Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-08 00:37:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/suitecrm] Remove SuiteCRM Helm Chart (#21382)

Browse Source 
Signed-off-by: Celia Garcia Marquez <gcelia@vmware.com>
This commit is contained in:
Celia Garcia
2023-12-04 17:15:18 +01:00
committed by GitHub
parent 647cb1f1fe
commit d6059e1cfa
32 changed files with 0 additions and 2910 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.vib/suitecrm/cypress/cypress.json
View File

@@ -1,12 +0,0 @@
{
"env": {
"username": "test_user",
"password": "ComplicatedPassword123!4"
},
"hosts": {
"vmware-suitecrm.my": "{{ TARGET_IP }}"
},
"defaultCommandTimeout": 40000,
"viewportWidth": 1800,
"viewportHeight": 800
}

3
.vib/suitecrm/cypress/cypress/fixtures/accounts.csv
View File

@@ -1,3 +0,0 @@
Name,ID,Website,Email Address,Non Primary E-mails,Office Phone,Alternate Phone,Fax,Billing Street,Billing City,Billing State,Billing Postal Code,Billing Country,Shipping Street,Shipping City,Shipping State,Shipping Postal Code,Shipping Country,Description,Type,Industry,Annual Revenue,Employees,SIC Code,Ticker Symbol,Parent Account ID,Ownership,Campaign ID,Rating,Assigned to,Assigned User,Date Created,Date Modified,Modified By,Created By,Deleted,Longitude,Geocode Status,Address,Latitude
First Test Account random_id,c76e2660-6542-8b05-ff4d-628deed4e5f7,http:/website.com,address@email.com,,123-245-2345,,,Central Street,Central City,,,Country,,,,,,,,,,,,,,,,,user,1,05/25/2022 8:52,05/25/2022 8:52,1,1,0,0,,,0
Second Test Account random_id,c76e2660-6542-8b05-ff4d-628deed4e5f9,http:/website-one.com,address@email.com,,123-245-2345,,,Central Street,Central City,,,Country,,,,,,,,,,,,,,,,,user,1,05/25/2022 8:52,05/25/2022 8:52,1,1,0,0,,,0
1 Name ID Website Email Address Non Primary E-mails Office Phone Alternate Phone Fax Billing Street Billing City Billing State Billing Postal Code Billing Country Shipping Street Shipping City Shipping State Shipping Postal Code Shipping Country Description Type Industry Annual Revenue Employees SIC Code Ticker Symbol Parent Account ID Ownership Campaign ID Rating Assigned to Assigned User Date Created Date Modified Modified By Created By Deleted Longitude Geocode Status Address Latitude
2 First Test Account random_id c76e2660-6542-8b05-ff4d-628deed4e5f7 http:/website.com address@email.com 123-245-2345 Central Street Central City Country user 1 05/25/2022 8:52 05/25/2022 8:52 1 1 0 0 0
3 Second Test Account random_id c76e2660-6542-8b05-ff4d-628deed4e5f9 http:/website-one.com address@email.com 123-245-2345 Central Street Central City Country user 1 05/25/2022 8:52 05/25/2022 8:52 1 1 0 0 0

5
.vib/suitecrm/cypress/cypress/fixtures/contacts.json
View File

@@ -1,5 +0,0 @@
{
"newContact": {
"lastName": "Lastly"
}
}

41
.vib/suitecrm/cypress/cypress/integration/suitecrm_spec.js
View File

@@ -1,41 +0,0 @@
/*
* Copyright VMware, Inc.
* SPDX-License-Identifier: APACHE-2.0
*/
/// <reference types="cypress" />
import { random } from '../support/utils';
it('allows to import accounts and list them', () => {
cy.login();
cy.visit('/index.php?module=Accounts&action=index');
cy.contains('Import Accounts').click({ force: true });
const accountsFile = 'cypress/fixtures/accounts.csv';
cy.readFile(accountsFile).then((data) => {
const randomizedData = data.replace(/Test Account [a-z0-9_]+,/g, `Test Account ${random},`);
cy.writeFile(accountsFile, randomizedData);
});
cy.get('[type="file"]').selectFile(accountsFile);
cy.get('#import_update').click();
for (let i = 2; i < 5; i++) {
cy.get('#gonext').click();
cy.contains(`Step ${i}`);
}
cy.get('#importnow').click();
cy.contains('Exit').click({ force: true });
cy.get('.list').within(() => {
cy.contains(`Test Account ${random}`);
});
});
it('allows adding a new contact', () => {
cy.login();
cy.visit('/index.php?module=Contacts&action=index');
cy.contains('Create Contact').click({ force: true });
cy.fixture('contacts').then((contact) => {
cy.get('#last_name').type(`${contact.newContact.lastName}.${random}`);
cy.contains('Save').click();
cy.contains('h2', `${contact.newContact.lastName}.${random}`);
});
});

33
.vib/suitecrm/cypress/cypress/support/commands.js
View File

@@ -1,33 +0,0 @@
/*
* Copyright VMware, Inc.
* SPDX-License-Identifier: APACHE-2.0
*/
const COMMAND_DELAY = 2000;
const BASE_URL = 'http://vmware-suitecrm.my/';
for (const command of ['click']) {
Cypress.Commands.overwrite(command, (originalFn, ...args) => {
const origVal = originalFn(...args);
return new Promise((resolve) => {
setTimeout(() => {
resolve(origVal);
}, COMMAND_DELAY);
});
});
}
Cypress.Commands.overwrite('visit', (originalFn, url, options) => {
return originalFn(`${BASE_URL}${url}`, options);
});
Cypress.Commands.add(
'login',
(username = Cypress.env('username'), password = Cypress.env('password')) => {
cy.visit('/');
cy.get('#user_name').type(username);
cy.get('#username_password').type(password);
cy.get('#bigbutton').click();
}
);

25
.vib/suitecrm/cypress/cypress/support/index.js
View File

@@ -1,25 +0,0 @@
/*
* Copyright VMware, Inc.
* SPDX-License-Identifier: APACHE-2.0
*/
// ***********************************************************
// This example support/index.js is processed and
// loaded automatically before your test files.
//
// This is a great place to put global configuration and
// behavior that modifies Cypress.
//
// You can change the location of this file or turn off
// automatically serving support files with the
// 'supportFile' configuration option.
//
// You can read more here:
// https://on.cypress.io/configuration
// ***********************************************************
// Import commands.js using ES2015 syntax:
import './commands';
// Alternatively you can use CommonJS syntax:
// require('./commands')

8
.vib/suitecrm/cypress/cypress/support/utils.js
View File

@@ -1,8 +0,0 @@
/*
* Copyright VMware, Inc.
* SPDX-License-Identifier: APACHE-2.0
*/
/// <reference types="cypress" />
export let random = (Math.random() + 1).toString(36).substring(7);

8
.vib/suitecrm/goss/goss-wait.yaml
View File

@@ -1,8 +0,0 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
command:
wait-to-be-available:
exec: "sleep 120"
exit-status: 0
timeout: 130000

31
.vib/suitecrm/goss/goss.yaml
View File

@@ -1,31 +0,0 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
http:
https://suitecrm:{{ .Vars.service.ports.https }}:
status: 200
allow-insecure: true
command:
{{- $uid := .Vars.containerSecurityContext.runAsUser }}
{{- $gid := .Vars.podSecurityContext.fsGroup }}
check-user-info:
# The UID and GID should always be either the one specified as vars (always a bigger number that the default)
# or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value.
exec: if [ $(id -u) -lt {{ $uid }} ] || [ $(id -G | awk '{print $2}') -lt {{ $gid }} ]; then exit 1; fi
exit-status: 0
file:
/bitnami/suitecrm:
exists: true
filetype: directory
mode: '2775'
owner: root
/etc/hosts:
exists: true
filetype: file
contents:
{{ range .Vars.hostAliases }}
{{ $ip := .ip }}
{{ range $host := .hostnames }}
- /{{ $ip }}.*{{$host}}/
{{ end }}
{{ end }}

26
.vib/suitecrm/runtime-parameters.yaml
View File

@@ -1,26 +0,0 @@
suitecrmUsername: test_user
suitecrmPassword: ComplicatedPassword123!4
suitecrmHost: vmware-suitecrm.my
hostAliases:
- ip: 127.0.0.1
hostnames:
- status.localhost
containerPorts:
http: 8081
https: 8444
podSecurityContext:
enabled: true
fsGroup: 1002
containerSecurityContext:
enabled: true
runAsUser: 1002
mariadb:
auth:
database: test_suitecrm_database
username: test_suitecrm_username
password: test_suitecrm_password
service:
type: LoadBalancer
ports:
http: 80
https: 444

37
.vib/suitecrm/vib-publish.json
View File

@@ -1,37 +0,0 @@
{
"phases": {
"package": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/suitecrm"
}
},
"actions": [
{
"action_id": "helm-package"
},
{
"action_id": "helm-lint"
}
]
},
"publish": {
"actions": [
{
"action_id": "helm-publish",
"params": {
"repository": {
"kind": "S3",
"url": "{VIB_ENV_S3_URL}",
"authn": {
"access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}",
"secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}"
}
}
}
}
]
}
}
}

68
.vib/suitecrm/vib-verify.json
View File

@@ -1,68 +0,0 @@
{
"phases": {
"package": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/suitecrm"
}
},
"actions": [
{
"action_id": "helm-package"
},
{
"action_id": "helm-lint"
}
]
},
"verify": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/suitecrm"
},
"target_platform": {
"target_platform_id": "{VIB_ENV_TARGET_PLATFORM}",
"size": {
"name": "M4"
}
}
},
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "suitecrm/goss/goss.yaml",
"vars_file": "suitecrm/runtime-parameters.yaml",
"remote": {
"pod": {
"workload": "deploy-suitecrm"
}
},
"wait": {
"file": "suitecrm/goss/goss-wait.yaml"
}
}
},
{
"action_id": "cypress",
"params": {
"resources": {
"path": "/.vib/suitecrm/cypress"
},
"endpoint": "lb-suitecrm-http",
"app_protocol": "HTTP",
"env": {
"username": "test_user",
"password": "ComplicatedPassword123!4"
}
}
}
]
}
}
}

21
bitnami/suitecrm/.helmignore
View File

@@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

9
bitnami/suitecrm/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.1.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3
digest: sha256:ed18965f3ec543d94074f9ce7d71e9dd607ae50eac145184698b6cc1e1b175ef
generated: "2023-10-31T11:39:40.282124662+01:00"

41
bitnami/suitecrm/Chart.yaml
View File

@@ -1,41 +0,0 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
annotations:
category: CRM
licenses: Apache-2.0
images: |
- name: apache-exporter
image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r2
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r25
- name: suitecrm
image: docker.io/bitnami/suitecrm:7.13.4-debian-11-r15
apiVersion: v2
appVersion: 7.13.4
dependencies:
- condition: mariadb.enabled
name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.x.x
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
# The SuiteCRM chart is deprecated and no longer maintained.
deprecated: true
description: DEPRECATED SuiteCRM is a completely open source, enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a fork of the popular SugarCRM application.
home: https://bitnami.com
icon: https://bitnami.com/assets/stacks/suitecrm/img/suitecrm-stack-220x234.png
keywords:
- suitecrm
- crm
- http
- web
- php
maintainers: []
name: suitecrm
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/suitecrm
version: 14.1.1

584
bitnami/suitecrm/README.md
View File

@@ -1,584 +0,0 @@
<!--- app-name: SuiteCRM -->
# Bitnami package for SuiteCRM
SuiteCRM is a completely open source, enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a fork of the popular SugarCRM application.
[Overview of SuiteCRM](https://www.suitecrm.com/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## This Helm chart is deprecated
The latest branch of SuiteCRM 8 has a bug that makes it incompatible with the chart deployment.
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/suitecrm
```
Looking to use SuiteCRM in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction
This chart bootstraps a [SuiteCRM](https://github.com/bitnami/containers/tree/main/bitnami/suitecrm) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM.
It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/tree/main/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the SuiteCRM application.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.23+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The command deploys SuiteCRM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
### Common parameters
| Name | Description | Value |
| ------------------- | ------------------------------------------------------------------------------------------------------------ | ----- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override suitecrm.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override suitecrm.fullname template | `""` |
| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` |
| `commonAnnotations` | Common annotations to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template | `{}` |
| `commonLabels` | Common labels to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template | `{}` |
### SuiteCRM parameters
| Name | Description | Value |
| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | SuiteCRM image registry | `REGISTRY_NAME` |
| `image.repository` | SuiteCRM image repository | `REPOSITORY_NAME/suitecrm` |
| `image.digest` | SuiteCRM image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | SuiteCRM image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` |
| `suitecrmSkipInstall` | Skip SuiteCRM installation wizard. Useful for migrations and restoring from SQL dump | `false` |
| `suitecrmValidateUserIP` | Whether to validate the user IP address or not | `false` |
| `suitecrmHost` | SuiteCRM host to create application URLs | `""` |
| `suitecrmUsername` | User of the application | `user` |
| `suitecrmPassword` | Application password | `""` |
| `suitecrmEmail` | Admin email | `user@example.com` |
| `allowEmptyPassword` | Allow DB blank passwords | `false` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `hostAliases` | Deployment pod host aliases | `[]` |
| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `extraEnvVars` | An array to add extra environment variables | `[]` |
| `extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` |
| `extraEnvVarsSecret` | Secret containing extra environment variables | `""` |
| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` |
| `extraVolumeMounts` | Extra volume mounts to add to the container. Requires setting `extraVolumeMounts | `[]` |
| `initContainers` | Extra init containers to add to the deployment | `[]` |
| `sidecars` | Extra sidecar containers to add to the deployment | `[]` |
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
| `priorityClassName` | SuiteCRM pods' priorityClassName | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `existingSecret` | Name of a secret with the application password | `""` |
| `suitecrmSmtpHost` | SMTP host | `""` |
| `suitecrmSmtpPort` | SMTP port | `""` |
| `suitecrmSmtpUser` | SMTP user | `""` |
| `suitecrmSmtpPassword` | SMTP password | `""` |
| `suitecrmSmtpProtocol` | SMTP protocol [`ssl`, `tls`] | `""` |
| `suitecrmNotifyAddress` | SuiteCRM notify address | `""` |
| `suitecrmNotifyName` | SuiteCRM notify name | `""` |
| `containerPorts` | Container ports | `{}` |
| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `resources.requests` | The requested resources for the container | `{}` |
| `podSecurityContext.enabled` | Enable SuiteCRM pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | SuiteCRM pods' group ID | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.path` | Request path for livenessProbe | `/index.php` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.path` | Request path for readinessProbe | `/index.php` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.path` | Request path for startupProbe | `/index.php` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Pod extra labels | `{}` |
### Database parameters
| Name | Description | Value |
| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- |
| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` |
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` |
| `mariadb.auth.database` | Database name to create | `bitnami_suitecrm` |
| `mariadb.auth.username` | Database user to create | `bn_suitecrm` |
| `mariadb.auth.password` | Password for the database | `""` |
| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` |
| `mariadb.primary.persistence.storageClass` | MariaDB data Persistent Volume Storage Class | `""` |
| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` |
| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` |
| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `externalDatabase.host` | Host of the existing database | `""` |
| `externalDatabase.port` | Port of the existing database | `3306` |
| `externalDatabase.user` | Existing username in the external database | `bn_suitecrm` |
| `externalDatabase.password` | Password for the above username | `""` |
| `externalDatabase.database` | Name of the existing database | `bitnami_suitecrm` |
| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password | `""` |
### Persistence parameters
| Name | Description | Value |
| --------------------------- | ---------------------------------------- | ------------------- |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for SuiteCRM volume | `""` |
| `persistence.accessModes` | PVC Access Mode for SuiteCRM volume | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for SuiteCRM volume | `8Gi` |
| `persistence.existingClaim` | An Existing PVC name for SuiteCRM volume | `""` |
| `persistence.hostPath` | Host mount path for SuiteCRM volume | `""` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
### Volume Permissions parameters
| Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
### Traffic Exposure Parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.ports.http` | Service HTTP port | `8080` |
| `service.ports.https` | Service HTTPS port | `8443` |
| `service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` |
| `service.loadBalancerIP` | loadBalancerIP for the SuiteCRM Service (optional, cloud specific) | `""` |
| `service.nodePorts.http` | Kubernetes HTTP node port | `""` |
| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `service.annotations` | Additional custom annotations for SuiteCRM service | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress resource | `suitecrm.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
### Metrics parameters
| Name | Description | Value |
| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.resources` | Metrics exporter resource requests and limits | `{}` |
| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` |
| `metrics.service.type` | Kubernetes service type for Prometheus metrics | `ClusterIP` |
| `metrics.service.port` | Prometheus metrics service port | `9117` |
| `metrics.service.annotations` | Annotations for the Prometheus metrics service | `{}` |
| `metrics.service.clusterIP` | SuiteCRM service Cluster IP | `""` |
| `metrics.service.loadBalancerIP` | SuiteCRM service Load Balancer IP | `""` |
| `metrics.service.loadBalancerSourceRanges` | SuiteCRM service Load Balancer sources | `[]` |
| `metrics.service.externalTrafficPolicy` | SuiteCRM service external traffic policy | `Cluster` |
| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
### Certificate injection parameters
| Name | Description | Value |
| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ---------------------------------------- |
| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` |
| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` |
| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` |
| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` |
| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` |
| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` |
| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` |
| `certificates.command` | Override default container command (useful when using custom images) | `[]` |
| `certificates.args` | Override default container args (useful when using custom images) | `[]` |
| `certificates.extraEnvVars` | Container sidecar extra environment variables | `[]` |
| `certificates.extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` |
| `certificates.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) | `""` |
| `certificates.image.registry` | Container sidecar registry | `REGISTRY_NAME` |
| `certificates.image.repository` | Container sidecar image repository | `REPOSITORY_NAME/os-shell` |
| `certificates.image.digest` | Container sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` |
| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` |
### NetworkPolicy parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies | `false` |
| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` |
| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` |
| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` |
| `networkPolicy.ingress.enabled` | Enable network policy for Ingress Proxies | `false` |
| `networkPolicy.ingress.namespaceSelector` | Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. | `{}` |
| `networkPolicy.ingress.podSelector` | Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. | `{}` |
| `networkPolicy.ingressRules.backendOnlyAccessibleByFrontend` | Enable ingress rule that makes the backend (mariadb) only accessible by SuiteCRM's pods. | `false` |
| `networkPolicy.ingressRules.customBackendSelector` | Backend selector labels. These labels will be used to identify the backend pods. | `{}` |
| `networkPolicy.ingressRules.accessOnlyFrom.enabled` | Enable ingress rule that makes SuiteCRM only accessible from a particular origin | `false` |
| `networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access SuiteCRM. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.accessOnlyFrom.podSelector` | Pods selector label that is allowed to access SuiteCRM. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.customRules` | Custom network policy ingress rule | `{}` |
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
The above parameters map to the env variables defined in [bitnami/suitecrm](https://github.com/bitnami/containers/tree/main/bitnami/suitecrm). For more information please refer to the [bitnami/suitecrm](https://github.com/bitnami/containers/tree/main/bitnami/suitecrm) image documentation.
> **Note**:
>
> For SuiteCRM to function correctly, you should specify the `suitecrmHost` parameter to specify the FQDN (recommended) or the public IP address of the SuiteCRM service.
>
> Optionally, you can specify the `suitecrmLoadBalancerIP` parameter to assign a reserved IP address to the SuiteCRM service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE).
>
> To reserve a public IP address on GKE:
>
> ```console
> $ gcloud compute addresses create suitecrm-public-ip
> ```
>
> The reserved IP address can be associated to the SuiteCRM service by specifying it as the value of the `suitecrmLoadBalancerIP` parameter while installing the chart.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set suitecrmUsername=admin,suitecrmPassword=password,mariadb.auth.rootPassword=secretpassword \
oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the SuiteCRM administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/suitecrm/values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Image
The `image` parameter allows specifying which image will be pulled for the chart.
#### Private registry
If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod).
1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret.
2. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as:
```yaml
imagePullSecrets:
- name: SECRET_NAME
```
3. Install the chart
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `affinity` paremeter. Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
## Persistence
The [Bitnami SuiteCRM](https://github.com/bitnami/containers/tree/main/bitnami/suitecrm) image stores the SuiteCRM data and configurations at the `/bitnami/suitecrm` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
### Existing PersistentVolumeClaim
1. Create the PersistentVolume
2. Create the PersistentVolumeClaim
3. Install the chart
```console
helm install my-release --set persistence.existingClaim=PVC_NAME oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### Host path
#### System compatibility
- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox.
- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://minikube.sigs.k8s.io/docs/handbook/mount/) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync).
#### Mounting steps
1. The specified `hostPath` directory must already exist (create one if it does not).
2. Install the chart
```console
helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
This will mount the `suitecrm-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch.
3. Because the container cannot control the host machine's directory permissions, you must set the SuiteCRM file directory permissions yourself and disable or clear SuiteCRM cache.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
### To 14.0.0
This major release bumps the MariaDB version to 11.1. No major issues are expected during the upgrade.
### To 13.0.0
This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade.
### To 12.0.0
This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade.
### To 11.0.0
This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) for upgrading from MariaDB 10.5 to 10.6. No major issues are expected during the upgrade.
### To 10.0.0
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
Affected values:
- `service.port` was deprecated. We recommend using `service.ports.http` instead.
- `service.httpsPort` was deprecated. We recommend using `service.ports.https` instead.
- `ingress.hosts` was renamed as `ingress.extraHosts`.
Additionally updates the MariaDB subchart to it newest major, 10.0.0, which contains similar changes. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-1000) for more information.
### To 9.0.0
In this major there were three main changes introduced:
- Adaptation to Helm v2 EOL
- Updated MariaDB dependency version
- Migration to non-root
Please read the update notes carefully.
#### 1. Adaptation to Helm v2 EOL
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
##### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
##### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
##### Useful links
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
#### 2. Updated MariaDB dependency version
In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-800) for more information.
#### 3. Migration of the SuiteCRM image to non-root
The [Bitnami SuiteCRM](https://github.com/bitnami/containers/tree/main/bitnami/suitecrm) image was updated to support and enable the "non-root" user approach
If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`.
Consequences:
- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`.
- Backwards compatibility is not guaranteed.
To upgrade to `9.0.0`, you can either install a new SuiteCRM chart and migrate your site or reuse the PVCs used to hold both the MariaDB and SuiteCRM data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `suitecrm` and that a `rootUser.password` was defined for MariaDB in `values.yaml` when the chart was first installed):
> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x
Obtain the credentials and the names of the PVCs used to hold both the MariaDB and SuiteCRM data on your current release:
```console
export SUITECRM_HOST=$(kubectl get svc --namespace default suitecrm --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}")
export SUITECRM_PASSWORD=$(kubectl get secret --namespace default suitecrm -o jsonpath="{.data.suitecrm-password}" | base64 -d)
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default suitecrm-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
export MARIADB_PASSWORD=$(kubectl get secret --namespace default suitecrm-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d)
export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=suitecrm -o jsonpath="{.items[0].metadata.name}")
```
Upgrade your release (maintaining the version) disabling MariaDB and scaling SuiteCRM replicas to 0:
```console
helm upgrade suitecrm oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm --set suitecrmPassword=$SUITECRM_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.0.26
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
Finally, upgrade your release to `9.0.0` reusing the existing PVC, and enabling back MariaDB:
```console
helm upgrade suitecrm oci://REGISTRY_NAME/REPOSITORY_NAME/suitecrm --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set suitecrmPassword=$SUITECRM_PASSWORD --set containerSecurityContext.runAsUser=0 --set podSecurityContext.fsGroup=0
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
You should see the lines below in MariaDB container logs:
```console
$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=suitecrm,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}")
...
mariadb 12:13:24.98 INFO ==> Using persisted data
mariadb 12:13:25.01 INFO ==> Running mysql_upgrade
...
```
This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information.
### To 8.0.0
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
In <https://github.com/helm/charts/pull/17310> the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
This major version signifies this change.
### To 3.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is suitecrm:
```console
kubectl patch deployment suitecrm-suitecrm --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
kubectl delete statefulset suitecrm-mariadb --cascade=false
```
## License
Copyright &copy; 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

120
bitnami/suitecrm/templates/NOTES.txt
View File

@@ -1,120 +0,0 @@
This Helm chart is deprecated on our side and will not receive new updates.
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
{{- if empty (include "suitecrm.host" .) -}}
###############################################################################
### ERROR: You did not provide an external host in your 'helm install' call ###
###############################################################################
This deployment will be incomplete until you configure SuiteCRM with a resolvable
host. To configure SuiteCRM with the URL of your service:
1. Get the SuiteCRM URL by running:
{{- if eq .Values.service.type "NodePort" }}
export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}")
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
{{- else if eq .Values.service.type "LoadBalancer" }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.secretName" . }} -o jsonpath="{.data.suitecrm-password}" | base64 -d)
export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
{{- end }}
export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.databaseSecretName" . }} -o jsonpath="{.data.mariadb-password}" | base64 -d)
2. Complete your SuiteCRM deployment by running:
{{- if .Values.mariadb.enabled }}
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/{{ .Chart.Name }} \
--set suitecrmHost=$APP_HOST,suitecrmPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- else }}
## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/{{ .Chart.Name }} \
--set suitecrmPassword=$APP_PASSWORD,suitecrmHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- end }}
{{- else -}}
1. Get the SuiteCRM URL by running:
{{- if eq .Values.service.type "ClusterIP" }}
echo "SuiteCRM URL: http://127.0.0.1:8080/"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ coalesce .Values.service.ports.http .Values.service.port }}
{{- else }}
{{- $port:=(coalesce .Values.service.ports.http .Values.service.port) | toString }}
echo "SuiteCRM URL: http://{{ include "suitecrm.host" . }}{{- if ne $port "80" }}:{{ coalesce .Values.service.ports.http .Values.service.port }}{{ end }}/"
{{- end }}
2. Get your SuiteCRM login credentials by running:
echo Username : {{ .Values.suitecrmUsername }}
echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.secretName" . }} -o jsonpath="{.data.suitecrm-password}" | base64 -d)
{{- end }}
{{- else -}}
########################################################################################
### ERROR: You did not provide an external database host in your 'helm install' call ###
########################################################################################
This deployment will be incomplete until you configure SuiteCRM with a resolvable database
host. To configure SuiteCRM to use and external database host:
1. Complete your SuiteCRM deployment by running:
{{- if eq .Values.service.type "NodePort" }}
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
{{- else if eq .Values.service.type "LoadBalancer" }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
{{- else }}
export APP_HOST=127.0.0.1
{{- end }}
export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.secretName" . }} -o jsonpath="{.data.suitecrm-password}" | base64 -d)
## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/{{ .Chart.Name }} \
--set suitecrmPassword=$APP_PASSWORD,suitecrmHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "common.warnings.rollingTag" .Values.certificates.image }}
{{- $passwordValidationErrors := list -}}
{{- if not .Values.existingSecret -}}
{{- $secretName := include "suitecrm.secretName" . -}}
{{- $requiredSuiteCRMPassword := dict "valueKey" "suitecrmPassword" "secret" $secretName "field" "suitecrm-password" "context" $ -}}
{{- $requiredSuiteCRMPasswordError := include "common.validations.values.single.empty" $requiredSuiteCRMPassword -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $requiredSuiteCRMPasswordError -}}
{{- end -}}
{{- $mariadbSecretName := include "suitecrm.databaseSecretName" . -}}
{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}

149
bitnami/suitecrm/templates/_helpers.tpl
View File

@@ -1,149 +0,0 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "suitecrm.mariadb.fullname" -}}
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Get the user defined LoadBalancerIP for this release.
Note, returns 127.0.0.1 if using ClusterIP.
*/}}
{{- define "suitecrm.serviceIP" -}}
{{- if eq .Values.service.type "ClusterIP" -}}
127.0.0.1
{{- else -}}
{{- .Values.service.loadBalancerIP | default "" -}}
{{- end -}}
{{- end -}}
{{/*
Gets the host to be used for this application.
If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty.
When using Ingress, it will be set to the Ingress hostname.
*/}}
{{- define "suitecrm.host" -}}
{{- if .Values.ingress.enabled }}
{{- $host := .Values.ingress.hostname | default "" -}}
{{- default (include "suitecrm.serviceIP" .) $host -}}
{{- else -}}
{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}}
{{- default (include "suitecrm.serviceIP" .) $host -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper certificate image name
*/}}
{{- define "certificates.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper SuiteCRM image name
*/}}
{{- define "suitecrm.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the metrics image)
*/}}
{{- define "suitecrm.metrics.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "suitecrm.volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "suitecrm.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "suitecrm.storageClass" -}}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
{{- end -}}
{{/*
SuiteCRM credential secret name
*/}}
{{- define "suitecrm.secretName" -}}
{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Return the MariaDB Hostname
*/}}
{{- define "suitecrm.databaseHost" -}}
{{- if .Values.mariadb.enabled }}
{{- if eq .Values.mariadb.architecture "replication" }}
{{- printf "%s-%s" (include "suitecrm.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" (include "suitecrm.mariadb.fullname" .) -}}
{{- end -}}
{{- else -}}
{{- printf "%s" .Values.externalDatabase.host -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB Port
*/}}
{{- define "suitecrm.databasePort" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "3306" -}}
{{- else -}}
{{- printf "%d" (.Values.externalDatabase.port | int ) -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB Database Name
*/}}
{{- define "suitecrm.databaseName" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "%s" .Values.mariadb.auth.database -}}
{{- else -}}
{{- printf "%s" .Values.externalDatabase.database -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB User
*/}}
{{- define "suitecrm.databaseUser" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "%s" .Values.mariadb.auth.username -}}
{{- else -}}
{{- printf "%s" .Values.externalDatabase.user -}}
{{- end -}}
{{- end -}}
{{/*
Return the MariaDB Secret Name
*/}}
{{- define "suitecrm.databaseSecretName" -}}
{{- if .Values.mariadb.enabled }}
{{- printf "%s" (include "suitecrm.mariadb.fullname" .) -}}
{{- else if .Values.externalDatabase.existingSecret -}}
{{- printf "%s" .Values.externalDatabase.existingSecret -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}}
{{- end -}}
{{- end -}}

321
bitnami/suitecrm/templates/deployment.yaml
View File

@@ -1,321 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if include "suitecrm.host" . -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
annotations:
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "suitecrm.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
# yamllint disable rule:indentation
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
# yamllint enable rule:indentation
{{- end }}
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "suitecrm.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- sh
- -c
- |
mkdir -p "/bitnami/suitecrm"
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/suitecrm"
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: suitecrm-data
mountPath: /bitnami/suitecrm
subPath: suitecrm
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: certificates
image: {{ template "certificates.image" . }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }}
imagePullSecrets:
{{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
- name: {{ . }}
{{- end }}
command:
{{- if .Values.certificates.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }}
{{- else if .Values.certificates.customCertificate.certificateSecret }}
- sh
- -c
- install_packages ca-certificates openssl
{{- else }}
- sh
- -c
- install_packages ca-certificates openssl
&& openssl req -new -x509 -days 3650 -nodes -sha256
-subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
-out {{ .Values.certificates.customCertificate.certificateLocation }}
-keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req
{{- end }}
{{- if .Values.certificates.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }}
{{- end }}
env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }}
envFrom:
{{- if .Values.certificates.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.certificates.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }}
{{- end }}
volumeMounts:
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
containers:
- name: suitecrm
image: {{ include "suitecrm.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }}
- name: APACHE_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.http | quote }}
- name: APACHE_HTTPS_PORT_NUMBER
value: {{ .Values.containerPorts.https | quote }}
- name: SUITECRM_VALIDATE_USER_IP
value: {{ .Values.suitecrmValidateUserIP | quote }}
- name: SUITECRM_DATABASE_HOST
value: {{ include "suitecrm.databaseHost" . | quote }}
- name: SUITECRM_DATABASE_PORT_NUMBER
value: {{ include "suitecrm.databasePort" . | quote }}
- name: SUITECRM_DATABASE_NAME
value: {{ include "suitecrm.databaseName" . | quote }}
- name: SUITECRM_DATABASE_USER
value: {{ include "suitecrm.databaseUser" . | quote }}
- name: SUITECRM_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "suitecrm.databaseSecretName" . }}
key: mariadb-password
- name: SUITECRM_SKIP_BOOTSTRAP
value: {{ ternary "yes" "no" .Values.suitecrmSkipInstall | quote }}
{{- $port:=(coalesce .Values.service.ports.http .Values.service.port) | toString }}
- name: SUITECRM_HOST
value: {{ include "suitecrm.host" . }}
- name: SUITECRM_USERNAME
value: {{ .Values.suitecrmUsername | quote }}
- name: SUITECRM_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.names.fullname" . }}
key: suitecrm-password
- name: SUITECRM_EMAIL
value: {{ .Values.suitecrmEmail | quote }}
- name: SUITECRM_SMTP_NOTIFY_NAME
value: {{ .Values.suitecrmNotifyName | quote }}
- name: SUITECRM_SMTP_NOTIFY_ADDRESS
value: {{ .Values.suitecrmNotifyAddress | quote }}
- name: SUITECRM_SMTP_HOST
value: {{ .Values.suitecrmSmtpHost | quote }}
- name: SUITECRM_SMTP_PORT_NUMBER
value: {{ .Values.suitecrmSmtpPort | quote }}
- name: SUITECRM_SMTP_USER
value: {{ .Values.suitecrmSmtpUser | quote }}
{{- if .Values.suitecrmSmtpPassword }}
- name: SUITECRM_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.names.fullname" . }}
key: suitecrm-smtp-password
{{- end }}
- name: SUITECRM_SMTP_PROTOCOL
value: {{ .Values.suitecrmSmtpProtocol | quote }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.containerPorts.http }}
- name: https
containerPort: {{ .Values.containerPorts.https }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
port: http
httpHeaders:
- name: Host
value: {{ include "suitecrm.host" . | quote }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
port: http
httpHeaders:
- name: Host
value: {{ include "suitecrm.host" . | quote }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: {{ .Values.startupProbe.path }}
port: http
httpHeaders:
- name: Host
value: {{ include "suitecrm.host" . | quote }}
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- end }}
{{- if .Values.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: suitecrm-data
mountPath: /bitnami/suitecrm
subPath: suitecrm
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "suitecrm.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ]
ports:
- name: metrics
containerPort: 9117
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 15
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 5
timeoutSeconds: 1
resources: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.resources "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: suitecrm-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-suitecrm" (include "common.names.fullname" .)) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end -}}

19
bitnami/suitecrm/templates/externaldb-secrets.yaml
View File

@@ -1,19 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (not .Values.mariadb.enabled) (not .Values.externalDatabase.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ include "common.names.fullname" . }}-externaldb"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
type: Opaque
data:
mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
{{- end }}

9
bitnami/suitecrm/templates/extra-list.yaml
View File

@@ -1,9 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

63
bitnami/suitecrm/templates/ingress.yaml
View File

@@ -1,63 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
annotations:
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

45
bitnami/suitecrm/templates/metrics-svc.yaml
View File

@@ -1,45 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
{{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.metrics.service.clusterIP }}
{{- end }}
{{- if (or (eq .Values.metrics.service.type "LoadBalancer") (eq .Values.metrics.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if eq .Values.metrics.service.type "LoadBalancer" }}
loadBalancerSourceRanges: {{ .Values.metrics.service.loadBalancerSourceRanges }}
{{- end }}
{{- if (and (eq .Values.metrics.service.type "LoadBalancer") (not (empty .Values.metrics.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
{{- end }}
{{- if .Values.metrics.service.sessionAffinity }}
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
{{- end }}
{{- if .Values.metrics.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- port: {{ .Values.metrics.service.port }}
targetPort: metrics
protocol: TCP
name: metrics
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
{{- end }}

30
bitnami/suitecrm/templates/networkpolicy-backend-ingress.yaml
View File

@@ -1,30 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-backend" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- if .Values.networkPolicy.ingressRules.customBackendSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }}
{{- else }}
app.kubernetes.io/name: mariadb
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
ingress:
- from:
- podSelector:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
{{- end }}

35
bitnami/suitecrm/templates/networkpolicy-egress.yaml
View File

@@ -1,35 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
policyTypes:
- Egress
egress:
{{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }}
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- to:
- namespaceSelector: {}
{{- end }}
{{- if .Values.networkPolicy.egressRules.customRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
{{- end }}
{{- end }}

63
bitnami/suitecrm/templates/networkpolicy-ingress.yaml
View File

@@ -1,63 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-ingress" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
ingress:
{{- if and .Values.ingress.enabled .Values.networkPolicy.ingress.enabled (or .Values.networkPolicy.ingress.namespaceSelector .Values.networkPolicy.ingress.podSelector) }}
- from:
{{- if .Values.networkPolicy.ingress.namespaceSelector }}
- namespaceSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingress.podSelector }}
- podSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.podSelector "context" $) | nindent 14 }}
{{- end }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }}
- from:
{{- if .Values.networkPolicy.metrics.namespaceSelector }}
- namespaceSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.metrics.podSelector }}
- podSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }}
{{- end }}
{{- end }}
{{- if and .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector) }}
- from:
{{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector }}
- namespaceSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector }}
- podSelector:
matchLabels:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector "context" $) | nindent 14 }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.ingressRules.customRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }}
{{- end }}
{{- end }}

29
bitnami/suitecrm/templates/pv.yaml
View File

@@ -1,29 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.names.fullname" . }}-suitecrm
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- if not (empty .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
{{- else }}
- {{ .Values.persistence.accessMode | quote }}
{{- end }}
capacity:
storage: {{ .Values.persistence.size | quote }}
hostPath:
path: {{ .Values.persistence.hostPath | quote }}
{{- end -}}

33
bitnami/suitecrm/templates/pvc.yaml
View File

@@ -1,33 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (include "suitecrm.host" .) .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}-suitecrm
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.persistence.hostPath }}
storageClassName: ""
{{- end }}
accessModes:
{{- if not (empty .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
{{- else }}
- {{ .Values.persistence.accessMode | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "suitecrm.storageClass" . | nindent 2 }}
{{- end -}}

26
bitnami/suitecrm/templates/secrets.yaml
View File

@@ -1,26 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if .Values.suitecrmPassword }}
suitecrm-password: {{ default "" .Values.suitecrmPassword | b64enc | quote }}
{{- else }}
suitecrm-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- if .Values.suitecrmSmtpPassword }}
suitecrm-smtp-password: {{ .Values.suitecrmSmtpPassword | b64enc | quote }}
{{- end }}
{{- end }}

58
bitnami/suitecrm/templates/svc.yaml
View File

@@ -1,58 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: http
port: {{ coalesce .Values.service.ports.http .Values.service.port }}
targetPort: http
{{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }}
nodePort: {{ .Values.service.nodePorts.http }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: https
port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }}
targetPort: https
{{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }}
nodePort: {{ .Values.service.nodePorts.https }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
publishNotReadyAddresses: true

22
bitnami/suitecrm/templates/tls-secrets.yaml
View File

@@ -1,22 +0,0 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
{{- end }}
{{- end }}

936
bitnami/suitecrm/values.yaml
View File

@@ -1,936 +0,0 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override suitecrm.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override suitecrm.fullname template
##
fullnameOverride: ""
## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template
##
extraDeploy: []
## @param commonAnnotations Common annotations to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @section SuiteCRM parameters
## Bitnami SuiteCRM image version
## ref: https://hub.docker.com/r/bitnami/suitecrm/tags/
## @param image.registry [default: REGISTRY_NAME] SuiteCRM image registry
## @param image.repository [default: REPOSITORY_NAME/suitecrm] SuiteCRM image repository
## @skip image.tag SuiteCRM image tag (immutable tags are recommended)
## @param image.digest SuiteCRM image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy SuiteCRM image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/suitecrm
tag: 7.13.4-debian-11-r15
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: false
## @param replicaCount Number of replicas (requires ReadWriteMany PVC support)
##
replicaCount: 1
## @param suitecrmSkipInstall Skip SuiteCRM installation wizard. Useful for migrations and restoring from SQL dump
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#configuration
##
suitecrmSkipInstall: false
## @param suitecrmValidateUserIP Whether to validate the user IP address or not
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#configuration
##
suitecrmValidateUserIP: false
## @param suitecrmHost SuiteCRM host to create application URLs
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#configuration
##
suitecrmHost: ""
## @param suitecrmUsername User of the application
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#configuration
##
suitecrmUsername: user
## @param suitecrmPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#configuration
##
suitecrmPassword: ""
## @param suitecrmEmail Admin email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#configuration
##
suitecrmEmail: user@example.com
## @param allowEmptyPassword Allow DB blank passwords
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm#environment-variables
##
allowEmptyPassword: false
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param hostAliases [array] Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases:
## Necessary for apache-exporter to work
##
- ip: "127.0.0.1"
hostnames:
- "status.localhost"
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: RollingUpdate
## @param extraEnvVars An array to add extra environment variables
## For example:
## - name: BEARER_AUTH
## value: true
##
extraEnvVars: []
## @param extraEnvVarsCM ConfigMap containing extra environment variables
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret containing extra environment variables
##
extraEnvVarsSecret: ""
## @param extraVolumes Extra volumes to add to the deployment. Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Extra volume mounts to add to the container. Requires setting `extraVolumeMounts
##
extraVolumeMounts: []
## @param initContainers Extra init containers to add to the deployment
##
initContainers: []
## @param sidecars Extra sidecar containers to add to the deployment
##
sidecars: []
## @param tolerations Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param priorityClassName SuiteCRM pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/suitecrm/#smtp-configuration
## @param suitecrmSmtpHost SMTP host
## @param suitecrmSmtpPort SMTP port
## @param suitecrmSmtpUser SMTP user
## @param suitecrmSmtpPassword SMTP password
## @param suitecrmSmtpProtocol SMTP protocol [`ssl`, `tls`]
## @param suitecrmNotifyAddress SuiteCRM notify address
## @param suitecrmNotifyName SuiteCRM notify name
##
suitecrmSmtpHost: ""
suitecrmSmtpPort: ""
suitecrmSmtpUser: ""
suitecrmSmtpPassword: ""
suitecrmSmtpProtocol: ""
suitecrmNotifyAddress: ""
suitecrmNotifyName: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 8080
https: 8443
## @param sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: "None"
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.requests The requested resources for the container
##
resources:
## Examples:
## requests:
## cpu: 300m
## memory: 512Mi
requests: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable SuiteCRM pods' Security Context
## @param podSecurityContext.fsGroup SuiteCRM pods' group ID
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.path Request path for livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
path: /index.php
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /index.php
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 6
successThreshold: 1
## Configure extra options for startupProbe probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /index.php
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 60
successThreshold: 1
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Pod extra labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Database parameters
## MariaDB chart configuration
## https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml
##
mariadb:
## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements
## To use an external database set this to false and configure the externalDatabase parameters
##
enabled: true
## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication`
##
architecture: standalone
## MariaDB Authentication parameters
##
auth:
## @param mariadb.auth.rootPassword Password for the MariaDB `root` user
## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run
##
rootPassword: ""
## @param mariadb.auth.database Database name to create
## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run
##
database: bitnami_suitecrm
## @param mariadb.auth.username Database user to create
## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run
##
username: bn_suitecrm
## @param mariadb.auth.password Password for the database
##
password: ""
primary:
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param mariadb.primary.persistence.enabled Enable database persistence using PVC
##
enabled: true
## @param mariadb.primary.persistence.storageClass MariaDB data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes
##
accessModes:
- ReadWriteOnce
## @param mariadb.primary.persistence.size Database Persistent Volume Size
##
size: 8Gi
## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production)
##
hostPath: ""
## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas
##
existingClaim: ""
## External database configuration
##
externalDatabase:
## @param externalDatabase.host Host of the existing database
##
host: ""
## @param externalDatabase.port Port of the existing database
##
port: 3306
## @param externalDatabase.user Existing username in the external database
##
user: bn_suitecrm
## @param externalDatabase.password Password for the above username
##
password: ""
## @param externalDatabase.database Name of the existing database
##
database: bitnami_suitecrm
## @param externalDatabase.existingSecret Name of an existing secret resource containing the DB password
##
existingSecret: ""
## @section Persistence parameters
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for SuiteCRM volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for SuiteCRM volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for SuiteCRM volume
##
size: 8Gi
## @param persistence.existingClaim An Existing PVC name for SuiteCRM volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: ""
## @param persistence.hostPath Host mount path for SuiteCRM volume
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @section Volume Permissions parameters
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
pullSecrets: []
## - myRegistryKeySecretName
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits The resources limits for the container
## @param volumePermissions.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## @section Traffic Exposure Parameters
## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.ports.http Service HTTP port
## @param service.ports.https Service HTTPS port
##
ports:
http: 8080
https: 8443
## @param service.clusterIP Static clusterIP or None for headless services
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerSourceRanges Service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
loadBalancerIP: ""
## @param service.nodePorts.http Kubernetes HTTP node port
## @param service.nodePorts.https Kubernetes HTTPS node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
https: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for SuiteCRM service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Configure the ingress resource that allows you to access the
## SuiteCRM installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: false
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param ingress.hostname Default host for the ingress resource
##
hostname: suitecrm.local
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Rely on cert-manager to create it by setting `ingress.certManager=true`
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: %%COMPONENT_NAME%%.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
## e.g:
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## e.g:
## extraTls:
## - hosts:
## - suitecrm.local
## secretName: suitecrm.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
## - name: suitecrm.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: suitecrm.local
## http:
## path: /
## backend:
## service:
## name: suitecrm-svc
## port:
## name: http
##
extraRules: []
## @section Metrics parameters
## Prometheus Exporter / Metrics
##
metrics:
## @param metrics.enabled Start a side-car prometheus exporter
##
enabled: false
## @param metrics.image.registry [default: REGISTRY_NAME] Apache exporter image registry
## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache exporter image repository
## @skip metrics.image.tag Apache exporter image tag (immutable tags are recommended)
## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy Image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 1.0.1-debian-11-r2
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param metrics.resources Metrics exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"
## Prometheus exporter service parameters
##
service:
## @param metrics.service.type Kubernetes service type for Prometheus metrics
##
type: ClusterIP
## @param metrics.service.port Prometheus metrics service port
##
port: 9117
## @param metrics.service.annotations [object] Annotations for the Prometheus metrics service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.metrics.service.port }}"
## @param metrics.service.clusterIP SuiteCRM service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param metrics.service.loadBalancerIP SuiteCRM service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param metrics.service.loadBalancerSourceRanges SuiteCRM service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param metrics.service.externalTrafficPolicy SuiteCRM service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @section Certificate injection parameters
## Add custom certificates and certificate authorities to SuiteCRM container
##
certificates:
## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add
## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain
## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret
## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate
## @param certificates.customCertificate.keyLocation Location in the container to store the private key
## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain
##
customCertificate:
certificateSecret: ""
chainSecret:
name: ""
key: ""
certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem
keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key
chainLocation: /etc/ssl/certs/mychain.pem
## @param certificates.customCAs Defines a list of secrets to import into the container trust store
##
customCAs: []
## @param certificates.command Override default container command (useful when using custom images)
##
command: []
## @param certificates.args Override default container args (useful when using custom images)
## e.g:
## - secret: custom-CA
## - secret: more-custom-CAs
##
args: []
## @param certificates.extraEnvVars Container sidecar extra environment variables
##
extraEnvVars: []
## @param certificates.extraEnvVarsCM ConfigMap containing extra environment variables
##
extraEnvVarsCM: ""
## @param certificates.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data)
##
extraEnvVarsSecret: ""
## @param certificates.image.registry [default: REGISTRY_NAME] Container sidecar registry
## @param certificates.image.repository [default: REPOSITORY_NAME/os-shell] Container sidecar image repository
## @skip certificates.image.tag Container sidecar image tag (immutable tags are recommended)
## @param certificates.image.digest Container sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param certificates.image.pullPolicy Container sidecar image pull policy
## @param certificates.image.pullSecrets Container sidecar image pull secrets
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r25
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section NetworkPolicy parameters
## Add networkpolicies
##
networkPolicy:
## @param networkPolicy.enabled Enable network policies
## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication
##
enabled: false
## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus)
## @param networkPolicy.metrics.namespaceSelector Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace.
## @param networkPolicy.metrics.podSelector Monitoring pod selector labels. These labels will be used to identify the Prometheus pods.
##
metrics:
enabled: false
## e.g:
## podSelector:
## label: monitoring
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: monitoring
##
namespaceSelector: {}
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
## @param networkPolicy.ingress.namespaceSelector Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
## @param networkPolicy.ingress.podSelector Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
##
ingress:
enabled: false
## e.g:
## podSelector:
## label: ingress
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb) only accessible by SuiteCRM's pods.
## @param networkPolicy.ingressRules.customBackendSelector Backend selector labels. These labels will be used to identify the backend pods.
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes SuiteCRM only accessible from a particular origin
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector Namespace selector label that is allowed to access SuiteCRM. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector Pods selector label that is allowed to access SuiteCRM. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.customRules Custom network policy ingress rule
##
ingressRules:
## mariadb backend only can be accessed from SuiteCRM
##
backendOnlyAccessibleByFrontend: false
customBackendSelector: {}
## Allow only from the indicated:
##
accessOnlyFrom:
enabled: false
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## custom ingress rules
## e.g:
## customRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules Custom network policy rule
##
egressRules:
## Deny connections to external. This is not compatible with an external database.
##
denyConnectionsToExternal: false
## Additional custom egress rules
## e.g:
## customRules:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}