charts/bitnami/redmine

Redmine

Redmine is a free and open source, web-based project management and issue tracking tool.

TL;DR;

$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/redmine

Introduction

This chart bootstraps a Redmine deployment on a Kubernetes cluster using the Helm package manager.

It also packages the Bitnami MariaDB chart and the PostgreSQL chart which are required for bootstrapping a MariaDB/PostgreSQL deployment for the database requirements of the Redmine application.

Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the BKPR.

Prerequisites

• Kubernetes 1.12+
• Helm 2.12+ or Helm 3.0-beta3+
• PV provisioner support in the underlying infrastructure
• ReadWriteMany volumes for deployment scaling

Installing the Chart

To install the chart with the release name my-release:

$ helm install my-release bitnami/redmine

The command deploys Redmine on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip

: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.

Using PostgreSQL instead of MariaDB

This chart includes the option to use a PostgreSQL database for Redmine instead of MariaDB. To use this, set the databaseType parameter to postgresql:

helm install my-release bitnami/redmine --set databaseType=postgresql

Parameters

The following table lists the configurable parameters of the Redmine chart and their default values.

Parameter	Description	Default
global.imageRegistry	Global Docker image registr y	nil
global.imagePullSecrets	Global Docker registry secret names as an array	[] (does not add image pull secrets to deployed pods)
global.storageClass	Global storage class for dynamic provisioning	nil
image.registry	Redmine image registry	docker.io
image.repository	Redmine image name	bitnami/redmine
image.tag	Redmine image tag	{TAG_NAME}
image.pullPolicy	Image pull policy	IfNotPresent
image.pullSecrets	Specify docker-registry secret names as an array	[] (does not add image pull secrets to deployed pods)
nameOverride	String to partially override redmine.fullname template	nil
fullnameOverride	String to fully override redmine.fullname template	nil
updateStrategy.type	Update strategy to use for the deployment	RollingUpdate
redmineUsername	User of the application	user
redminePassword	Application password	random 10 character long alphanumeric string
redmineEmail	Admin email	user@example.com
redmineLanguage	Redmine default data language	en
extraVars	Environment variables, passed to redmine	nil
smtpHost	SMTP host	nil
smtpPort	SMTP port	nil
smtpUser	SMTP user	nil
smtpPassword	SMTP password	nil
smtpTls	Use TLS encryption with SMTP	nil
existingSecret	Use existing secret for password details (redminePassword, smtpPassword and externalDatabase.password will be ignored and picked up from this secret). It must contain the keys redmine-password and smtp-password when postgresql.enabled=true or mariadb.enabled=true. In case postgresql.enabled=false and mariadb.enabled=false it must contain the key external-db-password	nil
databaseType	Select database type	mariadb (allowed values: "mariadb" and "postgresql")
mariadb.enabled	Whether to deploy a MariaDB server to satisfy the database requirements	true
mariadb.existingSecret	Optional secret storing the MariaDB passwords	nil
mariadb.rootUser.password	MariaDB admin password	nil
postgresql.enabled	Whether to deploy a PostgreSQL server to satisfy the database requirements	false
postgresql.postgresqlDatabase	PostgreSQL database	bitnami_redmine
postgresql.postgresqlUsername	PostgreSQL user	bn_redmine
postgresql.postgresqlPassword	PostgreSQL password	nil
externalDatabase.host	Host of the external database	localhost
externalDatabase.name	Name of the external database	localhost
externalDatabase.user	External db user	user
externalDatabase.password	Password for the db user	""
externalDatabase.port	Database port number	3306
service.type	Kubernetes Service type	LoadBalancer
service.port	Service HTTP port	80
service.nodePorts.http	Kubernetes http node port	""
service.externalTrafficPolicy	Enable client source IP preservation	Cluster
service.loadBalancerIP	LoadBalancer service IP address	""
service.loadBalancerSourceRanges	An array of load balancer sources	0.0.0.0/0
serviceAccount.create	Specifies whether a ServiceAccount should be created	false
serviceAccount.name	The name of the ServiceAccount to create	Generated using the redmine.fullname macro
ingress.enabled	Enable ingress controller resource	false
ingress.certManager	Add annotations for cert-manager	false
ingress.hostname	Default host for the ingress resource	redmine.local
ingress.tls	Enable TLS configuration	false
ingress.annotations	Ingress annotations	{}
ingress.extraHosts[0].name	Extra hosts for your Redmine installation	nil
ingress.extraHosts[0].path	Path within the url structure	nil
ingress.extraTls[0].hosts[0]	Extra TLS hosts	nil
ingress.extraTls[0].secretName	TLS Secret (certificates) for extra TLS hosts	nil
ingress.secrets[0].name	TLS Secret Name	nil
ingress.secrets[0].certificate	TLS Secret Certificate	nil
ingress.secrets[0].key	TLS Secret Key	nil
nodeSelector	Node labels for pod assignment	{} (The value is evaluated as a template)
tolerations	List of node taints to tolerate	[] (The value is evaluated as a template)
affinity	Map of node/pod affinities	{} (The value is evaluated as a template)
podAnnotations	Pod annotations	{}
persistence.enabled	Enable persistence using PVC	true
persistence.existingClaim	The name of an existing PVC	nil
persistence.storageClass	PVC Storage Class	nil (uses alpha storage class annotation)
persistence.accessMode	PVC Access Mode	ReadWriteOnce
persistence.size	PVC Storage Request	8Gi
podDisruptionBudget.enabled	Pod Disruption Budget toggle	false
podDisruptionBudget.minAvailable	Minimum available pods	nil
podDisruptionBudget.maxUnavailable	Maximum unavailable pods	nil
replicas	The number of pod replicas	1
resources	Resources allocation (Requests and Limits)	{}
securityContext	SecurityContext	{}
livenessProbe.enabled	would you like a livenessProbe to be enabled	true
livenessProbe.initialDelaySeconds	Delay before liveness probe is initiated	300
livenessProbe.periodSeconds	How often to perform the probe	10
livenessProbe.timeoutSeconds	When the probe times out	5
livenessProbe.successThreshold	Minimum consecutive successes for the probe	1
livenessProbe.failureThreshold	Minimum consecutive failures for the probe	3
readinessProbe.enabled	would you like a readinessProbe to be enabled	true
readinessProbe.initialDelaySeconds	Delay before readiness probe is initiated	5
readinessProbe.periodSeconds	How often to perform the probe	10
readinessProbe.timeoutSeconds	When the probe times out	1
readinessProbe.successThreshold	Minimum consecutive successes for the probe	1
readinessProbe.failureThreshold	Minimum consecutive failures for the probe	3
mailReceiver.enabled	Whether to enable scheduled mail-to-task CronJob	false
mailReceiver.schedule	Kubernetes CronJob schedule	*/5 * * * *
mailReceiver.suspend	Whether to create suspended CronJob	true
mailReceiver.image.registry	Mail to Task image registry	docker.io
mailReceiver.image.repository	Mail to Task image repository	bitnami/redmine
mailReceiver.image.tag	Mail to Task image tag	{TAG_NAME}
mailReceiver.image.pullPolicy	Mail to Task image pull policy	IfNotPresent
mailReceiver.mailProtocol	Mail protocol to use for reading emails: IMAP or POP3	IMAP
mailReceiver.host	Server to receive emails from	""
mailReceiver.port	TCP port on the host	143
mailReceiver.username	Login to authenticate on the host	""
mailReceiver.password	Password to authenticate on the host	""
mailReceiver.ssl	Whether use SSL/TLS to connect to the host	true
mailReceiver.startTLS	Whether use StartTLS to connect to the host	false
mailReceiver.imapFolder	IMAP only. Folder to read emails from	INBOX
mailReceiver.moveOnsuccess	IMAP only. Folder to move processed emails to	""
mailReceiver.moveOnFailure	IMAP only. Folder to move emails with processing errors to	""
mailReceiver.unknownUserAction	Action to perform is an email received from unregistered user	ignore
mailReceiver.noPermissionCheck	Whether skip permission check during creating a new task	0
mailReceiver.noAccountNotice	Whether send an email to an unregistered user created during a new task creation	1
mailReceiver.defaultGroup	Defines a group list to add created user to	""
mailReceiver.project	Defines identifier of the target project for a new task	""
mailReceiver.projectFromSubaddress	Defines email address to select project from subaddress	""
mailReceiver.status	Defines a new task status	""
mailReceiver.tracker	Defines a new task tracker	""
mailReceiver.category	Defines a new task category	""
mailReceiver.priority	Defines a new task priority	""
mailReceiver.assignedTo	Defines a new task priority	""
mailReceiver.allowOverride	Defines if email content is allowed to set attributes values. Values is a comma separated list of attributes or all to alllow all attributes	""
certificates.customCertificate.certificateSecret	Secret containing the certificate and key to add	""
certificates.customCertificate.chainSecret.name	Name of the secret containing the certificate chain	""
certificates.customCertificate.chainSecret.key	Key of the certificate chain file inside the secret	""
certificates.customCertificate.certificateLocation	Location in the container to store the certificate	/etc/ssl/certs/ssl-cert-snakeoil.pem
certificates.customCertificate.keyLocation	Location in the container to store the private key	/etc/ssl/private/ssl-cert-snakeoil.key
certificates.customCertificate.chainLocation	Location in the container to store the certificate chain	/etc/ssl/certs/chain.pem
certificates.customCA	Defines a list of secrets to import into the container trust store	[]
certificates.image.registry	Container sidecar registry	docker.io
certificates.image.repository	Container sidecar image	bitnami/minideb
certificates.image.tag	Container sidecar image tag	buster
certificates.image.pullPolicy	Container sidecar image pull policy	IfNotPresent
certificates.image.pullSecrets	Container sidecar image pull secrets	image.pullSecrets
certificates.extraEnvVars	Container sidecar extra environment variables (eg proxy)	[]

The above parameters map to the env variables defined in bitnami/redmine. For more information please refer to the bitnami/redmine image documentation.

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install my-release \
  --set redmineUsername=admin,redminePassword=password,mariadb.mariadbRootPassword=secretpassword \
    bitnami/redmine

The above command sets the Redmine administrator account username and password to admin and password respectively. Additionally, it sets the MariaDB root user password to secretpassword.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

$ helm install my-release -f values.yaml bitnami/redmine

Tip

: You can use the default values.yaml

Configuration and installation details

Rolling VS Immutable tags

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

Replicas

Redmine writes uploaded files to a persistent volume. By default that volume cannot be shared between pods (RWO). In such a configuration the replicas option must be set to 1. If the persistent volume supports more than one writer (RWX), ie NFS, replicas can be greater than 1.

Persistence

The Bitnami Redmine image stores the Redmine data and configurations at the /bitnami/redmine path of the container.

Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. The volume is created using dynamic volume provisioning. Clusters configured with NFS mounts require manually managed volumes and claims.

See the Parameters section to configure the PVC or to disable persistence.

Existing PersistentVolumeClaims

The following example includes two PVCs, one for Redmine and another for MariaDB.

1. Create the PersistentVolume
2. Create the PersistentVolumeClaim
3. Create the directory, on a worker
4. Install the chart

$ helm install test --set persistence.existingClaim=PVC_REDMINE,mariadb.persistence.existingClaim=PVC_MARIADB bitnami/redmine

Certificates

CA Certificates

Custom CA certificates not included in the base docker image can be added with the following configuration. The secret must exist in the same namespace as the deployment. Will load all certificates files it finds in the secret.

certificates:
  customCAs:
  - secret: my-ca-1
  - secret: my-ca-2

Secret

Secret can be created with:

kubectl create secret generic my-ca-1 --from-file my-ca-1.crt

TLS Certificate

A web server TLS Certificate can be injected into the container with the following configuration. The certificate will be stored at the location specified in the certificateLocation value.

certificates:
  customCertificate:
    certificateSecret: my-secret
    certificateLocation: /ssl/server.pem
    keyLocation: /ssl/key.pem
    chainSecret:
      name: my-cert-chain
      key: chain.pem

Secret

The certificate tls secret can be created with:

kubectl create secret tls my-secret --cert tls.crt --key tls.key

The certificate chain is created with:

kubectl create secret generic my-cert-chain --from-file chain.pem

Upgrading

14.0.0

• Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
• The databaseType parameters is no longer an object but a string. Allowed values are "mariadb" and "postgresql".
• Ingress configuration was standardized to simplify the way to configure the main host.
• Ports names were prefixed with the protocol to comply with Istio (see https://istio.io/docs/ops/deployment/requirements/).

13.0.0

Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.

In https://github.com/helm/charts/pull/17309 the apiVersion of the deployment resources was updated to apps/v1 in tune with the api's deprecated, resulting in compatibility breakage.

This major version signifies this change.

To 5.0.0

Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is redmine:

$ kubectl patch deployment redmine-redmine --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
# If using postgresql as database
$ kubectl patch deployment redmine-postgresql --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
# If using mariadb as database
$ kubectl delete statefulset redmine-mariadb --cascade=false