diff --git a/CHANGELOG.md b/CHANGELOG.md index dc06836..c89f401 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,11 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.1.0...HEAD) +## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.1.1...HEAD) + +## [1.1.1] - 2024-05-02 +### Fixed +- [#83](https://github.com/passbolt/charts-passbolt/issues/83) Database hostname and port should be quoted when using external databases ## [1.1.0] - 2024-04-26 diff --git a/Chart.yaml b/Chart.yaml index 009b24d..85cd649 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.0 +version: 1.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 4.6.2-1-ce +appVersion: 4.7.0-1-ce dependencies: - name: passbolt-library version: 0.2.7 diff --git a/README.md b/README.md index 0d6cade..f18e3a2 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ passbolt sails kubernetes -![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2-1-ce](https://img.shields.io/badge/AppVersion-4.6.2--1--ce-informational?style=flat-square) +![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.7.0-1-ce](https://img.shields.io/badge/AppVersion-4.7.0--1--ce-informational?style=flat-square) Passbolt is an open source, security first password manager with strong focus on collaboration. @@ -96,143 +96,143 @@ chart and deletes the release. ## Requirements | Repository | Name | Version | -| ----------------------------------------------------- | ---------------- | ------- | +|-------------------------------------------------------|------------------|---------| | https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | | https://charts.bitnami.com/bitnami | redis | 17.15.2 | | https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | ## Values -| Key | Type | Default | Description | -| ------------------------------------------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| affinity | object | `{}` | Configure passbolt deployment affinity | -| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | -| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | -| app.cache.redis.sentinelProxy.image | object | `{"registry":"","repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | -| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | -| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | -| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | -| app.database.kind | string | `"mariadb"` | | -| app.databaseInitContainer | object | `{"enabled":true}` | Configure pasbolt deployment init container that waits for database | -| app.databaseInitContainer.enabled | bool | `true` | Toggle pasbolt deployment init container that waits for database | -| app.extraPodLabels | object | `{}` | | -| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | -| app.image.registry | string | `""` | Configure pasbolt deployment image repsitory | -| app.image.repository | string | `"passbolt/passbolt"` | | -| app.image.tag | string | `"4.6.2-1-ce"` | Overrides the image tag whose default is the chart appVersion. | -| app.resources | object | `{}` | | -| app.tls | object | `{}` | | -| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | -| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | -| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | -| cronJobEmail | object | `{"enabled":true,"extraPodLabels":{},"schedule":"* * * * *"}` | Enable email cron | -| extraVolumeMounts | list | `[]` | Add additional volume mounts, e.g. for overwriting config files | -| extraVolumes | list | `[]` | Add additional volumes, e.g. for overwriting config files | -| fullnameOverride | string | `""` | Value to override the whole fullName | -| global.imagePullSecrets | list | `[]` | | -| global.imageRegistry | string | `""` | | -| gpgExistingSecret | string | `""` | Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys. | -| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | -| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | -| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | -| imagePullSecrets | list | `[]` | Configure image pull secrets | -| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | -| ingress.enabled | bool | `false` | Enable passbolt ingress | -| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | -| ingress.tls | list | `[]` | Configure passbolt ingress tls | -| jobCreateGpgKeys.extraPodLabels | object | `{}` | | -| jobCreateJwtKeys.extraPodLabels | object | `{}` | | -| jwtCreateKeysForced | bool | `false` | Forces overwrite JWT keys | -| jwtExistingSecret | string | `""` | Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys. | -| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | -| jwtServerPrivate | string | `""` | JWT server private key in base64 | -| jwtServerPublic | string | `""` | JWT server public key in base64 | -| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | -| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | -| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | -| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | -| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | -| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | -| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | -| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | -| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | -| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | -| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | -| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | -| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | -| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | -| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | -| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | -| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | -| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | -| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | -| nameOverride | string | `""` | Value to override the chart name on default | -| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | -| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | -| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | -| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | -| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | -| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | -| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | -| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | -| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | -| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | -| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | -| passboltEnv.plain.EMAIL_DEFAULT_FROM_NAME | string | `"Passbolt"` | Configure passbolt default email from name | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TIMEOUT | int | `30` | Configure passbolt default email timeout | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | -| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | -| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | -| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | -| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | -| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | -| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | -| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | -| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | -| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | -| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | -| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | -| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | -| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | -| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | -| postgresqlDependencyEnabled | bool | `false` | Install mariadb as a depending chart | -| rbacEnabled | bool | `true` | Enable role based access control | -| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | -| redis.auth.enabled | bool | `true` | Enable redis authentication | -| redis.auth.password | string | `"CHANGEME"` | Configure redis password | -| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | -| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | -| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | -| service.annotations | object | `{}` | Annotations to add to the service | -| service.ports | object | `{"http":{"name":"http","port":80,"targetPort":80},"https":{"name":"https","port":443,"targetPort":443}}` | Configure the service ports | -| service.ports.http.name | string | `"http"` | Configure passbolt HTTP service port name | -| service.ports.http.port | int | `80` | Configure passbolt HTTP service port | -| service.ports.http.targetPort | int | `80` | Configure passbolt HTTP service targetPort | -| service.ports.https | object | `{"name":"https","port":443,"targetPort":443}` | Configure the HTTPS port | -| service.ports.https.name | string | `"https"` | Configure passbolt HTTPS service port name | -| service.ports.https.port | int | `443` | Configure passbolt HTTPS service port | -| service.ports.https.targetPort | int | `443` | Configure passbolt HTTPS service targetPort | -| service.type | string | `"ClusterIP"` | Configure passbolt service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| tolerations | list | `[]` | Configure passbolt deployment tolerations | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Configure passbolt deployment affinity | +| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | +| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | +| app.cache.redis.sentinelProxy.image | object | `{"registry":"","repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | +| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | +| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | +| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | +| app.database.kind | string | `"mariadb"` | | +| app.databaseInitContainer | object | `{"enabled":true}` | Configure pasbolt deployment init container that waits for database | +| app.databaseInitContainer.enabled | bool | `true` | Toggle pasbolt deployment init container that waits for database | +| app.extraPodLabels | object | `{}` | | +| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | +| app.image.registry | string | `""` | Configure pasbolt deployment image repsitory | +| app.image.repository | string | `"passbolt/passbolt"` | | +| app.image.tag | string | `"4.6.2-1-ce"` | Overrides the image tag whose default is the chart appVersion. | +| app.resources | object | `{}` | | +| app.tls | object | `{}` | | +| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | +| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | +| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | +| cronJobEmail | object | `{"enabled":true,"extraPodLabels":{},"schedule":"* * * * *"}` | Enable email cron | +| extraVolumeMounts | list | `[]` | Add additional volume mounts, e.g. for overwriting config files | +| extraVolumes | list | `[]` | Add additional volumes, e.g. for overwriting config files | +| fullnameOverride | string | `""` | Value to override the whole fullName | +| global.imagePullSecrets | list | `[]` | | +| global.imageRegistry | string | `""` | | +| gpgExistingSecret | string | `""` | Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys. | +| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | +| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | +| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | +| imagePullSecrets | list | `[]` | Configure image pull secrets | +| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | +| ingress.enabled | bool | `false` | Enable passbolt ingress | +| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | +| ingress.tls | list | `[]` | Configure passbolt ingress tls | +| jobCreateGpgKeys.extraPodLabels | object | `{}` | | +| jobCreateJwtKeys.extraPodLabels | object | `{}` | | +| jwtCreateKeysForced | bool | `false` | Forces overwrite JWT keys | +| jwtExistingSecret | string | `""` | Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys. | +| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | +| jwtServerPrivate | string | `""` | JWT server private key in base64 | +| jwtServerPublic | string | `""` | JWT server public key in base64 | +| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | +| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | +| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | +| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | +| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | +| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | +| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | +| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | +| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | +| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | +| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | +| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | +| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | +| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | +| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | +| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | +| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | +| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | +| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | +| nameOverride | string | `""` | Value to override the chart name on default | +| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | +| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | +| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | +| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | +| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | +| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | +| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | +| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | +| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | +| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | +| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | +| passboltEnv.plain.EMAIL_DEFAULT_FROM_NAME | string | `"Passbolt"` | Configure passbolt default email from name | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TIMEOUT | int | `30` | Configure passbolt default email timeout | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | +| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | +| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | +| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | +| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | +| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | +| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | +| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | +| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | +| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | +| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | +| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | +| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | +| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | +| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | +| postgresqlDependencyEnabled | bool | `false` | Install mariadb as a depending chart | +| rbacEnabled | bool | `true` | Enable role based access control | +| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | +| redis.auth.enabled | bool | `true` | Enable redis authentication | +| redis.auth.password | string | `"CHANGEME"` | Configure redis password | +| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | +| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | +| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | +| service.annotations | object | `{}` | Annotations to add to the service | +| service.ports | object | `{"http":{"name":"http","port":80,"targetPort":80},"https":{"name":"https","port":443,"targetPort":443}}` | Configure the service ports | +| service.ports.http.name | string | `"http"` | Configure passbolt HTTP service port name | +| service.ports.http.port | int | `80` | Configure passbolt HTTP service port | +| service.ports.http.targetPort | int | `80` | Configure passbolt HTTP service targetPort | +| service.ports.https | object | `{"name":"https","port":443,"targetPort":443}` | Configure the HTTPS port | +| service.ports.https.name | string | `"https"` | Configure passbolt HTTPS service port name | +| service.ports.https.port | int | `443` | Configure passbolt HTTPS service port | +| service.ports.https.targetPort | int | `443` | Configure passbolt HTTPS service targetPort | +| service.type | string | `"ClusterIP"` | Configure passbolt service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| tolerations | list | `[]` | Configure passbolt deployment tolerations | ## Running tests diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 0118794..5d20d33 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,4 +1,4 @@ -Announcing the immediate availability of passbolt's helm chart 1.1.0. +Announcing the immediate availability of passbolt's helm chart 1.1.1 -This is a minor change release that fixes a bug when forcing the passboltEnv.DATASOURCES_DEFAULT_PORT on values file -and adds the passbolt with postgresql integration tests. +This is a minor change release that fixes bugs reported by the community when +using passbolt with an external postgresql database. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index fd8426e..eb1cfd3 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -93,7 +93,7 @@ Render the value of the database port {{- else if and ( eq .Values.postgresqlDependencyEnabled true ) ( eq .Values.app.database.kind "postgresql" ) }} {{- default 5432 .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | quote }} {{- else if ( hasKey .Values.passboltEnv.plain "DATASOURCES_DEFAULT_PORT" ) -}} -{{- printf "%s" (.Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | toString )}} +{{- .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | quote }} {{- else }} {{- fail "DATASOURCES_DEFAULT_PORT can't be empty when mariadbDependencyEnabled and postgresqlDependencyEnabled are disabled"}} {{- end }} diff --git a/tests/initContainer_quoted_port_test.yaml b/tests/initContainer_quoted_port_test.yaml new file mode 100644 index 0000000..841a2e3 --- /dev/null +++ b/tests/initContainer_quoted_port_test.yaml @@ -0,0 +1,61 @@ +--- +suite: deployment initContainer port quoted +release: + name: test +tests: + - it: should contain a quoted host when postgresql dependency is enabled + templates: + - deployment.yaml + set: + app.database.kind: "postgresql" + postgresqlDependencyEnabled: true + mariadbDependencyEnabled: false + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: DATASOURCES_DEFAULT_HOST + value: test-postgresql + - it: should contain a quoted port when postgresql dependency is enabled + templates: + - deployment.yaml + set: + app.database.kind: "postgresql" + postgresqlDependencyEnabled: true + mariadbDependencyEnabled: false + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: DATASOURCES_DEFAULT_PORT + value: "5432" + - it: should contain a quoted host when using external psql installation + templates: + - deployment.yaml + set: + app.database.kind: "postgresql" + postgresqlDependencyEnabled: false + mariadbDependencyEnabled: false + passboltEnv.plain.DATASOURCES_DEFAULT_HOST: 127.0.0.1 + passboltEnv.plain.DATASOURCES_DEFAULT_PORT: 5432 + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: DATASOURCES_DEFAULT_HOST + value: "127.0.0.1" + - it: should contain a quoted port when using external psql installation + templates: + - deployment.yaml + set: + app.database.kind: "postgresql" + postgresqlDependencyEnabled: false + mariadbDependencyEnabled: false + passboltEnv.plain.DATASOURCES_DEFAULT_HOST: 127.0.0.1 + passboltEnv.plain.DATASOURCES_DEFAULT_PORT: 5432 + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: DATASOURCES_DEFAULT_PORT + value: "5432"