sundowndev
/
flux-get-started
mirror of https://github.com/sundowndev/flux-get-started.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update HelmReleases for Kubernetes 1.16

master
stefanprodan 2020-01-07 11:47:10 +02:00
parent 4cacd57ddd
commit 1927888a36
19 changed files with 847 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.circleci/config.yml
View File

@ -2,7 +2,7 @@ version: 2.1
jobs: jobs:
validate-yamls: validate-yamls:
docker: docker:
- image: stefanprodan/hrval:v2.6.0 - image: stefanprodan/hrval:v2.9.0
steps: steps:
- checkout - checkout
- run: - run:
@ -15,7 +15,7 @@ jobs:
name: Validate releases name: Validate releases
environment: environment:
IGNORE_VALUES: "false" IGNORE_VALUES: "false"
KUBE_VER: "1.15.0" KUBE_VER: "1.16.0"
HELM_VER: "v2" HELM_VER: "v2"
command: | command: |
hrval releases/ $IGNORE_VALUES $KUBE_VER $HELM_VER hrval releases/ $IGNORE_VALUES $KUBE_VER $HELM_VER

8
charts/ghost/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1
name: ghost name: ghost
version: 2.1.16 version: 9.0.4
appVersion: 1.21.5 appVersion: 3.1.1
description: A simple, powerful publishing platform that allows you to share your description: A simple, powerful publishing platform that allows you to share your stories with the world
stories with the world
keywords: keywords:
- ghost - ghost
- blog - blog

8
charts/ghost/OWNERS
View File

@ -2,7 +2,15 @@ approvers:
- prydonius - prydonius
- tompizmor - tompizmor
- sameersbn - sameersbn
- carrodher
- javsalgar
- juan131
- miguelaeh
reviewers: reviewers:
- prydonius - prydonius
- tompizmor - tompizmor
- sameersbn - sameersbn
- carrodher
- javsalgar
- juan131
- miguelaeh

153
charts/ghost/README.md
View File

@ -14,10 +14,14 @@ This chart bootstraps a [Ghost](https://github.com/bitnami/bitnami-docker-ghost)
It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Ghost application. It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Ghost application.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
## Prerequisites ## Prerequisites
- Kubernetes 1.4+ with Beta APIs enabled - Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure - PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart ## Installing the Chart
@ -27,7 +31,7 @@ To install the chart with the release name `my-release`:
$ helm install --name my-release stable/ghost $ helm install --name my-release stable/ghost
``` ```
The command deploys Ghost on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. The command deploys Ghost on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -41,37 +45,79 @@ $ helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release. The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration ## Parameters
The following tables lists the configurable parameters of the Ghost chart and their default values. The following table lists the configurable parameters of the Ghost chart and their default values.
| Parameter | Description | Default | | Parameter | Description | Default |
|-------------------------------|---------------------------------------------------------------|----------------------------------------------------------| |-------------------------------------|---------------------------------------------------------------|----------------------------------------------------------|
| `image` | Ghost image | `bitnami/ghost:{VERSION}` | | `global.imageRegistry` | Global Docker image registry | `nil` |
| `imagePullPolicy` | Image pull policy | `Always` if `image` tag is `latest`, else `IfNotPresent` | | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `ghostHost` | Ghost host to create application URLs | `nil` | | `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `ghostPort` | Ghost port to create application URLs along with host | `80` | | `image.registry` | Ghost image registry | `docker.io` |
| `ghostLoadBalancerIP` | `loadBalancerIP` for the Ghost Service | `nil` | | `image.repository` | Ghost Image name | `bitnami/ghost` |
| `ghostUsername` | User of the application | `user@example.com` | | `image.tag` | Ghost Image tag | `{TAG_NAME}` |
| `ghostPassword` | Application password | Randomly generated | | `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `ghostEmail` | Admin email | `user@example.com` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `ghostBlogTitle` | Ghost Blog name | `User's Blog` | | `nameOverride` | String to partially override ghost.fullname template with a string (will prepend the release name) | `nil` |
| `allowEmptyPassword` | Allow DB blank passwords | `yes` | | `fullnameOverride` | String to fully override ghost.fullname template with a string | `nil` |
| `externalDatabase.host` | Host of the external database | `nil` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `externalDatabase.user` | Existing username in the external db | `bn_ghost` | | `volumePermissions.image.repository`| Init container volume-permissions image name | `bitnami/minideb` |
| `externalDatabase.password` | Password for the above username | `nil` | | `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` |
| `externalDatabase.database` | Name of the existing database | `bitnami_ghost` | | `volumePermissions.image.pullPolicy`| Init container volume-permissions image pull policy | `Always` |
| `mariadb.enabled` | Whether or not to install MariaDB (disable if using external) | `true` | | `ghostHost` | Ghost host to create application URLs | `nil` |
| `mariadb.mariadbRootPassword` | MariaDB admin password | `nil` | | `ghostPort` | Ghost port to use in application URLs (defaults to `service.port` if `nil`) | `nil` |
| `mariadb.mariadbDatabase` | MariaDB Database name to create | `bitnami_ghost` | | `ghostProtocol` | Protocol (http or https) to use in the application URLs | `http` |
| `mariadb.mariadbUser` | MariaDB Database user to create | `bn_ghost` | | `ghostPath` | Ghost path to create application URLs | `nil` |
| `mariadb.mariadbPassword` | MariaDB Password for user | _random 10 character long alphanumeric string_ | | `ghostUsername` | User of the application | `user@example.com` |
| `serviceType` | Kubernetes Service type | `LoadBalancer` | | `ghostPassword` | Application password | Randomly generated |
| `persistence.enabled` | Enable persistence using PVC | `true` | | `ghostEmail` | Admin email | `user@example.com` |
| `persistence.storageClass` | PVC Storage Class for Ghost volume | `nil` (uses alpha storage annotation) | | `ghostBlogTitle` | Ghost Blog name | `User's Blog` |
| `persistence.accessMode` | PVC Access Mode for Ghost volume | `ReadWriteOnce` | | `smtpHost` | SMTP host | `nil` |
| `persistence.size` | PVC Storage Request for Ghost volume | `8Gi` | | `smtpPort` | SMTP port | `nil` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | | `smtpUser` | SMTP user | `nil` |
| `smtpPassword` | SMTP password | `nil` |
| `smtpFromAddress` | SMTP from address | `nil` |
| `smtpService` | SMTP service | `nil` |
| `allowEmptyPassword` | Allow DB blank passwords | `yes` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.loadBalancerIP` | LoadBalancerIP for the Ghost service | `` |
| `service.annotations` | Service annotations | `` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.annotations` | Ingress annotations | `[]` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hosts[0].name` | Hostname to your Ghost installation | `ghost.local` |
| `ingress.hosts[0].path` | Path within the url structure | `/` |
| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` |
| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` |
| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `ghost.local-tls-secret` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
| `externalDatabase.host` | Host of the external database | `localhost` |
| `externalDatabase.port` | Port of the external database | `3306` |
| `externalDatabase.user` | Existing username in the external db | `bn_ghost` |
| `externalDatabase.password` | Password for the above username | `""` |
| `externalDatabase.database` | Name of the existing database | `bitnami_ghost` |
| `mariadb.enabled` | Whether or not to install MariaDB (disable if using external) | `true` |
| `mariadb.rootUser.password` | MariaDB admin password | `nil` |
| `mariadb.db.name` | MariaDB Database name to create | `bitnami_ghost` |
| `mariadb.db.user` | MariaDB Database user to create | `bn_ghost` |
| `mariadb.db.password` | MariaDB Password for user | _random 10 character long alphanumeric string_ |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for Ghost volume | `nil` (uses alpha storage annotation) |
| `persistence.accessMode` | PVC Access Mode for Ghost volume | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request for Ghost volume | `8Gi` |
| `persistence.path` | Path to mount the volume at, to use other images | `/bitnami` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
| `nodeSelector` | Node selector for pod assignment | `{}` |
| `affinity` | Map of node/pod affinities | `{}` |
The above parameters map to the env variables defined in [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost). For more information please refer to the [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost) image documentation. The above parameters map to the env variables defined in [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost). For more information please refer to the [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost) image documentation.
@ -87,7 +133,7 @@ The above parameters map to the env variables defined in [bitnami/ghost](http://
> $ gcloud compute addresses create ghost-public-ip > $ gcloud compute addresses create ghost-public-ip
> ``` > ```
> >
> The reserved IP address can be associated to the Ghost service by specifying it as the value of the `ghostLoadBalancerIP` parameter while installing the chart. > The reserved IP address can be assigned to the Ghost service by specifying it as the value of the `ghostLoadBalancerIP` parameter while installing the chart.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@ -97,7 +143,7 @@ $ helm install --name my-release \
stable/ghost stable/ghost
``` ```
The above command sets the Ghost administrator account username and password to `admin` and `password` respectively. Additionally it sets the MariaDB `root` user password to `secretpassword`. The above command sets the Ghost administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
@ -107,13 +153,24 @@ $ helm install --name my-release -f values.yaml stable/ghost
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Using an existing database ## Configuration and installation details
Sometimes you may want to have Ghost connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#configuration). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example: ### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Using an existing database
Sometimes you may want to have Ghost connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example using the following parameters:
```console ```console
$ helm install stable/ghost \ mariadb.enabled=false
--set mariadb.enabled=false,externalDatabase.host=myexternalhost,externalDatabase.user=myuser,externalDatabase.password=mypassword,externalDatabase.database=mydatabase externalDatabase.host=myexternalhost
externalDatabase.user=myuser
externalDatabase.password=mypassword
externalDatabase.database=mydatabase
``` ```
## Persistence ## Persistence
@ -121,4 +178,24 @@ $ helm install stable/ghost \
The [Bitnami Ghost](https://github.com/bitnami/bitnami-docker-ghost) image stores the Ghost data and configurations at the `/bitnami/ghost` and `/bitnami/apache` paths of the container. The [Bitnami Ghost](https://github.com/bitnami/bitnami-docker-ghost) image stores the Ghost data and configurations at the `/bitnami/ghost` and `/bitnami/apache` paths of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Configuration](#configuration) section to configure the PVC or to disable persistence. See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
## Upgrading
### To 9.0.0
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
In https://github.com/helm/charts/pulls/17297 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
This major version signifies this change.
### To 5.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is ghost:
```console
$ kubectl patch deployment ghost-ghost --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
$ kubectl delete statefulset ghost-mariadb --cascade=false
```

6
charts/ghost/requirements.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: mariadb - name: mariadb
repository: https://kubernetes-charts.storage.googleapis.com/ repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.7.0 version: 7.2.1
digest: sha256:f59f68030aa5c50b9e776b813804875fac911f91c2aa384e991f37a795c5ae34 digest: sha256:27bef733eb099a7377055cfe2c48e013bd4d55650ff18b50138c80488c812b0b
generated: 2017-11-27T16:40:56.867665764Z generated: 2019-12-04T15:22:06.772062948Z

4
charts/ghost/requirements.yaml
View File

@ -1,5 +1,7 @@
dependencies: dependencies:
- name: mariadb - name: mariadb
version: 0.7.0 version: 7.x.x
repository: https://kubernetes-charts.storage.googleapis.com/ repository: https://kubernetes-charts.storage.googleapis.com/
condition: mariadb.enabled condition: mariadb.enabled
tags:
- ghost-database

41
charts/ghost/templates/NOTES.txt
View File

@ -8,43 +8,47 @@ host. To configure Ghost with the URL of your service:
1. Get the Ghost URL by running: 1. Get the Ghost URL by running:
{{- if contains "NodePort" .Values.serviceType }} {{- if contains "NodePort" .Values.service.type }}
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
{{- else if contains "LoadBalancer" .Values.serviceType }} {{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available. NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "ghost.fullname" . }}' Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "ghost.fullname" . }}'
export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode)
{{- if .Values.mariadb.mariadbRootPassword }}
export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
{{- end }} {{- end }}
{{- end }}
export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode)
2. Complete your Ghost deployment by running: 2. Complete your Ghost deployment by running:
helm upgrade {{ .Release.Name }} \ helm upgrade {{ .Release.Name }} stable/{{ .Chart.Name }} \
--set serviceType={{ .Values.serviceType }},ghostHost=$APP_HOST stable/ghost --set service.type={{ .Values.service.type }},ghostHost=$APP_HOST,ghostPassword=$APP_PASSWORD,{{ if .Values.mariadb.mariadbRootPassword }},mariadb.mariadbRootPassword=$DATABASE_ROOT_PASSWORD{{ end }}mariadb.db.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- else -}} {{- else -}}
1. Get the Ghost URL by running: 1. Get the Ghost URL by running:
{{- if eq .Values.serviceType "ClusterIP" }} {{- if eq .Values.service.type "ClusterIP" }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ghost.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") echo Blog URL : http://127.0.0.1:{{ default "80" .Values.service.port }}{{ .Values.ghostPath }}
echo Blog URL : http://127.0.0.1:{{ default "80" .Values.ghostPort }}/ echo Admin URL : http://127.0.0.1:{{ default "80" .Values.service.port }}{{ .Values.ghostPath }}ghost
echo Admin URL : http://127.0.0.1:{{ default "80" .Values.ghostPort }}/ghost kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "ghost.fullname" . }} {{ default "80" .Values.service.port }}:2368
kubectl port-forward $POD_NAME {{ default "80" .Values.ghostPort }}:2368
{{- else if eq .Values.serviceType "NodePort" }} {{- else if eq .Values.service.type "NodePort" }}
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export APP_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }}) export APP_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ghost.fullname" . }})
echo Blog URL : http://$APP_HOST:$APP_PORT/ echo Blog URL : http://$APP_HOST:$APP_PORT{{ .Values.ghostPath }}
echo Admin URL : http://$APP_HOST:$APP_PORT/ghost echo Admin URL : http://$APP_HOST:$APP_PORT{{ .Values.ghostPath }}ghost
{{- else }} {{- else }}
echo Blog URL : http://{{ include "ghost.host" . }}/ echo Blog URL : http://{{ include "ghost.host" . }}
echo Admin URL : http://{{ include "ghost.host" . }}/ghost echo Admin URL : http://{{ include "ghost.host" . }}ghost
{{- end }} {{- end }}
2. Get your Ghost login credentials by running: 2. Get your Ghost login credentials by running:
@ -52,3 +56,10 @@ host. To configure Ghost with the URL of your service:
echo Email: {{ .Values.ghostEmail }} echo Email: {{ .Values.ghostEmail }}
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode) echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode)
{{- end }} {{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}

153
charts/ghost/templates/_helpers.tpl
View File

@ -9,11 +9,20 @@ Expand the name of the chart.
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "ghost.fullname" -}} {{- define "ghost.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}} {{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
@ -28,10 +37,10 @@ Get the user defined LoadBalancerIP for this release.
Note, returns 127.0.0.1 if using ClusterIP. Note, returns 127.0.0.1 if using ClusterIP.
*/}} */}}
{{- define "ghost.serviceIP" -}} {{- define "ghost.serviceIP" -}}
{{- if eq .Values.serviceType "ClusterIP" -}} {{- if eq .Values.service.type "ClusterIP" -}}
127.0.0.1 127.0.0.1
{{- else -}} {{- else -}}
{{- index .Values (printf "%sLoadBalancerIP" .Chart.Name) | default "" -}} {{- .Values.service.loadBalancerIP | default "" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@ -40,6 +49,144 @@ Gets the host to be used for this application.
If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty.
*/}} */}}
{{- define "ghost.host" -}} {{- define "ghost.host" -}}
{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} {{- if .Values.ghostHost -}}
{{- $host := printf "%s%s" .Values.ghostHost .Values.ghostPath -}}
{{- default (include "ghost.serviceIP" .) $host -}} {{- default (include "ghost.serviceIP" .) $host -}}
{{- else -}}
{{- default (include "ghost.serviceIP" .) "" -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ghost.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper Ghost image name
*/}}
{{- define "ghost.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name to change the volume permissions
*/}}
{{- define "ghost.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "ghost.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "ghost.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "ghost.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}} {{- end -}}

109
charts/ghost/templates/deployment.yaml
View File

@ -1,32 +1,45 @@
{{- if include "ghost.host" . -}} {{- if include "ghost.host" . -}}
apiVersion: extensions/v1beta1 apiVersion: {{ template "ghost.deployment.apiVersion" . }}
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ template "ghost.fullname" . }} name: {{ template "ghost.fullname" . }}
labels: labels:
app: {{ template "ghost.fullname" . }} app: "{{ template "ghost.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ template "ghost.chart" . }}"
release: "{{ .Release.Name }}" release: {{ .Release.Name | quote }}
heritage: "{{ .Release.Service }}" heritage: {{ .Release.Service | quote }}
spec: spec:
selector:
matchLabels:
app: "{{ template "ghost.fullname" . }}"
release: {{ .Release.Name | quote }}
replicas: 1 replicas: 1
template: template:
metadata: metadata:
labels: labels:
app: {{ template "ghost.fullname" . }} app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
spec: spec:
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- else }}
initContainers: initContainers:
- name: volume-permissions - name: volume-permissions
image: "{{ .Values.volumePermissions.image.name }}:{{ .Values.volumePermissions.image.tag }}" image: {{ template "ghost.volumePermissions.image" . }}
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
command: ['sh', '-c', 'chmod -R g+rwX /bitnami'] command: ['sh', '-c', 'chmod -R g+rwX {{ .Values.persistence.path }}']
volumeMounts: volumeMounts:
- mountPath: /bitnami - mountPath: {{ .Values.persistence.path }}
name: ghost-data name: ghost-data
{{- end }}
{{- include "ghost.imagePullSecrets" . | indent 6 }}
containers: containers:
- name: {{ template "ghost.fullname" . }} - name: {{ template "ghost.fullname" . }}
image: "{{ .Values.image }}" image: {{ template "ghost.image" . }}
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env: env:
- name: ALLOW_EMPTY_PASSWORD - name: ALLOW_EMPTY_PASSWORD
{{- if .Values.allowEmptyPassword }} {{- if .Values.allowEmptyPassword }}
@ -38,21 +51,25 @@ spec:
{{- if .Values.mariadb.enabled }} {{- if .Values.mariadb.enabled }}
value: {{ template "ghost.mariadb.fullname" . }} value: {{ template "ghost.mariadb.fullname" . }}
{{- else }} {{- else }}
value: {{ default "" .Values.externalDatabase.host | quote }} value: {{ .Values.externalDatabase.host | quote }}
{{- end }} {{- end }}
- name: MARIADB_PORT_NUMBER - name: MARIADB_PORT_NUMBER
{{- if .Values.mariadb.enabled }}
value: "3306" value: "3306"
{{- else }}
value: {{ .Values.externalDatabase.port | quote }}
{{- end }}
- name: GHOST_DATABASE_NAME - name: GHOST_DATABASE_NAME
{{- if .Values.mariadb.enabled }} {{- if .Values.mariadb.enabled }}
value: {{ default "" .Values.mariadb.mariadbDatabase | quote }} value: {{ .Values.mariadb.db.name | quote }}
{{- else }} {{- else }}
value: {{ default "" .Values.externalDatabase.database | quote }} value: {{ .Values.externalDatabase.database | quote }}
{{- end }} {{- end }}
- name: GHOST_DATABASE_USER - name: GHOST_DATABASE_USER
{{- if .Values.mariadb.enabled }} {{- if .Values.mariadb.enabled }}
value: {{ default "" .Values.mariadb.mariadbUser | quote }} value: {{ .Values.mariadb.db.user | quote }}
{{- else }} {{- else }}
value: {{ default "" .Values.externalDatabase.user | quote }} value: {{ .Values.externalDatabase.user | quote }}
{{- end }} {{- end }}
- name: GHOST_DATABASE_PASSWORD - name: GHOST_DATABASE_PASSWORD
{{- if .Values.mariadb.enabled }} {{- if .Values.mariadb.enabled }}
@ -61,56 +78,84 @@ spec:
name: {{ template "ghost.mariadb.fullname" . }} name: {{ template "ghost.mariadb.fullname" . }}
key: mariadb-password key: mariadb-password
{{- else }} {{- else }}
value: {{ default "" .Values.externalDatabase.password | quote }} value: {{ .Values.externalDatabase.password | quote }}
{{- end }} {{- end }}
- name: GHOST_HOST - name: GHOST_HOST
value: {{ include "ghost.host" . | quote }} value: {{ include "ghost.host" . | quote }}
- name: GHOST_PROTOCOL
value: {{ .Values.ghostProtocol | quote }}
- name: GHOST_PORT_NUMBER - name: GHOST_PORT_NUMBER
value: {{ default "80" .Values.ghostPort | quote }} {{- if .Values.ghostPort }}
value: {{ .Values.ghostPort | quote }}
{{- else }}
value: {{ .Values.service.port | quote }}
{{- end }}
- name: GHOST_USERNAME - name: GHOST_USERNAME
value: {{ default "" .Values.ghostUsername | quote }} value: {{ .Values.ghostUsername | quote }}
- name: GHOST_PASSWORD - name: GHOST_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ template "ghost.fullname" . }} name: {{ template "ghost.fullname" . }}
key: ghost-password key: ghost-password
- name: GHOST_EMAIL - name: GHOST_EMAIL
value: {{ default "" .Values.ghostEmail | quote }} value: {{ .Values.ghostEmail | quote }}
- name: BLOG_TITLE - name: BLOG_TITLE
value: {{ default "" .Values.ghostBlogTitle | quote }} value: {{ .Values.ghostBlogTitle | quote }}
{{- if .Values.smtpHost }}
- name: SMTP_HOST - name: SMTP_HOST
value: {{ default "" .Values.smtpHost | quote }} value: {{ .Values.smtpHost | quote }}
{{- end }}
{{- if .Values.smtpPort }}
- name: SMTP_PORT - name: SMTP_PORT
value: {{ default "" .Values.smtpPort | quote }} value: {{ .Values.smtpPort | quote }}
{{- end }}
{{- if .Values.smtpUser }}
- name: SMTP_USER - name: SMTP_USER
value: {{ default "" .Values.smtpUser | quote }} value: {{ .Values.smtpUser | quote }}
{{- end }}
{{- if .Values.smtpPassword }}
- name: SMTP_PASSWORD - name: SMTP_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ template "ghost.fullname" . }} name: {{ template "ghost.fullname" . }}
key: smtp-password key: smtp-password
{{- end }}
{{- if .Values.smtpFromAddress }}
- name: SMTP_FROM_ADDRESS
value: {{ .Values.smtpFromAddress | quote }}
{{- end }}
{{- if .Values.smtpService }}
- name: SMTP_SERVICE - name: SMTP_SERVICE
value: {{ default "" .Values.smtpService | quote }} value: {{ .Values.smtpService | quote }}
{{- end }}
ports: ports:
- name: http - name: http
containerPort: 2368 containerPort: 2368
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /ghost path: {{ .Values.ghostPath }}
port: http port: http
httpHeaders: httpHeaders:
- name: Host - name: Host
value: {{ include "ghost.host" . | quote }} value: {{ include "ghost.host" . | quote }}
{{- if eq .Values.ghostProtocol "https" }}
- name: X-Forwarded-Proto
value: https
{{- end }}
initialDelaySeconds: 120 initialDelaySeconds: 120
timeoutSeconds: 5 timeoutSeconds: 5
failureThreshold: 6 failureThreshold: 6
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /ghost path: {{ .Values.ghostPath }}
port: http port: http
httpHeaders: httpHeaders:
- name: Host - name: Host
value: {{ include "ghost.host" . | quote }} value: {{ include "ghost.host" . | quote }}
{{- if eq .Values.ghostProtocol "https" }}
- name: X-Forwarded-Proto
value: https
{{- end }}
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 3 timeoutSeconds: 3
periodSeconds: 5 periodSeconds: 5
@ -127,4 +172,12 @@ spec:
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}} {{- end -}}

43
charts/ghost/templates/ingress.yaml Executable file
View File

@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "ghost.fullname" . }}
labels:
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: {{ template "ghost.fullname" $ }}
servicePort: http
{{- end }}
tls:
{{- range .Values.ingress.hosts }}
{{- if .tls }}
- hosts:
{{- if .tlsHosts }}
{{- range $host := .tlsHosts }}
- {{ $host }}
{{- end }}
{{- else }}
- {{ .name }}
{{- end }}
secretName: {{ .tlsSecret }}
{{- end }}
{{- end }}
{{- end }}

16
charts/ghost/templates/pvc.yaml
View File

@ -4,21 +4,15 @@ apiVersion: v1
metadata: metadata:
name: {{ template "ghost.fullname" . }} name: {{ template "ghost.fullname" . }}
labels: labels:
app: {{ template "ghost.fullname" . }} app: "{{ template "ghost.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ template "ghost.chart" . }}"
release: "{{ .Release.Name }}" release: {{ .Release.Name | quote }}
heritage: "{{ .Release.Service }}" heritage: {{ .Release.Service | quote }}
spec: spec:
accessModes: accessModes:
- {{ .Values.persistence.accessMode | quote }} - {{ .Values.persistence.accessMode | quote }}
resources: resources:
requests: requests:
storage: {{ .Values.persistence.size | quote }} storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }} {{ include "ghost.storageClass" . }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end -}} {{- end -}}

16
charts/ghost/templates/secrets.yaml
View File

@ -3,15 +3,17 @@ kind: Secret
metadata: metadata:
name: {{ template "ghost.fullname" . }} name: {{ template "ghost.fullname" . }}
labels: labels:
app: {{ template "ghost.fullname" . }} app: "{{ template "ghost.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ template "ghost.chart" . }}"
release: "{{ .Release.Name }}" release: {{ .Release.Name | quote }}
heritage: "{{ .Release.Service }}" heritage: {{ .Release.Service | quote }}
type: Opaque type: Opaque
data: data:
{{ if .Values.ghostPassword }} {{- if .Values.ghostPassword }}
ghost-password: {{ .Values.ghostPassword | b64enc | quote }} ghost-password: {{ .Values.ghostPassword | b64enc | quote }}
{{ else }} {{- else }}
ghost-password: {{ randAlphaNum 10 | b64enc | quote }} ghost-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }} {{- end }}
{{- if .Values.smtpPassword }}
smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }} smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }}
{{- end }}

33
charts/ghost/templates/svc.yaml
View File

@ -3,18 +3,29 @@ kind: Service
metadata: metadata:
name: {{ template "ghost.fullname" . }} name: {{ template "ghost.fullname" . }}
labels: labels:
app: {{ template "ghost.fullname" . }} app: "{{ template "ghost.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ template "ghost.chart" . }}"
release: "{{ .Release.Name }}" release: {{ .Release.Name | quote }}
heritage: "{{ .Release.Service }}" heritage: {{ .Release.Service | quote }}
annotations:
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec: spec:
type: {{ .Values.serviceType }} type: {{ .Values.service.type }}
{{- if eq .Values.serviceType "LoadBalancer" }} {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
loadBalancerIP: {{ default "" .Values.ghostLoadBalancerIP }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }}
{{- end }} {{- end }}
ports: ports:
- name: http - name: http
port: {{ default "80" .Values.ghostPort }} port: {{ .Values.service.port }}
targetPort: http targetPort: http
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}}
nodePort: {{ .Values.service.nodePorts.http }}
{{- end }}
selector: selector:
app: {{ template "ghost.fullname" . }} app: "{{ template "ghost.fullname" . }}"

163
charts/ghost/values.schema.json Executable file
View File

@ -0,0 +1,163 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"ghostUsername": {
"type": "string",
"title": "User",
"form": true
},
"ghostPassword": {
"type": "string",
"title": "Password",
"form": true,
"description": "Defaults to a random 10-character alphanumeric string if not set"
},
"ghostEmail": {
"type": "string",
"title": "Admin email",
"form": true
},
"ghostBlogTitle": {
"type": "string",
"title": "Blog Name",
"form": true
},
"ghostHost": {
"type": "string",
"title": "Host",
"form": true,
"description": "Hostname used to generate application URLs"
},
"persistence": {
"type": "object",
"properties": {
"size": {
"type": "string",
"title": "Persistent Volume Size",
"form": true,
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi"
}
}
},
"mariadb": {
"type": "object",
"form": true,
"title": "MariaDB Details",
"properties": {
"enabled": {
"type": "boolean",
"title": "Use a new MariaDB database hosted in the cluster",
"form": true,
"description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database parameters"
},
"master": {
"type": "object",
"properties": {
"persistence": {
"type": "object",
"properties": {
"size": {
"type": "string",
"title": "Volume Size",
"form": true,
"hidden": {
"condition": false,
"value": "mariadb.enabled"
},
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi"
}
}
}
}
}
}
},
"externalDatabase": {
"type": "object",
"title": "External Database Details",
"description": "If MariaDB is disabled. Use this section to specify the external database details",
"form": true,
"properties": {
"host": {
"type": "string",
"form": true,
"title": "Database Host",
"hidden": "mariadb.enabled"
},
"user": {
"type": "string",
"form": true,
"title": "Database Username",
"hidden": "mariadb.enabled"
},
"password": {
"type": "string",
"form": true,
"title": "Database Password",
"hidden": "mariadb.enabled"
},
"database": {
"type": "string",
"form": true,
"title": "Database Name",
"hidden": "mariadb.enabled"
},
"port": {
"type": "integer",
"form": true,
"title": "Database Port",
"hidden": "mariadb.enabled"
}
}
},
"resources": {
"type": "object",
"title": "Required Resources",
"description": "Configure resource requests",
"form": true,
"properties": {
"requests": {
"type": "object",
"properties": {
"memory": {
"type": "string",
"form": true,
"render": "slider",
"title": "Memory Request",
"sliderMin": 10,
"sliderMax": 2048,
"sliderUnit": "Mi"
},
"cpu": {
"type": "string",
"form": true,
"render": "slider",
"title": "CPU Request",
"sliderMin": 10,
"sliderMax": 2000,
"sliderUnit": "m"
}
}
}
}
},
"securityContext": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"title": "Enable Pod Security Context",
"description": "When disabled, an initContainer will be used to set required folder permissions",
"form": true
}
}
}
}
}

237
charts/ghost/values.yaml
View File

@ -1,36 +1,63 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami Ghost image version ## Bitnami Ghost image version
## ref: https://hub.docker.com/r/bitnami/ghost/tags/ ## ref: https://hub.docker.com/r/bitnami/ghost/tags/
## ##
image: bitnami/ghost:1.21.5-r0 image:
registry: docker.io
repository: bitnami/ghost
tag: 3.1.1-debian-9-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Busybox image used to configure volume permissions ## String to partially override ghost.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override ghost.fullname template
##
# fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
## ##
volumePermissions: volumePermissions:
image: image:
name: busybox registry: docker.io
tag: 1.27.1 repository: bitnami/minideb
# pullPolicy: tag: stretch
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Specify a imagePullPolicy ## Ghost protocol, host, port and path to create application URLs
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
# imagePullPolicy:
## Ghost host to create application URLs
## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration ## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration
## ##
ghostProtocol: http
# ghostHost: # ghostHost:
# ghostPort:
## Ghost port to create application URLs along with host. ghostPath: /
## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration
##
ghostPort: 80
## loadBalancerIP for the Ghost Service (optional, cloud specific)
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
# ghostLoadBalancerIP:
## User of the application ## User of the application
## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration ## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration
@ -55,7 +82,7 @@ ghostBlogTitle: User's Blog
## Set to `yes` to allow the container to be started with blank passwords ## Set to `yes` to allow the container to be started with blank passwords
## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables ## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables
allowEmptyPassword: yes allowEmptyPassword: "yes"
## SMTP mail delivery configuration ## SMTP mail delivery configuration
## ref: https://github.com/bitnami/bitnami-docker-redmine/#smtp-configuration ## ref: https://github.com/bitnami/bitnami-docker-redmine/#smtp-configuration
@ -64,71 +91,101 @@ allowEmptyPassword: yes
# smtpPort: # smtpPort:
# smtpUser: # smtpUser:
# smtpPassword: # smtpPassword:
# smtpFromAddress
# smtpService: # smtpService:
## ##
## External database configuration ## External database configuration
## ##
externalDatabase: externalDatabase:
## All of these values are only used when mariadb.enabled is set to false
## Database host ## Database host
# host: host: localhost
## Database user ## non-root Username for Wordpress Database
# user: bn_ghost user: bn_ghost
## Database password ## Database password
# password: password: ""
## Database name ## Database name
# database: bitnami_ghost database: bitnami_ghost
## Database port number
port: 3306
## ##
## MariaDB chart configuration ## MariaDB chart configuration
## ##
## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml
##
mariadb: mariadb:
## Whether to use the database specified as a requirement or not. For example, to configure the chart with an existing database server. ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
enabled: true enabled: true
## Disable MariaDB replication
replication:
enabled: false
## Create a database and a database user
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
db:
name: bitnami_ghost
user: bn_ghost
## If the password is not specified, mariadb will generates a random password
##
# password:
## MariaDB admin password ## MariaDB admin password
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run
## ##
# mariadbRootPassword: # rootUser:
## Create a database # password:
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run
##
mariadbDatabase: bitnami_ghost
## Create a database user
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
mariadbUser: bn_ghost
## Password for mariadbUser
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
# mariadbPassword:
## Enable persistence using Persistent Volume Claims ## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
## ##
persistence: master:
enabled: true persistence:
## mariadb data Persistent Volume Storage Class enabled: true
## If defined, storageClassName: <storageClass> ## mariadb data Persistent Volume Storage Class
## If set to "-", storageClassName: "", which disables dynamic provisioning ## If defined, storageClassName: <storageClass>
## If undefined (the default) or set to null, no storageClassName spec is ## If set to "-", storageClassName: "", which disables dynamic provisioning
## set, choosing the default provisioner. (gp2 on AWS, standard on ## If undefined (the default) or set to null, no storageClassName spec is
## GKE, AWS & OpenStack) ## set, choosing the default provisioner. (gp2 on AWS, standard on
## ## GKE, AWS & OpenStack)
# storageClass: "-" ##
accessMode: ReadWriteOnce # storageClass: "-"
size: 8Gi accessMode: ReadWriteOnce
size: 8Gi
## Kubernetes configuration ## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer ## For minikube, set this to NodePort, elsewhere use LoadBalancer
## ##
serviceType: LoadBalancer service:
type: LoadBalancer
# HTTP Port
port: 80
## loadBalancerIP:
##
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
nodePorts:
http: ""
## Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## Service annotations done as key:value pairs
annotations:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Enable persistence using Persistent Volume Claims ## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
@ -145,6 +202,7 @@ persistence:
# storageClass: "-" # storageClass: "-"
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 8Gi size: 8Gi
path: /bitnami
## Configure resource requests and limits ## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
@ -153,3 +211,66 @@ resources:
requests: requests:
memory: 512Mi memory: 512Mi
cpu: 300m cpu: 300m
## Configure the ingress resource that allows you to access the
## Ghost installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
enabled: false
## Set this to true in order to add the corresponding annotations for cert-manager
certManager: false
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
annotations:
# kubernetes.io/ingress.class: nginx
## The list of hostnames to be covered with this ingress record.
## Most likely this will be just one host, but in the event more hosts are needed, this is an array
hosts:
- name: ghost.local
path: /
## Set this to true in order to enable TLS on the ingress record
tls: false
## Optionally specify the TLS hosts for the ingress record
## Useful when the Ingress controller supports www-redirection
## If not specified, the above host name will be used
# tlsHosts:
# - www.ghost.local
# - ghost.local
## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
tlsSecret: ghost.local-tls
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
# - name: ghost.local-tls
# key:
# certificate:
## Node selector for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
##
nodeSelector: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

12
releases/ghost.yaml
View File

@ -6,7 +6,7 @@ metadata:
namespace: demo namespace: demo
annotations: annotations:
fluxcd.io/automated: "false" fluxcd.io/automated: "false"
fluxcd.io/tag.chart-image: glob:1.21.* fluxcd.io/tag.chart-image: glob:3.1.1-debian-9-*
spec: spec:
releaseName: ghost releaseName: ghost
chart: chart:
@ -14,14 +14,16 @@ spec:
ref: master ref: master
path: charts/ghost path: charts/ghost
values: values:
image: bitnami/ghost:1.21.5-r0 image: bitnami/ghost:3.1.1-debian-9-r0
persistence: persistence:
enabled: false enabled: false
resources: resources:
requests: requests:
memory: 32Mi memory: 32Mi
cpu: 10m cpu: 10m
serviceType: ClusterIP service:
type: ClusterIP
mariadb: mariadb:
persistence: master:
enabled: false persistence:
enabled: false

4
releases/mongodb.yaml
View File

@ -12,11 +12,11 @@ spec:
chart: chart:
repository: https://kubernetes-charts.storage.googleapis.com/ repository: https://kubernetes-charts.storage.googleapis.com/
name: mongodb name: mongodb
version: 4.9.0 version: 7.6.3
values: values:
image: image:
repository: bitnami/mongodb repository: bitnami/mongodb
tag: 4.0.3 tag: 4.0.13
usePassword: false usePassword: false
persistence: persistence:
enabled: false enabled: false

6
releases/redis.yaml
View File

@ -6,7 +6,7 @@ metadata:
namespace: demo namespace: demo
annotations: annotations:
fluxcd.io/automated: "true" fluxcd.io/automated: "true"
fluxcd.io/tag.chart-image: semver:~4.0 fluxcd.io/tag.chart-image: semver:~5.0
fluxcd.io/locked: "true" fluxcd.io/locked: "true"
fluxcd.io/locked_msg: "Halt updates for now" fluxcd.io/locked_msg: "Halt updates for now"
fluxcd.io/locked_user: "Stefan Prodan <stefan@weave.works>" fluxcd.io/locked_user: "Stefan Prodan <stefan@weave.works>"
@ -15,7 +15,7 @@ spec:
chart: chart:
repository: https://kubernetes-charts.storage.googleapis.com/ repository: https://kubernetes-charts.storage.googleapis.com/
name: redis name: redis
version: 5.1.3 version: 10.3.1
valueFileSecrets: valueFileSecrets:
# the redis-auth secret contains the password value # the redis-auth secret contains the password value
- name: redis-auth - name: redis-auth
@ -23,7 +23,7 @@ spec:
usePassword: true usePassword: true
image: image:
repository: bitnami/redis repository: bitnami/redis
tag: 4.0.12 tag: 5.0.7
service: service:
type: ClusterIP type: ClusterIP
port: 6379 port: 6379

34
workloads/podinfo-dep.yaml
View File

@ -9,7 +9,7 @@ metadata:
annotations: annotations:
fluxcd.io/automated: "true" fluxcd.io/automated: "true"
fluxcd.io/tag.init: regex:^3.10.* fluxcd.io/tag.init: regex:^3.10.*
fluxcd.io/tag.podinfod: semver:~2.1 fluxcd.io/tag.podinfod: semver:~3.1
spec: spec:
strategy: strategy:
rollingUpdate: rollingUpdate:
@ -22,6 +22,7 @@ spec:
metadata: metadata:
annotations: annotations:
prometheus.io/scrape: "true" prometheus.io/scrape: "true"
prometheus.io/port: "9797"
labels: labels:
app: podinfo app: podinfo
spec: spec:
@ -33,21 +34,30 @@ spec:
- "1" - "1"
containers: containers:
- name: podinfod - name: podinfod
image: stefanprodan/podinfo:2.1.0 image: stefanprodan/podinfo:3.1.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 9898 - name: http
name: http containerPort: 9898
protocol: TCP protocol: TCP
- name: http-metrics
containerPort: 9797
protocol: TCP
- name: grpc
containerPort: 9999
protocol: TCP
command: command:
- ./podinfo - ./podinfo
- --port=9898 - --port=9898
- --level=info - --port-metrics=9797
- --random-delay=false - --grpc-port=9999
- --random-error=false - --grpc-service-name=podinfo
- --level=info
- --random-delay=false
- --random-error=false
env: env:
- name: PODINFO_UI_MESSAGE - name: PODINFO_UI_COLOR
value: "Greetings human!" value: "#34577c"
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz