].name` | TLS Secret Name | `nil` | +| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | +| `ingress.secrets[0].key` | TLS Secret Key | `nil` | +| `externalDatabase.host` | Host of the external database | `localhost` | +| `externalDatabase.port` | Port of the external database | `3306` | +| `externalDatabase.user` | Existing username in the external db | `bn_ghost` | +| `externalDatabase.password` | Password for the above username | `""` | +| `externalDatabase.database` | Name of the existing database | `bitnami_ghost` | +| `mariadb.enabled` | Whether or not to install MariaDB (disable if using external) | `true` | +| `mariadb.rootUser.password` | MariaDB admin password | `nil` | +| `mariadb.db.name` | MariaDB Database name to create | `bitnami_ghost` | +| `mariadb.db.user` | MariaDB Database user to create | `bn_ghost` | +| `mariadb.db.password` | MariaDB Password for user | _random 10 character long alphanumeric string_ | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for Ghost volume | `nil` (uses alpha storage annotation) | +| `persistence.accessMode` | PVC Access Mode for Ghost volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for Ghost volume | `8Gi` | +| `persistence.path` | Path to mount the volume at, to use other images | `/bitnami` | +| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | +| `nodeSelector` | Node selector for pod assignment | `{}` | +| `affinity` | Map of node/pod affinities | `{}` | The above parameters map to the env variables defined in [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost). For more information please refer to the [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost) image documentation. @@ -87,7 +133,7 @@ The above parameters map to the env variables defined in [bitnami/ghost](http:// > $ gcloud compute addresses create ghost-public-ip > ``` > -> The reserved IP address can be associated to the Ghost service by specifying it as the value of the `ghostLoadBalancerIP` parameter while installing the chart. +> The reserved IP address can be assigned to the Ghost service by specifying it as the value of the `ghostLoadBalancerIP` parameter while installing the chart. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -97,7 +143,7 @@ $ helm install --name my-release \ stable/ghost ``` -The above command sets the Ghost administrator account username and password to `admin` and `password` respectively. Additionally it sets the MariaDB `root` user password to `secretpassword`. +The above command sets the Ghost administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, @@ -107,13 +153,24 @@ $ helm install --name my-release -f values.yaml stable/ghost > **Tip**: You can use the default [values.yaml](values.yaml) -## Using an existing database +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. -Sometimes you may want to have Ghost connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#configuration). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example: +### Using an existing database + +Sometimes you may want to have Ghost connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example using the following parameters: ```console -$ helm install stable/ghost \ - --set mariadb.enabled=false,externalDatabase.host=myexternalhost,externalDatabase.user=myuser,externalDatabase.password=mypassword,externalDatabase.database=mydatabase +mariadb.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase ``` ## Persistence @@ -121,4 +178,24 @@ $ helm install stable/ghost \ The [Bitnami Ghost](https://github.com/bitnami/bitnami-docker-ghost) image stores the Ghost data and configurations at the `/bitnami/ghost` and `/bitnami/apache` paths of the container. Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Configuration](#configuration) section to configure the PVC or to disable persistence. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +## Upgrading + +### To 9.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pulls/17297 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version signifies this change. + +### To 5.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is ghost: + +```console +$ kubectl patch deployment ghost-ghost --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +$ kubectl delete statefulset ghost-mariadb --cascade=false +``` diff --git a/charts/ghost/requirements.lock b/charts/ghost/requirements.lock index 3670004a51..7039bf8f84 100755 --- a/charts/ghost/requirements.lock +++ b/charts/ghost/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.7.0 -digest: sha256:f59f68030aa5c50b9e776b813804875fac911f91c2aa384e991f37a795c5ae34 -generated: 2017-11-27T16:40:56.867665764Z + version: 7.2.1 +digest: sha256:27bef733eb099a7377055cfe2c48e013bd4d55650ff18b50138c80488c812b0b +generated: 2019-12-04T15:22:06.772062948Z diff --git a/charts/ghost/requirements.yaml b/charts/ghost/requirements.yaml index 7c0c6a88a9..93e76cc0bd 100755 --- a/charts/ghost/requirements.yaml +++ b/charts/ghost/requirements.yaml @@ -1,5 +1,7 @@ dependencies: - name: mariadb - version: 0.7.0 + version: 7.x.x repository: https://kubernetes-charts.storage.googleapis.com/ condition: mariadb.enabled + tags: + - ghost-database diff --git a/charts/ghost/templates/NOTES.txt b/charts/ghost/templates/NOTES.txt index 6c93697e51..08860068d9 100755 --- a/charts/ghost/templates/NOTES.txt +++ b/charts/ghost/templates/NOTES.txt @@ -8,43 +8,47 @@ host. To configure Ghost with the URL of your service: 1. Get the Ghost URL by running: - {{- if contains "NodePort" .Values.serviceType }} + {{- if contains "NodePort" .Values.service.type }} export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - {{- else if contains "LoadBalancer" .Values.serviceType }} + {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "ghost.fullname" . }}' export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode) + {{- if .Values.mariadb.mariadbRootPassword }} + export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) {{- end }} + {{- end }} + export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) 2. Complete your Ghost deployment by running: - helm upgrade {{ .Release.Name }} \ - --set serviceType={{ .Values.serviceType }},ghostHost=$APP_HOST stable/ghost + helm upgrade {{ .Release.Name }} stable/{{ .Chart.Name }} \ + --set service.type={{ .Values.service.type }},ghostHost=$APP_HOST,ghostPassword=$APP_PASSWORD,{{ if .Values.mariadb.mariadbRootPassword }},mariadb.mariadbRootPassword=$DATABASE_ROOT_PASSWORD{{ end }}mariadb.db.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} {{- else -}} 1. Get the Ghost URL by running: -{{- if eq .Values.serviceType "ClusterIP" }} +{{- if eq .Values.service.type "ClusterIP" }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ghost.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") - echo Blog URL : http://127.0.0.1:{{ default "80" .Values.ghostPort }}/ - echo Admin URL : http://127.0.0.1:{{ default "80" .Values.ghostPort }}/ghost - kubectl port-forward $POD_NAME {{ default "80" .Values.ghostPort }}:2368 + echo Blog URL : http://127.0.0.1:{{ default "80" .Values.service.port }}{{ .Values.ghostPath }} + echo Admin URL : http://127.0.0.1:{{ default "80" .Values.service.port }}{{ .Values.ghostPath }}ghost + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "ghost.fullname" . }} {{ default "80" .Values.service.port }}:2368 -{{- else if eq .Values.serviceType "NodePort" }} +{{- else if eq .Values.service.type "NodePort" }} export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export APP_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }}) + export APP_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ghost.fullname" . }}) - echo Blog URL : http://$APP_HOST:$APP_PORT/ - echo Admin URL : http://$APP_HOST:$APP_PORT/ghost + echo Blog URL : http://$APP_HOST:$APP_PORT{{ .Values.ghostPath }} + echo Admin URL : http://$APP_HOST:$APP_PORT{{ .Values.ghostPath }}ghost {{- else }} - echo Blog URL : http://{{ include "ghost.host" . }}/ - echo Admin URL : http://{{ include "ghost.host" . }}/ghost + echo Blog URL : http://{{ include "ghost.host" . }} + echo Admin URL : http://{{ include "ghost.host" . }}ghost {{- end }} 2. Get your Ghost login credentials by running: @@ -52,3 +56,10 @@ host. To configure Ghost with the URL of your service: echo Email: {{ .Values.ghostEmail }} echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode) {{- end }} + +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} + +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ + +{{- end }} diff --git a/charts/ghost/templates/_helpers.tpl b/charts/ghost/templates/_helpers.tpl index 399f894766..44efd82604 100755 --- a/charts/ghost/templates/_helpers.tpl +++ b/charts/ghost/templates/_helpers.tpl @@ -9,11 +9,20 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "ghost.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- end -}} +{{- end -}} {{/* Create a default fully qualified app name. @@ -28,10 +37,10 @@ Get the user defined LoadBalancerIP for this release. Note, returns 127.0.0.1 if using ClusterIP. */}} {{- define "ghost.serviceIP" -}} -{{- if eq .Values.serviceType "ClusterIP" -}} +{{- if eq .Values.service.type "ClusterIP" -}} 127.0.0.1 {{- else -}} -{{- index .Values (printf "%sLoadBalancerIP" .Chart.Name) | default "" -}} +{{- .Values.service.loadBalancerIP | default "" -}} {{- end -}} {{- end -}} @@ -40,6 +49,144 @@ Gets the host to be used for this application. If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. */}} {{- define "ghost.host" -}} -{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} +{{- if .Values.ghostHost -}} +{{- $host := printf "%s%s" .Values.ghostHost .Values.ghostPath -}} {{- default (include "ghost.serviceIP" .) $host -}} +{{- else -}} +{{- default (include "ghost.serviceIP" .) "" -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ghost.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Ghost image name +*/}} +{{- define "ghost.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "ghost.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "ghost.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "ghost.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "ghost.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} {{- end -}} diff --git a/charts/ghost/templates/deployment.yaml b/charts/ghost/templates/deployment.yaml index 955d4fbb72..33013260ed 100755 --- a/charts/ghost/templates/deployment.yaml +++ b/charts/ghost/templates/deployment.yaml @@ -1,32 +1,45 @@ {{- if include "ghost.host" . -}} -apiVersion: extensions/v1beta1 +apiVersion: {{ template "ghost.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ template "ghost.fullname" . }} labels: - app: {{ template "ghost.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "ghost.fullname" . }}" + chart: "{{ template "ghost.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: + selector: + matchLabels: + app: "{{ template "ghost.fullname" . }}" + release: {{ .Release.Name | quote }} replicas: 1 template: metadata: labels: - app: {{ template "ghost.fullname" . }} + app: "{{ template "ghost.fullname" . }}" + chart: "{{ template "ghost.chart" . }}" + release: {{ .Release.Name | quote }} spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- else }} initContainers: - name: volume-permissions - image: "{{ .Values.volumePermissions.image.name }}:{{ .Values.volumePermissions.image.tag }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: ['sh', '-c', 'chmod -R g+rwX /bitnami'] + image: {{ template "ghost.volumePermissions.image" . }} + imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" + command: ['sh', '-c', 'chmod -R g+rwX {{ .Values.persistence.path }}'] volumeMounts: - - mountPath: /bitnami + - mountPath: {{ .Values.persistence.path }} name: ghost-data + {{- end }} +{{- include "ghost.imagePullSecrets" . | indent 6 }} containers: - name: {{ template "ghost.fullname" . }} - image: "{{ .Values.image }}" - imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + image: {{ template "ghost.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} env: - name: ALLOW_EMPTY_PASSWORD {{- if .Values.allowEmptyPassword }} @@ -38,21 +51,25 @@ spec: {{- if .Values.mariadb.enabled }} value: {{ template "ghost.mariadb.fullname" . }} {{- else }} - value: {{ default "" .Values.externalDatabase.host | quote }} + value: {{ .Values.externalDatabase.host | quote }} {{- end }} - name: MARIADB_PORT_NUMBER + {{- if .Values.mariadb.enabled }} value: "3306" + {{- else }} + value: {{ .Values.externalDatabase.port | quote }} + {{- end }} - name: GHOST_DATABASE_NAME {{- if .Values.mariadb.enabled }} - value: {{ default "" .Values.mariadb.mariadbDatabase | quote }} + value: {{ .Values.mariadb.db.name | quote }} {{- else }} - value: {{ default "" .Values.externalDatabase.database | quote }} + value: {{ .Values.externalDatabase.database | quote }} {{- end }} - name: GHOST_DATABASE_USER {{- if .Values.mariadb.enabled }} - value: {{ default "" .Values.mariadb.mariadbUser | quote }} + value: {{ .Values.mariadb.db.user | quote }} {{- else }} - value: {{ default "" .Values.externalDatabase.user | quote }} + value: {{ .Values.externalDatabase.user | quote }} {{- end }} - name: GHOST_DATABASE_PASSWORD {{- if .Values.mariadb.enabled }} @@ -61,56 +78,84 @@ spec: name: {{ template "ghost.mariadb.fullname" . }} key: mariadb-password {{- else }} - value: {{ default "" .Values.externalDatabase.password | quote }} + value: {{ .Values.externalDatabase.password | quote }} {{- end }} - name: GHOST_HOST value: {{ include "ghost.host" . | quote }} + - name: GHOST_PROTOCOL + value: {{ .Values.ghostProtocol | quote }} - name: GHOST_PORT_NUMBER - value: {{ default "80" .Values.ghostPort | quote }} + {{- if .Values.ghostPort }} + value: {{ .Values.ghostPort | quote }} + {{- else }} + value: {{ .Values.service.port | quote }} + {{- end }} - name: GHOST_USERNAME - value: {{ default "" .Values.ghostUsername | quote }} + value: {{ .Values.ghostUsername | quote }} - name: GHOST_PASSWORD valueFrom: secretKeyRef: name: {{ template "ghost.fullname" . }} key: ghost-password - name: GHOST_EMAIL - value: {{ default "" .Values.ghostEmail | quote }} + value: {{ .Values.ghostEmail | quote }} - name: BLOG_TITLE - value: {{ default "" .Values.ghostBlogTitle | quote }} + value: {{ .Values.ghostBlogTitle | quote }} + {{- if .Values.smtpHost }} - name: SMTP_HOST - value: {{ default "" .Values.smtpHost | quote }} + value: {{ .Values.smtpHost | quote }} + {{- end }} + {{- if .Values.smtpPort }} - name: SMTP_PORT - value: {{ default "" .Values.smtpPort | quote }} + value: {{ .Values.smtpPort | quote }} + {{- end }} + {{- if .Values.smtpUser }} - name: SMTP_USER - value: {{ default "" .Values.smtpUser | quote }} + value: {{ .Values.smtpUser | quote }} + {{- end }} + {{- if .Values.smtpPassword }} - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ template "ghost.fullname" . }} key: smtp-password + {{- end }} + {{- if .Values.smtpFromAddress }} + - name: SMTP_FROM_ADDRESS + value: {{ .Values.smtpFromAddress | quote }} + {{- end }} + {{- if .Values.smtpService }} - name: SMTP_SERVICE - value: {{ default "" .Values.smtpService | quote }} + value: {{ .Values.smtpService | quote }} + {{- end }} ports: - name: http containerPort: 2368 livenessProbe: httpGet: - path: /ghost + path: {{ .Values.ghostPath }} port: http httpHeaders: - name: Host value: {{ include "ghost.host" . | quote }} + {{- if eq .Values.ghostProtocol "https" }} + - name: X-Forwarded-Proto + value: https + {{- end }} initialDelaySeconds: 120 timeoutSeconds: 5 failureThreshold: 6 readinessProbe: httpGet: - path: /ghost + path: {{ .Values.ghostPath }} port: http httpHeaders: - name: Host value: {{ include "ghost.host" . | quote }} + {{- if eq .Values.ghostProtocol "https" }} + - name: X-Forwarded-Proto + value: https + {{- end }} initialDelaySeconds: 30 timeoutSeconds: 3 periodSeconds: 5 @@ -127,4 +172,12 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end -}} diff --git a/charts/ghost/templates/ingress.yaml b/charts/ghost/templates/ingress.yaml new file mode 100755 index 0000000000..a08bfc8404 --- /dev/null +++ b/charts/ghost/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "ghost.fullname" . }} + labels: + app: "{{ template "ghost.fullname" . }}" + chart: "{{ template "ghost.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + backend: + serviceName: {{ template "ghost.fullname" $ }} + servicePort: http + {{- end }} + tls: + {{- range .Values.ingress.hosts }} + {{- if .tls }} + - hosts: + {{- if .tlsHosts }} + {{- range $host := .tlsHosts }} + - {{ $host }} + {{- end }} + {{- else }} + - {{ .name }} + {{- end }} + secretName: {{ .tlsSecret }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/ghost/templates/pvc.yaml b/charts/ghost/templates/pvc.yaml index 36e1ab84e4..b47108bde9 100755 --- a/charts/ghost/templates/pvc.yaml +++ b/charts/ghost/templates/pvc.yaml @@ -4,21 +4,15 @@ apiVersion: v1 metadata: name: {{ template "ghost.fullname" . }} labels: - app: {{ template "ghost.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "ghost.fullname" . }}" + chart: "{{ template "ghost.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} + {{ include "ghost.storageClass" . }} {{- end -}} diff --git a/charts/ghost/templates/secrets.yaml b/charts/ghost/templates/secrets.yaml index db1c841d64..5ac5bd2b7b 100755 --- a/charts/ghost/templates/secrets.yaml +++ b/charts/ghost/templates/secrets.yaml @@ -3,15 +3,17 @@ kind: Secret metadata: name: {{ template "ghost.fullname" . }} labels: - app: {{ template "ghost.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "ghost.fullname" . }}" + chart: "{{ template "ghost.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} type: Opaque data: - {{ if .Values.ghostPassword }} + {{- if .Values.ghostPassword }} ghost-password: {{ .Values.ghostPassword | b64enc | quote }} - {{ else }} + {{- else }} ghost-password: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} + {{- end }} + {{- if .Values.smtpPassword }} smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }} + {{- end }} diff --git a/charts/ghost/templates/svc.yaml b/charts/ghost/templates/svc.yaml index f482a7f3bd..5de567bb0f 100755 --- a/charts/ghost/templates/svc.yaml +++ b/charts/ghost/templates/svc.yaml @@ -3,18 +3,29 @@ kind: Service metadata: name: {{ template "ghost.fullname" . }} labels: - app: {{ template "ghost.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "ghost.fullname" . }}" + chart: "{{ template "ghost.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: + {{- range $key, $value := .Values.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: - type: {{ .Values.serviceType }} - {{- if eq .Values.serviceType "LoadBalancer" }} - loadBalancerIP: {{ default "" .Values.ghostLoadBalancerIP }} + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }} {{- end }} ports: - - name: http - port: {{ default "80" .Values.ghostPort }} - targetPort: http + - name: http + port: {{ .Values.service.port }} + targetPort: http + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}} + nodePort: {{ .Values.service.nodePorts.http }} + {{- end }} selector: - app: {{ template "ghost.fullname" . }} + app: "{{ template "ghost.fullname" . }}" diff --git a/charts/ghost/values.schema.json b/charts/ghost/values.schema.json new file mode 100755 index 0000000000..0faccf46d1 --- /dev/null +++ b/charts/ghost/values.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "ghostUsername": { + "type": "string", + "title": "User", + "form": true + }, + "ghostPassword": { + "type": "string", + "title": "Password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set" + }, + "ghostEmail": { + "type": "string", + "title": "Admin email", + "form": true + }, + "ghostBlogTitle": { + "type": "string", + "title": "Blog Name", + "form": true + }, + "ghostHost": { + "type": "string", + "title": "Host", + "form": true, + "description": "Hostname used to generate application URLs" + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "mariadb": { + "type": "object", + "form": true, + "title": "MariaDB Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Use a new MariaDB database hosted in the cluster", + "form": true, + "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database parameters" + }, + "master": { + "type": "object", + "properties": { + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Volume Size", + "form": true, + "hidden": { + "condition": false, + "value": "mariadb.enabled" + }, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + } + } + } + } + }, + "externalDatabase": { + "type": "object", + "title": "External Database Details", + "description": "If MariaDB is disabled. Use this section to specify the external database details", + "form": true, + "properties": { + "host": { + "type": "string", + "form": true, + "title": "Database Host", + "hidden": "mariadb.enabled" + }, + "user": { + "type": "string", + "form": true, + "title": "Database Username", + "hidden": "mariadb.enabled" + }, + "password": { + "type": "string", + "form": true, + "title": "Database Password", + "hidden": "mariadb.enabled" + }, + "database": { + "type": "string", + "form": true, + "title": "Database Name", + "hidden": "mariadb.enabled" + }, + "port": { + "type": "integer", + "form": true, + "title": "Database Port", + "hidden": "mariadb.enabled" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Pod Security Context", + "description": "When disabled, an initContainer will be used to set required folder permissions", + "form": true + } + } + } + } +} diff --git a/charts/ghost/values.yaml b/charts/ghost/values.yaml index 2b707c8397..7b5faecabd 100755 --- a/charts/ghost/values.yaml +++ b/charts/ghost/values.yaml @@ -1,36 +1,63 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + ## Bitnami Ghost image version ## ref: https://hub.docker.com/r/bitnami/ghost/tags/ ## -image: bitnami/ghost:1.21.5-r0 +image: + registry: docker.io + repository: bitnami/ghost + tag: 3.1.1-debian-9-r0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName -## Busybox image used to configure volume permissions +## String to partially override ghost.fullname template (will maintain the release name) ## -volumePermissions: - image: - name: busybox - tag: 1.27.1 -# pullPolicy: +# nameOverride: -## Specify a imagePullPolicy -## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## String to fully override ghost.fullname template ## -# imagePullPolicy: +# fullnameOverride: -## Ghost host to create application URLs -## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## -# ghostHost: +volumePermissions: + image: + registry: docker.io + repository: bitnami/minideb + tag: stretch + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName -## Ghost port to create application URLs along with host. +## Ghost protocol, host, port and path to create application URLs ## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration ## -ghostPort: 80 - -## loadBalancerIP for the Ghost Service (optional, cloud specific) -## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer -## -# ghostLoadBalancerIP: +ghostProtocol: http +# ghostHost: +# ghostPort: +ghostPath: / ## User of the application ## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration @@ -55,7 +82,7 @@ ghostBlogTitle: User's Blog ## Set to `yes` to allow the container to be started with blank passwords ## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -allowEmptyPassword: yes +allowEmptyPassword: "yes" ## SMTP mail delivery configuration ## ref: https://github.com/bitnami/bitnami-docker-redmine/#smtp-configuration @@ -64,71 +91,101 @@ allowEmptyPassword: yes # smtpPort: # smtpUser: # smtpPassword: +# smtpFromAddress # smtpService: ## ## External database configuration ## externalDatabase: + ## All of these values are only used when mariadb.enabled is set to false ## Database host - # host: + host: localhost - ## Database user - # user: bn_ghost + ## non-root Username for Wordpress Database + user: bn_ghost ## Database password - # password: + password: "" ## Database name - # database: bitnami_ghost + database: bitnami_ghost + + ## Database port number + port: 3306 ## ## MariaDB chart configuration ## +## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml +## mariadb: - ## Whether to use the database specified as a requirement or not. For example, to configure the chart with an existing database server. + ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters enabled: true + ## Disable MariaDB replication + replication: + enabled: false - ## MariaDB admin password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run - ## - # mariadbRootPassword: - ## Create a database - - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - mariadbDatabase: bitnami_ghost - - ## Create a database user + ## Create a database and a database user ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run ## - mariadbUser: bn_ghost + db: + name: bitnami_ghost + user: bn_ghost + ## If the password is not specified, mariadb will generates a random password + ## + # password: - ## Password for mariadbUser - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run + ## MariaDB admin password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run ## - # mariadbPassword: + # rootUser: + # password: ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 8Gi + master: + persistence: + enabled: true + ## mariadb data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 8Gi ## Kubernetes configuration ## For minikube, set this to NodePort, elsewhere use LoadBalancer ## -serviceType: LoadBalancer +service: + type: LoadBalancer + # HTTP Port + port: 80 + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + nodePorts: + http: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## Service annotations done as key:value pairs + annotations: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ @@ -145,6 +202,7 @@ persistence: # storageClass: "-" accessMode: ReadWriteOnce size: 8Gi + path: /bitnami ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -153,3 +211,66 @@ resources: requests: memory: 512Mi cpu: 300m + +## Configure the ingress resource that allows you to access the +## Ghost installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Set this to true in order to add the corresponding annotations for cert-manager + certManager: false + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: + - name: ghost.local + path: / + + ## Set this to true in order to enable TLS on the ingress record + tls: false + + ## Optionally specify the TLS hosts for the ingress record + ## Useful when the Ingress controller supports www-redirection + ## If not specified, the above host name will be used + # tlsHosts: + # - www.ghost.local + # - ghost.local + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: ghost.local-tls + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: ghost.local-tls + # key: + # certificate: + +## Node selector for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## +nodeSelector: {} + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} diff --git a/releases/ghost.yaml b/releases/ghost.yaml index f987917ca2..070b2daeb4 100644 --- a/releases/ghost.yaml +++ b/releases/ghost.yaml @@ -6,7 +6,7 @@ metadata: namespace: demo annotations: fluxcd.io/automated: "false" - fluxcd.io/tag.chart-image: glob:1.21.* + fluxcd.io/tag.chart-image: glob:3.1.1-debian-9-* spec: releaseName: ghost chart: @@ -14,14 +14,16 @@ spec: ref: master path: charts/ghost values: - image: bitnami/ghost:1.21.5-r0 + image: bitnami/ghost:3.1.1-debian-9-r0 persistence: enabled: false resources: requests: memory: 32Mi cpu: 10m - serviceType: ClusterIP + service: + type: ClusterIP mariadb: - persistence: - enabled: false + master: + persistence: + enabled: false diff --git a/releases/mongodb.yaml b/releases/mongodb.yaml index 39dc5af898..369ef1923a 100644 --- a/releases/mongodb.yaml +++ b/releases/mongodb.yaml @@ -12,11 +12,11 @@ spec: chart: repository: https://kubernetes-charts.storage.googleapis.com/ name: mongodb - version: 4.9.0 + version: 7.6.3 values: image: repository: bitnami/mongodb - tag: 4.0.3 + tag: 4.0.13 usePassword: false persistence: enabled: false diff --git a/releases/redis.yaml b/releases/redis.yaml index 4a7b621ebc..d4f2a13ea5 100644 --- a/releases/redis.yaml +++ b/releases/redis.yaml @@ -6,7 +6,7 @@ metadata: namespace: demo annotations: fluxcd.io/automated: "true" - fluxcd.io/tag.chart-image: semver:~4.0 + fluxcd.io/tag.chart-image: semver:~5.0 fluxcd.io/locked: "true" fluxcd.io/locked_msg: "Halt updates for now" fluxcd.io/locked_user: "Stefan Prodan " @@ -15,7 +15,7 @@ spec: chart: repository: https://kubernetes-charts.storage.googleapis.com/ name: redis - version: 5.1.3 + version: 10.3.1 valueFileSecrets: # the redis-auth secret contains the password value - name: redis-auth @@ -23,7 +23,7 @@ spec: usePassword: true image: repository: bitnami/redis - tag: 4.0.12 + tag: 5.0.7 service: type: ClusterIP port: 6379 diff --git a/workloads/podinfo-dep.yaml b/workloads/podinfo-dep.yaml index dadbca9fea..8d46660524 100644 --- a/workloads/podinfo-dep.yaml +++ b/workloads/podinfo-dep.yaml @@ -9,7 +9,7 @@ metadata: annotations: fluxcd.io/automated: "true" fluxcd.io/tag.init: regex:^3.10.* - fluxcd.io/tag.podinfod: semver:~2.1 + fluxcd.io/tag.podinfod: semver:~3.1 spec: strategy: rollingUpdate: @@ -22,6 +22,7 @@ spec: metadata: annotations: prometheus.io/scrape: "true" + prometheus.io/port: "9797" labels: app: podinfo spec: @@ -33,21 +34,30 @@ spec: - "1" containers: - name: podinfod - image: stefanprodan/podinfo:2.1.0 + image: stefanprodan/podinfo:3.1.0 imagePullPolicy: IfNotPresent ports: - - containerPort: 9898 - name: http - protocol: TCP + - name: http + containerPort: 9898 + protocol: TCP + - name: http-metrics + containerPort: 9797 + protocol: TCP + - name: grpc + containerPort: 9999 + protocol: TCP command: - - ./podinfo - - --port=9898 - - --level=info - - --random-delay=false - - --random-error=false + - ./podinfo + - --port=9898 + - --port-metrics=9797 + - --grpc-port=9999 + - --grpc-service-name=podinfo + - --level=info + - --random-delay=false + - --random-error=false env: - - name: PODINFO_UI_MESSAGE - value: "Greetings human!" + - name: PODINFO_UI_COLOR + value: "#34577c" livenessProbe: httpGet: path: /healthz