diff --git a/bitnami/tomcat/Chart.yaml b/bitnami/tomcat/Chart.yaml index e41751f59e..3546d4369b 100644 --- a/bitnami/tomcat/Chart.yaml +++ b/bitnami/tomcat/Chart.yaml @@ -1,20 +1,20 @@ apiVersion: v1 name: tomcat -version: 6.0.6 +version: 6.1.0 appVersion: 9.0.29 description: Chart for Apache Tomcat keywords: -- tomcat -- java -- http -- web -- application server -- jsp + - tomcat + - java + - http + - web + - application server + - jsp home: http://tomcat.apache.org sources: -- https://github.com/bitnami/bitnami-docker-tomcat + - https://github.com/bitnami/bitnami-docker-tomcat maintainers: -- name: Bitnami - email: containers@bitnami.com + - name: Bitnami + email: containers@bitnami.com engine: gotpl icon: https://bitnami.com/assets/stacks/tomcat/img/tomcat-stack-110x117.png diff --git a/bitnami/tomcat/README.md b/bitnami/tomcat/README.md index 61cef9af8d..585793b623 100644 --- a/bitnami/tomcat/README.md +++ b/bitnami/tomcat/README.md @@ -49,49 +49,53 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the Tomcat chart and their default values. -| Parameter | Description | Default | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | Tomcat image registry | `docker.io` | -| `image.repository` | Tomcat Image name | `bitnami/tomcat` | -| `image.tag` | Tomcat Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.resources` | Init container resource requests/limit | `nil` | -| `tomcatUsername` | Tomcat admin user | `user` | -| `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ | -| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` | -| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | -| `ingress.enabled` | Enable the ingress controller | `false` | -| `ingress.certManager` | Add annotations for certManager | `false` | -| `ingress.annotations` | Annotations to set in the ingress controller | - | -| `ingress.hosts[0].name` | Hostname to your opencart installation | `tomcat.local` | -| `ingress.hosts[0].path` | Path within the url structure | `/` | -| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | -| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` | -| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `tomcat.local-tls` | -| `affinity` | Map of node/pod affinities | `{}` | +| Parameter | Description | Default | +| ------------------------------------ | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | Tomcat image registry | `docker.io` | +| `image.repository` | Tomcat Image name | `bitnami/tomcat` | +| `image.tag` | Tomcat Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.resources` | Init container resource requests/limit | `{}` | +| `nameOverride` | String to partially override tomcat.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override tomcat.fullname template with a string | `nil` | +| `tomcatUsername` | Tomcat admin user | `user` | +| `tomcatPassword` | Tomcat admin password | _random 10 character alphanumeric string_ | +| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` (disabled) | +| `podAnnotations` | Pod annotations | `{}` | +| `affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) | +| `nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) | +| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `resources` | CPU/Memory resource requests/limits | `{"requests": {"Memory": "512Mi", CPU: "300m"}}` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode for Tomcat volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` | +| `service.type` | Kubernetes Service type | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.nodePort` | Kubernetes http node port | `""` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | +| `service.annotations` | Service annotations | `{}` | +| `ingress.enabled` | Enable the ingress controller | `false` | +| `ingress.certManager` | Add annotations for certManager | `false` | +| `ingress.annotations` | Annotations to set in the ingress controller | `{}` | +| `ingress.hosts[0].name` | Hostname to your opencart installation | `tomcat.local` | +| `ingress.hosts[0].path` | Path within the url structure | `/` | +| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | +| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` | +| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `tomcat.local-tls` | The above parameters map to the env variables defined in [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat). For more information please refer to the [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat) image documentation. diff --git a/bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml b/bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml new file mode 100644 index 0000000000..0ae0c7b20a --- /dev/null +++ b/bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml @@ -0,0 +1,8 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct + +ingress: + enabled: true + +volumePermissions: + enabled: true diff --git a/bitnami/tomcat/templates/_helpers.tpl b/bitnami/tomcat/templates/_helpers.tpl index a1939aa951..b8a3fe8bb9 100644 --- a/bitnami/tomcat/templates/_helpers.tpl +++ b/bitnami/tomcat/templates/_helpers.tpl @@ -6,13 +6,6 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tomcat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -30,6 +23,31 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tomcat.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "tomcat.labels" -}} +app: {{ include "tomcat.name" . }} +chart: {{ include "tomcat.chart" . }} +release: {{ .Release.Name }} +heritage: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "tomcat.matchLabels" -}} +app: {{ include "tomcat.name" . }} +release: {{ .Release.Name }} +{{- end -}} + {{/* Return the proper Tomcat image name */}} @@ -145,3 +163,16 @@ but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else {{- end -}} {{- end -}} {{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "cassandra.tplValue" (dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "cassandra.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/bitnami/tomcat/templates/deployment.yaml b/bitnami/tomcat/templates/deployment.yaml index db7fcffb9e..827352ffb4 100644 --- a/bitnami/tomcat/templates/deployment.yaml +++ b/bitnami/tomcat/templates/deployment.yaml @@ -2,87 +2,93 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "tomcat.fullname" . }} - labels: - app: {{ template "tomcat.fullname" . }} - chart: {{ template "tomcat.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + labels: {{- include "tomcat.labels" . | nindent 4 }} spec: selector: - matchLabels: - app: {{ template "tomcat.fullname" . }} - release: "{{ .Release.Name }}" + matchLabels: {{- include "tomcat.matchLabels" . | nindent 6 }} template: metadata: - labels: - app: {{ template "tomcat.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" + labels: {{- include "tomcat.labels" . | nindent 8 }} + {{- if .Values.podAnnotations }} + annotations: {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: +{{- include "tomcat.imagePullSecrets" . | indent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "tomcat.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "tomcat.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "tomcat.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end}} -{{- include "tomcat.imagePullSecrets" . | indent 6 }} + {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} initContainers: - - name: volume-permissions - image: "{{ template "tomcat.volumePermissions.image" . }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "/bitnami/tomcat"] - securityContext: - runAsUser: 0 - resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 }} - volumeMounts: - - name: data - mountPath: /bitnami/tomcat + - name: volume-permissions + image: {{ template "tomcat.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami/tomcat + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/tomcat {{- end }} containers: - - name: tomcat - image: "{{ template "tomcat.image" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: TOMCAT_USERNAME - value: {{ .Values.tomcatUsername | quote }} - - name: TOMCAT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "tomcat.fullname" . }} - key: tomcat-password - - name: TOMCAT_ALLOW_REMOTE_MANAGEMENT - value: {{ .Values.tomcatAllowRemoteManagement | quote }} - ports: - - name: http - containerPort: 8080 - livenessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 120 - timeoutSeconds: 5 - failureThreshold: 6 - readinessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 30 - timeoutSeconds: 3 - periodSeconds: 51 - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - name: data - mountPath: /bitnami/tomcat + - name: tomcat + image: {{ template "tomcat.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: TOMCAT_USERNAME + value: {{ .Values.tomcatUsername | quote }} + - name: TOMCAT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "tomcat.fullname" . }} + key: tomcat-password + - name: TOMCAT_ALLOW_REMOTE_MANAGEMENT + value: {{ .Values.tomcatAllowRemoteManagement | quote }} + ports: + - name: http + containerPort: 8080 + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 120 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + timeoutSeconds: 3 + periodSeconds: 51 + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/tomcat volumes: - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ template "tomcat.fullname" . }} - {{- else }} - emptyDir: {} - {{- end -}} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ template "tomcat.fullname" . }} + {{- else }} + emptyDir: {} + {{- end -}} diff --git a/bitnami/tomcat/templates/ingress.yaml b/bitnami/tomcat/templates/ingress.yaml index 58707aba21..ec4c7ab54a 100644 --- a/bitnami/tomcat/templates/ingress.yaml +++ b/bitnami/tomcat/templates/ingress.yaml @@ -3,41 +3,37 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ template "tomcat.fullname" . }} - labels: - app: "{{ template "tomcat.fullname" . }}" - chart: "{{ template "tomcat.chart" . }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} + labels: {{- include "tomcat.labels" . | nindent 4 }} annotations: {{- if .Values.ingress.certManager }} kubernetes.io/tls-acme: "true" {{- end }} - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} + {{- if .Values.ingress.annotations }} + {{- include "tomcat.tplValue" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} {{- end }} spec: rules: - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - backend: - serviceName: "{{ template "tomcat.fullname" $ }}" - servicePort: http - {{- end }} + {{- range .Values.ingress.hosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + backend: + serviceName: {{ template "tomcat.fullname" $ }} + servicePort: http + {{- end }} tls: - {{- range .Values.ingress.hosts }} - {{- if .tls }} - - hosts: - {{- if .tlsHosts }} - {{- range $host := .tlsHosts }} - - {{ $host }} - {{- end }} - {{- else }} - - {{ .name }} - {{- end }} - secretName: {{ .tlsSecret }} - {{- end }} - {{- end }} + {{- range .Values.ingress.hosts }} + {{- if .tls }} + - hosts: + {{- if .tlsHosts }} + {{- range $host := .tlsHosts }} + - {{ $host }} + {{- end }} + {{- else }} + - {{ .name }} + {{- end }} + secretName: {{ .tlsSecret }} + {{- end }} + {{- end }} {{- end }} diff --git a/bitnami/tomcat/templates/pvc.yaml b/bitnami/tomcat/templates/pvc.yaml index a42d4f6a61..283a54505b 100644 --- a/bitnami/tomcat/templates/pvc.yaml +++ b/bitnami/tomcat/templates/pvc.yaml @@ -3,16 +3,14 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "tomcat.fullname" . }} - labels: - app: {{ template "tomcat.fullname" . }} - chart: {{ template "tomcat.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + labels: {{- include "tomcat.labels" . | nindent 4 }} annotations: volume.alpha.kubernetes.io/storage-class: {{ ternary "default" (trimPrefix "storageClassName: " (include "tomcat.storageClass" .)) (empty (include "tomcat.storageClass" .)) }} spec: accessModes: - - {{ .Values.persistence.accessMode | quote }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} diff --git a/bitnami/tomcat/templates/secrets.yaml b/bitnami/tomcat/templates/secrets.yaml index acc6e94a07..d6cf322caf 100644 --- a/bitnami/tomcat/templates/secrets.yaml +++ b/bitnami/tomcat/templates/secrets.yaml @@ -2,15 +2,11 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "tomcat.fullname" . }} - labels: - app: {{ template "tomcat.fullname" . }} - chart: {{ template "tomcat.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + labels: {{- include "tomcat.labels" . | nindent 4 }} type: Opaque data: - {{ if .Values.tomcatPassword }} + {{- if .Values.tomcatPassword }} tomcat-password: {{ default "" .Values.tomcatPassword | b64enc | quote }} - {{ else }} + {{- else }} tomcat-password: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} + {{- end }} diff --git a/bitnami/tomcat/templates/svc.yaml b/bitnami/tomcat/templates/svc.yaml index d251388496..1102e6a67b 100644 --- a/bitnami/tomcat/templates/svc.yaml +++ b/bitnami/tomcat/templates/svc.yaml @@ -2,25 +2,25 @@ apiVersion: v1 kind: Service metadata: name: {{ template "tomcat.fullname" . }} - labels: - app: {{ template "tomcat.fullname" . }} - chart: {{ template "tomcat.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + labels: {{- include "tomcat.labels" . | nindent 4 }} + {{- if .Values.service.annotations }} + annotations: {{- include "tomcat.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} ports: - name: http port: {{ .Values.service.port }} targetPort: http - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}} - nodePort: {{ .Values.service.nodePorts.http }} + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null {{- end }} - selector: - app: {{ template "tomcat.fullname" . }} + selector: {{- include "tomcat.matchLabels" . | nindent 4 }} diff --git a/bitnami/tomcat/values.yaml b/bitnami/tomcat/values.yaml index 674e078d83..05ae888f31 100644 --- a/bitnami/tomcat/values.yaml +++ b/bitnami/tomcat/values.yaml @@ -51,20 +51,20 @@ volumePermissions: ## # pullSecrets: # - myRegistryKeySecretName - resources: {} - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Specify a imagePullPolicy -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images -## -imagePullPolicy: IfNotPresent + ## Init container' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi ## Admin user ## ref: https://github.com/bitnami/bitnami-docker-tomcat#creating-a-custom-user @@ -81,54 +81,116 @@ tomcatUsername: user ## tomcatAllowRemoteManagement: 0 -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer +## Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## -service: - type: LoadBalancer - # HTTP Port - port: 80 - ## - ## loadBalancerIP: - ## nodePorts: - ## http: - ## https: - nodePorts: - http: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster +podAnnotations: {} + +## Additional pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Tomcat containers' resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 500m + # memory: 1Gi + requests: + cpu: 300m + memory: 512Mi ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: - enabled: true - ## If defined, volume.beta.kubernetes.io/storage-class: - ## Default: volume.alpha.kubernetes.io/storage-class: default + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size ## - # storageClass: - accessMode: ReadWriteOnce size: 8Gi -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## Service parameters ## -resources: - requests: - memory: 512Mi - cpu: 300m +service: + ## Service type + ## + type: LoadBalancer + ## HTTP port + ## + port: 80 + ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## Tomcat installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ +## Ingress parameters ## ingress: ## Set to true to enable ingress record generation + ## enabled: false ## Set this to true in order to add the corresponding annotations for cert-manager + ## certManager: false ## Ingress annotations done as key:value pairs @@ -137,30 +199,28 @@ ingress: ## ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + ## annotations: # kubernetes.io/ingress.class: nginx ## The list of hostnames to be covered with this ingress record. ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + ## hosts: - - name: tomcat.local - path: / + - name: tomcat.local + path: / - ## Set this to true in order to enable TLS on the ingress record - tls: false + ## Set this to true in order to enable TLS on the ingress record + ## + tls: false - ## Optionally specify the TLS hosts for the ingress record - ## Useful when the Ingress controller supports www-redirection - ## If not specified, the above host name will be used - # tlsHosts: - # - www.tomcat.local - # - tomcat.local + ## Optionally specify the TLS hosts for the ingress record + ## Useful when the Ingress controller supports www-redirection + ## If not specified, the above host name will be used + # tlsHosts: + # - www.tomcat.local + # - tomcat.local - ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS - tlsSecret: tomcat.local-tls - - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + ## + tlsSecret: tomcat.local-tls