mirror of
https://github.com/bitnami/charts.git
synced 2026-02-15 15:57:15 +08:00
[bitnami/*] Drop support for deprecated cert-manager annotation (#7656)
* [bitnami/odoo] Deprecate ingress.certManager * [bitnami/ghost] Deprecate ingress.certManager * [bitnami/rabbitmq] Deprecate ingress.certManager * [bitnami/redmine] Deprecate ingress.certManager * [bitnami/kubeapps] Deprecate ingress.certManager * [bitnami/rabbitmq] Fix validation macro * [bitnami/*] Add the parameter name to the annotations example * [bitnami/*] Change cert-manager suggestion in ingress.tls documentation * [bitnami/rabbitmq] Change cert-manager suggestion in _helper.tpl validation macro
This commit is contained in:
Pablo Galego
@@ -33,4 +33,4 @@ name: ghost
|
||||
sources:
|
||||
- https://github.com/bitnami/bitnami-docker-ghost
|
||||
- http://www.ghost.org/
|
||||
version: 14.0.19
|
||||
version: 14.0.20
|
||||
|
||||
@@ -159,32 +159,31 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Ghost service type | `LoadBalancer` |
|
||||
| `service.port` | Ghost service HTTP port | `80` |
|
||||
| `service.httpsPort` | Ghost service HTTPS port | `443` |
|
||||
| `service.nodePorts.http` | Node port for HTTP | `""` |
|
||||
| `service.nodePorts.https` | Node port for HTTPS | `""` |
|
||||
| `service.clusterIP` | Ghost service Cluster IP | `""` |
|
||||
| `service.loadBalancerIP` | Ghost service Load Balancer IP | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Ghost service Load Balancer sources | `[]` |
|
||||
| `service.externalTrafficPolicy` | Ghost service external traffic policy | `Cluster` |
|
||||
| `service.annotations` | Additional custom annotations for Ghost service | `{}` |
|
||||
| `service.extraPorts` | Extra port to expose on Ghost service | `[]` |
|
||||
| `ingress.enabled` | Enable ingress record generation for Ghost | `false` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `ghost.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Ghost service type | `LoadBalancer` |
|
||||
| `service.port` | Ghost service HTTP port | `80` |
|
||||
| `service.httpsPort` | Ghost service HTTPS port | `443` |
|
||||
| `service.nodePorts.http` | Node port for HTTP | `""` |
|
||||
| `service.nodePorts.https` | Node port for HTTPS | `""` |
|
||||
| `service.clusterIP` | Ghost service Cluster IP | `""` |
|
||||
| `service.loadBalancerIP` | Ghost service Load Balancer IP | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Ghost service Load Balancer sources | `[]` |
|
||||
| `service.externalTrafficPolicy` | Ghost service external traffic policy | `Cluster` |
|
||||
| `service.annotations` | Additional custom annotations for Ghost service | `{}` |
|
||||
| `service.extraPorts` | Extra port to expose on Ghost service | `[]` |
|
||||
| `ingress.enabled` | Enable ingress record generation for Ghost | `false` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `ghost.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
|
||||
|
||||
### Persistence Parameters
|
||||
|
||||
@@ -146,3 +146,13 @@ ghost: database
|
||||
externalDatabase.port=DB_SERVER_PORT
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
|
||||
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
*/}}
|
||||
{{- define "ghost.ingress.certManagerRequest" -}}
|
||||
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -46,9 +46,9 @@ spec:
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" (ternary "https" "http" $.Values.ghostEnableHttps) "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
{{- if or (and .Values.ingress.tls (or (include "ghost.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
|
||||
{{- if and .Values.ingress.tls (or (include "ghost.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
||||
|
||||
@@ -388,21 +388,30 @@ ingress:
|
||||
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
||||
##
|
||||
path: /
|
||||
## @param ingress.annotations Additional custom annotations for the ingress record
|
||||
## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
|
||||
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
|
||||
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
||||
## You can:
|
||||
## - Use the `ingress.secrets` parameter to create this TLS secret
|
||||
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
|
||||
## - Relay on cert-manager to create it by setting the corresponding annotations
|
||||
## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
||||
##
|
||||
tls: false
|
||||
## @param ingress.certManager Add the corresponding annotations for cert-manager integration
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: false
|
||||
##
|
||||
certManager: false
|
||||
|
||||
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
||||
##
|
||||
selfSigned: false
|
||||
|
||||
@@ -33,4 +33,4 @@ maintainers:
|
||||
name: kubeapps
|
||||
sources:
|
||||
- https://github.com/kubeapps/kubeapps
|
||||
version: 7.5.2
|
||||
version: 7.5.3
|
||||
|
||||
@@ -80,21 +80,20 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.certManager` | Set up the cert-manager integration | `{}` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| Name | Description | Value |
|
||||
| --------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
|
||||
|
||||
### Frontend parameters
|
||||
|
||||
@@ -186,6 +186,17 @@ Return the Redis secret name
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
|
||||
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
*/}}
|
||||
{{- define "kubeapps.ingress.certManagerRequest" -}}
|
||||
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
*/}}
|
||||
@@ -204,14 +215,14 @@ Compile all warnings into a single message, and call fail.
|
||||
Validate values of Kubeapps - TLS configuration for Ingress
|
||||
*/}}
|
||||
{{- define "kubeapps.validateValues.ingress.tls" -}}
|
||||
{{- if and .Values.ingress.enabled .Values.ingress.tls (not .Values.ingress.certManager) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }}
|
||||
{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "kubeapps.ingress.certManagerRequest" .Values.ingress.annotations)) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }}
|
||||
kubeapps: ingress.tls
|
||||
You enabled the TLS configuration for the default ingress hostname but
|
||||
you did not enable any of the available mechanisms to create the TLS secret
|
||||
to be used by the Ingress Controller.
|
||||
Please use any of these alternatives:
|
||||
- Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates.
|
||||
- Relay on cert-manager to create it by configuring `ingress.certManager.clusterIssuer`
|
||||
- Relay on cert-manager to create it by adding its supported annotations in `ingress.annotations`
|
||||
- Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -9,6 +9,7 @@ metadata:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if .Values.ingress.certManager }}
|
||||
{{- if .Values.ingress.certManager.clusterIssuer }}
|
||||
cert-manager.io/cluster-issuer: {{ .Values.ingress.certManager.clusterIssuer }}
|
||||
{{- end }}
|
||||
@@ -18,6 +19,7 @@ metadata:
|
||||
{{- if .Values.ingress.certManager.commonName }}
|
||||
cert-manager.io/common-name: {{ .Values.ingress.certManager.commonName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.annotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" . ) | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -49,9 +51,9 @@ spec:
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
{{- if or (and .Values.ingress.tls (or (include "kubeapps.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
|
||||
{{- if and .Values.ingress.tls (or (include "kubeapps.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
||||
|
||||
@@ -67,15 +67,6 @@
|
||||
"path": "ingress/enabled"
|
||||
}
|
||||
},
|
||||
"certManager": {
|
||||
"type": "object",
|
||||
"form": true,
|
||||
"title": "Use cert-manager to auto-generate the TLS certificate",
|
||||
"description": "Add the corresponding annotations for cert-manager to auto-generate the TLS certificate",
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "ingress/enabled"
|
||||
},
|
||||
"properties": {
|
||||
"clusterIssuer": {
|
||||
"type": "string",
|
||||
|
||||
@@ -62,8 +62,16 @@ ingress:
|
||||
## @param ingress.pathType Ingress path type
|
||||
##
|
||||
pathType: ImplementationSpecific
|
||||
## @param ingress.annotations [object] Additional custom annotations for the ingress record
|
||||
## NOTE: The `ingress.certManager` values are intended to be used for managing the cert-manager annotations
|
||||
## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
@@ -71,18 +79,14 @@ ingress:
|
||||
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
||||
## You can:
|
||||
## - Use the `ingress.secrets` parameter to create this TLS secret
|
||||
## - Relay on cert-manager to create it by configuring `ingress.certManager.clusterIssuer`
|
||||
## - Relay on cert-manager to create it by setting the corresponding annotations
|
||||
## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
||||
##
|
||||
tls: false
|
||||
## @param ingress.certManager Set up the cert-manager integration
|
||||
## For more information, see: https://cert-manager.io/docs/usage/ingress/#optional-configuration
|
||||
## e.g.:
|
||||
## certManager:
|
||||
## clusterIssuer:
|
||||
## httpIngressClass:
|
||||
## commonName:
|
||||
certManager: {}
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: {}
|
||||
##
|
||||
|
||||
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
||||
##
|
||||
selfSigned: false
|
||||
|
||||
@@ -27,4 +27,4 @@ name: odoo
|
||||
sources:
|
||||
- https://github.com/bitnami/bitnami-docker-odoo
|
||||
- https://www.odoo.com/
|
||||
version: 19.0.8
|
||||
version: 19.0.9
|
||||
|
||||
@@ -158,30 +158,29 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Odoo service type | `LoadBalancer` |
|
||||
| `service.port` | Odoo service HTTP port | `80` |
|
||||
| `service.nodePort` | Node port for HTTP | `""` |
|
||||
| `service.clusterIP` | Odoo service Cluster IP | `""` |
|
||||
| `service.loadBalancerIP` | Odoo service Load Balancer IP | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Odoo service Load Balancer sources | `[]` |
|
||||
| `service.externalTrafficPolicy` | Odoo service external traffic policy | `Cluster` |
|
||||
| `service.annotations` | Additional custom annotations for Odoo service | `{}` |
|
||||
| `service.extraPorts` | Extra port to expose on Odoo service | `[]` |
|
||||
| `ingress.enabled` | Enable ingress record generation for Odoo | `false` |
|
||||
| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `odoo.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Odoo service type | `LoadBalancer` |
|
||||
| `service.port` | Odoo service HTTP port | `80` |
|
||||
| `service.nodePort` | Node port for HTTP | `""` |
|
||||
| `service.clusterIP` | Odoo service Cluster IP | `""` |
|
||||
| `service.loadBalancerIP` | Odoo service Load Balancer IP | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Odoo service Load Balancer sources | `[]` |
|
||||
| `service.externalTrafficPolicy` | Odoo service external traffic policy | `Cluster` |
|
||||
| `service.annotations` | Additional custom annotations for Odoo service | `{}` |
|
||||
| `service.extraPorts` | Extra port to expose on Odoo service | `[]` |
|
||||
| `ingress.enabled` | Enable ingress record generation for Odoo | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `odoo.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
|
||||
|
||||
### Persistence Parameters
|
||||
|
||||
@@ -135,3 +135,13 @@ Return the SMTP Secret Name
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
|
||||
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
*/}}
|
||||
{{- define "odoo.ingress.certManagerRequest" -}}
|
||||
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -45,9 +45,9 @@ spec:
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "odoo.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
{{- if or (and .Values.ingress.tls (or (include "odoo.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
|
||||
{{- if and .Values.ingress.tls (or (include "odoo.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
||||
|
||||
@@ -389,9 +389,10 @@ ingress:
|
||||
## @param ingress.enabled Enable ingress record generation for Odoo
|
||||
##
|
||||
enabled: false
|
||||
## @param ingress.certManager Add the corresponding annotations for cert-manager integration
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: false
|
||||
##
|
||||
certManager: false
|
||||
|
||||
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
||||
##
|
||||
selfSigned: false
|
||||
@@ -408,15 +409,23 @@ ingress:
|
||||
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
||||
##
|
||||
path: /
|
||||
## @param ingress.annotations Additional custom annotations for the ingress record
|
||||
## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
|
||||
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
|
||||
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
||||
## You can:
|
||||
## - Use the `ingress.secrets` parameter to create this TLS secret
|
||||
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
|
||||
## - Relay on cert-manager to create it by setting the corresponding annotations
|
||||
## - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
|
||||
##
|
||||
tls: false
|
||||
|
||||
@@ -23,4 +23,4 @@ name: rabbitmq
|
||||
sources:
|
||||
- https://github.com/bitnami/bitnami-docker-rabbitmq
|
||||
- https://www.rabbitmq.com
|
||||
version: 8.22.3
|
||||
version: 8.22.4
|
||||
|
||||
@@ -205,51 +205,50 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Exposure parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `service.portEnabled` | Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. | `true` |
|
||||
| `service.port` | Amqp port | `5672` |
|
||||
| `service.portName` | Amqp service port name | `amqp` |
|
||||
| `service.tlsPort` | Amqp TLS port | `5671` |
|
||||
| `service.tlsPortName` | Amqp TLS service port name | `amqp-ssl` |
|
||||
| `service.nodePort` | Node port override for `amqp` port, if serviceType is `NodePort` or `LoadBalancer` | `""` |
|
||||
| `service.tlsNodePort` | Node port override for `amqp-ssl` port, if serviceType is `NodePort` or `LoadBalancer` | `""` |
|
||||
| `service.distPort` | Erlang distribution server port | `25672` |
|
||||
| `service.distPortName` | Erlang distribution service port name | `dist` |
|
||||
| `service.distNodePort` | Node port override for `dist` port, if serviceType is `NodePort` | `""` |
|
||||
| `service.managerPortEnabled` | RabbitMQ Manager port | `true` |
|
||||
| `service.managerPort` | RabbitMQ Manager port | `15672` |
|
||||
| `service.managerPortName` | RabbitMQ Manager service port name | `http-stats` |
|
||||
| `service.managerNodePort` | Node port override for `http-stats` port, if serviceType `NodePort` | `""` |
|
||||
| `service.metricsPort` | RabbitMQ Prometheues metrics port | `9419` |
|
||||
| `service.metricsPortName` | RabbitMQ Prometheues metrics service port name | `metrics` |
|
||||
| `service.metricsNodePort` | Node port override for `metrics` port, if serviceType is `NodePort` | `""` |
|
||||
| `service.epmdNodePort` | Node port override for `epmd` port, if serviceType is `NodePort` | `""` |
|
||||
| `service.epmdPortName` | EPMD Discovery service port name | `epmd` |
|
||||
| `service.extraPorts` | Extra ports to expose in the service | `[]` |
|
||||
| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is `LoadBalancer` | `[]` |
|
||||
| `service.externalIPs` | Set the ExternalIPs | `[]` |
|
||||
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `service.loadBalancerIP` | Set the LoadBalancerIP | `""` |
|
||||
| `service.labels` | Service labels. Evaluated as a template | `{}` |
|
||||
| `service.annotations` | Service annotations. Evaluated as a template | `{}` |
|
||||
| `service.annotationsHeadless` | Headless Service annotations. Evaluated as a template | `{}` |
|
||||
| `ingress.enabled` | Enable ingress resource for Management console | `false` |
|
||||
| `ingress.path` | Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.hostname` | Default host for the ingress resource | `rabbitmq.local` |
|
||||
| `ingress.annotations` | Ingress annotations | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` |
|
||||
| `ingress.selfSigned` | Set this to true in order to create a TLS secret for this ingress record | `false` |
|
||||
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `networkPolicy.additionalRules` | Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `service.portEnabled` | Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. | `true` |
|
||||
| `service.port` | Amqp port | `5672` |
|
||||
| `service.portName` | Amqp service port name | `amqp` |
|
||||
| `service.tlsPort` | Amqp TLS port | `5671` |
|
||||
| `service.tlsPortName` | Amqp TLS service port name | `amqp-ssl` |
|
||||
| `service.nodePort` | Node port override for `amqp` port, if serviceType is `NodePort` or `LoadBalancer` | `""` |
|
||||
| `service.tlsNodePort` | Node port override for `amqp-ssl` port, if serviceType is `NodePort` or `LoadBalancer` | `""` |
|
||||
| `service.distPort` | Erlang distribution server port | `25672` |
|
||||
| `service.distPortName` | Erlang distribution service port name | `dist` |
|
||||
| `service.distNodePort` | Node port override for `dist` port, if serviceType is `NodePort` | `""` |
|
||||
| `service.managerPortEnabled` | RabbitMQ Manager port | `true` |
|
||||
| `service.managerPort` | RabbitMQ Manager port | `15672` |
|
||||
| `service.managerPortName` | RabbitMQ Manager service port name | `http-stats` |
|
||||
| `service.managerNodePort` | Node port override for `http-stats` port, if serviceType `NodePort` | `""` |
|
||||
| `service.metricsPort` | RabbitMQ Prometheues metrics port | `9419` |
|
||||
| `service.metricsPortName` | RabbitMQ Prometheues metrics service port name | `metrics` |
|
||||
| `service.metricsNodePort` | Node port override for `metrics` port, if serviceType is `NodePort` | `""` |
|
||||
| `service.epmdNodePort` | Node port override for `epmd` port, if serviceType is `NodePort` | `""` |
|
||||
| `service.epmdPortName` | EPMD Discovery service port name | `epmd` |
|
||||
| `service.extraPorts` | Extra ports to expose in the service | `[]` |
|
||||
| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is `LoadBalancer` | `[]` |
|
||||
| `service.externalIPs` | Set the ExternalIPs | `[]` |
|
||||
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `service.loadBalancerIP` | Set the LoadBalancerIP | `""` |
|
||||
| `service.labels` | Service labels. Evaluated as a template | `{}` |
|
||||
| `service.annotations` | Service annotations. Evaluated as a template | `{}` |
|
||||
| `service.annotationsHeadless` | Headless Service annotations. Evaluated as a template | `{}` |
|
||||
| `ingress.enabled` | Enable ingress resource for Management console | `false` |
|
||||
| `ingress.path` | Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.hostname` | Default host for the ingress resource | `rabbitmq.local` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.selfSigned` | Set this to true in order to create a TLS secret for this ingress record | `false` |
|
||||
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `networkPolicy.additionalRules` | Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | `[]` |
|
||||
|
||||
|
||||
### Metrics Parameters
|
||||
|
||||
@@ -151,6 +151,16 @@ Usage:
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
|
||||
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
*/}}
|
||||
{{- define "rabbitmq.ingress.certManagerRequest" -}}
|
||||
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
*/}}
|
||||
@@ -220,14 +230,14 @@ rabbitmq: memoryHighWatermark
|
||||
Validate values of rabbitmq - TLS configuration for Ingress
|
||||
*/}}
|
||||
{{- define "rabbitmq.validateValues.ingress.tls" -}}
|
||||
{{- if and .Values.ingress.enabled .Values.ingress.tls (not .Values.ingress.certManager) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }}
|
||||
{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations)) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }}
|
||||
rabbitmq: ingress.tls
|
||||
You enabled the TLS configuration for the default ingress hostname but
|
||||
you did not enable any of the available mechanisms to create the TLS secret
|
||||
to be used by the Ingress Controller.
|
||||
Please use any of these alternatives:
|
||||
- Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates.
|
||||
- Relay on cert-manager to create it by setting `ingress.certManager=true`
|
||||
- Relay on cert-manager to create it by setting the corresponding annotations
|
||||
- Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -43,9 +43,9 @@ spec:
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http-stats" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
{{- if or (and .Values.ingress.tls (or (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
|
||||
{{- if and .Values.ingress.tls (or (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
||||
|
||||
@@ -869,11 +869,16 @@ ingress:
|
||||
##
|
||||
hostname: rabbitmq.local
|
||||
|
||||
## @param ingress.annotations Ingress annotations
|
||||
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
|
||||
@@ -881,15 +886,14 @@ ingress:
|
||||
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
|
||||
## You can:
|
||||
## - Use the `ingress.secrets` parameter to create this TLS secret
|
||||
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
|
||||
## - Relay on cert-manager to create it by setting the corresponding annotations
|
||||
## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
||||
##
|
||||
tls: false
|
||||
|
||||
## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager
|
||||
## to generate a TLS secret for the ingress record
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: false
|
||||
##
|
||||
certManager: false
|
||||
|
||||
## @param ingress.selfSigned Set this to true in order to create a TLS secret for this ingress record
|
||||
## using self-signed certificates generated by Helm
|
||||
|
||||
@@ -36,4 +36,4 @@ name: redmine
|
||||
sources:
|
||||
- https://github.com/bitnami/bitnami-docker-redmine
|
||||
- http://www.redmine.org/
|
||||
version: 17.0.8
|
||||
version: 17.0.9
|
||||
|
||||
@@ -167,30 +167,29 @@ helm install my-release bitnami/redmine --set databaseType=postgresql
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Redmine service type | `LoadBalancer` |
|
||||
| `service.port` | Redmine service HTTP port | `80` |
|
||||
| `service.nodePort` | Node port for HTTP | `""` |
|
||||
| `service.clusterIP` | Redmine service Cluster IP | `""` |
|
||||
| `service.loadBalancerIP` | Redmine service Load Balancer IP | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Redmine service Load Balancer sources | `[]` |
|
||||
| `service.externalTrafficPolicy` | Redmine service external traffic policy | `Cluster` |
|
||||
| `service.annotations` | Additional custom annotations for Redmine service | `{}` |
|
||||
| `service.extraPorts` | Extra port to expose on Redmine service | `[]` |
|
||||
| `ingress.enabled` | Enable ingress record generation for Redmine | `false` |
|
||||
| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `redmine.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `service.type` | Redmine service type | `LoadBalancer` |
|
||||
| `service.port` | Redmine service HTTP port | `80` |
|
||||
| `service.nodePort` | Node port for HTTP | `""` |
|
||||
| `service.clusterIP` | Redmine service Cluster IP | `""` |
|
||||
| `service.loadBalancerIP` | Redmine service Load Balancer IP | `""` |
|
||||
| `service.loadBalancerSourceRanges` | Redmine service Load Balancer sources | `[]` |
|
||||
| `service.externalTrafficPolicy` | Redmine service external traffic policy | `Cluster` |
|
||||
| `service.annotations` | Additional custom annotations for Redmine service | `{}` |
|
||||
| `service.extraPorts` | Extra port to expose on Redmine service | `[]` |
|
||||
| `ingress.enabled` | Enable ingress record generation for Redmine | `false` |
|
||||
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `ingress.hostname` | Default host for the ingress record | `redmine.local` |
|
||||
| `ingress.path` | Default path for the ingress record | `/` |
|
||||
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
|
||||
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
|
||||
|
||||
### Persistence Parameters
|
||||
|
||||
@@ -168,3 +168,13 @@ Return the name of the database secret with its credentials
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
|
||||
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
*/}}
|
||||
{{- define "redmine.ingress.certManagerRequest" -}}
|
||||
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -45,9 +45,9 @@ spec:
|
||||
{{- end }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
{{- if or (and .Values.ingress.tls (or (include "redmine.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
|
||||
{{- if and .Values.ingress.tls (or (include "redmine.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostname | quote }}
|
||||
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
||||
|
||||
@@ -72,16 +72,6 @@
|
||||
"value": false,
|
||||
"path": "ingress/enabled"
|
||||
}
|
||||
},
|
||||
"certManager": {
|
||||
"type": "boolean",
|
||||
"form": true,
|
||||
"title": "Use cert-manager to auto-generate the TLS certificate",
|
||||
"description": "Add the corresponding annotations for cert-manager to auto-generate the TLS certificate",
|
||||
"hidden": {
|
||||
"value": false,
|
||||
"path": "ingress/enabled"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
@@ -393,9 +393,10 @@ ingress:
|
||||
## @param ingress.enabled Enable ingress record generation for Redmine
|
||||
##
|
||||
enabled: false
|
||||
## @param ingress.certManager Add the corresponding annotations for cert-manager integration
|
||||
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
|
||||
## certManager: false
|
||||
##
|
||||
certManager: false
|
||||
|
||||
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
||||
##
|
||||
selfSigned: false
|
||||
@@ -412,15 +413,23 @@ ingress:
|
||||
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
||||
##
|
||||
path: /
|
||||
## @param ingress.annotations Additional custom annotations for the ingress record
|
||||
## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
|
||||
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## For a full list of possible ingress annotations, please see
|
||||
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
##
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
|
||||
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
||||
## You can:
|
||||
## - Use the `ingress.secrets` parameter to create this TLS secret
|
||||
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
|
||||
## - Relay on cert-manager to create it by setting the corresponding annotations
|
||||
## - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
|
||||
##
|
||||
tls: false
|
||||
|
||||
Reference in New Issue
Block a user