Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-09 15:38:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove OrangeHRM (#8702)

Browse Source 
Signed-off-by: David Gomez <dgomezleon@vmware.com>
This commit is contained in:
David Gomez
2022-01-18 10:48:08 +01:00
committed by GitHub
parent 2c558a26ae
commit 764874ef4d
20 changed files with 0 additions and 2454 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bitnami/orangehrm/.helmignore
View File

@@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

9
bitnami/orangehrm/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 10.3.1
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.10.3
digest: sha256:8d2dc3f109e1e2bd70762561ef4ec64c2f2b25c702ced2bb4666c561c454a857
generated: "2022-01-17T18:06:28.901625887Z"

34
bitnami/orangehrm/Chart.yaml
View File

@@ -1,34 +0,0 @@
annotations:
category: HumanResourceManagement
apiVersion: v2
appVersion: 4.9.0-0
dependencies:
- condition: mariadb.enabled
name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 10.x.x
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 1.x.x
# The OrangeHRM chart is deprecated and no longer maintained.
deprecated: true
description: DEPRECATED OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business.
engine: gotpl
home: https://github.com/bitnami/charts/tree/master/bitnami/orangehrm
icon: https://bitnami.com/assets/stacks/orangehrm/img/orangehrm-stack-220x234.png
keywords:
- orangehrm
- http
- https
- web
- application
- php
- human resources
maintainers: []
name: orangehrm
sources:
- https://github.com/bitnami/bitnami-docker-orangehrm
- https://www.orangehrm.com
version: 11.0.3

591
bitnami/orangehrm/README.md
View File

@@ -1,591 +0,0 @@
<!--- app-name: OrangeHRM -->
# OrangeHRM
[OrangeHRM](https://www.orangehrm.com) is a free HR management system that offers a wealth of modules to suit the needs of your business.
## This Helm chart is deprecated
The upstream project only works with deprecated PHP versions.
## TL;DR
```console
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/orangehrm
```
## Introduction
This chart bootstraps a [OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
OrangeHRM is a widely-used feature-rich system, intuitive and provides an essential HR management platform along with free documentation and access to a broad community of users.
It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the OrangeHRM application.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
## Prerequisites
- Kubernetes 1.12+
- Helm 3.1.0
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm install my-release bitnami/orangehrm
```
The command deploys OrangeHRM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
### Common parameters
| Name | Description | Value |
| ------------------- | ------------------------------------------------------------------------------------------------------------- | ----- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override orangehrm.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override orangehrm.fullname template | `""` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
| `commonAnnotations` | Common annotations to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template | `{}` |
| `commonLabels` | Common labels to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template | `{}` |
### OrangeHRM parameters
| Name | Description | Value |
| --------------------------------------- | -------------------------------------------------------------------------------------------- | ------------------------ |
| `image.registry` | OrangeHRM image registry | `docker.io` |
| `image.repository` | OrangeHRM image repository | `bitnami/orangehrm` |
| `image.tag` | OrangeHRM Image tag (immutable tags are recommended) | `4.9.0-0-debian-10-r25` |
| `image.pullPolicy` | OrangeHRM image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `hostAliases` | Deployment pod host aliases | `[]` |
| `replicaCount` | Number of OrangeHRM Pods to run (requires ReadWriteMany PVC support) | `1` |
| `orangehrmSkipInstall` | Skip OrangeHRM installation wizard. Useful for migrations and restoring from SQL dump | `false` |
| `orangehrmUsername` | User of the application | `admin` |
| `orangehrmPassword` | Application password | `""` |
| `orangehrmEnforcePasswordStrength` | Whether the OrangeHRM password validation should use strong or medium level | `true` |
| `allowEmptyPassword` | Allow DB blank passwords | `true` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `extraEnvVars` | An array to add extra env vars | `[]` |
| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `extraVolumes` | Array of extra volumes to be added to the deployment. Requires setting `extraVolumeMounts` | `[]` |
| `extraVolumeMounts` | Array of extra volume mounts to be added to the container. Normally used with `extraVolumes` | `[]` |
| `initContainers` | Extra init containers to add to the deployment | `[]` |
| `sidecars` | Extra sidecar containers to add to the deployment | `[]` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `priorityClassName` | OrangeHRM pods' priorityClassName | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `existingSecret` | Use existing secret for the application password | `""` |
| `smtpHost` | SMTP host | `""` |
| `smtpPort` | SMTP port | `""` |
| `smtpUser` | SMTP user | `""` |
| `smtpPassword` | SMTP password. Ignored if `smtpExistingSecret` is set | `""` |
| `smtpProtocol` | SMTP Protocol (options: ssl, none) | `""` |
| `smtpExistingSecret` | Use an existing secret for the SMTP Password | `""` |
| `containerPorts` | Container ports | `{}` |
| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | OrangeHRM Data Persistent Volume Storage Class | `""` |
| `persistence.accessModes` | PVC Access Mode for OrangeHRM volume | `[]` |
| `persistence.size` | PVC Storage Request for OrangeHRM volume | `8Gi` |
| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` |
| `persistence.hostPath` | If defined, the orangehrm-data volume will mount to the specified hostPath | `""` |
| `persistence.subPath` | volumeMount subPath, use it for compatibility with previous versions of the chart | `orangehrm` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `resources.requests` | The requested resources for the container | `{}` |
| `resources.limits` | The resources limits for the container | `{}` |
| `podSecurityContext.enabled` | Enable OrangeHRM pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | OrangeHRM pods' group ID | `1001` |
| `containerSecurityContext.enabled` | Enable OrangeHRM containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | OrangeHRM containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | OrangeHRM containers' Security Context runAsNonRoot | `true` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.path` | Request path for startupProbe | `/symfony/web/index.php` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.path` | Request path for livenessProbe | `/symfony/web/index.php` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.path` | Request path for readinessProbe | `/symfony/web/index.php` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `lifecycleHooks` | LifecycleHooks for the container to automate configuration before or after startup | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Pod extra labels | `{}` |
### Traffic Exposure Parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.ports.http` | Service HTTP port | `80` |
| `service.ports.https` | Service HTTPS port | `443` |
| `service.httpsTargetPort` | Service Target HTTPS port | `https` |
| `service.clusterIP` | OrangeHRM service cluster IP | `""` |
| `service.loadBalancerSourceRanges` | Control hosts connecting to "LoadBalancer" only | `[]` |
| `service.loadBalancerIP` | Load balancer IP for the OrangeHRM Service (optional, cloud specific) | `""` |
| `service.nodePorts.http` | Kubernetes HTTP node port | `""` |
| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.annotations` | Provide any additional annotations that may be required (evaluated as a template) | `{}` |
| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `ingress.enabled` | Set to true to enable ingress record generation | `false` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress resource | `orangehrm.local` |
| `ingress.path` | The Path to OrangeHRM. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
### Database parameters
| Name | Description | Value |
| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- |
| `mariadb.enabled` | Whether to deploy a MariaDB server to satisfy the applications database requirements | `true` |
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` |
| `mariadb.auth.database` | Database name to create | `bitnami_orangehrm` |
| `mariadb.auth.username` | Database user to create | `bn_orangehrm` |
| `mariadb.auth.password` | Password for the database | `""` |
| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` |
| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` |
| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` |
| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `externalDatabase.host` | Host of the existing database | `""` |
| `externalDatabase.port` | Port of the existing database | `3306` |
| `externalDatabase.user` | Existing username in the external db | `bn_orangehrm` |
| `externalDatabase.password` | Password for the above username | `""` |
| `externalDatabase.database` | Name of the existing database | `bitnami_orangehrm` |
| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password | `""` |
### Volume Permissions parameters
| Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r278` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
### Metrics parameters
| Name | Description | Value |
| --------------------------- | ---------------------------------------------------------- | ------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r81` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.resources` | Metrics exporter resource requests and limits | `{}` |
| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` |
### Certificate injection parameters
| Name | Description | Value |
| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- |
| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` |
| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` |
| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` |
| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` |
| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` |
| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` |
| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` |
| `certificates.command` | Override default container command (useful when using custom images) | `[]` |
| `certificates.args` | Override default container args (useful when using custom images) | `[]` |
| `certificates.extraEnvVars` | Container sidecar extra environment variables | `[]` |
| `certificates.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `certificates.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `certificates.image.registry` | Container sidecar registry | `docker.io` |
| `certificates.image.repository` | Container sidecar image repository | `bitnami/bitnami-shell` |
| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r278` |
| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` |
| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` |
### NetworkPolicy parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies | `false` |
| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` |
| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` |
| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` |
| `networkPolicy.ingress.enabled` | Enable network policy for Ingress Proxies | `false` |
| `networkPolicy.ingress.namespaceSelector` | Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. | `{}` |
| `networkPolicy.ingress.podSelector` | Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. | `{}` |
| `networkPolicy.ingressRules.backendOnlyAccessibleByFrontend` | Enable ingress rule that makes the backend (mariadb) only accessible by OrangeHRM's pods. | `false` |
| `networkPolicy.ingressRules.customBackendSelector` | Backend selector labels. These labels will be used to identify the backend pods. | `{}` |
| `networkPolicy.ingressRules.accessOnlyFrom.enabled` | Enable ingress rule that makes OrangeHRM only accessible from a particular origin | `false` |
| `networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access OrangeHRM. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.accessOnlyFrom.podSelector` | Pods selector label that is allowed to access OrangeHRM. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.customRules` | Custom network policy ingress rule | `{}` |
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
The above parameters map to the env variables defined in [bitnami/orangehrm](https://github.com/bitnami/bitnami-docker-orangehrm). For more information please refer to the [bitnami/orangehrm](https://github.com/bitnami/bitnami-docker-orangehrm) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install my-release \
--set orangehrmUsername=admin,orangehrmPassword=password,mariadb.auth.rootPassword=secretpassword \
bitnami/orangehrm
```
The above command sets the OrangeHRM administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml bitnami/orangehrm
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Image
The `image` parameter allows specifying which image will be pulled for the chart.
#### Private registry
If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod).
1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret.
1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as:
```yaml
imagePullSecrets:
- name: SECRET_NAME
```
1. Install the chart
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
### TLS Secrets
This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are three common use cases:
- Helm generates/manages certificate secrets
- User generates/manages certificates separately
- An additional tool (like [kube-lego](https://kubeapps.com/charts/stable/kube-lego)) manages the secrets for the application
In the first two cases, one will need a certificate and a key. We would expect them to look like this:
- certificate files should look like (and there can be more than one certificate if there is a certificate chain)
```console
-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
...
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
-----END CERTIFICATE-----
```
- keys should look like:
```console
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
...
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
-----END RSA PRIVATE KEY-----
```
If you are going to use Helm to manage the certificates, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry.
If you are going to manage TLS secrets outside of Helm, please know that you can create a TLS secret (named `orangehrm.local-tls` for example).
Please see [this example](https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls) for more information.
### Ingress-terminated https
In cases where HTTPS/TLS is terminated on the ingress, you may run into an issue where non-https liveness and readiness probes result in a 302 (redirect from HTTP to HTTPS) and are interpreted by Kubernetes as not-live/not-ready. (See [Kubernetes issue #47893 on GitHub](https://github.com/kubernetes/kubernetes/issues/47893) for further details about 302 _not_ being interpreted as "successful".) To work around this problem, use `livenessProbeHeaders` and `readinessProbeHeaders` to pass the same headers that your ingress would pass in order to get an HTTP 200 status result. For example (where the following is in a `--values`-referenced file):
```yaml
livenessProbeHeaders:
- name: X-Forwarded-Proto
value: https
readinessProbeHeaders:
- name: X-Forwarded-Proto
value: https
```
Any number of name/value pairs may be specified; they are all copied into the liveness or readiness probe definition.
## Persistence
The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image stores the OrangeHRM configurations at the `/bitnami/orangehrm` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
### Existing PersistentVolumeClaim
1. Create the PersistentVolume
1. Create the PersistentVolumeClaim
1. Install the chart
```bash
$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/orangehrm
```
### Host path
#### System compatibility
- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox.
- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://minikube.sigs.k8s.io/docs/handbook/mount/) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync).
#### Mounting steps
1. The specified `hostPath` directory must already exist (create one if it does not).
1. Install the chart
```bash
$ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/orangehrm
```
This will mount the `orangehrm-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch.
1. Because the container cannot control the host machine's directory permissions, you must set the OrangeHRM file directory permissions yourself and disable or clear OrangeHRM cache.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnamis Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
### To 11.0.0
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
Affected values:
- `service.port` was deprecated. We recommend using `service.ports.http` instead.
- `service.httpsPort` was deprecated. We recommend using `service.ports.https` instead.
- `persistence.accessMode` was deprecated. We recommend using `persistence.accessModes`.
Additionally updates the MariaDB subchart to it newest major, 10.0.0, which contains similar changes. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-1000) for more information.
### To 10.0.0
This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading.
### To 9.0.0
The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image was updated to support and enable the "non-root" user approach
If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`.
This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information.
To upgrade from `8.x.x`, backup OrangeHRM data and the previous MariaDB databases, install a new OrangeHRM chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. As an alternative, you can use `helm upgrade` if you specify `volumePermissions.enabled=true` and `persistence.subPath=""`.
### To 8.0.0
In this major there were two main changes introduced:
1. Adaptation to Helm v2 EOL
2. Updated MariaDB dependency version
Please read the update notes carefully.
**1. Adaptation to Helm v2 EOL**
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
**2. Updated MariaDB dependency version**
In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information.
To upgrade to `8.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and OrangeHRM data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `orangehrm`):
> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x
Obtain the credentials and the names of the PVCs used to hold both the MariaDB and OrangeHRM data on your current release:
```console
export ORANGEHRM_PASSWORD=$(kubectl get secret --namespace default orangehrm -o jsonpath="{.data.orangehrm-password}" | base64 --decode)
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default orangehrm-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
export MARIADB_PASSWORD=$(kubectl get secret --namespace default orangehrm-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode)
export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=orangehrm -o jsonpath="{.items[0].metadata.name}")
```
Delete the OrangeHRM deployment and delete the MariaDB statefulset. Notice the option `--cascade=false` in the latter.
```console
$ kubectl delete deployments.apps orangehrm
$ kubectl delete statefulsets.apps orangehrm-mariadb --cascade=false
```
Now the upgrade works:
```console
$ helm upgrade orangehrm bitnami/orangehrm --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set orangehrmPassword=$ORANGEHRM_PASSWORD
```
You will have to delete the existing MariaDB pod and the new statefulset is going to create a new one
```console
$ kubectl delete pod osclass-mariadb-0
```
Finally, you should see the lines below in MariaDB container logs:
```console
$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=orangehrm,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}")
...
mariadb 12:13:24.98 INFO ==> Using persisted data
mariadb 12:13:25.01 INFO ==> Running mysql_upgrade
...
```
### To 7.0.0
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
In this version the `apiVersion` of the deployment resources is updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
This major version signifies this change.
### To 3.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is orangehrm:
```console
$ kubectl patch deployment orangehrm-orangehrm --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
$ kubectl delete statefulset orangehrm-mariadb --cascade=false
```
## Community supported solution
Please, note this Helm chart is a community-supported solution. This means that the Bitnami team is not actively working on new features/improvements nor providing support through GitHub Issues for this Helm chart. Any new issue will stay open for 20 days to allow the community to contribute, after 15 days without activity the issue will be marked as stale being closed after 5 days.
The Bitnami team will review any PR that is created, feel free to create a PR if you find any issue or want to implement a new feature.
New versions are not going to be affected. Once a new version is released in the upstream project, the Bitnami container image will be updated to use the latest version.
## License
Copyright &copy; 2022 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

2
bitnami/orangehrm/ci/ct-values.yaml
View File

@@ -1,2 +0,0 @@
service:
type: ClusterIP

85
bitnami/orangehrm/templates/NOTES.txt
View File

@@ -1,85 +0,0 @@
This Helm chart is deprecated
The upstream project only works with deprecated PHP versions.
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
** Please be patient while the chart is being deployed **
{{- if and .Values.ingress.enabled (ne .Values.service.type "ClusterIP") }}
** Notice : Usually with ingress the service.type should be set to ClusterIP, which is not the case to this deployment! **
{{- end }}
1. Access you OrangeHRM instance with:
{{- if .Values.ingress.enabled }}
{{ if .Values.ingress.tls }}
- https://{{ .Values.ingress.hostname }}
{{- else }}
- https://{{ .Values.ingress.hostname }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "OrangeHRM URL: http://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.service.type }}
** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding **
** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} **
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
{{- $port:=(coalesce .Values.service.ports.http .Values.service.port) | toString }}
echo "OrangeHRM URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ coalesce .Values.service.ports.http .Values.service.port }}{{ end }}/"
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ coalesce .Values.service.ports.http .Values.service.port }}
echo "OrangeHRM URL: http://127.0.0.1:8080/"
{{- end }}
2. Login with the following credentials
echo Username: {{ .Values.orangehrmUsername }}
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "orangehrm.secretName" . }} -o jsonpath="{.data.orangehrm-password}" | base64 --decode)
{{- else -}}
########################################################################################
### ERROR: You did not provide an external database host in your 'helm install' call ###
########################################################################################
This deployment will be incomplete until you configure OrangeHRM with a resolvable database
host. To configure OrangeHRM to use and external database host:
1. Complete your OrangeHRM deployment by running:
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set service.type={{ .Values.service.type }},mariadb.enabled=false,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST bitnami/orangehrm
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "common.warnings.rollingTag" .Values.certificates.image }}
{{- $passwordValidationErrors := list -}}
{{- $databaseSecretName := include "orangehrm.databaseSecretName" . -}}
{{- if .Values.mariadb.enabled }}
{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $databaseSecretName "subchart" true "context" $) -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}}
{{- end }}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
{{- if and (not .Values.mariadb.enabled) .Release.IsUpgrade -}}
{{- $requiredExternalPassword := dict "valueKey" "externalDatabase.password" "secret" $databaseSecretName "field" "db-password" -}}
WARNING: Review values for the following password in the command, if they are correct please ignore this notice.
{{- include "common.validations.values.multiple.empty" (dict "required" (list $requiredExternalPassword) "context" $) -}}
{{- end -}}

135
bitnami/orangehrm/templates/_helpers.tpl
View File

@@ -1,135 +0,0 @@
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "orangehrm.mariadb.fullname" -}}
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper certificate image name
*/}}
{{- define "certificates.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper OrangeHRM image name
*/}}
{{- define "orangehrm.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the metrics image)
*/}}
{{- define "orangehrm.metrics.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "orangehrm.volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "orangehrm.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "orangehrm.storageClass" -}}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
{{- end -}}
{{/*
OrangeHRM credential secret name
*/}}
{{- define "orangehrm.secretName" -}}
{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Return the SMTP secret name
*/}}
{{- define "orangehrm.smtpSecretName" -}}
{{- coalesce .Values.smtpExistingSecret (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Return the MariaDB Hostname
*/}}
{{- define "orangehrm.databaseHost" -}}
{{- if .Values.mariadb.enabled }}
{{- if eq .Values.mariadb.architecture "replication" }}
{{- printf "%s-%s" (include "orangehrm.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" (include "orangehrm.mariadb.fullname" .) -}}
{{- end -}}
{{- else -}}
{{- printf "%s" .Values.externalDatabase.host -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB Port
*/}}
{{- define "orangehrm.databasePort" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "3306" -}}
{{- else -}}
{{- printf "%d" (.Values.externalDatabase.port | int ) -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB Database Name
*/}}
{{- define "orangehrm.databaseName" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "%s" .Values.mariadb.auth.database -}}
{{- else -}}
{{- printf "%s" .Values.externalDatabase.database -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB User
*/}}
{{- define "orangehrm.databaseUser" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "%s" .Values.mariadb.auth.username -}}
{{- else -}}
{{- printf "%s" .Values.externalDatabase.user -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB Secret Name
*/}}
{{- define "orangehrm.databaseSecretName" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "%s" (include "orangehrm.mariadb.fullname" .) -}}
{{- else if .Values.externalDatabase.existingSecret -}}
{{- printf "%s" .Values.externalDatabase.existingSecret -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}}
{{- end -}}
{{- end -}}
{{/*
Return the database password key
*/}}
{{- define "orangehrm.databasePasswordKey" -}}
{{- if .Values.mariadb.enabled -}}
mariadb-password
{{- else -}}
db-password
{{- end -}}
{{- end -}}

368
bitnami/orangehrm/templates/deployment.yaml
View File

@@ -1,368 +0,0 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "orangehrm.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
# yamllint disable rule:indentation
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
# yamllint enable rule:indentation
{{- end }}
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "orangehrm.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- sh
- -c
- |
mkdir -p "/bitnami/orangehrm"
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/orangehrm"
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: orangehrm-data
mountPath: /bitnami/orangehrm
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath | quote }}
{{- end }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: certificates
image: {{ template "certificates.image" . }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }}
imagePullSecrets:
{{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
- name: {{ . }}
{{- end }}
command:
{{- if .Values.certificates.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }}
{{- else if .Values.certificates.customCertificate.certificateSecret }}
- sh
- -c
- install_packages ca-certificates openssl
{{- else }}
- sh
- -c
- install_packages ca-certificates openssl
&& openssl req -new -x509 -days 3650 -nodes -sha256
-subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
-out {{ .Values.certificates.customCertificate.certificateLocation }}
-keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req
{{- end }}
{{- if .Values.certificates.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }}
{{- end }}
env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }}
envFrom:
{{- if .Values.certificates.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.certificates.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }}
{{- end }}
volumeMounts:
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
containers:
- name: {{ include "common.names.fullname" . }}
image: {{ template "orangehrm.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }}
- name: APACHE_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.http | quote }}
- name: APACHE_HTTPS_PORT_NUMBER
value: {{ .Values.containerPorts.https | quote }}
- name: ORANGEHRM_DATABASE_HOST
value: {{ include "orangehrm.databaseHost" . | quote }}
- name: ORANGEHRM_DATABASE_PORT_NUMBER
value: {{ include "orangehrm.databasePort" . | quote }}
- name: ORANGEHRM_DATABASE_NAME
value: {{ include "orangehrm.databaseName" . | quote }}
- name: ORANGEHRM_DATABASE_USER
value: {{ include "orangehrm.databaseUser" . | quote }}
- name: ORANGEHRM_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "orangehrm.databaseSecretName" . }}
key: {{ include "orangehrm.databasePasswordKey" . }}
- name: ORANGEHRM_SKIP_BOOTSTRAP
value: {{ ternary "yes" "no" .Values.orangehrmSkipInstall | quote }}
- name: ORANGEHRM_USERNAME
value: {{ .Values.orangehrmUsername | quote }}
- name: ORANGEHRM_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.names.fullname" . }}
key: orangehrm-password
- name: ORANGEHRM_ENFORCE_PASSWORD_STRENGTH
value: {{ ternary "yes" "no" .Values.orangehrmEnforcePasswordStrength | quote }}
{{- if .Values.smtpHost }}
- name: SMTP_HOST
value: {{ .Values.smtpHost | quote }}
{{- end }}
{{- if .Values.smtpPort }}
- name: SMTP_PORT
value: {{ .Values.smtpPort | quote }}
{{- end }}
{{- if .Values.smtpUser }}
- name: SMTP_USER
value: {{ .Values.smtpUser | quote }}
{{- end }}
{{- if or .Values.smtpPassword .Values.smtpExistingSecret }}
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "orangehrm.smtpSecretName" . }}
key: smtp-password
{{- end }}
{{- if .Values.smtpProtocol }}
- name: SMTP_PROTOCOL
value: {{ .Values.smtpProtocol | quote }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.containerPorts.http }}
- name: https
containerPort: {{ .Values.containerPorts.https }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: {{ .Values.startupProbe.path }}
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: orangehrm-data
mountPath: /bitnami/orangehrm
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath | quote }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private/
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
subPath: tls.crt
readOnly: true
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.keyLocation }}
subPath: tls.key
readOnly: true
{{- if .Values.certificates.customCertificate.chainSecret }}
- name: custom-certificate-chain
mountPath: {{ .Values.certificates.customCertificate.chainLocation }}
subPath: {{ .Values.certificates.customCertificate.chainSecret.key }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "orangehrm.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ]
ports:
- name: metrics
containerPort: 9117
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 15
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 5
timeoutSeconds: 1
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: orangehrm-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-orangehrm" (include "common.names.fullname" .)) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- name: etc-ssl-private
emptyDir:
medium: "Memory"
- name: custom-ca-certificates
projected:
defaultMode: 0400
sources:
{{- range $index, $customCA := .Values.certificates.customCAs }}
- secret:
name: {{ $customCA.secret }}
{{- end }}
{{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
secret:
secretName: {{ .Values.certificates.customCertificate.certificateSecret }}
{{- if .Values.certificates.customCertificate.chainSecret }}
- name: custom-certificate-chain
secret:
secretName: {{ .Values.certificates.customCertificate.chainSecret.name }}
{{- end }}
{{- end }}

10
bitnami/orangehrm/templates/externaldb-secrets.yaml
View File

@@ -1,10 +0,0 @@
{{- if and (not .Values.mariadb.enabled) (not .Values.externalDatabase.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ include "common.names.fullname" . }}-externaldb"
labels: {{- include "common.labels.standard" . | nindent 4 }}
type: Opaque
data:
db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
{{- end }}

4
bitnami/orangehrm/templates/extra-list.yaml
View File

@@ -1,4 +0,0 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

59
bitnami/orangehrm/templates/ingress.yaml
View File

@@ -1,59 +0,0 @@
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
tls:
{{- if .Values.ingress.tls }}
- hosts:
- {{ .Values.ingress.hostname }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

27
bitnami/orangehrm/templates/networkpolicy-backend-ingress.yaml
View File

@@ -1,27 +0,0 @@
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-backend" (include "common.names.fullname" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- if .Values.networkPolicy.ingressRules.customBackendSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }}
{{- else }}
app.kubernetes.io/name: mariadb
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 14 }}
{{- end }}

32
bitnami/orangehrm/templates/networkpolicy-egress.yaml
View File

@@ -1,32 +0,0 @@
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
policyTypes:
- Egress
egress:
{{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }}
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- to:
- namespaceSelector: {}
{{- end }}
{{- if .Values.networkPolicy.egressRules.customRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
{{- end }}
{{- end }}

60
bitnami/orangehrm/templates/networkpolicy-ingress.yaml
View File

@@ -1,60 +0,0 @@
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-ingress" (include "common.names.fullname" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- include "common.labels.standard" . | nindent 6 }}
ingress:
{{- if and .Values.ingress.enabled .Values.networkPolicy.ingress.enabled (or .Values.networkPolicy.ingress.namespaceSelector .Values.networkPolicy.ingress.podSelector) }}
- from:
{{- if .Values.networkPolicy.ingress.namespaceSelector }}
- namespaceSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingress.podSelector }}
- podSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.podSelector "context" $) | nindent 14 }}
{{- end }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }}
- from:
{{- if .Values.networkPolicy.metrics.namespaceSelector }}
- namespaceSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.metrics.podSelector }}
- podSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }}
{{- end }}
{{- end }}
{{- if and .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector) }}
- from:
{{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector }}
- namespaceSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector }}
- podSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector "context" $) | nindent 14 }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.ingressRules.customRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }}
{{- end }}
{{- end }}

20
bitnami/orangehrm/templates/pv.yaml
View File

@@ -1,20 +0,0 @@
{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.names.fullname" . }}-orangehrm
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
capacity:
storage: {{ .Values.persistence.size | quote }}
hostPath:
path: {{ .Values.persistence.hostPath | quote }}
{{- end -}}

35
bitnami/orangehrm/templates/pvc.yaml
View File

@@ -1,35 +0,0 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}-orangehrm
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.persistence.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.persistence.hostPath }}
storageClassName: ""
{{- end }}
accessModes:
{{- if not (empty .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
{{- else }}
- {{ .Values.persistence.accessMode | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "orangehrm.storageClass" . | nindent 2 }}
{{- end -}}

21
bitnami/orangehrm/templates/secrets.yaml
View File

@@ -1,21 +0,0 @@
{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if not .Values.existingSecret }}
orangehrm-password: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "common.names.fullname" .) "key" "orangehrm-password" "providedValues" (list "orangehrmPassword") "strong" true "context" $) }}
{{- end }}
{{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }}
smtp-password: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "common.names.fullname" .) "key" "smtp-password" "providedValues" (list "smtpPassword") "context" $) }}
{{- end }}
{{- end }}

58
bitnami/orangehrm/templates/svc.yaml
View File

@@ -1,58 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: http
port: {{ coalesce .Values.service.ports.http .Values.service.port }}
targetPort: http
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }}
nodePort: {{ .Values.service.nodePorts.http }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: https
port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }}
targetPort: {{ .Values.service.httpsTargetPort }}
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
nodePort: {{ .Values.service.nodePorts.https }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

43
bitnami/orangehrm/templates/tls-secrets.yaml
View File

@@ -1,43 +0,0 @@
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }}
{{- $ca := genCA "orangehrm-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}

840
bitnami/orangehrm/values.yaml
View File

@@ -1,840 +0,0 @@
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override orangehrm.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override orangehrm.fullname template
##
fullnameOverride: ""
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template)
##
extraDeploy: []
## @param commonAnnotations Common annotations to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @section OrangeHRM parameters
## Bitnami OrangeHRM image version
## ref: https://hub.docker.com/r/bitnami/orangehrm/tags/
## @param image.registry OrangeHRM image registry
## @param image.repository OrangeHRM image repository
## @param image.tag OrangeHRM Image tag (immutable tags are recommended)
## @param image.pullPolicy OrangeHRM image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/orangehrm
tag: 4.9.0-0-debian-10-r57
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: false
## @param hostAliases [array] Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases:
## Necessary for apache-exporter to work
##
- ip: "127.0.0.1"
hostnames:
- "status.localhost"
## @param replicaCount Number of OrangeHRM Pods to run (requires ReadWriteMany PVC support)
##
replicaCount: 1
## @param orangehrmSkipInstall Skip OrangeHRM installation wizard. Useful for migrations and restoring from SQL dump
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
orangehrmSkipInstall: false
## @param orangehrmUsername User of the application
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
orangehrmUsername: admin
## @param orangehrmPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
orangehrmPassword: ""
## @param orangehrmEnforcePasswordStrength Whether the OrangeHRM password validation should use strong or medium level
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
orangehrmEnforcePasswordStrength: true
## @param allowEmptyPassword Allow DB blank passwords
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#environment-variables
##
allowEmptyPassword: true
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: RollingUpdate
## @param extraEnvVars An array to add extra env vars
## For example:
## - name: BEARER_AUTH
## value: true
##
extraEnvVars: []
## @param extraEnvVarsCM ConfigMap with extra environment variables
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret with extra environment variables
##
extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment. Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container. Normally used with `extraVolumes`
##
extraVolumeMounts: []
## @param initContainers Extra init containers to add to the deployment
##
initContainers: []
## @param sidecars Extra sidecar containers to add to the deployment
##
sidecars: []
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param priorityClassName OrangeHRM pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param existingSecret Use existing secret for the application password
##
existingSecret: ""
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/bitnami-docker-orangehrm/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password. Ignored if `smtpExistingSecret` is set
## @param smtpProtocol SMTP Protocol (options: ssl, none)
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
smtpProtocol: ""
## @param smtpExistingSecret Use an existing secret for the SMTP Password
## Can be the same secret as existingSecret
## Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 8080
https: 8443
## @param sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: "None"
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass OrangeHRM Data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes [array] PVC Access Mode for OrangeHRM volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for OrangeHRM volume
##
size: 8Gi
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: ""
## @param persistence.hostPath If defined, the orangehrm-data volume will mount to the specified hostPath
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.subPath volumeMount subPath, use it for compatibility with previous versions of the chart
##
subPath: orangehrm
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Configure resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.requests [object] The requested resources for the container
## @param resources.limits The resources limits for the container
##
resources:
requests:
memory: 512Mi
cpu: 300m
limits: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable OrangeHRM pods' Security Context
## @param podSecurityContext.fsGroup OrangeHRM pods' group ID
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable OrangeHRM containers' Security Context
## @param containerSecurityContext.runAsUser OrangeHRM containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot OrangeHRM containers' Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## Configure extra options for startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-startup-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /symfony/web/index.php
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for liveness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.path Request path for livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
path: /symfony/web/index.php
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /symfony/web/index.php
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 6
successThreshold: 1
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param lifecycleHooks LifecycleHooks for the container to automate configuration before or after startup
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Pod extra labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Traffic Exposure Parameters
## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.ports.http Service HTTP port
## @param service.ports.https Service HTTPS port
##
ports:
http: 80
https: 443
## @param service.httpsTargetPort Service Target HTTPS port
## defaults to https unless overridden to the specified port.
## if you want the target port to be "http" or "80" you can specify that here.
##
httpsTargetPort: https
## @param service.clusterIP OrangeHRM service cluster IP
##
clusterIP: ""
## @param service.loadBalancerSourceRanges Control hosts connecting to "LoadBalancer" only
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP Load balancer IP for the OrangeHRM Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts.http Kubernetes HTTP node port
## @param service.nodePorts.https Kubernetes HTTPS node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
https: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Provide any additional annotations that may be required (evaluated as a template)
##
annotations: {}
## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Configure the ingress resource that allows you to access the
## OrangeHRM installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Set to true to enable ingress record generation
##
enabled: false
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress resource
##
hostname: orangehrm.local
## @param ingress.path The Path to OrangeHRM. You may need to set this to '/*' in order to use this with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: orangehrm.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - orangehrm.local
## secretName: orangehrm.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## - name: orangehrm.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @section Database parameters
## MariaDB chart configuration
## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml
##
mariadb:
## @param mariadb.enabled Whether to deploy a MariaDB server to satisfy the applications database requirements
## To use an external database set this to false and configure the externalDatabase parameters
##
enabled: true
## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication`
##
architecture: standalone
## MariaDB Authentication parameters
##
auth:
## @param mariadb.auth.rootPassword Password for the MariaDB `root` user
## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run
##
rootPassword: ""
## @param mariadb.auth.database Database name to create
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run
##
database: bitnami_orangehrm
## @param mariadb.auth.username Database user to create
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
username: bn_orangehrm
## @param mariadb.auth.password Password for the database
##
password: ""
primary:
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param mariadb.primary.persistence.enabled Enable database persistence using PVC
##
enabled: true
## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes
##
accessModes:
- ReadWriteOnce
## @param mariadb.primary.persistence.size Database Persistent Volume Size
##
size: 8Gi
## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production)
##
hostPath: ""
## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas
##
existingClaim: ""
## External database configuration
##
externalDatabase:
## @param externalDatabase.host Host of the existing database
##
host: ""
## @param externalDatabase.port Port of the existing database
##
port: 3306
## @param externalDatabase.user Existing username in the external db
##
user: bn_orangehrm
## @param externalDatabase.password Password for the above username
##
password: ""
## @param externalDatabase.database Name of the existing database
##
database: bitnami_orangehrm
## @param externalDatabase.existingSecret Name of an existing secret resource containing the DB password
##
existingSecret: ""
## @section Volume Permissions parameters
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 10-debian-10-r311
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
pullSecrets: []
## - myRegistryKeySecretName
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits The resources limits for the container
## @param volumePermissions.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## @section Metrics parameters
## Prometheus Exporter / Metrics
##
metrics:
## @param metrics.enabled Start a side-car prometheus exporter
##
enabled: false
## @param metrics.image.registry Apache exporter image registry
## @param metrics.image.repository Apache exporter image repository
## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended)
## @param metrics.image.pullPolicy Apache exporter image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.11.0-debian-10-r29
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param metrics.resources Metrics exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"
## @section Certificate injection parameters
## Add custom certificates and certificate authorities to OrangeHRM container
##
certificates:
## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add
## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain
## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret
## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate
## @param certificates.customCertificate.keyLocation Location in the container to store the private key
## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain
##
customCertificate:
certificateSecret: ""
chainSecret:
name: ""
key: ""
certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem
keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key
chainLocation: /etc/ssl/certs/mychain.pem
## @param certificates.customCAs Defines a list of secrets to import into the container trust store
##
customCAs: []
## @param certificates.command Override default container command (useful when using custom images)
##
command: []
## @param certificates.args Override default container args (useful when using custom images)
## e.g:
## - secret: custom-CA
## - secret: more-custom-CAs
##
args: []
## @param certificates.extraEnvVars Container sidecar extra environment variables
##
extraEnvVars: []
## @param certificates.extraEnvVarsCM ConfigMap with extra environment variables
##
extraEnvVarsCM: ""
## @param certificates.extraEnvVarsSecret Secret with extra environment variables
##
extraEnvVarsSecret: ""
## @param certificates.image.registry Container sidecar registry
## @param certificates.image.repository Container sidecar image repository
## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended)
## @param certificates.image.pullPolicy Container sidecar image pull policy
## @param certificates.image.pullSecrets Container sidecar image pull secrets
##
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 10-debian-10-r311
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section NetworkPolicy parameters
## Add networkpolicies
##
networkPolicy:
## @param networkPolicy.enabled Enable network policies
## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication
##
enabled: false
## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus)
## @param networkPolicy.metrics.namespaceSelector Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace.
## @param networkPolicy.metrics.podSelector Monitoring pod selector labels. These labels will be used to identify the Prometheus pods.
##
metrics:
enabled: false
## e.g:
## podSelector:
## label: monitoring
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: monitoring
##
namespaceSelector: {}
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
## @param networkPolicy.ingress.namespaceSelector Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
## @param networkPolicy.ingress.podSelector Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
##
ingress:
enabled: false
## e.g:
## podSelector:
## label: ingress
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb) only accessible by OrangeHRM's pods.
## @param networkPolicy.ingressRules.customBackendSelector Backend selector labels. These labels will be used to identify the backend pods.
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes OrangeHRM only accessible from a particular origin
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector Namespace selector label that is allowed to access OrangeHRM. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector Pods selector label that is allowed to access OrangeHRM. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.customRules Custom network policy ingress rule
##
ingressRules:
## mariadb backend only can be accessed from OrangeHRM
##
backendOnlyAccessibleByFrontend: false
customBackendSelector: {}
## Allow only from the indicated:
##
accessOnlyFrom:
enabled: false
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## custom ingress rules
## e.g:
## customRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules Custom network policy rule
##
egressRules:
## Deny connections to external. This is not compatible with an external database.
##
denyConnectionsToExternal: false
## Additional custom egress rules
## e.g:
## customRules:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}