From 5a5c87f72c070bc14e4b26427a933d1f1785ac0a Mon Sep 17 00:00:00 2001 From: Marcos Bjoerkelund Date: Tue, 5 Jan 2021 18:53:18 +0100 Subject: [PATCH] [bitnami/owncloud] NEW MAJOR: migrate to non-root + good practices (#4849) * [bitnami/owncloud] NEW MAJOR: migrate to non-root + good practices * implement changes from #4695 * fix persistence issues * fix container image tag * [bitnami/owncloud] Update components versions Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/owncloud/Chart.lock | 9 +- bitnami/owncloud/Chart.yaml | 9 +- bitnami/owncloud/README.md | 356 ++++++++---- bitnami/owncloud/ci/ct-values.yaml | 7 + .../ci/values-with-host-and-ingress.yaml | 17 + bitnami/owncloud/templates/NOTES.txt | 57 +- bitnami/owncloud/templates/_certificates.tpl | 69 ++- bitnami/owncloud/templates/_helpers.tpl | 172 +----- bitnami/owncloud/templates/deployment.yaml | 383 ++++++++----- .../templates/externaldb-secrets.yaml | 17 +- bitnami/owncloud/templates/extra-list.yaml | 4 + bitnami/owncloud/templates/ingress.yaml | 72 +-- bitnami/owncloud/templates/metrics-svc.yaml | 32 ++ bitnami/owncloud/templates/owncloud-pvc.yaml | 18 - bitnami/owncloud/templates/pv.yaml | 21 + bitnami/owncloud/templates/pvc.yaml | 24 + bitnami/owncloud/templates/secrets.yaml | 26 +- bitnami/owncloud/templates/svc.yaml | 45 +- bitnami/owncloud/templates/tls-secrets.yaml | 44 ++ bitnami/owncloud/values.yaml | 505 ++++++++++++++---- 20 files changed, 1272 insertions(+), 615 deletions(-) create mode 100644 bitnami/owncloud/ci/values-with-host-and-ingress.yaml create mode 100644 bitnami/owncloud/templates/extra-list.yaml create mode 100644 bitnami/owncloud/templates/metrics-svc.yaml delete mode 100644 bitnami/owncloud/templates/owncloud-pvc.yaml create mode 100644 bitnami/owncloud/templates/pv.yaml create mode 100644 bitnami/owncloud/templates/pvc.yaml create mode 100644 bitnami/owncloud/templates/tls-secrets.yaml diff --git a/bitnami/owncloud/Chart.lock b/bitnami/owncloud/Chart.lock index 8ee8582831..c782aab3a0 100644 --- a/bitnami/owncloud/Chart.lock +++ b/bitnami/owncloud/Chart.lock @@ -1,6 +1,9 @@ dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.2.3 - name: mariadb repository: https://charts.bitnami.com/bitnami - version: 9.1.4 -digest: sha256:27eadff2e0823907e6e289622e5bc2ff83500f165e42ccd038b7820749a00fe2 -generated: "2020-12-17T07:57:10.911096627Z" + version: 9.2.0 +digest: sha256:c5755985765848812be6b046d49236b8dfa24f25ed88b16ab6ff99ea06b730ea +generated: "2021-01-05T16:21:27.936215887Z" diff --git a/bitnami/owncloud/Chart.yaml b/bitnami/owncloud/Chart.yaml index e5243adc05..66a79e3aed 100644 --- a/bitnami/owncloud/Chart.yaml +++ b/bitnami/owncloud/Chart.yaml @@ -3,9 +3,16 @@ annotations: apiVersion: v2 appVersion: 10.6.0 dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x - condition: mariadb.enabled name: mariadb repository: https://charts.bitnami.com/bitnami + tags: + - owncloud-database version: 9.x.x description: A file sharing server that puts the control and security of your own data back into your hands. engine: gotpl @@ -24,4 +31,4 @@ name: owncloud sources: - https://github.com/bitnami/bitnami-docker-owncloud - https://owncloud.org/ -version: 9.0.1 +version: 10.0.0 diff --git a/bitnami/owncloud/README.md b/bitnami/owncloud/README.md index 8fe449822e..a68a0cfc27 100644 --- a/bitnami/owncloud/README.md +++ b/bitnami/owncloud/README.md @@ -48,93 +48,189 @@ The command removes all the Kubernetes components associated with the chart and ## Parameters -The following table lists the configurable parameters of the ownCloud chart and their default values. +The following table lists the configurable parameters of the ownCloud chart and their default values per section/component: -| Parameter | Description | Default | -|--------------------------------------|-------------------------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | ownCloud image registry | `docker.io` | -| `image.repository` | ownCloud Image name | `bitnami/owncloud` | -| `image.tag` | ownCloud Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `nameOverride` | String to partially override owncloud.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override owncloud.fullname template with a string | `nil` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.hosts.certManager` | Add annotations for cert-manager | `false` | -| `ingress.annotations` | Annotations for this host's ingress record | `[]` | -| `ingress.hosts[0].name` | Hostname to your ownCloud installation | `owncloud.local` | -| `ingress.hosts[0].path` | Path within the url structure | `/` | -| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | -| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `owncloud.local-tls-secret` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | -| `networkPolicyApiVersion` | The kubernetes network API version | `extensions/v1beta1` | -| `owncloudHost` | ownCloud host to create application URLs | `nil` | -| `owncloudLoadBalancerIP` | `loadBalancerIP` for the owncloud Service | `nil` | -| `owncloudUsername` | User of the application | `user` | -| `owncloudPassword` | Application password | Randomly generated | -| `owncloudEmail` | Admin email | `user@example.com` | -| `externalDatabase.host` | Host of the external database | `nil` | -| `allowEmptyPassword` | Allow DB blank passwords | `yes` | -| `serviceType` | Kubernetes Service type | `LoadBalancer` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.owncloud.storageClass` | PVC Storage Class for ownCloud volume | `nil` (uses alpha storage class annotation) | -| `persistence.owncloud.existingClaim` | An Existing PVC name for ownCloud volume | `nil` (uses alpha storage class annotation) | -| `persistence.owncloud.accessMode` | PVC Access Mode for ownCloud volume | `ReadWriteOnce` | -| `persistence.owncloud.size` | PVC Storage Request for ownCloud volume | `8Gi` | -| `updateStrategy.type` | Owncloud deployment strategy | `RollingUpdate` | -| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | -| `podAnnotations` | Pod annotations | `{}` | -| `affinity` | Map of node/pod affinities | `{}` | -| `extraEnvVars` | Pass extra environment variables to the image | `[]` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | -| `metrics.resources` | Exporter resource requests/limit | {} | -| `certificates.customCertificate.certificateSecret`| Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation`| Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation`| Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation`| Location in the container to store the certificate chain | `/etc/ssl/certs/chain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image | `bitnami/minideb` | -| `certificates.image.tag` | Container sidecar image tag | `buster` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `image.pullSecrets` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` | +### Global parameters + +| Parameter | Description | Default | +|---------------------------|-------------------------------------------------|---------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | + +### Common parameters + +| Parameter | Description | Default | +|---------------------|------------------------------------------------------------------------------|---------------------------------------------------------| +| `image.registry` | ownCloud image registry | `docker.io` | +| `image.repository` | ownCloud Image name | `bitnami/owncloud` | +| `image.tag` | ownCloud Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | ownCloud image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `nameOverride` | String to partially override owncloud.fullname template | `nil` | +| `fullnameOverride` | String to fully override owncloud.fullname template | `nil` | +| `commonLabels` | Labels to add to all deployed objects | `nil` | +| `commonAnnotations` | Annotations to add to all deployed objects | `[]` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` | + +### ownCloud parameters + +| Parameter | Description | Default | +|--------------------------------------|-----------------------------------------------------------------------------------------------------------------------|------------------------------------------------| +| `affinity` | Map of node/pod affinities | `{}` | +| `allowEmptyPassword` | Allow DB blank passwords | `yes` | +| `args` | Override default container args (useful when using custom images) | `nil` | +| `command` | Override default container command (useful when using custom images) | `nil` | +| `containerPorts.http` | Sets http port inside NGINX container | `8080` | +| `containerPorts.https` | Sets https port inside NGINX container | `8443` | +| `containerSecurityContext.enabled` | Enable ownCloud containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | ownCloud containers' Security Context | `1001` | +| `customLivenessProbe` | Override default liveness probe | `nil` | +| `customReadinessProbe` | Override default readiness probe | `nil` | +| `customStartupProbe` | Override default startup probe | `nil` | +| `existingSecret` | Name of a secret with the application password | `nil` | +| `extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` | +| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` | +| `extraEnvVars` | Extra environment variables | `nil` | +| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `nil` | +| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `nil` | +| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `nil` | +| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `` | +| `livenessProbe` | Liveness probe configuration | `Check values.yaml file` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) | +| `owncloudHost` | ownCloud host to create application URLs (when ingress, it will be ignored) | `nil` | +| `owncloudUsername` | User of the application | `user` | +| `owncloudPassword` | Application password | _random 10 character alphanumeric string_ | +| `owncloudEmail` | Admin email | `user@example.com` | +| `owncloudSkipInstall` | Skip ownCloud installation wizard (`no` / `yes`) | `false` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Add additional labels to the pod (evaluated as a template) | `nil` | +| `podSecurityContext.enabled` | Enable ownCloud pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | ownCloud pods' group ID | `1001` | +| `readinessProbe` | Readiness probe configuration | `Check values.yaml file` | +| `replicaCount` | Number of ownCloud Pods to run | `1` | +| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | +| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `nil` | +| `smtpHost` | SMTP host | `nil` | +| `smtpPort` | SMTP port | `nil` (but owncloud internal default is 25) | +| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `nil` | +| `smtpUser` | SMTP user | `nil` | +| `smtpPassword` | SMTP password | `nil` | +| `startupProbe` | Startup probe configuration | `Check values.yaml file` | +| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) | +| `updateStrategy` | Deployment update strategy | `nil` | ### Database parameters -| Parameter | Description | Default | -|--------------------------------------------|-------------------------------------------------------|------------------------------------------------| -| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | -| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | _random 10 character alphanumeric string_ | -| `mariadb.auth.database` | Database name to create | `bitnami_owncloud` | -| `mariadb.auth.username` | Database user to create | `bn_owncloud` | -| `mariadb.auth.password` | Password for the database | _random 10 character long alphanumeric string_ | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.accessMode` | Database Persistent Volume Access Modes | `ReadWriteOnce` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.existingClaim`| Enable persistence using an existing PVC | `nil` | -| `mariadb.primary.persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | -| `mariadb.primary.persistence.hostPath` | Host mount path for MariaDB volume | `nil` (will not mount to a host path) | -| `externalDatabase.user` | Existing username in the external db | `bn_owncloud` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.database` | Name of the existing database | `bitnami_owncloud` | -| `externalDatabase.host` | Host of the existing database | `nil` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.existingSecret` | Name of the database existing Secret Object | `nil` | +| Parameter | Description | Default | +|---------------------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------| +| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | +| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | +| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | _random 10 character alphanumeric string_ | +| `mariadb.auth.database` | Database name to create | `bitnami_owncloud` | +| `mariadb.auth.username` | Database user to create | `bn_owncloud` | +| `mariadb.auth.password` | Password for the database | _random 10 character long alphanumeric string_ | +| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | +| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `nil` | +| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `[ReadWriteOnce]` | +| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | +| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `nil` | +| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `nil` | +| `externalDatabase.user` | Existing username in the external db | `bn_owncloud` | +| `externalDatabase.password` | Password for the above username | `""` | +| `externalDatabase.database` | Name of the existing database | `bitnami_owncloud` | +| `externalDatabase.host` | Host of the existing database | `nil` | +| `externalDatabase.port` | Port of the existing database | `3306` | + +### Persistence parameters + +| Parameter | Description | Default | +|---------------------------------------------|-------------------------------------------------------------------------------------------------------|----------------------------------------------------------------| +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for ownCloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.existingClaim` | An Existing PVC name for ownCloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.hostPath` | Host mount path for ownCloud volume | `nil` (will not mount to a host path) | +| `persistence.accessMode` | PVC Access Mode for ownCloud volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for ownCloud volume | `8Gi` | + +### Volume Permissions parameters + +| Parameter | Description | Default | +|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.resources` | Init container resource requests/limit | `nil` | + +### Traffic Exposure Parameters + +| Parameter | Description | Default | +|----------------------------------|---------------------------------------------|--------------------| +| `service.type` | Kubernetes Service type | `LoadBalancer` | +| `service.loadBalancerIP` | Kubernetes LoadBalancerIP to request | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.httpsPort` | Service HTTPS port | `443` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.nodePorts.http` | Kubernetes http node port | `""` | +| `service.nodePorts.https` | Kubernetes https node port | `""` | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.hostname` | Default host for the ingress resource | `owncloud.local` | +| `ingress.tls` | Enable TLS for `ingress.hostname` parameter | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.extraHosts[0].name` | Hostname to your ownCloud installation | `nil` | +| `ingress.extraHosts[0].path` | Path within the url structure | `nil` | +| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hosts | `nil` | +| `ingress.extraTls[0].secretName` | TLS Secret (certificates) | `nil` | +| `ingress.secrets[0].name` | TLS Secret Name | `nil` | +| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | +| `ingress.secrets[0].key` | TLS Secret Key | `nil` | + +### Metrics parameters + +| Parameter | Description | Default | +|-------------------------------|--------------------------------------------------|--------------------------------------------------------------| +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Apache exporter image registry | `docker.io` | +| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | +| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `metrics.service.type` | Prometheus metrics service type | `LoadBalancer` | +| `metrics.service.port` | Service Metrics port | `9117` | +| `metrics.service.annotations` | Annotations for enabling prometheus scraping | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | +| `metrics.resources` | Exporter resource requests/limit | `{}` | + +### Certificate injection parameters + +| Parameter | Description | Default | +|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | +| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | +| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | +| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | +| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | +| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/chain.pem` | +| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | +| `certificates.image.registry` | Container sidecar registry | `docker.io` | +| `certificates.image.repository` | Container sidecar image | `bitnami/minideb` | +| `certificates.image.tag` | Container sidecar image tag | `buster` | +| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | +| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `image.pullSecrets` | +| `certificates.args` | Override default container args (useful when using custom images) | `nil` | +| `certificates.command` | Override default container command (useful when using custom images) | `nil` | +| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` | +| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` | +| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` | The above parameters map to the env variables defined in [bitnami/owncloud](http://github.com/bitnami/bitnami-docker-owncloud). For more information please refer to the [bitnami/owncloud](http://github.com/bitnami/bitnami-docker-owncloud) image documentation. @@ -156,7 +252,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console $ helm install my-release \ - --set owncloudUsername=admin,owncloudPassword=password,mariadb.mariadbRootPassword=secretpassword \ + --set owncloudUsername=admin,owncloudPassword=password,mariadb.auth.rootPassword=secretpassword \ bitnami/owncloud ``` @@ -178,14 +274,66 @@ It is strongly recommended to use immutable tags in a production environment. Th Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. +### Image + +The `image` parameter allows specifying which image will be pulled for the chart. + +#### Private registry + +If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). + +1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. +1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: + + ```yaml + imagePullSecrets: + - name: SECRET_NAME + ``` + +1. Install the chart + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `affinity` paremeter. Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + ## Persistence The [Bitnami ownCloud](https://github.com/bitnami/bitnami-docker-owncloud) image stores the ownCloud data and configurations at the `/bitnami/owncloud` path of the container. -Persistent Volume Claims are used to keep the data across deployments. There is a [known issue](https://github.com/kubernetes/kubernetes/issues/39178) in Kubernetes Clusters with EBS in different availability zones. Ensure your cluster is configured properly to create Volumes in the same availability zone where the nodes are running. Kuberentes 1.12 solved this issue with the [Volume Binding Mode](https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode). - +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. See the [Parameters](#parameters) section to configure the PVC or to disable persistence. +### Existing PersistentVolumeClaim + +1. Create the PersistentVolume +1. Create the PersistentVolumeClaim +1. Install the chart + + ```bash + $ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/owncloud + ``` + +### Host path + +#### System compatibility + +- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. +- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). + +#### Mounting steps + +1. The specified `hostPath` directory must already exist (create one if it does not). +1. Install the chart + + ```bash + $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/owncloud + ``` + + This will mount the `owncloud-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. +1. Because the container cannot control the host machine's directory permissions, you must set the ownCloud file directory permissions yourself and disable or clear ownCloud cache. + ## CA Certificates Custom CA certificates not included in the base docker image can be added by means of existing secrets. The secret must exist in the same namespace and contain the desired CA certificates to import. By default, all found certificate files will be loaded. @@ -208,6 +356,32 @@ Find more information about how to deal with common errors related to Bitnami’ ## Upgrading +### To 10.0.0 + +In this major there were three main changes introduced: + +- Parameter standarizations +- Migration to non-root + +To upgrade to `8.0.0`, backup ownCloud data and the previous MariaDB databases, install a new ownCloud chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. + +**1. Chart standarizations** + +This upgrade adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. In summary: + +- Lots of new parameters were added, including SMTP configuration, for using existing DBs (`owncloudSkipInstall`), configuring security context, etc. +- Some parameters were renamed or disappeared in favor of new ones in this major version. For example, `persistence.owncloud.*` parameters were deprecated in favor of `persistence.*`. +- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +**2. Migration of the ownCloud image to non-root** + +The [Bitnami ownCloud](https://github.com/bitnami/bitnami-docker-owncloud) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. Consequences: + +- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. +- Backwards compatibility is not guaranteed. Uninstall & install the chart again to obtain the latest version. + +You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. + ### To 9.0.0 In this major there were two main changes introduced: @@ -261,9 +435,9 @@ export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=own Delete the ownCloud deployment and delete the MariaDB statefulset. Notice the option `--cascade=false` in the latter: ```console - $ kubectl delete deployments.apps owncloud +$ kubectl delete deployments.apps owncloud - $ kubectl delete statefulsets.apps owncloud-mariadb --cascade=false +$ kubectl delete statefulsets.apps owncloud-mariadb --cascade=false ``` Now the upgrade works: @@ -274,9 +448,9 @@ $ helm upgrade owncloud bitnami/owncloud --set mariadb.primary.persistence.exist You will have to delete the existing MariaDB pod and the new statefulset is going to create a new one - ```console - $ kubectl delete pod owncloud-mariadb-0 - ``` +```console +$ kubectl delete pod owncloud-mariadb-0 +``` Finally, you should see the lines below in MariaDB container logs: diff --git a/bitnami/owncloud/ci/ct-values.yaml b/bitnami/owncloud/ci/ct-values.yaml index b738e2a57a..046ebf0e68 100644 --- a/bitnami/owncloud/ci/ct-values.yaml +++ b/bitnami/owncloud/ci/ct-values.yaml @@ -1,2 +1,9 @@ service: type: ClusterIP +# Avoids issues with yamllint +livenessProbe: + httpGet: + httpHeaders: [] +readinessProbe: + httpGet: + httpHeaders: [] diff --git a/bitnami/owncloud/ci/values-with-host-and-ingress.yaml b/bitnami/owncloud/ci/values-with-host-and-ingress.yaml new file mode 100644 index 0000000000..5633d75161 --- /dev/null +++ b/bitnami/owncloud/ci/values-with-host-and-ingress.yaml @@ -0,0 +1,17 @@ +owncloudHost: owncloud.local +service: + type: ClusterIP +ingress: + enabled: true + tls: true + hostname: owncloud.local +metrics: + enabled: true +# Avoids issues with yamllint +livenessProbe: + httpGet: + httpHeaders: [] +readinessProbe: + httpGet: + httpHeaders: [] + diff --git a/bitnami/owncloud/templates/NOTES.txt b/bitnami/owncloud/templates/NOTES.txt index 59e05d76ca..fe6704d7b6 100644 --- a/bitnami/owncloud/templates/NOTES.txt +++ b/bitnami/owncloud/templates/NOTES.txt @@ -10,28 +10,28 @@ host. To configure ownCloud with the URL of your service: 1. Get the ownCloud URL by running: - {{- if contains "NodePort" .Values.service.type }} + {{- if eq .Values.service.type "NodePort" }} - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "owncloud.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") + export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - {{- else if contains "LoadBalancer" .Values.service.type }} + {{- else if eq .Values.service.type "LoadBalancer" }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "owncloud.fullname" . }}' + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "owncloud.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.fullname" . }} -o jsonpath="{.data.owncloud-password}" | base64 --decode) + export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.secretName" . }} -o jsonpath="{.data.owncloud-password}" | base64 --decode) + export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) {{- end }} - export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - export MARIADB_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) + export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.databaseSecretName" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) 2. Complete your ownCloud deployment by running: {{- if .Values.mariadb.enabled }} helm upgrade {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set owncloudHost=$APP_HOST,owncloudPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} + --set owncloudHost=$APP_HOST,owncloudPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} {{- else }} ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## @@ -45,20 +45,21 @@ host. To configure ownCloud with the URL of your service: {{- if eq .Values.service.type "ClusterIP" }} - echo "ownCloud URL: echo http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "owncloud.fullname" . }} 8080:{{ .Values.service.port }} + echo "ownCloud URL: http://127.0.0.1:8080/" + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} {{- else }} {{- $port:=.Values.service.port | toString }} - echo "ownCloud URL: http://$APP_HOST{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" + + echo "ownCloud URL: http://{{ include "owncloud.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" {{- end }} 2. Get your ownCloud login credentials by running: - echo User: {{ .Values.owncloudUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.fullname" . }} -o jsonpath="{.data.owncloud-password}" | base64 --decode) + echo Username : {{ .Values.owncloudUsername }} + echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.secretName" . }} -o jsonpath="{.data.owncloud-password}" | base64 --decode) {{- end }} {{- else -}} @@ -73,19 +74,19 @@ host. To configure ownCloud to use and external database host: 1. Complete your ownCloud deployment by running: -{{- if contains "NodePort" .Values.service.type }} +{{- if eq .Values.service.type "NodePort" }} export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if eq .Values.service.type "LoadBalancer" }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "owncloud.fullname" . }}' + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "owncloud.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") {{- else }} export APP_HOST=127.0.0.1 {{- end }} - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.fullname" . }} -o jsonpath="{.data.owncloud-password}" | base64 --decode) + export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "owncloud.secretName" . }} -o jsonpath="{.data.owncloud-password}" | base64 --decode) ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## @@ -93,9 +94,19 @@ host. To configure ownCloud to use and external database host: --set owncloudPassword=$APP_PASSWORD,owncloudHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} {{- end }} -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- $passwordValidationErrors := list -}} +{{- if not .Values.existingSecret -}} + {{- $secretName := include "owncloud.secretName" . -}} + {{- $requiredownCloudPassword := dict "valueKey" "owncloudPassword" "secret" $secretName "field" "owncloud-password" "context" $ -}} + {{- $requiredownCloudPasswordError := include "common.validations.values.single.empty" $requiredownCloudPassword -}} + {{- $passwordValidationErrors = append $passwordValidationErrors $requiredownCloudPasswordError -}} +{{- end -}} -{{- end }} +{{- $mariadbSecretName := include "owncloud.databaseSecretName" . -}} +{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} +{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/owncloud/templates/_certificates.tpl b/bitnami/owncloud/templates/_certificates.tpl index ec0610ae6e..ecc3dc9542 100644 --- a/bitnami/owncloud/templates/_certificates.tpl +++ b/bitnami/owncloud/templates/_certificates.tpl @@ -4,30 +4,14 @@ Return the proper image name used for setting up Certificates */}} {{- define "certificates.image" -}} -{{- $registryName := default .Values.certificates.image.registry .Values.image.registry -}} -{{- $repositoryName := .Values.certificates.image.repository -}} -{{- $tag := .Values.certificates.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} +{{ include "common.images.image" (dict "imageRoot" .Values.certificates.image "global" .Values.global) }} {{- end -}} {{- define "certificates.initContainer" -}} {{- if .Values.certificates.customCAs }} - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} + image: {{ include "certificates.image" . }} + imagePullPolicy: {{ .Values.certificates.image.pullPolicy }} {{- if .Values.image.pullSecrets}} imagePullSecrets: {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} @@ -35,25 +19,38 @@ Also, we can't use a single if because lazy evaluation is not an option {{- end }} {{- end }} command: - {{- if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - if command -v apk >/dev/null; then apk add --no-cache ca-certificates openssl && update-ca-certificates; - else apt-get update && apt-get install -y ca-certificates openssl; fi - {{- else }} - - sh - - -c - - if command -v apk >/dev/null; then apk add --no-cache ca-certificates openssl && update-ca-certificates; - else apt-get update && apt-get install -y ca-certificates openssl; fi - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out /etc/ssl/certs/ssl-cert-snakeoil.pem - -keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req + {{- if .Values.certificates.command }} + {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 4 }} + {{- else if .Values.certificates.customCertificate.certificateSecret }} + - sh + - -c + - if command -v apk >/dev/null; then apk add --no-cache ca-certificates openssl && update-ca-certificates; + else apt-get update && apt-get install -y ca-certificates openssl; fi + {{- else }} + - sh + - -c + - if command -v apk >/dev/null; then apk add --no-cache ca-certificates openssl && update-ca-certificates; + else apt-get update && apt-get install -y ca-certificates openssl; fi + && openssl req -new -x509 -days 3650 -nodes -sha256 + -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" + -out {{ .Values.certificates.customCertificate.certificateLocation }} + -keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req + {{- end }} + {{- if .Values.certificates.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 4 }} {{- end }} {{- if .Values.certificates.extraEnvVars }} - env: - {{- tpl (toYaml .Values.certificates.extraEnvVars) $ | nindent 2 }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 4 }} {{- end }} + envFrom: + {{- if .Values.certificates.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.certificates.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} + {{- end }} volumeMounts: - name: etc-ssl-certs mountPath: /etc/ssl/certs @@ -97,7 +94,7 @@ Also, we can't use a single if because lazy evaluation is not an option {{- end -}} {{- end -}} -{{- define "certificates.volumeMount" -}} +{{- define "certificates.volumeMounts" -}} {{- if .Values.certificates.customCAs }} - name: etc-ssl-certs mountPath: /etc/ssl/certs/ diff --git a/bitnami/owncloud/templates/_helpers.tpl b/bitnami/owncloud/templates/_helpers.tpl index 11940f7876..6382ba14cd 100644 --- a/bitnami/owncloud/templates/_helpers.tpl +++ b/bitnami/owncloud/templates/_helpers.tpl @@ -1,29 +1,3 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "owncloud.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "owncloud.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -47,157 +21,65 @@ Note, returns 127.0.0.1 if using ClusterIP. {{/* Gets the host to be used for this application. If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. +When using Ingress, it will be set to the Ingress hostname. */}} {{- define "owncloud.host" -}} +{{- if .Values.ingress.enabled }} +{{- $host := .Values.ingress.hostname | default "" -}} +{{- default (include "owncloud.serviceIP" .) $host -}} +{{- else -}} {{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} {{- default (include "owncloud.serviceIP" .) $host -}} {{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "owncloud.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Return the proper Owncloud image name +Return the proper certificate image name +*/}} +{{- define "certificates.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper ownCloud image name */}} {{- define "owncloud.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} {{- end -}} {{/* Return the proper image name (for the metrics image) */}} {{- define "owncloud.metrics.image" -}} -{{- $registryName := .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} {{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "owncloud.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} {{- end -}} {{/* Return the proper Docker Image Registry Secret Names */}} {{- define "owncloud.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} {{- end -}} {{/* Return the proper Storage Class */}} {{- define "owncloud.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.owncloud.storageClass -}} - {{- if (eq "-" .Values.persistence.owncloud.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.owncloud.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.owncloud.storageClass -}} - {{- if (eq "-" .Values.persistence.owncloud.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.owncloud.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} +{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} {{- end -}} {{/* -Return the appropriate apiVersion for deployment. +ownCloud credential secret name */}} -{{- define "owncloud.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "owncloud.tplValues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "owncloud.tplValues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- define "owncloud.secretName" -}} +{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} {{- end -}} {{/* @@ -257,6 +139,6 @@ Return the MariaDB Secret Name {{- else if .Values.externalDatabase.existingSecret -}} {{- printf "%s" .Values.externalDatabase.existingSecret -}} {{- else -}} - {{- printf "%s-%s" .Release.Name "externaldb" -}} + {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} {{- end -}} {{- end -}} diff --git a/bitnami/owncloud/templates/deployment.yaml b/bitnami/owncloud/templates/deployment.yaml index 663d32d9c9..78158d2c60 100644 --- a/bitnami/owncloud/templates/deployment.yaml +++ b/bitnami/owncloud/templates/deployment.yaml @@ -1,143 +1,264 @@ {{- if include "owncloud.host" . -}} -apiVersion: {{ template "owncloud.deployment.apiVersion" . }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ template "owncloud.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: selector: - matchLabels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - replicas: 1 -{{- if .Values.updateStrategy }} - strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} -{{- end }} + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + replicas: {{ .Values.replicaCount }} template: metadata: - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- if or .Values.podAnnotations .Values.metrics.enabled }} - annotations: - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} -{{ toYaml .Values.metrics.podAnnotations | indent 8 }} - {{- end }} -{{- end }} - spec: -{{- include "owncloud.imagePullSecrets" . | indent 6 }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "status.localhost" - initContainers: - {{- include "certificates.initContainer" . | indent 8 }} - containers: - - name: {{ template "owncloud.fullname" . }} - image: {{ template "owncloud.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: ALLOW_EMPTY_PASSWORD - value: {{ .Values.allowEmptyPassword | quote }} - - name: MARIADB_HOST - value: {{ include "owncloud.databaseHost" . | quote }} - - name: MARIADB_PORT_NUMBER - value: {{ include "owncloud.databasePort" . | quote }} - - name: OWNCLOUD_DATABASE_NAME - value: {{ include "owncloud.databaseName" . | quote }} - - name: OWNCLOUD_DATABASE_USER - value: {{ include "owncloud.databaseUser" . | quote }} - - name: OWNCLOUD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "owncloud.databaseSecretName" . }} - key: mariadb-password -{{- $port:=.Values.service.port | toString }} - - name: OWNCLOUD_HOST - value: "{{ include "owncloud.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}" - - name: OWNCLOUD_USERNAME - value: {{ default "" .Values.owncloudUsername | quote }} - - name: OWNCLOUD_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "owncloud.fullname" . }} - key: owncloud-password - - name: OWNCLOUD_EMAIL - value: {{ default "" .Values.owncloudEmail | quote }} - {{- if .Values.extraEnvVars }} - {{- include "owncloud.tplValues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 8 }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} {{- end }} - ports: - - name: http - containerPort: 80 - livenessProbe: - httpGet: - path: /status.php - port: http - httpHeaders: - - name: Host - value: {{ include "owncloud.host" . | quote }} - initialDelaySeconds: 120 - timeoutSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /status.php - port: http - httpHeaders: - - name: Host - value: {{ include "owncloud.host" . | quote }} - initialDelaySeconds: 30 - timeoutSeconds: 3 - periodSeconds: 5 - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - {{- include "certificates.volumeMount" . | indent 8 }} - - name: owncloud-data - mountPath: /bitnami/owncloud -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "owncloud.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:80/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - {{ toYaml .Values.metrics.resources | indent 10 }} -{{- end }} - volumes: - {{- include "certificates.volumes" . | indent 6 }} - - name: owncloud-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.owncloud.existingClaim }}{{ .Values.persistence.owncloud.existingClaim }}{{- else }}{{ template "owncloud.fullname" . }}-owncloud{{- end }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "owncloud.imagePullSecrets" . | nindent 6 }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.affinity }} affinity: -{{ toYaml . | indent 8 }} + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "status.localhost" + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "owncloud.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - sh + - -c + - | + mkdir -p "/bitnami/owncloud" + chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/owncloud" + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: owncloud-data + mountPath: /bitnami/owncloud + {{- end }} + {{- include "certificates.initContainer" . | nindent 8 }} + containers: + - name: owncloud + image: {{ include "owncloud.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} + - name: APACHE_HTTP_PORT_NUMBER + value: {{ .Values.containerPorts.http | quote }} + - name: APACHE_HTTPS_PORT_NUMBER + value: {{ .Values.containerPorts.https | quote }} + - name: OWNCLOUD_DATABASE_HOST + value: {{ include "owncloud.databaseHost" . | quote }} + - name: OWNCLOUD_DATABASE_PORT_NUMBER + value: {{ include "owncloud.databasePort" . | quote }} + - name: OWNCLOUD_DATABASE_NAME + value: {{ include "owncloud.databaseName" . | quote }} + - name: OWNCLOUD_DATABASE_USER + value: {{ include "owncloud.databaseUser" . | quote }} + - name: OWNCLOUD_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "owncloud.databaseSecretName" . }} + key: mariadb-password + - name: OWNCLOUD_SKIP_BOOTSTRAP + value: {{ ternary "yes" "no" .Values.owncloudSkipInstall | quote }} + {{- $port:=.Values.service.port | toString }} + - name: OWNCLOUD_HOST + value: {{ include "owncloud.host" . }} + - name: OWNCLOUD_USERNAME + value: {{ .Values.owncloudUsername | quote }} + - name: OWNCLOUD_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }} + key: owncloud-password + - name: OWNCLOUD_EMAIL + value: {{ .Values.owncloudEmail | quote }} + - name: OWNCLOUD_SMTP_HOST + value: {{ .Values.smtpHost | quote }} + - name: OWNCLOUD_SMTP_PORT_NUMBER + value: {{ .Values.smtpPort | quote }} + - name: OWNCLOUD_SMTP_USER + value: {{ .Values.smtpUser | quote }} + {{- if .Values.smtpPassword }} + - name: OWNCLOUD_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }} + key: smtp-password + {{- end }} + - name: OWNCLOUD_SMTP_PROTOCOL + value: {{ .Values.smtpProtocol | quote }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + - name: https + containerPort: {{ .Values.containerPorts.https }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.path }} + port: http + httpHeaders: + - name: Host + value: {{ include "owncloud.host" . | quote }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.path }} + port: http + httpHeaders: + - name: Host + value: {{ include "owncloud.host" . | quote }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.startupProbe.path }} + port: http + httpHeaders: + - name: Host + value: {{ include "owncloud.host" . | quote }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: owncloud-data + mountPath: /bitnami/owncloud + subPath: owncloud + {{- include "certificates.volumeMounts" . | nindent 12 }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "owncloud.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + command: ['/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto'] + ports: + - name: metrics + containerPort: 9117 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + resources: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.resources "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: owncloud-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (printf "%s-owncloud" (include "common.names.fullname" .)) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- include "certificates.volumes" . | indent 8 }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} {{- end -}} diff --git a/bitnami/owncloud/templates/externaldb-secrets.yaml b/bitnami/owncloud/templates/externaldb-secrets.yaml index 48fc55966f..a8b501935c 100644 --- a/bitnami/owncloud/templates/externaldb-secrets.yaml +++ b/bitnami/owncloud/templates/externaldb-secrets.yaml @@ -1,13 +1,16 @@ -{{- if (not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret)) }} +{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-%s" .Release.Name "externaldb" }} - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} type: Opaque data: mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} diff --git a/bitnami/owncloud/templates/extra-list.yaml b/bitnami/owncloud/templates/extra-list.yaml new file mode 100644 index 0000000000..9ac65f9e16 --- /dev/null +++ b/bitnami/owncloud/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/bitnami/owncloud/templates/ingress.yaml b/bitnami/owncloud/templates/ingress.yaml index b671540597..41618f60bd 100644 --- a/bitnami/owncloud/templates/ingress.yaml +++ b/bitnami/owncloud/templates/ingress.yaml @@ -1,42 +1,54 @@ {{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ template "owncloud.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} annotations: - {{- range .Values.ingress.hosts }} - {{- if .tls }} - ingress.kubernetes.io/secure-backends: "true" - {{- end }} - {{- end }} {{- if .Values.ingress.certManager }} kubernetes.io/tls-acme: "true" {{- end }} - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} spec: rules: - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - backend: - serviceName: {{ template "owncloud.fullname" $ }} - servicePort: 80 - {{- end }} + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + - path: / + backend: + serviceName: {{ include "common.names.fullname" . }} + servicePort: http + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + backend: + serviceName: {{ include "common.names.fullname" $ }} + servicePort: http + {{- end }} + {{- if or .Values.ingress.tls .Values.ingress.extraTls }} tls: -{{- range .Values.ingress.hosts }} - - hosts: -{{- if .tls }} - - {{ .name }} - secretName: {{ .tlsSecret }} -{{- end }} -{{- end }} + {{- if .Values.ingress.tls }} + - hosts: + - {{ .Values.ingress.hostname }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} {{- end }} diff --git a/bitnami/owncloud/templates/metrics-svc.yaml b/bitnami/owncloud/templates/metrics-svc.yaml new file mode 100644 index 0000000000..35b847e8b8 --- /dev/null +++ b/bitnami/owncloud/templates/metrics-svc.yaml @@ -0,0 +1,32 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.metrics.service.port }} + targetPort: metrics + protocol: TCP + name: metrics + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} +{{- end }} diff --git a/bitnami/owncloud/templates/owncloud-pvc.yaml b/bitnami/owncloud/templates/owncloud-pvc.yaml deleted file mode 100644 index 2c1855e7f3..0000000000 --- a/bitnami/owncloud/templates/owncloud-pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.persistence.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "owncloud.fullname" . }}-owncloud - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -spec: - accessModes: - - {{ .Values.persistence.owncloud.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.owncloud.size | quote }} - {{ include "owncloud.storageClass" . }} -{{- end -}} diff --git a/bitnami/owncloud/templates/pv.yaml b/bitnami/owncloud/templates/pv.yaml new file mode 100644 index 0000000000..e12fb0b42a --- /dev/null +++ b/bitnami/owncloud/templates/pv.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "common.names.fullname" . }}-owncloud + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + capacity: + storage: {{ .Values.persistence.size | quote }} + hostPath: + path: {{ .Values.persistence.hostPath | quote }} +{{- end -}} diff --git a/bitnami/owncloud/templates/pvc.yaml b/bitnami/owncloud/templates/pvc.yaml new file mode 100644 index 0000000000..a7aa34a220 --- /dev/null +++ b/bitnami/owncloud/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }}-owncloud + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.persistence.hostPath }} + storageClassName: "" + {{- end }} + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "owncloud.storageClass" . | nindent 2 }} +{{- end -}} diff --git a/bitnami/owncloud/templates/secrets.yaml b/bitnami/owncloud/templates/secrets.yaml index 645f1f525f..2185005498 100644 --- a/bitnami/owncloud/templates/secrets.yaml +++ b/bitnami/owncloud/templates/secrets.yaml @@ -1,16 +1,24 @@ +{{- if not .Values.existingSecret }} apiVersion: v1 kind: Secret metadata: - name: {{ template "owncloud.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} type: Opaque data: - {{ if .Values.owncloudPassword }} + {{- if .Values.owncloudPassword }} owncloud-password: {{ .Values.owncloudPassword | b64enc | quote }} - {{ else }} + {{- else }} owncloud-password: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} + {{- end }} + {{- if .Values.smtpPassword }} + smtp-password: {{ .Values.smtpPassword | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/bitnami/owncloud/templates/svc.yaml b/bitnami/owncloud/templates/svc.yaml index 18aeb5ed8d..8c0729f60e 100644 --- a/bitnami/owncloud/templates/svc.yaml +++ b/bitnami/owncloud/templates/svc.yaml @@ -1,27 +1,46 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "owncloud.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - helm.sh/chart: {{ include "owncloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} + sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} + {{- if (and .Values.service.clusterIP (eq .Values.service.type "ClusterIP")) }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer")) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} {{- end }} - {{- if eq .Values.service.type "LoadBalancer" }} - loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} - {{- end }} ports: - name: http port: {{ .Values.service.port }} targetPort: http - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}} + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null {{- end }} - selector: - app.kubernetes.io/name: {{ include "owncloud.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} + - name: https + port: {{ .Values.service.httpsPort }} + targetPort: https + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + publishNotReadyAddresses: true diff --git a/bitnami/owncloud/templates/tls-secrets.yaml b/bitnami/owncloud/templates/tls-secrets.yaml new file mode 100644 index 0000000000..23188b1ac2 --- /dev/null +++ b/bitnami/owncloud/templates/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }} +{{- $ca := genCA "owncloud-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/bitnami/owncloud/values.yaml b/bitnami/owncloud/values.yaml index 4bfa0bea6c..afcb29f767 100644 --- a/bitnami/owncloud/values.yaml +++ b/bitnami/owncloud/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/owncloud - tag: 10.6.0-debian-10-r0 + tag: 10.6.0-debian-10-r18 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -24,71 +24,34 @@ image: ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## - # pullSecrets: + pullSecrets: # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false ## String to partially override owncloud.fullname template (will maintain the release name) ## -# nameOverride: +nameOverride: ## String to fully override owncloud.fullname template ## -# fullnameOverride: +fullnameOverride: -## For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' -## For Kubernetes v1.7, use 'networking.k8s.io/v1' -networkPolicyApiVersion: extensions/v1beta1 - -## Configure the ingress resource that allows you to access the -## ownCloud installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ +## Number of replicas (requires ReadWriteMany PVC support) ## -ingress: - ## Set to true to enable ingress record generation - enabled: false +replicaCount: 1 - ## The list of hostnames to be covered with this ingress record. - ## Most likely this will be just one host, but in the event more hosts are needed, this is an array - hosts: - - name: owncloud.local - - ## Set this to true in order to enable TLS on the ingress record - ## A side effect of this will be that the backend owncloud service will be connected at port 443 - tls: false - - ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS - tlsSecret: owncloud.local-tls - - ## Set this to true in order to add the corresponding annotations for cert-manager - certManager: false - - ## Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - annotations: - # kubernetes.io/ingress.class: nginx - - secrets: - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - # - name: owncloud.local-tls - # key: - # certificate: +## Skip ownCloud installation wizard. Useful for migrations and restoring from SQL dump +## ref: https://github.com/bitnami/bitnami-docker-owncloud#configuration +## +owncloudSkipInstall: false ## ownCloud host to create application URLs ## ref: https://github.com/bitnami/bitnami-docker-owncloud#configuration ## -# owncloudHost: +owncloudHost: ## User of the application ## ref: https://github.com/bitnami/bitnami-docker-owncloud#configuration @@ -99,7 +62,7 @@ owncloudUsername: user ## Defaults to a random 10-character alphanumeric string if not set ## ref: https://github.com/bitnami/bitnami-docker-owncloud#configuration ## -# owncloudPassword: +owncloudPassword: ## Admin email ## ref: https://github.com/bitnami/bitnami-docker-owncloud#configuration @@ -108,33 +71,105 @@ owncloudEmail: user@example.com ## Set to `yes` to allow the container to be started with blank passwords ## ref: https://github.com/bitnami/bitnami-docker-owncloud#environment-variables -allowEmptyPassword: "yes" +## +allowEmptyPassword: false + +## Container command (using container default if not set) +## +command: +## Container args (using container default if ot set) +## +args: + +## Common annotations to add to all ownCloud resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Common labels to add to all ownCloud resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} + +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate + +## An array to add extra env vars +## For example: +## +extraEnvVars: [] +# - name: BEARER_AUTH +# value: true + +## ConfigMap with extra environment variables +## +extraEnvVarsCM: + +## Secret with extra environment variables +## +extraEnvVarsSecret: + +## Extra volumes to add to the deployment +## +extraVolumes: [] + +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] + +## Extra init containers to add to the deployment +## +initContainers: [] + +## Extra sidecar containers to add to the deployment +## +sidecars: [] + +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Use existing secret for the application password +## +existingSecret: ## ## External database configuration ## externalDatabase: - ## Use existing secret (ignores previous password) - ## must contain key `mariadb-password` - ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored - # existingSecret: - ## Database host + ## host: ## Database host + ## port: 3306 ## Database user + ## user: bn_owncloud ## Database password + ## password: ## Database name + ## database: bitnami_owncloud +## SMTP mail delivery configuration +## ref: https://github.com/bitnami/bitnami-docker-owncloud/#smtp-configuration ## +# smtpHost: +# smtpPort: +# smtpUser: +# smtpPassword: +# smtpProtocol: + ## MariaDB chart configuration ## ## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml @@ -187,13 +222,27 @@ mariadb: ## existingClaim: +## Container ports +## +containerPorts: + http: 8080 + https: 8443 + ## Kubernetes configuration ## For minikube, set this to NodePort, elsewhere use LoadBalancer ## service: type: LoadBalancer # HTTP Port - port: 80 + port: 8080 + # HTTPS Port + httpsPort: 8443 + ## clusterIP: "" + ## Control hosts connecting to "LoadBalancer" only + ## loadBalancerSourceRanges: + ## - 0.0.0.0/0 + ## loadBalancerIP for the ownCloud Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## loadBalancerIP: ## ## nodePorts: @@ -207,60 +256,265 @@ service: ## externalTrafficPolicy: Cluster +## Configure the ingress resource that allows you to access the +## ownCloud installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + ## + enabled: false + + ## Set this to true in order to add the corresponding annotations for cert-manager + ## + certManager: false + + ## When the ingress is enabled, a host pointing to this will be created + ## + hostname: owncloud.local + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + + ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or + ## let the chart create self-signed certificates for you + ## + tls: false + + ## The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## Example: + ## extraHosts: + ## - name: owncloud.local + ## path: / + ## + extraHosts: + + ## The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## Example: + ## extraTls: + ## - hosts: + ## - owncloud.local + ## secretName: owncloud.local-tls + ## + extraTls: [] + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + # - name: owncloud.local-tls + # key: + # certificate: + +## Control where client requests go, to the same pod or round-robin +## Values: ClientIP or None +## ref: https://kubernetes.io/docs/user-guide/services/ +sessionAffinity: "None" ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: enabled: true - owncloud: - ## owncloud data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" + ## ownCloud Data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + accessMode: ReadWriteOnce + size: 8Gi - accessMode: ReadWriteOnce - size: 8Gi + ## A manually managed Persistent Volume Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + # existingClaim: -## Set up update strategy for the ownCloud installation. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -# updateStrategy: -# type: RollingUpdate -# rollingUpdate: -# maxSurge: 25% -# maxUnavailable: 25% -updateStrategy: - type: RollingUpdate + ## If defined, the owncloud-data volume will mount to the specified hostPath. + ## Requires persistence.enabled: true + ## Requires persistence.existingClaim: nil|false + ## Default: nil. + ## + hostPath: + +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" + +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} + +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## -resources: - requests: - memory: 512Mi - cpu: 300m +resources: {} +# requests: +# memory: 512Mi +# cpu: 300m + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## + +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 + +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + +## Configure extra options for liveness, readiness and startup probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +livenessProbe: + enabled: true + path: /status.php + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + path: /status.php + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 6 + successThreshold: 1 +startupProbe: + enabled: false + path: /status.php + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 60 + successThreshold: 1 + +## Custom Liveness probe +## +customLivenessProbe: {} + +## Custom Readiness probe +## +customReadinessProbe: {} + +## Custom Startup probe +## +customStartupProbe: {} + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## -affinity: {} - -extraEnvVars: [] +podLabels: {} ## Prometheus Exporter / Metrics ## @@ -269,24 +523,40 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.8.0-debian-10-r242 + tag: 0.8.0-debian-10-r261 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - ## Metrics exporter pod Annotation and Labels - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" + pullSecrets: [] + ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## - # resources: {} + resources: {} -# Add custom certificates and certificate authorities to owncloud container + ## Prometheus exporter service parameters + ## + service: + type: ClusterIP + ## Metrics port + ## + port: 9117 + ## Annotations for the Prometheus exporter service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + +# Add custom certificates and certificate authorities to ownCloud container certificates: customCertificate: certificateSecret: "" @@ -296,9 +566,27 @@ certificates: certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key chainLocation: /etc/ssl/certs/mychain.pem - customCA: [] + customCAs: [] + ## Override container command + ## + command: + ## Override container args + ## + args: # - secret: custom-CA # - secret: more-custom-CAs + ## An array to add extra env vars + ## + extraEnvVars: [] + + ## ConfigMap with extra environment variables + ## + extraEnvVarsCM: + + ## Secret with extra environment variables + ## + extraEnvVarsSecret: + image: registry: docker.io repository: bitnami/minideb @@ -309,8 +597,9 @@ certificates: ## pullPolicy: IfNotPresent # pullPolicy: - # pullSecrets + pullSecrets: [] # - myRegistryKeySecretName - extraEnvVars: [] - # - name: myvar - # value: myval + +## Array with extra yaml to deploy with the chart. Evaluated as a template +## +extraDeploy: []