Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-14 07:07:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/orangehrm] MAJOR: Follow non-root approach (#4586)

Browse Source 
* [bitnami/orangehrm] MAJOR: Follow non-root approach

* Remove empty line

* Update bitnami/orangehrm/templates/ingress.yaml

Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>

* Generate cert secrets

* Add smtpExistingSecret

* Add missing service parameters

* parametrize volumeMount subPath

* [bitnami/orangehrm] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>
Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Andrés Bono
2020-12-04 12:22:17 +01:00
committed by GitHub
parent aab5ec78b3
commit e954b7134f
18 changed files with 1268 additions and 541 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
bitnami/orangehrm/.test.sh.swp Normal file
View File

Binary file not shown.

7
bitnami/orangehrm/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 9.0.1
digest: sha256:6a5735e0b7e5868bbf3eec9d9d031eb20a5928dd38894899c5bccf2e8f7c5a61
generated: "2020-11-19T15:18:13.426055551Z"
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.1.1
digest: sha256:2cf593968d4011e82ddaa8edc88f5582d68bc7c7dad021fa366f6bea9931fff2
generated: "2020-12-02T20:59:02.444187119+01:00"

7
bitnami/orangehrm/Chart.yaml
View File

@@ -7,6 +7,11 @@ dependencies:
name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 9.x.x
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 1.x.x
description: OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business.
engine: gotpl
home: https://github.com/bitnami/charts/tree/master/bitnami/orangehrm
@@ -26,4 +31,4 @@ name: orangehrm
sources:
- https://github.com/bitnami/bitnami-docker-orangehrm
- https://www.orangehrm.com
version: 8.0.0
version: 9.0.0

370
bitnami/orangehrm/README.md
View File

@@ -11,7 +11,7 @@ $ helm install my-release bitnami/orangehrm
## Introduction
This chart bootstraps an [OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
This chart bootstraps a [OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the OrangeHRM application.
@@ -52,106 +52,181 @@ The following table lists the configurable parameters of the OrangeHRM chart and
### Global parameters
| Parameter | Description | Default |
|-----------------------------------------|------------------------------------------------------------|---------------------------------------------------------|
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| Parameter | Description | Default |
|---------------------------|-------------------------------------------------|---------------------------------------------------------|
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
### Common parameters
| Parameter | Description | Default |
|-----------------------------------------|------------------------------------------------------------|---------------------------------------------------------|
| `nameOverride` | String to partially override aspnet-core.fullname | `nil` |
| `fullnameOverride` | String to fully override aspnet-core.fullname | `nil` |
| Parameter | Description | Default |
|---------------------|------------------------------------------------------------------------------|---------------------------------------------------------|
| `image.registry` | OrangeHRM image registry | `docker.io` |
| `image.repository` | OrangeHRM Image name | `bitnami/orangehrm` |
| `image.tag` | OrangeHRM Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | OrangeHRM image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `nameOverride` | String to partially override orangehrm.fullname template | `nil` |
| `fullnameOverride` | String to fully override orangehrm.fullname template | `nil` |
| `commonLabels` | Labels to add to all deployed objects | `nil` |
| `commonAnnotations` | Annotations to add to all deployed objects | `[]` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` |
### OrangeHRM parameters
| Parameter | Description | Default |
|-----------------------------------------|------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `image.registry` | OrangeHRM image registry | `docker.io` |
| `image.repository` | OrangeHRM Image name | `bitnami/orangehrm` |
| `image.tag` | OrangeHRM Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `allowEmptyPassword` | Allow DB blank passwords | `yes` |
| `orangehrmUsername` | User of the application | `user` |
| `orangehrmPassword` | Application password | _random 10 character long alphanumeric string_ |
| `smtpHost` | SMTP host | `nil` |
| `smtpPort` | SMTP port | `nil` |
| `smtpUser` | SMTP user | `nil` |
| `smtpPassword` | SMTP password | `nil` |
| `smtpProtocol` | SMTP protocol [`ssl`, `none`] | `nil` |
| `extraEnvVars` | Extra environment variables to be set on OrangeHRM container | `{}` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` |
| `podAnnotations` | Pod annotations | `{}` |
| `affinity` | Map of node/pod affinities | `{}` |
| `resources.limits` | The resources limits for the OrangeHRM container | `{}` |
| `resources.requests` | The requested resources for the OrangeHRM container | `{"Memory": "512Mi", "CPU": "300m"}` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.orangehrm.storageClass` | PVC Storage Class for OrangeHRM volume | `nil` (uses alpha storage class annotation) |
| `persistence.orangehrm.accessMode` | PVC Access Mode for OrangeHRM volume | `ReadWriteOnce` |
| `persistence.orangehrm.size` | PVC Storage Request for OrangeHRM volume | `8Gi` |
| Parameter | Description | Default |
|--------------------------------------|-----------------------------------------------------------------------------------------------------------------------|------------------------------------------------|
| `affinity` | Map of node/pod affinities | `{}` |
| `allowEmptyPassword` | Allow DB blank passwords | `yes` |
| `args` | Override default container args (useful when using custom images) | `nil` |
| `command` | Override default container command (useful when using custom images) | `nil` |
| `containerPorts.http` | Sets http port inside NGINX container | `8080` |
| `containerPorts.https` | Sets https port inside NGINX container | `8443` |
| `containerSecurityContext.enabled` | Enable OrangeHRM containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | OrangeHRM containers' Security Context | `1001` |
| `customLivenessProbe` | Override default liveness probe | `nil` |
| `customReadinessProbe` | Override default readiness probe | `nil` |
| `existingSecret` | Name of a secret with the application password | `nil` |
| `extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` |
| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` |
| `extraEnvVars` | Extra environment variables | `nil` |
| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `nil` |
| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `nil` |
| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `nil` |
| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `` |
| `livenessProbe` | Liveness probe configuration | `Check values.yaml file` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `orangehrmUsername` | User of the application | `admin` |
| `orangehrmPassword` | Application password | _random 10 character long alphanumeric string_ |
| `orangehrmEnforcePasswordStrength` | Whether the OrangeHRM password validation should use strong or medium level | `true` |
| `orangehrmSkipInstall` | Skip OrangeHRM installation wizard (`no` / `yes`) | `false` |
| `persistence.accessMode` | PVC Access Mode for OrangeHRM volume | `ReadWriteOnce` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | An Existing PVC name | `nil` |
| `persistence.hostPath` | Host mount path for OrangeHRM volume | `nil` (will not mount to a host path) |
| `persistence.size` | PVC Storage Request for OrangeHRM volume | `8Gi` |
| `persistence.storageClass` | PVC Storage Class for OrangeHRM volume | `nil` (uses alpha storage class annotation) |
| `persistence.subPath` | volumeMount subPath, use it for compatibility with previous versions of the chart | `orangehrm` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Add additional labels to the pod (evaluated as a template) | `nil` |
| `podSecurityContext.enabled` | Enable OrangeHRM pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | OrangeHRM pods' group ID | `1001` |
| `readinessProbe` | Readiness probe configuration | `Check values.yaml file` |
| `replicaCount` | Number of OrangeHRM Pods to run | `1` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `nil` |
| `smtpHost` | SMTP host | `nil` |
| `smtpPort` | SMTP port | `nil` |
| `smtpProtocol` | SMTP Protocol (options: ssl, none) | `nil` |
| `smtpUser` | SMTP user | `nil` |
| `smtpPassword` | SMTP password. Ignored if `smtpExistingSecret` is set | `nil` |
| `smtpExistingSecret` | Name of a secret with the SMTP password | `nil` |
| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `updateStrategy` | Deployment update strategy | `nil` |
### Exposure parameters
### Traffic Exposure Parameters
| Parameter | Description | Default |
|-----------------------------------------|------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.httpsPort` | Service HTTPS port | `443` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.nodePorts.https` | Kubernetes https node port | `""` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.annotations` | Ingress annotations | `[]` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hosts[0].name` | Hostname to your OrangeHRM installation | `orangehrm.local` |
| `ingress.hosts[0].path` | Path within the url structure | `/` |
| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` |
| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` |
| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `orangehrm.local-tls-secret` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
| Parameter | Description | Default |
|-------------------------------------------|-------------------------------------------------------------------------------|--------------------------------|
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.httpsPort` | Service HTTPS port | `443` |
| `service.httpsTargetPort` | Service Target HTTPS port | `https` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.nodePorts.https` | Kubernetes https node port | `""` |
| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `nil` |
| `service.clusterIP` | WordPress service clusterIP IP | `None` |
| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.annotations` | Service annotations | `{}` (evaluated as a template) |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hostname` | Default host for the ingress resource | `orangehrm.local` |
| `ingress.annotations` | Ingress annotations | `{}` (evaluated as a template) |
| `ingress.hosts[0].name` | Hostname to your OrangeHRM installation | `nil` |
| `ingress.hosts[0].path` | Path within the url structure | `nil` |
| `ingress.tls[0].hosts[0]` | TLS hosts | `nil` |
| `ingress.tls[0].secretName` | TLS Secret (certificates) | `nil` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
### Database parameters
| Parameter | Description | Default |
|--------------------------------------------|---------------------------------------------------------------------------|----------------------------------------------------|
| `mariadb.enabled` | Whether to use the MariaDB chart | `true` |
| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | _random 10 character alphanumeric string_ |
| `mariadb.auth.database` | Database name to create | `bitnami_orangehrm` |
| `mariadb.auth.username` | Database user to create | `bn_orangehrm` |
| `mariadb.auth.password` | Password for the database | _random 10 character long alphanumeric string_ |
| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` |
| `mariadb.primary.persistence.existingClaim`| Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `nil` |
| `mariadb.primary.persistence.accessMode` | Database Persistent Volume Access Modes | `[ReadWriteOnce]` |
| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` |
| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `nil` (uses alpha storage class annotation) |
| `mariadb.primary.persistence.hostPath` | Host mount path for MariaDB volume | `nil` (will not mount to a host path) |
| `externalDatabase.user` | Existing username in the external db | `bn_orangehrm` |
| `externalDatabase.password` | Password for the above username | `nil` |
| `externalDatabase.database` | Name of the existing database | `bitnami_orangehrm` |
| `externalDatabase.host` | Host of the existing database | `nil` |
| `externalDatabase.port` | Port of the existing database | `3306` |
| `externalDatabase.existingSecret` | Name of the database existing Secret Object | `nil` |
| Parameter | Description | Default |
|---------------------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------|
| `mariadb.enabled` | Whether to use the MariaDB chart | `true` |
| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | _random 10 character alphanumeric string_ |
| `mariadb.auth.database` | Database name to create | `bitnami_orangehrm` |
| `mariadb.auth.username` | Database user to create | `bn_orangehrm` |
| `mariadb.auth.password` | Password for the database | _random 10 character long alphanumeric string_ |
| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` |
| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `nil` |
| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `[ReadWriteOnce]` |
| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` |
| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `nil` |
| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `nil` |
| `externalDatabase.user` | Existing username in the external db | `bn_orangehrm` |
| `externalDatabase.password` | Password for the above username | `""` |
| `externalDatabase.database` | Name of the existing database | `bitnami_orangehrm` |
| `externalDatabase.host` | Host of the existing database | `nil` |
| `externalDatabase.port` | Port of the existing database | `3306` |
### Volume Permissions parameters
| Parameter | Description | Default |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.resources` | Init container resource requests/limit | `nil` |
### Metrics parameters
| Parameter | Description | Default |
|-----------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` |
| `metrics.resources.limits` | The resources limits for the Sidecar exporter container | `{}` |
| `metrics.resources.requests` | The requested resources for the Sidecar exporter container | `{}` |
| Parameter | Description | Default |
|-----------------------------|--------------------------------------------------|--------------------------------------------------------------|
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` |
| `metrics.resources` | Exporter resource requests/limit | {} |
### Certificate injection parameters
| Parameter | Description | Default |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` |
| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` |
| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` |
| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` |
| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` |
| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/chain.pem` |
| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` |
| `certificates.image.registry` | Container sidecar registry | `docker.io` |
| `certificates.image.repository` | Container sidecar image | `bitnami/minideb` |
| `certificates.image.tag` | Container sidecar image tag | `buster` |
| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` |
| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `image.pullSecrets` |
| `certificates.args` | Override default container args (useful when using custom images) | `nil` |
| `certificates.command` | Override default container command (useful when using custom images) | `nil` |
| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` |
| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` |
| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` |
The above parameters map to the env variables defined in [bitnami/orangehrm](http://github.com/bitnami/bitnami-docker-orangehrm). For more information please refer to the [bitnami/orangehrm](http://github.com/bitnami/bitnami-docker-orangehrm) image documentation.
@@ -159,7 +234,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
$ helm install my-release \
--set orangehrmUsername=admin,orangehrmPassword=password,mariadb.mariadbRootPassword=secretpassword \
--set orangehrmUsername=admin,orangehrmPassword=password,mariadb.auth.rootPassword=secretpassword \
bitnami/orangehrm
```
@@ -181,20 +256,133 @@ It is strongly recommended to use immutable tags in a production environment. Th
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Image
The `image` parameter allows specifying which image will be pulled for the chart.
#### Private registry
If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod).
1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret.
1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as:
```yaml
imagePullSecrets:
- name: SECRET_NAME
```
1. Install the chart
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `affinity` paremeter. Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
### TLS Secrets
This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are three common use cases:
- Helm generates/manages certificate secrets
- User generates/manages certificates separately
- An additional tool (like [kube-lego](https://kubeapps.com/charts/stable/kube-lego)) manages the secrets for the application
In the first two cases, one will need a certificate and a key. We would expect them to look like this:
- certificate files should look like (and there can be more than one certificate if there is a certificate chain)
```console
-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
...
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
-----END CERTIFICATE-----
```
- keys should look like:
```console
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
...
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
-----END RSA PRIVATE KEY-----
```
If you are going to use Helm to manage the certificates, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry.
If you are going to manage TLS secrets outside of Helm, please know that you can create a TLS secret (named `orangehrm.local-tls` for example).
Please see [this example](https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls) for more information.
### Ingress-terminated https
In cases where HTTPS/TLS is terminated on the ingress, you may run into an issue where non-https liveness and readiness probes result in a 302 (redirect from HTTP to HTTPS) and are interpreted by Kubernetes as not-live/not-ready. (See [Kubernetes issue #47893 on GitHub](https://github.com/kubernetes/kubernetes/issues/47893) for further details about 302 _not_ being interpreted as "successful".) To work around this problem, use `livenessProbeHeaders` and `readinessProbeHeaders` to pass the same headers that your ingress would pass in order to get an HTTP 200 status result. For example (where the following is in a `--values`-referenced file):
```yaml
livenessProbeHeaders:
- name: X-Forwarded-Proto
value: https
readinessProbeHeaders:
- name: X-Forwarded-Proto
value: https
```
Any number of name/value pairs may be specified; they are all copied into the liveness or readiness probe definition.
## Persistence
The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image stores the OrangeHRM data and configurations at the `/bitnami/orangehrm` path of the container.
Persistent Volume Claims are used to keep the data across deployments. There is a [known issue](https://github.com/kubernetes/kubernetes/issues/39178) in Kubernetes Clusters with EBS in different availability zones. Ensure your cluster is configured properly to create Volumes in the same availability zone where the nodes are running. Kuberentes 1.12 solved this issue with the [Volume Binding Mode](https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode).
The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image stores the OrangeHRM configurations at the `/bitnami/orangehrm` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
### Existing PersistentVolumeClaim
1. Create the PersistentVolume
1. Create the PersistentVolumeClaim
1. Install the chart
```bash
$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/orangehrm
```
### Host path
#### System compatibility
- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox.
- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync).
#### Mounting steps
1. The specified `hostPath` directory must already exist (create one if it does not).
1. Install the chart
```bash
$ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/orangehrm
```
This will mount the `orangehrm-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch.
1. Because the container cannot control the host machine's directory permissions, you must set the OrangeHRM file directory permissions yourself and disable or clear OrangeHRM cache.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnamis Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
### To 9.0.0
The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image was updated to support and enable the "non-root" user approach
If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`.
This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information.
To upgrade from `8.x.x`, backup OrangeHRM data and the previous MariaDB databases, install a new OrangeHRM chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. As an alternative, you can use `helm upgrade` if you specify `volumePermissions.enabled=true` and `persistence.subPath=""`.
### To 8.0.0
In this major there were two main changes introduced:

59
bitnami/orangehrm/templates/NOTES.txt
View File

@@ -1,36 +1,47 @@
{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
** Please be patient while the chart is being deployed **
{{- if and .Values.ingress.enabled (ne .Values.service.type "ClusterIP") }}
** Notice : Usually with ingress the service.type should be set to ClusterIP, which is not the case to this deployment! **
{{- end }}
1. Get the OrangeHRM URL by running:
1. Access you OrangeHRM instance with:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "orangehrm.fullname" . }})
{{- if .Values.ingress.enabled }}
{{ if .Values.ingress.tls }}
{{- range .Values.ingress.hosts }}
- https://{{ . }}
{{- end }}
{{- else }}
{{- range .Values.ingress.hosts }}
- http://{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "OrangeHRM URL: http://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.service.type }}
** Please ensure an external IP is associated to the {{ template "orangehrm.fullname" . }} service before proceeding **
** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "orangehrm.fullname" . }} **
** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding **
** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} **
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "orangehrm.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
{{- $port:=.Values.service.port | toString }}
echo "OrangeHRM URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/"
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }}
echo "OrangeHRM URL: http://127.0.0.1:8080/"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "orangehrm.fullname" . }} 8080:{{ .Values.service.port }}
{{- end }}
2. Login with the following credentials
echo Username: {{ .Values.orangehrmUsername }}
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "orangehrm.fullname" . }} -o jsonpath="{.data.orangehrm-password}" | base64 --decode)
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "orangehrm.secretName" . }} -o jsonpath="{.data.orangehrm-password}" | base64 --decode)
{{- else -}}
@@ -41,16 +52,36 @@
This deployment will be incomplete until you configure OrangeHRM with a resolvable database
host. To configure OrangeHRM to use and external database host:
1. Complete your OrangeHRM deployment by running:
helm upgrade {{ .Release.Name }} --set service.type={{ .Values.service.type }},mariadb.enabled=false,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST bitnami/orangehrm
{{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- $passwordValidationErrors := list -}}
{{- $secretName := include "orangehrm.secretName" . -}}
{{- if not .Values.existingSecret -}}
{{- $requiredOrangeHRMPassword := dict "valueKey" "orangehrmPassword" "secret" $secretName "field" "orangehrm-password" "context" $ -}}
{{- $requiredOrangeHRMPasswordError := include "common.validations.values.single.empty" $requiredOrangeHRMPassword -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $requiredOrangeHRMPasswordError -}}
{{- end -}}
{{- $databaseSecretName := include "orangehrm.databaseSecretName" . -}}
{{- if .Values.mariadb.enabled }}
{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $databaseSecretName "subchart" true "context" $) -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}}
{{- end }}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
{{- if and (not .Values.mariadb.enabled) .Release.IsUpgrade -}}
{{- $requiredExternalPassword := dict "valueKey" "externalDatabase.password" "secret" $databaseSecretName "field" "db-password" -}}
WARNING: Review values for the following password in the command, if they are correct please ignore this notice.
{{- include "common.validations.values.multiple.empty" (dict "required" (list $requiredExternalPassword) "context" $) -}}
{{- end -}}

170
bitnami/orangehrm/templates/_helpers.tpl
View File

@@ -1,35 +1,3 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "orangehrm.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "orangehrm.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "orangehrm.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -38,131 +6,60 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper certificate image name
*/}}
{{- define "certificates.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper OrangeHRM image name
*/}}
{{- define "orangehrm.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the metrics image)
*/}}
{{- define "orangehrm.metrics.image" -}}
{{- $registryName := .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "orangehrm.volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "orangehrm.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper Storage Class
Return the proper Storage Class
*/}}
{{- define "orangehrm.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.orangehrm.storageClass -}}
{{- if (eq "-" .Values.persistence.orangehrm.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.orangehrm.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.orangehrm.storageClass -}}
{{- if (eq "-" .Values.persistence.orangehrm.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.orangehrm.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
OrangeHRM credential secret name
*/}}
{{- define "orangehrm.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- define "orangehrm.secretName" -}}
{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Return the SMTP secret name
*/}}
{{- define "orangehrm.smtpSecretName" -}}
{{- coalesce .Values.smtpExistingSecret (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
@@ -222,6 +119,17 @@ Return the MariaDB Secret Name
{{- else if .Values.externalDatabase.existingSecret -}}
{{- printf "%s" .Values.externalDatabase.existingSecret -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name "externaldb" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}}
{{- end -}}
{{- end -}}
{{/*
Return the database password key
*/}}
{{- define "orangehrm.databasePasswordKey" -}}
{{- if .Values.mariadb.enabled -}}
mariadb-password
{{- else -}}
db-password
{{- end -}}
{{- end -}}

303
bitnami/orangehrm/templates/deployment.yaml
View File

@@ -1,51 +1,161 @@
apiVersion: {{ template "orangehrm.deployment.apiVersion" . }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "orangehrm.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- include "orangehrm.imagePullSecrets" . | nindent 6 }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "status.localhost"
{{- if .Values.affinity }}
affinity: {{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "orangehrm.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- sh
- -c
- |
mkdir -p "/bitnami/orangehrm"
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/orangehrm"
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: orangehrm-data
mountPath: /bitnami/orangehrm
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath | quote }}
{{- end }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: certificates
image: {{ template "certificates.image" . }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }}
imagePullSecrets:
{{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
- name: {{ . }}
{{- end }}
command:
{{- if .Values.certificates.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }}
{{- else if .Values.certificates.customCertificate.certificateSecret }}
- sh
- -c
- if command -v apk >/dev/null; then apk add --no-cache ca-certificates openssl && update-ca-certificates;
else apt-get update && apt-get install -y ca-certificates openssl; fi
{{- else }}
- sh
- -c
- if command -v apk >/dev/null; then apk add --no-cache ca-certificates openssl && update-ca-certificates;
else apt-get update && apt-get install -y ca-certificates openssl; fi
&& openssl req -new -x509 -days 3650 -nodes -sha256
-subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
-out {{ .Values.certificates.customCertificate.certificateLocation }}
-keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req
{{- end }}
{{- if .Values.certificates.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }}
{{- end }}
env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }}
envFrom:
{{- if .Values.certificates.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.certificates.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }}
{{- end }}
volumeMounts:
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
containers:
- name: {{ template "orangehrm.fullname" . }}
- name: {{ include "common.names.fullname" . }}
image: {{ template "orangehrm.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ .Values.allowEmptyPassword | quote }}
- name: MARIADB_HOST
value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }}
- name: APACHE_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.http | quote }}
- name: APACHE_HTTPS_PORT_NUMBER
value: {{ .Values.containerPorts.https | quote }}
- name: ORANGEHRM_DATABASE_HOST
value: {{ include "orangehrm.databaseHost" . | quote }}
- name: MARIADB_PORT_NUMBER
- name: ORANGEHRM_DATABASE_PORT_NUMBER
value: {{ include "orangehrm.databasePort" . | quote }}
- name: ORANGEHRM_DATABASE_NAME
value: {{ include "orangehrm.databaseName" . | quote }}
@@ -55,68 +165,131 @@ spec:
valueFrom:
secretKeyRef:
name: {{ include "orangehrm.databaseSecretName" . }}
key: mariadb-password
key: {{ include "orangehrm.databasePasswordKey" . }}
- name: ORANGEHRM_SKIP_BOOTSTRAP
value: {{ ternary "yes" "no" .Values.orangehrmSkipInstall | quote }}
- name: ORANGEHRM_USERNAME
value: {{ default "" .Values.orangehrmUsername | quote }}
value: {{ .Values.orangehrmUsername | quote }}
- name: ORANGEHRM_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "orangehrm.fullname" . }}
name: {{ include "common.names.fullname" . }}
key: orangehrm-password
- name: ORANGEHRM_ENFORCE_PASSWORD_STRENGTH
value: {{ ternary "yes" "no" .Values.orangehrmEnforcePasswordStrength | quote }}
{{- if .Values.smtpHost }}
- name: SMTP_HOST
value: {{ default "" .Values.smtpHost | quote }}
value: {{ .Values.smtpHost | quote }}
{{- end }}
{{- if .Values.smtpPort }}
- name: SMTP_PORT
value: {{ default "" .Values.smtpPort | quote }}
value: {{ .Values.smtpPort | quote }}
{{- end }}
{{- if .Values.smtpUser }}
- name: SMTP_USER
value: {{ default "" .Values.smtpUser | quote }}
value: {{ .Values.smtpUser | quote }}
{{- end }}
{{- if or .Values.smtpPassword .Values.smtpExistingSecret }}
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "orangehrm.fullname" . }}
name: {{ include "orangehrm.smtpSecretName" . }}
key: smtp-password
- name: SMTP_PROTOCOL
value: {{ default "none" .Values.smtpProtocol | quote }}
{{- range $key, $value := .Values.extraEnvVars }}
- name: {{ $key }}
value: "{{ $value }}"
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
{{- if .Values.smtpProtocol }}
- name: SMTP_PROTOCOL
value: {{ .Values.smtpProtocol | quote }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ tpl .Values.extraEnvVarsCM . | quote }}
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ tpl .Values.extraEnvVarsSecret . | quote }}
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 80
containerPort: {{ .Values.containerPorts.http }}
- name: https
containerPort: 443
containerPort: {{ .Values.containerPorts.https }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /symfony/web/index.php
path: {{ .Values.livenessProbe.path }}
port: http
initialDelaySeconds: 120
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /symfony/web/index.php
path: {{ .Values.readinessProbe.path }}
port: http
initialDelaySeconds: 30
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: orangehrm-data
mountPath: /bitnami/orangehrm
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath | quote }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private/
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
subPath: tls.crt
readOnly: true
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.keyLocation }}
subPath: tls.key
readOnly: true
{{- if .Values.certificates.customCertificate.chainSecret }}
- name: custom-certificate-chain
mountPath: {{ .Values.certificates.customCertificate.chainLocation }}
subPath: {{ .Values.certificates.customCertificate.chainSecret.key }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "orangehrm.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:80/server-status/?auto']
command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ]
ports:
- name: metrics
containerPort: 9117
@@ -132,15 +305,45 @@ spec:
port: metrics
initialDelaySeconds: 5
timeoutSeconds: 1
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: orangehrm-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ template "orangehrm.fullname" . }}-orangehrm
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-orangehrm" (include "common.names.fullname" .)) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- name: etc-ssl-private
emptyDir:
medium: "Memory"
- name: custom-ca-certificates
projected:
defaultMode: 0400
sources:
{{- range $index, $customCA := .Values.certificates.customCAs }}
- secret:
name: {{ $customCA.secret }}
{{- end }}
{{- end }}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
secret:
secretName: {{ .Values.certificates.customCertificate.certificateSecret }}
{{- if .Values.certificates.customCertificate.chainSecret }}
- name: custom-certificate-chain
secret:
secretName: {{ .Values.certificates.customCertificate.chainSecret.name }}
{{- end }}
{{- end }}

12
bitnami/orangehrm/templates/externaldb-secrets.yaml
View File

@@ -1,14 +1,10 @@
{{- if (not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret)) }}
{{- if not .Values.mariadb.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-%s" .Release.Name "externaldb" }}
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
name: "{{ include "common.names.fullname" . }}-externaldb"
labels: {{- include "common.labels.standard" . | nindent 4 }}
type: Opaque
data:
mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
{{- end }}

4
bitnami/orangehrm/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

62
bitnami/orangehrm/templates/ingress.yaml
View File

@@ -1,43 +1,43 @@
{{- if .Values.ingress.enabled }}
apiVersion: extensions/v1beta1
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "orangehrm.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: {{ template "orangehrm.fullname" $ }}
servicePort: http
{{- end }}
tls:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: /
backend:
serviceName: "{{ include "common.names.fullname" $ }}"
servicePort: http
{{- end }}
{{- range .Values.ingress.hosts }}
{{- if .tls }}
- hosts:
{{- if .tlsHosts }}
{{- range $host := .tlsHosts }}
- {{ $host }}
{{- end }}
{{- else }}
- {{ .name }}
{{- end }}
secretName: {{ .tlsSecret }}
{{- end }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: "{{ include "common.names.fullname" $ }}"
servicePort: http
{{- end }}
{{- if .Values.ingress.tls }}
tls: {{- toYaml .Values.ingress.tls | nindent 4 }}
{{- end }}
{{- end }}

18
bitnami/orangehrm/templates/orangehrm-pvc.yaml
View File

@@ -1,18 +0,0 @@
{{- if .Values.persistence.enabled -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "orangehrm.fullname" . }}-orangehrm
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
spec:
accessModes:
- {{ .Values.persistence.orangehrm.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.orangehrm.size | quote }}
{{ include "orangehrm.storageClass" . }}
{{- end -}}

20
bitnami/orangehrm/templates/pv.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.names.fullname" . }}-orangehrm
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
capacity:
storage: {{ .Values.persistence.size | quote }}
hostPath:
path: {{ .Values.persistence.hostPath | quote }}
{{- end -}}

23
bitnami/orangehrm/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}-orangehrm
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.persistence.hostPath }}
storageClassName: ""
{{- end }}
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "orangehrm.storageClass" . | nindent 2 }}
{{- end -}}

28
bitnami/orangehrm/templates/secrets.yaml
View File

@@ -1,17 +1,25 @@
{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "orangehrm.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{ if .Values.orangehrmPassword }}
{{- if not .Values.existingSecret }}
{{- if .Values.orangehrmPassword }}
orangehrm-password: {{ default "" .Values.orangehrmPassword | b64enc | quote }}
{{ else }}
{{- else }}
orangehrm-password: {{ list (lower (randAlpha 3)) (randNumeric 2) (upper (randAlpha 3)) | join "_" | b64enc | quote }}
{{ end }}
smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }}
{{- end }}
{{- end }}
{{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }}
smtp-password: {{ .Values.smtpPassword | b64enc | quote }}
{{- end }}
{{- end }}

51
bitnami/orangehrm/templates/svc.yaml
View File

@@ -1,30 +1,53 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "orangehrm.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
helm.sh/chart: {{ include "orangehrm.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
sessionAffinity: {{ default "None" .Values.service.sessionAffinity }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: http
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}}
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }}
nodePort: {{ .Values.service.nodePorts.http }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: https
port: {{ .Values.service.httpsPort }}
targetPort: https
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.https)))}}
targetPort: {{ .Values.service.httpsTargetPort }}
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
nodePort: {{ .Values.service.nodePorts.https }}
{{- end }}
selector:
app.kubernetes.io/name: {{ include "orangehrm.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

43
bitnami/orangehrm/templates/tls-secrets.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }}
{{- $ca := genCA "orangehrm-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}

7
bitnami/orangehrm/test.sh Normal file
View File

@@ -0,0 +1,7 @@
helm install orangehrm bitnami/orangehrm --version 8.0.0 --set service.type=ClusterIP --set orangehrmPassword=Bitnami.12345 --set image.tag=4.3.4-0-debian-10-r30
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default orangehrm-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
export MARIADB_PASSWORD=$(kubectl get secret --namespace default orangehrm-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode)
helm upgrade orangehrm . --set service.type=ClusterIP --set orangehrmPassword=Bitnami.12345 --set image.tag=dev --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD
helm upgrade orangehrm . --set service.type=ClusterIP --set orangehrmPassword=Bitnami.12345 --set image.tag=dev --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set volumePermissions.enabled=true

625
bitnami/orangehrm/values.yaml
View File

@@ -14,7 +14,7 @@
image:
registry: docker.io
repository: bitnami/orangehrm
tag: 4.6.0-0-debian-10-r13
tag: 4.6.0-0-debian-10-r26
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -24,16 +24,29 @@ image:
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
##
debug: false
## String to partially override orangehrm.fullname template (will maintain the release name)
##
# nameOverride:
nameOverride:
## String to fully override orangehrm.fullname template
##
# fullnameOverride:
fullnameOverride:
## Number of replicas (requires ReadWriteMany PVC support)
##
replicaCount: 1
## Skip OrangeHRM installation wizard. Useful for migrations and restoring from SQL dump
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
orangehrmSkipInstall: false
## User of the application
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
@@ -44,187 +57,120 @@ orangehrmUsername: admin
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
# orangehrmPassword:
orangehrmPassword:
## Whether the OrangeHRM password validation should use strong or medium level
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration
##
orangehrmEnforcePasswordStrength: true
## Set to `yes` to allow the container to be started with blank passwords
## ref: https://github.com/bitnami/bitnami-docker-orangehrm#environment-variables
##
allowEmptyPassword: "yes"
allowEmptyPassword: true
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/bitnami-docker-orangehrm/#smtp-configuration
# smtpHost:
# smtpPort:
# smtpUser:
# smtpPassword:
# smtpProtocol:
## Container command (using container default if not set)
##
command:
## Container args (using container default if ot set)
##
args:
## Additional environment variables to set
## E.g:
## extraEnvVars:
## FOO: BAR
## BAZ: QUX
## Common annotations to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## Common labels to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: RollingUpdate
## An array to add extra env vars
## For example:
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## ConfigMap with extra environment variables
##
# extraEnvVarsCM:
extraEnvVarsCM:
## Secret with extra environment variables
##
# extraEnvVarsSecret:
extraEnvVarsSecret:
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
## Extra volumes to add to the deployment
##
podAnnotations: {}
extraVolumes: []
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Extra volume mounts to add to the container
##
affinity: {}
extraVolumeMounts: []
## OrangeHRM containers' resource requests and limits.
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## Extra init containers to add to the deployment
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests:
memory: 512Mi
cpu: 300m
initContainers: []
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
## Extra sidecar containers to add to the deployment
##
persistence:
enabled: true
orangehrm:
## orangehrm data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
sidecars: []
## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
service:
type: LoadBalancer
# HTTP Port
port: 80
# HTTPS Port
httpsPort: 443
##
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
nodePorts:
http: ""
https: ""
## Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
tolerations: []
## Configure the ingress resource that allows you to access the
## OrangeHRM installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
## Use existing secret for the application password
##
ingress:
## Set to true to enable ingress record generation
enabled: false
existingSecret:
## Set this to true in order to add the corresponding annotations for cert-manager
certManager: false
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
annotations:
# kubernetes.io/ingress.class: nginx
## The list of hostnames to be covered with this ingress record.
## Most likely this will be just one host, but in the event more hosts are needed, this is an array
hosts:
- name: orangehrm.local
path: /
## Set this to true in order to enable TLS on the ingress record
tls: false
## Optionally specify the TLS hosts for the ingress record
## Useful when the Ingress controller supports www-redirection
## If not specified, the above host name will be used
# tlsHosts:
# - www.orangehrm.local
# - orangehrm.local
## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
tlsSecret: orangehrm.local-tls
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
# - name: orangehrm.local-tls
# key:
# certificate:
## Prometheus Exporter / Metrics
##
metrics:
enabled: false
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.8.0-debian-10-r217
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Metrics exporter pod Annotation and Labels
## External database configuration
##
externalDatabase:
## Database host
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"
## Metrics exporter resource requests and limits.
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
host:
## Database host
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
port: 3306
## Database user
##
user: bn_orangehrm
## Database password
##
password:
## Database name
##
database: bitnami_orangehrm
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/bitnami-docker-orangehrm/#smtp-configuration
##
smtpHost:
smtpPort:
smtpUser:
smtpPassword:
smtpProtocol:
## Use an existing secret for the SMTP Password
## Can be the same secret as existingSecret
## Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret:
##
## MariaDB chart configuration
@@ -279,26 +225,363 @@ mariadb:
##
existingClaim:
## Container ports
##
## External database configuration
containerPorts:
http: 8080
https: 8443
## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
externalDatabase:
## Use existing secret (ignores previous password)
## must contain key `mariadb-password`
## NOTE: When it's set, the `externalDatabase.password` parameter is ignored
# existingSecret:
service:
type: LoadBalancer
# HTTP Port
port: 80
# HTTPS Port
httpsPort: 443
## HTTPS Target Port
## defaults to https unless overridden to the specified port.
## if you want the target port to be "http" or "80" you can specify that here.
##
httpsTargetPort: https
## clusterIP: ""
## Control hosts connecting to "LoadBalancer" only
## loadBalancerSourceRanges:
## - 0.0.0.0/0
## loadBalancerIP for the OrangeHRM Service (optional, cloud specific)
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
## loadBalancerIP:
##
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
nodePorts:
http: ""
https: ""
## Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## Provide any additional annotations which may be required (evaluated as a template).
##
annotations: {}
## Extra ports to expose (normally used with the `sidecar` value)
##
# extraPorts:
## Database host
host:
## Configure the ingress resource that allows you to access the
## OrangeHRM installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
##
enabled: false
## Database host
port: 3306
## Set this to true in order to add the corresponding annotations for cert-manager
##
certManager: false
## Database user
user: bn_orangehrm
## When the ingress is enabled, a host pointing to this will be created
##
hostname: orangehrm.local
## Database password
password:
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
# kubernetes.io/ingress.class: nginx
## Database name
database: bitnami_orangehrm
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## hosts:
## - name: orangehrm.local
## path: /
##
hosts:
## The tls configuration for the ingress
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## tls:
## - hosts:
## - orangehrm.local
## secretName: orangehrm.local-tls
##
tls:
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
# - name: orangehrm.local-tls
# key:
# certificate:
## Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
sessionAffinity: "None"
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: true
## OrangeHRM Data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessMode: ReadWriteOnce
size: 8Gi
## A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
# existingClaim:
## If defined, the orangehrm-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath:
## volumeMount subPath, use it for compatibility with previous versions of the chart
##
subPath: orangehrm
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## Node affinity type
## Allowed values: soft, hard
##
type: ""
## Node label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## Node label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 512Mi
cpu: 300m
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
enabled: false
image:
registry: docker.io
repository: bitnami/minideb
tag: buster
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
pullSecrets: []
## - myRegistryKeySecretName
## Init containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
##
limits: {}
## cpu: 100m
## memory: 128Mi
##
requests: {}
## cpu: 100m
## memory: 128Mi
##
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
##
containerSecurityContext:
enabled: true
runAsUser: 1001
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
livenessProbe:
enabled: true
path: /symfony/web/index.php
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
path: /symfony/web/index.php
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 6
successThreshold: 1
## Custom Liveness probe
##
customLivenessProbe: {}
## Custom Readiness probe
##
customReadinessProbe: {}
## lifecycleHooks for the container to automate configuration before or after startup.
##
lifecycleHooks:
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Pod extra labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Prometheus Exporter / Metrics
##
metrics:
enabled: false
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.8.0-debian-10-r230
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
pullSecrets:
# - myRegistryKeySecretName
## Metrics exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
# resources: {}
## Metrics exporter pod Annotation and Labels
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"
# Add custom certificates and certificate authorities to OrangeHRM container
certificates:
customCertificate:
certificateSecret: ""
chainSecret: {}
# name: secret-name
# key: secret-key
certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem
keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key
chainLocation: /etc/ssl/certs/mychain.pem
customCAs: []
## Override container command
##
command:
## Override container args
##
args:
# - secret: custom-CA
# - secret: more-custom-CAs
## An array to add extra env vars
##
extraEnvVars: []
## ConfigMap with extra environment variables
##
extraEnvVarsCM:
## Secret with extra environment variables
##
extraEnvVarsSecret:
image:
registry: docker.io
repository: bitnami/minideb
tag: buster
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
# pullPolicy:
pullSecrets: []
# - myRegistryKeySecretName
## Array with extra yaml to deploy with the chart. Evaluated as a template
##
extraDeploy: []