Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-15 06:47:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Change tomcat

Browse Source
This commit is contained in:
tompizmor
2019-07-22 13:50:48 +02:00
parent b11edd4a35
commit cbc2d88dcf
5 changed files with 107 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/tomcat/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
name: tomcat name: tomcat
version: 4.0.0 version: 4.1.0
appVersion: 9.0.22 appVersion: 9.0.22
description: Chart for Apache Tomcat description: Chart for Apache Tomcat
keywords: keywords:

69
bitnami/tomcat/README.md
View File

@@ -45,33 +45,39 @@ The command removes all the Kubernetes components associated with the chart and
The following tables lists the configurable parameters of the Tomcat chart and their default values. The following tables lists the configurable parameters of the Tomcat chart and their default values.
| Parameter | Description | Default | | Parameter | Description | Default |
|---------------------------------|----------------------------------------------|---------------------------------------------------------- | | ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
| `global.imageRegistry` | Global Docker image registry | `nil` | | `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods)| | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `image.registry` | Tomcat image registry | `docker.io` | | `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat Image name | `bitnami/tomcat` | | `image.repository` | Tomcat Image name | `bitnami/tomcat` |
| `image.tag` | Tomcat Image tag | `{TAG_NAME}` | | `image.tag` | Tomcat Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` | | `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` | | `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` |
| `tomcatUsername` | Tomcat admin user | `user` | | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `securityContext.enabled` | Enable security context | `true` | | `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` |
| `securityContext.fsGroup` | Group ID for the container | `1001` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `securityContext.runAsUser` | User ID for the container | `1001` | | `volumePermissions.resources` | Init container resource requests/limit | `nil` |
| `service.type` | Kubernetes Service type | `LoadBalancer` | | `tomcatUsername` | Tomcat admin user | `user` |
| `service.port` | Service HTTP port | `80` | | `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ |
| `service.nodePorts.http` | Kubernetes http node port | `""` | | `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | | `securityContext.enabled` | Enable security context | `true` |
| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | | `securityContext.fsGroup` | Group ID for the container | `1001` |
| `persistence.enabled` | Enable persistence using PVC | `true` | | `securityContext.runAsUser` | User ID for the container | `1001` |
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) | | `service.type` | Kubernetes Service type | `LoadBalancer` |
| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` | | `service.port` | Service HTTP port | `80` |
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` | | `service.nodePorts.http` | Kubernetes http node port | `""` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | | `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.loadBalancerIP` | LoadBalancer service IP address | `""` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) |
| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
The above parameters map to the env variables defined in [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat). For more information please refer to the [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat) image documentation. The above parameters map to the env variables defined in [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat). For more information please refer to the [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat) image documentation.
@@ -105,6 +111,15 @@ The [Bitnami Tomcat](https://github.com/bitnami/bitnami-docker-tomcat) image sto
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Configuration](#configuration) section to configure the PVC or to disable persistence. See the [Configuration](#configuration) section to configure the PVC or to disable persistence.
### Adjust permissions of persistent volume mountpoint
As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it.
By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions.
As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination.
You can enable this initContainer by setting `volumePermissions.enabled` to `true`.
## Upgrading ## Upgrading
### To 2.1.0 ### To 2.1.0

33
bitnami/tomcat/templates/_helpers.tpl
View File

@@ -61,16 +61,45 @@ imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . }}
{{- end }} {{- end }}
{{- else if .Values.image.pullSecrets }} {{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.image.pullSecrets }} {{- range .Values.image.pullSecrets }}
- name: {{ . }} - name: {{ . }}
{{- end }} {{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}} {{- end -}}
{{- else if .Values.image.pullSecrets }} {{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.image.pullSecrets }} {{- range .Values.image.pullSecrets }}
- name: {{ . }} - name: {{ . }}
{{- end }} {{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "tomcat.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

17
bitnami/tomcat/templates/deployment.yaml
View File

@@ -25,6 +25,19 @@ spec:
runAsUser: {{ .Values.securityContext.runAsUser }} runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end}} {{- end}}
{{- include "tomcat.imagePullSecrets" . | indent 6 }} {{- include "tomcat.imagePullSecrets" . | indent 6 }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
initContainers:
- name: volume-permissions
image: "{{ template "tomcat.volumePermissions.image" . }}"
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }}
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "/bitnami/tomcat"]
securityContext:
runAsUser: 0
resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 -}}
volumeMounts:
- name: data
mountPath: /bitnami/tomcat
{{- end }}
containers: containers:
- name: tomcat - name: tomcat
image: "{{ template "tomcat.image" . }}" image: "{{ template "tomcat.image" . }}"
@@ -59,10 +72,10 @@ spec:
resources: resources:
{{ toYaml .Values.resources | indent 10 }} {{ toYaml .Values.resources | indent 10 }}
volumeMounts: volumeMounts:
- name: tomcat-data - name: data
mountPath: /bitnami/tomcat mountPath: /bitnami/tomcat
volumes: volumes:
- name: tomcat-data - name: data
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.enabled }}
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "tomcat.fullname" . }} claimName: {{ template "tomcat.fullname" . }}

18
bitnami/tomcat/values.yaml
View File

@@ -34,6 +34,24 @@ image:
## ##
# fullnameOverride: # fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
enabled: false
image:
registry: docker.io
repository: bitnami/minideb
tag: latest
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
resources: {}
## Pod Security Context ## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## ##