Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-27 15:27:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/*] docs: 📝 Add "Update Credentials" (batch 2) (#30687)

Browse Source 
Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>
This commit is contained in:
Javier J. Salmerón García
2024-11-29 16:58:59 +01:00
committed by GitHub
parent 0c54dae262
commit c457848b2a
14 changed files with 134 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bitnami/ghost/README.md
View File

@@ -72,6 +72,17 @@ externalDatabase.database=mydatabase
externalDatabase.port=3306
```
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://ghost.org/help/how-do-i-reset-my-password/)
- Update the password secret with the new values (replace the SECRET_NAME, PASSWORD and SMTP_PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=ghost-password=PASSWORD --from-literal=smtp-password=SMTP_PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Configure Ingress
This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`.

11
bitnami/gitea/README.md
View File

@@ -76,6 +76,17 @@ If you configure the `image` value to one in a private registry, you will need t
3. Install the chart
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://docs.gitea.com/administration/command-line#admin)
- Update the password secret with the new values (replace the SECRET_NAME, PASSWORD and SMTP_PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=admin-password=PASSWORD --from-literal=smtp-password=SMTP_PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).

7
bitnami/grafana/README.md
View File

@@ -134,6 +134,13 @@ Bitnami charts allow setting resource requests and limits for all containers ins
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Update credentials
The Bitnami Redis chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `auth.existingSecret`. To update credentials, use one of the following:
- Run `helm upgrade` specifying a new password in `admin.password`
- Run `helm upgrade` specifying a new secret in `admin.existingSecret`
### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

11
bitnami/influxdb/README.md
View File

@@ -51,6 +51,17 @@ Bitnami charts allow setting resource requests and limits for all containers ins
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://docs.influxdata.com/influxdb/v2/admin/users/change-password/)
- Update the password secret with the new values (replace the SECRET_NAME, ADMIN_PASSWORD and ADMIN_USER_TOKEN placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=admin-user-password=PASSWORD --from-literal=admin-user-token=ADMIN_USER_TOKEN --dry-run -o yaml | kubectl apply -f -
```
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will expose the InfluxDB native Prometheus endpoint. Additionally, it will deploy a `metrics` service, which can be configured under the `metrics.service` section. This `metrics` service will have the necessary annotations to be automatically scraped by Prometheus.

11
bitnami/jenkins/README.md
View File

@@ -57,6 +57,17 @@ It is strongly recommended to use immutable tags in a production environment. Th
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://www.jenkins.io/doc/book/system-administration/admin-password-reset-instructions/)
- Update the password secret with the new values (replace the SECRET_NAME and PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=jenkins-password=PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Configure Ingress
This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`.

7
bitnami/jupyterhub/README.md
View File

@@ -213,6 +213,13 @@ When deploying, you will need to sign up to set the password for the `test`` use
For more information on Authenticators, check the [official JupyterHub documentation](https://jupyterhub.readthedocs.io/en/stable/getting-started/authenticators-users-basics.html).
### Update credentials
The Bitnami Jupyterhub chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `hub.existingSecret`. To update credentials, use one of the following:
- Run `helm upgrade` specifying a new password in `hub.configuration` in the proper [authentication section](#configure-authentication)
- Run `helm upgrade` specifying a new secret in `hub.existingSecret`
### Configure the Single User instances
As explained in this [section](#understand-the-default-configuration), the Hub is responsible for deploying the Single User instances. The configuration of these instances is passed to the Hub instance via the `hub.configuration` chart parameter.

7
bitnami/kafka/README.md
View File

@@ -172,6 +172,13 @@ By setting the following parameter: `listeners.client.protocol=SSL` and `listene
As result, we will be able to see in kafka-authorizer.log the events specific Subject: `[...] Principal = User:CN=kafka,OU=...,O=...,L=...,C=..,ST=... is [...]`.
### Update credentials
The Bitnami Kafka chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `sasl.existingSecret`. To update credentials, use one of the following:
- Run `helm upgrade` specifying new credentials in the `sasl` section as explained in the [authentication section](#enable-security-for-kafka-and-zookeeper).
- Run `helm upgrade` specifying a new secret in `sasl.existingSecret`
### Accessing Kafka brokers from outside the cluster
In order to access Kafka Brokers from outside the cluster, an additional listener and advertised listener must be configured. Additionally, a specific service per kafka pod will be created.

11
bitnami/keycloak/README.md
View File

@@ -75,6 +75,17 @@ It is strongly recommended to use immutable tags in a production environment. Th
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://www.keycloak.org/server/configuration)
- Update the password secret with the new values (replace the SECRET_NAME and PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=admin-password=PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Use an external database
Sometimes, you may want to have Keycloak connect to an external PostgreSQL database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. Here is an example:

11
bitnami/kibana/README.md
View File

@@ -59,6 +59,17 @@ It is strongly recommended to use immutable tags in a production environment. Th
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password in Elasticsearch following [the upstream documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/reset-password.html)
- Update the password secret with the new values (replace the SECRET_NAME and PASSWORD)
```shell
kubectl create secret generic SECRET_NAME --from-literal=kibana-password=PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will expose Kibana native Prometheus endpoint in the service. It will have the necessary annotations to be automatically scraped by Prometheus.

11
bitnami/mariadb-galera/README.md
View File

@@ -79,6 +79,17 @@ Bitnami charts allow setting resource requests and limits for all containers ins
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://mariadb.com/kb/en/set-password/)
- Update the password secret with the new values (replace the SECRET_NAME, PASSWORD, ROOT_PASSWORD and BACKUP_PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=mariadb-root-password=ROOT_PASSWORD --from-literal=mariadb-password=PASSWORD --from-literal=mariadb-galera-mariabackup-password=BACKUP_PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will deploy a sidecar container with [mysqld_exporter](https://github.com/prometheus/mysqld_exporter) in all pods and will expose it via a `metrics` service configurable under the `metrics.service` section. This service will have the necessary annotations to be automatically scraped by Prometheus.

7
bitnami/mastodon/README.md
View File

@@ -58,6 +58,13 @@ It is strongly recommended to use immutable tags in a production environment. Th
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://docs.joinmastodon.org/user/contacts/)
- Run `helm upgrade` setting the `adminPassword` or `existingSecret` values.
### External database support
You may want to have Mastodon connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MongoDB installation with the `postgresql.enabled` option. Here is an example:

11
bitnami/matomo/README.md
View File

@@ -53,6 +53,17 @@ Bitnami charts allow setting resource requests and limits for all containers ins
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://matomo.org/faq/how-to/faq_139/)
- Update the password secret with the new values (replace the SECRET_NAME, PASSWORD and SMTP_PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=matomo-password=PASSWORD --from-literal=smtp-password=SMTP_PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will deploy a sidecar container with [apache-exporter](https://github.com/Lusitaniae/apache_exporter) in all pods and a `metrics` service, which can be configured under the `metrics.service` section. This `metrics` service will have the necessary annotations to be automatically scraped by Prometheus.

7
bitnami/memcached/README.md
View File

@@ -73,6 +73,13 @@ It is strongly recommended to use immutable tags in a production environment. Th
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Update credentials
The Bitnami Memcached chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `auth.existingPasswordSecret`. To update credentials, use one of the following:
- Run `helm upgrade` specifying a new password in `auth.password`
- Run `helm upgrade` specifying a new secret in `auth.existingPasswordSecret`
### Use Sidecars and Init Containers
If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter.

11
bitnami/minio/README.md
View File

@@ -50,6 +50,17 @@ Bitnami charts allow setting resource requests and limits for all containers ins
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Update credentials
Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:
- Update the user password following [the upstream documentation](https://min.io/docs/minio/linux/administration/identity-access-management/minio-user-management.html)
- Update the password secret with the new values (replace the SECRET_NAME, USER and PASSWORD placeholders)
```shell
kubectl create secret generic SECRET_NAME --from-literal=root-user=USER --from-literal=root-password=PASSWORD --dry-run -o yaml | kubectl apply -f -
```
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will expose MinIO(TM) native Prometheus endpoint in the service. It will have the necessary annotations to be automatically scraped by Prometheus.