Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-15 14:57:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/orangehrm] Major change: adapt ingress (#5000)

Browse Source 
* [bitnami/orangehrm] Major change: adapt ingress

* common
This commit is contained in:
Javier J. Salmerón-García
2021-01-15 15:57:45 +01:00
committed by GitHub
parent 9a447d728b
commit b8166c16cc
6 changed files with 138 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bitnami/orangehrm/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 9.2.0
version: 9.2.2
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.2.3
digest: sha256:549a524c7d9b4d6491346179242bcaf7182a0b21546e234155e5bffd1b71b6a4
generated: "2021-01-04T10:52:03.590020883Z"
version: 1.3.3
digest: sha256:34d28552f0d2c9283dcbd5066e338f40fcc43c16d19ea2308d92e468219f22db
generated: "2021-01-15T15:36:06.133553+01:00"

2
bitnami/orangehrm/Chart.yaml
View File

@@ -31,4 +31,4 @@ name: orangehrm
sources:
- https://github.com/bitnami/bitnami-docker-orangehrm
- https://www.orangehrm.com
version: 9.1.0
version: 10.0.0

115
bitnami/orangehrm/README.md
View File

@@ -73,6 +73,7 @@ The following table lists the configurable parameters of the OrangeHRM chart and
| `commonLabels` | Labels to add to all deployed objects | `nil` |
| `commonAnnotations` | Annotations to add to all deployed objects | `[]` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` |
### OrangeHRM parameters
@@ -133,31 +134,35 @@ The following table lists the configurable parameters of the OrangeHRM chart and
### Traffic Exposure Parameters
| Parameter | Description | Default |
|-------------------------------------------|-------------------------------------------------------------------------------|--------------------------------|
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.httpsPort` | Service HTTPS port | `443` |
| `service.httpsTargetPort` | Service Target HTTPS port | `https` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.nodePorts.https` | Kubernetes https node port | `""` |
| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `nil` |
| `service.clusterIP` | WordPress service clusterIP IP | `None` |
| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.annotations` | Service annotations | `{}` (evaluated as a template) |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hostname` | Default host for the ingress resource | `orangehrm.local` |
| `ingress.annotations` | Ingress annotations | `{}` (evaluated as a template) |
| `ingress.hosts[0].name` | Hostname to your OrangeHRM installation | `nil` |
| `ingress.hosts[0].path` | Path within the url structure | `nil` |
| `ingress.tls[0].hosts[0]` | TLS hosts | `nil` |
| `ingress.tls[0].secretName` | TLS Secret (certificates) | `nil` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
| Parameter | Description | Default |
|------------------------------------|-------------------------------------------------------------------------------|--------------------------------|
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.httpsPort` | Service HTTPS port | `443` |
| `service.httpsTargetPort` | Service Target HTTPS port | `https` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.nodePorts.https` | Kubernetes https node port | `""` |
| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `nil` |
| `service.clusterIP` | WordPress service clusterIP IP | `None` |
| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.annotations` | Service annotations | `{}` (evaluated as a template) |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hostname` | Default host for the ingress resource | `orangehrm.local` |
| `ingress.path` | Default path for the ingress resource | `/` |
| `ingress.tls` | Create TLS Secret | `false` |
| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) |
| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` |
| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` |
| `ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` |
| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` |
| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
### Database parameters
@@ -183,15 +188,15 @@ The following table lists the configurable parameters of the OrangeHRM chart and
### Volume Permissions parameters
| Parameter | Description | Default |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.resources` | Init container resource requests/limit | `nil` |
| Parameter | Description | Default |
|---------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.resources` | Init container resource requests/limit | `nil` |
### Metrics parameters
@@ -208,25 +213,25 @@ The following table lists the configurable parameters of the OrangeHRM chart and
### Certificate injection parameters
| Parameter | Description | Default |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` |
| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` |
| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` |
| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` |
| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` |
| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/chain.pem` |
| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` |
| `certificates.image.registry` | Container sidecar registry | `docker.io` |
| `certificates.image.repository` | Container sidecar image | `bitnami/minideb` |
| `certificates.image.tag` | Container sidecar image tag | `buster` |
| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` |
| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `image.pullSecrets` |
| `certificates.args` | Override default container args (useful when using custom images) | `nil` |
| `certificates.command` | Override default container command (useful when using custom images) | `nil` |
| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` |
| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` |
| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` |
| Parameter | Description | Default |
|------------------------------------------------------|----------------------------------------------------------------------|------------------------------------------|
| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` |
| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` |
| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` |
| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` |
| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` |
| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/chain.pem` |
| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` |
| `certificates.image.registry` | Container sidecar registry | `docker.io` |
| `certificates.image.repository` | Container sidecar image | `bitnami/minideb` |
| `certificates.image.tag` | Container sidecar image tag | `buster` |
| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` |
| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `image.pullSecrets` |
| `certificates.args` | Override default container args (useful when using custom images) | `nil` |
| `certificates.command` | Override default container command (useful when using custom images) | `nil` |
| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` |
| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` |
| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` |
The above parameters map to the env variables defined in [bitnami/orangehrm](http://github.com/bitnami/bitnami-docker-orangehrm). For more information please refer to the [bitnami/orangehrm](http://github.com/bitnami/bitnami-docker-orangehrm) image documentation.
@@ -373,6 +378,10 @@ Find more information about how to deal with common errors related to Bitnami
## Upgrading
### To 10.0.0
This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading.
### To 9.0.0
The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image was updated to support and enable the "non-root" user approach

8
bitnami/orangehrm/templates/NOTES.txt
View File

@@ -8,13 +8,9 @@
{{- if .Values.ingress.enabled }}
{{ if .Values.ingress.tls }}
{{- range .Values.ingress.hosts }}
- https://{{ . }}
{{- end }}
- https://{{ .Values.ingress.hostname }}
{{- else }}
{{- range .Values.ingress.hosts }}
- http://{{ . }}
{{- end }}
- https://{{ .Values.ingress.hostname }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})

37
bitnami/orangehrm/templates/ingress.yaml
View File

@@ -23,21 +23,34 @@ spec:
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: /
backend:
serviceName: "{{ include "common.names.fullname" $ }}"
servicePort: http
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: "{{ include "common.names.fullname" $ }}"
servicePort: http
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
tls:
{{- if .Values.ingress.tls }}
- hosts:
- {{ .Values.ingress.hostname }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.ingress.tls }}
tls: {{- toYaml .Values.ingress.tls | nindent 4 }}
{{- end }}
{{- end }}

56
bitnami/orangehrm/values.yaml
View File

@@ -31,6 +31,10 @@ image:
##
debug: false
## Force target Kubernetes version (using Helm capabilites if not set)
##
kubeVersion:
## String to partially override orangehrm.fullname template (will maintain the release name)
##
nameOverride:
@@ -256,6 +260,7 @@ service:
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
https: ""
@@ -283,38 +288,61 @@ ingress:
##
certManager: false
## Ingress Path type
##
pathType: ImplementationSpecific
## Override API Version (automatically detected if not set)
##
apiVersion:
## When the ingress is enabled, a host pointing to this will be created
##
hostname: orangehrm.local
## The Path to OrangeHRM. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
# kubernetes.io/ingress.class: nginx
## Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## hosts:
## extraHosts:
## - name: orangehrm.local
## path: /
##
hosts:
## The tls configuration for the ingress
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## tls:
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
## The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - orangehrm.local
## secretName: orangehrm.local-tls
##
tls:
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
@@ -325,13 +353,16 @@ ingress:
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
# - name: orangehrm.local-tls
# key:
# certificate:
secrets: []
## - name: orangehrm.local-tls
## key:
## certificate:
##
## Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: "None"
## Enable persistence using Persistent Volume Claims
@@ -474,6 +505,7 @@ containerSecurityContext:
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
##
livenessProbe:
enabled: true
path: /symfony/web/index.php