mirror of
https://github.com/bitnami/charts.git
synced 2026-03-11 15:37:20 +08:00
Change tomcat
This commit is contained in:
tompizmor
@@ -1,6 +1,6 @@
|
||||
apiVersion: v1
|
||||
name: tomcat
|
||||
version: 4.0.0
|
||||
version: 4.1.0
|
||||
appVersion: 9.0.22
|
||||
description: Chart for Apache Tomcat
|
||||
keywords:
|
||||
|
||||
@@ -45,33 +45,39 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
The following tables lists the configurable parameters of the Tomcat chart and their default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|---------------------------------|----------------------------------------------|---------------------------------------------------------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `nil` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods)|
|
||||
| `image.registry` | Tomcat image registry | `docker.io` |
|
||||
| `image.repository` | Tomcat Image name | `bitnami/tomcat` |
|
||||
| `image.tag` | Tomcat Image tag | `{TAG_NAME}` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
|
||||
| `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` |
|
||||
| `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` |
|
||||
| `tomcatUsername` | Tomcat admin user | `user` |
|
||||
| `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ |
|
||||
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) |
|
||||
| `securityContext.enabled` | Enable security context | `true` |
|
||||
| `securityContext.fsGroup` | Group ID for the container | `1001` |
|
||||
| `securityContext.runAsUser` | User ID for the container | `1001` |
|
||||
| `service.type` | Kubernetes Service type | `LoadBalancer` |
|
||||
| `service.port` | Service HTTP port | `80` |
|
||||
| `service.nodePorts.http` | Kubernetes http node port | `""` |
|
||||
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `service.loadBalancerIP` | LoadBalancer service IP address | `""` |
|
||||
| `persistence.enabled` | Enable persistence using PVC | `true` |
|
||||
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) |
|
||||
| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` |
|
||||
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
|
||||
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
|
||||
| Parameter | Description | Default |
|
||||
| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `nil` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
|
||||
| `image.registry` | Tomcat image registry | `docker.io` |
|
||||
| `image.repository` | Tomcat Image name | `bitnami/tomcat` |
|
||||
| `image.tag` | Tomcat Image tag | `{TAG_NAME}` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
|
||||
| `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` |
|
||||
| `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` |
|
||||
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
|
||||
| `volumePermissions.resources` | Init container resource requests/limit | `nil` |
|
||||
| `tomcatUsername` | Tomcat admin user | `user` |
|
||||
| `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ |
|
||||
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) |
|
||||
| `securityContext.enabled` | Enable security context | `true` |
|
||||
| `securityContext.fsGroup` | Group ID for the container | `1001` |
|
||||
| `securityContext.runAsUser` | User ID for the container | `1001` |
|
||||
| `service.type` | Kubernetes Service type | `LoadBalancer` |
|
||||
| `service.port` | Service HTTP port | `80` |
|
||||
| `service.nodePorts.http` | Kubernetes http node port | `""` |
|
||||
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `service.loadBalancerIP` | LoadBalancer service IP address | `""` |
|
||||
| `persistence.enabled` | Enable persistence using PVC | `true` |
|
||||
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) |
|
||||
| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` |
|
||||
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
|
||||
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
|
||||
|
||||
The above parameters map to the env variables defined in [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat). For more information please refer to the [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat) image documentation.
|
||||
|
||||
@@ -105,6 +111,15 @@ The [Bitnami Tomcat](https://github.com/bitnami/bitnami-docker-tomcat) image sto
|
||||
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
|
||||
See the [Configuration](#configuration) section to configure the PVC or to disable persistence.
|
||||
|
||||
### Adjust permissions of persistent volume mountpoint
|
||||
|
||||
As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it.
|
||||
|
||||
By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions.
|
||||
As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination.
|
||||
|
||||
You can enable this initContainer by setting `volumePermissions.enabled` to `true`.
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 2.1.0
|
||||
|
||||
@@ -61,16 +61,45 @@ imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- else if .Values.image.pullSecrets }}
|
||||
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- range .Values.volumePermissions.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- else if .Values.image.pullSecrets }}
|
||||
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- range .Values.volumePermissions.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the init container volume-permissions image)
|
||||
*/}}
|
||||
{{- define "tomcat.volumePermissions.image" -}}
|
||||
{{- $registryName := .Values.volumePermissions.image.registry -}}
|
||||
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
|
||||
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
|
||||
{{/*
|
||||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
|
||||
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
|
||||
Also, we can't use a single if because lazy evaluation is not an option
|
||||
*/}}
|
||||
{{- if .Values.global }}
|
||||
{{- if .Values.global.imageRegistry }}
|
||||
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -25,6 +25,19 @@ spec:
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
{{- end}}
|
||||
{{- include "tomcat.imagePullSecrets" . | indent 6 }}
|
||||
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
|
||||
initContainers:
|
||||
- name: volume-permissions
|
||||
image: "{{ template "tomcat.volumePermissions.image" . }}"
|
||||
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "/bitnami/tomcat"]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 -}}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /bitnami/tomcat
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: tomcat
|
||||
image: "{{ template "tomcat.image" . }}"
|
||||
@@ -59,10 +72,10 @@ spec:
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 10 }}
|
||||
volumeMounts:
|
||||
- name: tomcat-data
|
||||
- name: data
|
||||
mountPath: /bitnami/tomcat
|
||||
volumes:
|
||||
- name: tomcat-data
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "tomcat.fullname" . }}
|
||||
|
||||
@@ -34,6 +34,24 @@ image:
|
||||
##
|
||||
# fullnameOverride:
|
||||
|
||||
## Init containers parameters:
|
||||
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
|
||||
##
|
||||
volumePermissions:
|
||||
enabled: false
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/minideb
|
||||
tag: latest
|
||||
pullPolicy: Always
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
##
|
||||
# pullSecrets:
|
||||
# - myRegistryKeySecretName
|
||||
resources: {}
|
||||
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
|
||||
Reference in New Issue
Block a user