sundowndev
/
flux-get-started
mirror of https://github.com/sundowndev/flux-get-started.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #27 from fluxcd/hr-appsv1 

Update HelmReleases for Kubernetes 1.16
master
Stefan Prodan 2020-01-07 11:58:53 +02:00 committed by GitHub
parent 4cacd57ddd 1927888a36
commit a6bee68eaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 847 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.circleci/config.yml
View File

@ -2,7 +2,7 @@ version: 2.1
jobs:
validate-yamls:
docker:
- image: stefanprodan/hrval:v2.6.0
- image: stefanprodan/hrval:v2.9.0
steps:
- checkout
- run:
@ -15,7 +15,7 @@ jobs:
name: Validate releases
environment:
IGNORE_VALUES: "false"
KUBE_VER: "1.15.0"
KUBE_VER: "1.16.0"
HELM_VER: "v2"
command: |
hrval releases/ $IGNORE_VALUES $KUBE_VER $HELM_VER

8
charts/ghost/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1
name: ghost
version: 2.1.16
appVersion: 1.21.5
description: A simple, powerful publishing platform that allows you to share your
stories with the world
version: 9.0.4
appVersion: 3.1.1
description: A simple, powerful publishing platform that allows you to share your stories with the world
keywords:
- ghost
- blog

8
charts/ghost/OWNERS
View File

@ -2,7 +2,15 @@ approvers:
- prydonius
- tompizmor
- sameersbn
- carrodher
- javsalgar
- juan131
- miguelaeh
reviewers:
- prydonius
- tompizmor
- sameersbn
- carrodher
- javsalgar
- juan131
- miguelaeh

153
charts/ghost/README.md
View File

@ -14,10 +14,14 @@ This chart bootstraps a [Ghost](https://github.com/bitnami/bitnami-docker-ghost)
It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Ghost application.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
## Prerequisites
- Kubernetes 1.4+ with Beta APIs enabled
- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart
@ -27,7 +31,7 @@ To install the chart with the release name `my-release`:
$ helm install --name my-release stable/ghost
```
The command deploys Ghost on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
The command deploys Ghost on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@ -41,37 +45,79 @@ $ helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
## Parameters
The following tables lists the configurable parameters of the Ghost chart and their default values.
The following table lists the configurable parameters of the Ghost chart and their default values.
| Parameter | Description | Default |
|-------------------------------|---------------------------------------------------------------|----------------------------------------------------------|
| `image` | Ghost image | `bitnami/ghost:{VERSION}` |
| `imagePullPolicy` | Image pull policy | `Always` if `image` tag is `latest`, else `IfNotPresent` |
| `ghostHost` | Ghost host to create application URLs | `nil` |
| `ghostPort` | Ghost port to create application URLs along with host | `80` |
| `ghostLoadBalancerIP` | `loadBalancerIP` for the Ghost Service | `nil` |
| `ghostUsername` | User of the application | `user@example.com` |
| `ghostPassword` | Application password | Randomly generated |
| `ghostEmail` | Admin email | `user@example.com` |
| `ghostBlogTitle` | Ghost Blog name | `User's Blog` |
| `allowEmptyPassword` | Allow DB blank passwords | `yes` |
| `externalDatabase.host` | Host of the external database | `nil` |
| `externalDatabase.user` | Existing username in the external db | `bn_ghost` |
| `externalDatabase.password` | Password for the above username | `nil` |
| `externalDatabase.database` | Name of the existing database | `bitnami_ghost` |
| `mariadb.enabled` | Whether or not to install MariaDB (disable if using external) | `true` |
| `mariadb.mariadbRootPassword` | MariaDB admin password | `nil` |
| `mariadb.mariadbDatabase` | MariaDB Database name to create | `bitnami_ghost` |
| `mariadb.mariadbUser` | MariaDB Database user to create | `bn_ghost` |
| `mariadb.mariadbPassword` | MariaDB Password for user | _random 10 character long alphanumeric string_ |
| `serviceType` | Kubernetes Service type | `LoadBalancer` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for Ghost volume | `nil` (uses alpha storage annotation) |
| `persistence.accessMode` | PVC Access Mode for Ghost volume | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request for Ghost volume | `8Gi` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
| Parameter | Description | Default |
|-------------------------------------|---------------------------------------------------------------|----------------------------------------------------------|
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `image.registry` | Ghost image registry | `docker.io` |
| `image.repository` | Ghost Image name | `bitnami/ghost` |
| `image.tag` | Ghost Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `nameOverride` | String to partially override ghost.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override ghost.fullname template with a string | `nil` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository`| Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` |
| `volumePermissions.image.pullPolicy`| Init container volume-permissions image pull policy | `Always` |
| `ghostHost` | Ghost host to create application URLs | `nil` |
| `ghostPort` | Ghost port to use in application URLs (defaults to `service.port` if `nil`) | `nil` |
| `ghostProtocol` | Protocol (http or https) to use in the application URLs | `http` |
| `ghostPath` | Ghost path to create application URLs | `nil` |
| `ghostUsername` | User of the application | `user@example.com` |
| `ghostPassword` | Application password | Randomly generated |
| `ghostEmail` | Admin email | `user@example.com` |
| `ghostBlogTitle` | Ghost Blog name | `User's Blog` |
| `smtpHost` | SMTP host | `nil` |
| `smtpPort` | SMTP port | `nil` |
| `smtpUser` | SMTP user | `nil` |
| `smtpPassword` | SMTP password | `nil` |
| `smtpFromAddress` | SMTP from address | `nil` |
| `smtpService` | SMTP service | `nil` |
| `allowEmptyPassword` | Allow DB blank passwords | `yes` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.loadBalancerIP` | LoadBalancerIP for the Ghost service | `` |
| `service.annotations` | Service annotations | `` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.annotations` | Ingress annotations | `[]` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hosts[0].name` | Hostname to your Ghost installation | `ghost.local` |
| `ingress.hosts[0].path` | Path within the url structure | `/` |
| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` |
| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` |
| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `ghost.local-tls-secret` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
| `externalDatabase.host` | Host of the external database | `localhost` |
| `externalDatabase.port` | Port of the external database | `3306` |
| `externalDatabase.user` | Existing username in the external db | `bn_ghost` |
| `externalDatabase.password` | Password for the above username | `""` |
| `externalDatabase.database` | Name of the existing database | `bitnami_ghost` |
| `mariadb.enabled` | Whether or not to install MariaDB (disable if using external) | `true` |
| `mariadb.rootUser.password` | MariaDB admin password | `nil` |
| `mariadb.db.name` | MariaDB Database name to create | `bitnami_ghost` |
| `mariadb.db.user` | MariaDB Database user to create | `bn_ghost` |
| `mariadb.db.password` | MariaDB Password for user | _random 10 character long alphanumeric string_ |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for Ghost volume | `nil` (uses alpha storage annotation) |
| `persistence.accessMode` | PVC Access Mode for Ghost volume | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request for Ghost volume | `8Gi` |
| `persistence.path` | Path to mount the volume at, to use other images | `/bitnami` |
| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` |
| `nodeSelector` | Node selector for pod assignment | `{}` |
| `affinity` | Map of node/pod affinities | `{}` |
The above parameters map to the env variables defined in [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost). For more information please refer to the [bitnami/ghost](http://github.com/bitnami/bitnami-docker-ghost) image documentation.
@ -87,7 +133,7 @@ The above parameters map to the env variables defined in [bitnami/ghost](http://
> $ gcloud compute addresses create ghost-public-ip
> ```
>
> The reserved IP address can be associated to the Ghost service by specifying it as the value of the `ghostLoadBalancerIP` parameter while installing the chart.
> The reserved IP address can be assigned to the Ghost service by specifying it as the value of the `ghostLoadBalancerIP` parameter while installing the chart.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@ -97,7 +143,7 @@ $ helm install --name my-release \
stable/ghost
```
The above command sets the Ghost administrator account username and password to `admin` and `password` respectively. Additionally it sets the MariaDB `root` user password to `secretpassword`.
The above command sets the Ghost administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
@ -107,13 +153,24 @@ $ helm install --name my-release -f values.yaml stable/ghost
> **Tip**: You can use the default [values.yaml](values.yaml)
## Using an existing database
## Configuration and installation details
Sometimes you may want to have Ghost connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#configuration). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example:
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Using an existing database
Sometimes you may want to have Ghost connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example using the following parameters:
```console
$ helm install stable/ghost \
--set mariadb.enabled=false,externalDatabase.host=myexternalhost,externalDatabase.user=myuser,externalDatabase.password=mypassword,externalDatabase.database=mydatabase
mariadb.enabled=false
externalDatabase.host=myexternalhost
externalDatabase.user=myuser
externalDatabase.password=mypassword
externalDatabase.database=mydatabase
```
## Persistence
@ -121,4 +178,24 @@ $ helm install stable/ghost \
The [Bitnami Ghost](https://github.com/bitnami/bitnami-docker-ghost) image stores the Ghost data and configurations at the `/bitnami/ghost` and `/bitnami/apache` paths of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Configuration](#configuration) section to configure the PVC or to disable persistence.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
## Upgrading
### To 9.0.0
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
In https://github.com/helm/charts/pulls/17297 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
This major version signifies this change.
### To 5.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is ghost:
```console
$ kubectl patch deployment ghost-ghost --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
$ kubectl delete statefulset ghost-mariadb --cascade=false
```

6
charts/ghost/requirements.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: mariadb
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.7.0
digest: sha256:f59f68030aa5c50b9e776b813804875fac911f91c2aa384e991f37a795c5ae34
generated: 2017-11-27T16:40:56.867665764Z
version: 7.2.1
digest: sha256:27bef733eb099a7377055cfe2c48e013bd4d55650ff18b50138c80488c812b0b
generated: 2019-12-04T15:22:06.772062948Z

4
charts/ghost/requirements.yaml
View File

@ -1,5 +1,7 @@
dependencies:
- name: mariadb
version: 0.7.0
version: 7.x.x
repository: https://kubernetes-charts.storage.googleapis.com/
condition: mariadb.enabled
tags:
- ghost-database

41
charts/ghost/templates/NOTES.txt
View File

@ -8,43 +8,47 @@ host. To configure Ghost with the URL of your service:
1. Get the Ghost URL by running:
{{- if contains "NodePort" .Values.serviceType }}
{{- if contains "NodePort" .Values.service.type }}
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
{{- else if contains "LoadBalancer" .Values.serviceType }}
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "ghost.fullname" . }}'
export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode)
{{- if .Values.mariadb.mariadbRootPassword }}
export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
{{- end }}
{{- end }}
export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode)
2. Complete your Ghost deployment by running:
helm upgrade {{ .Release.Name }} \
--set serviceType={{ .Values.serviceType }},ghostHost=$APP_HOST stable/ghost
helm upgrade {{ .Release.Name }} stable/{{ .Chart.Name }} \
--set service.type={{ .Values.service.type }},ghostHost=$APP_HOST,ghostPassword=$APP_PASSWORD,{{ if .Values.mariadb.mariadbRootPassword }},mariadb.mariadbRootPassword=$DATABASE_ROOT_PASSWORD{{ end }}mariadb.db.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- else -}}
1. Get the Ghost URL by running:
{{- if eq .Values.serviceType "ClusterIP" }}
{{- if eq .Values.service.type "ClusterIP" }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ghost.fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo Blog URL : http://127.0.0.1:{{ default "80" .Values.ghostPort }}/
echo Admin URL : http://127.0.0.1:{{ default "80" .Values.ghostPort }}/ghost
kubectl port-forward $POD_NAME {{ default "80" .Values.ghostPort }}:2368
echo Blog URL : http://127.0.0.1:{{ default "80" .Values.service.port }}{{ .Values.ghostPath }}
echo Admin URL : http://127.0.0.1:{{ default "80" .Values.service.port }}{{ .Values.ghostPath }}ghost
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "ghost.fullname" . }} {{ default "80" .Values.service.port }}:2368
{{- else if eq .Values.serviceType "NodePort" }}
{{- else if eq .Values.service.type "NodePort" }}
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export APP_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }})
export APP_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ghost.fullname" . }})
echo Blog URL : http://$APP_HOST:$APP_PORT/
echo Admin URL : http://$APP_HOST:$APP_PORT/ghost
echo Blog URL : http://$APP_HOST:$APP_PORT{{ .Values.ghostPath }}
echo Admin URL : http://$APP_HOST:$APP_PORT{{ .Values.ghostPath }}ghost
{{- else }}
echo Blog URL : http://{{ include "ghost.host" . }}/
echo Admin URL : http://{{ include "ghost.host" . }}/ghost
echo Blog URL : http://{{ include "ghost.host" . }}
echo Admin URL : http://{{ include "ghost.host" . }}ghost
{{- end }}
2. Get your Ghost login credentials by running:
@ -52,3 +56,10 @@ host. To configure Ghost with the URL of your service:
echo Email: {{ .Values.ghostEmail }}
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "ghost.fullname" . }} -o jsonpath="{.data.ghost-password}" | base64 --decode)
{{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}

153
charts/ghost/templates/_helpers.tpl
View File

@ -9,11 +9,20 @@ Expand the name of the chart.
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ghost.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
@ -28,10 +37,10 @@ Get the user defined LoadBalancerIP for this release.
Note, returns 127.0.0.1 if using ClusterIP.
*/}}
{{- define "ghost.serviceIP" -}}
{{- if eq .Values.serviceType "ClusterIP" -}}
{{- if eq .Values.service.type "ClusterIP" -}}
127.0.0.1
{{- else -}}
{{- index .Values (printf "%sLoadBalancerIP" .Chart.Name) | default "" -}}
{{- .Values.service.loadBalancerIP | default "" -}}
{{- end -}}
{{- end -}}
@ -40,6 +49,144 @@ Gets the host to be used for this application.
If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty.
*/}}
{{- define "ghost.host" -}}
{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}}
{{- if .Values.ghostHost -}}
{{- $host := printf "%s%s" .Values.ghostHost .Values.ghostPath -}}
{{- default (include "ghost.serviceIP" .) $host -}}
{{- else -}}
{{- default (include "ghost.serviceIP" .) "" -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ghost.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper Ghost image name
*/}}
{{- define "ghost.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name to change the volume permissions
*/}}
{{- define "ghost.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "ghost.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "ghost.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "ghost.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}

109
charts/ghost/templates/deployment.yaml
View File

@ -1,32 +1,45 @@
{{- if include "ghost.host" . -}}
apiVersion: extensions/v1beta1
apiVersion: {{ template "ghost.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "ghost.fullname" . }}
labels:
app: {{ template "ghost.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
selector:
matchLabels:
app: "{{ template "ghost.fullname" . }}"
release: {{ .Release.Name | quote }}
replicas: 1
template:
metadata:
labels:
app: {{ template "ghost.fullname" . }}
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
spec:
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- else }}
initContainers:
- name: volume-permissions
image: "{{ .Values.volumePermissions.image.name }}:{{ .Values.volumePermissions.image.tag }}"
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }}
command: ['sh', '-c', 'chmod -R g+rwX /bitnami']
image: {{ template "ghost.volumePermissions.image" . }}
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
command: ['sh', '-c', 'chmod -R g+rwX {{ .Values.persistence.path }}']
volumeMounts:
- mountPath: /bitnami
- mountPath: {{ .Values.persistence.path }}
name: ghost-data
{{- end }}
{{- include "ghost.imagePullSecrets" . | indent 6 }}
containers:
- name: {{ template "ghost.fullname" . }}
image: "{{ .Values.image }}"
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
image: {{ template "ghost.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: ALLOW_EMPTY_PASSWORD
{{- if .Values.allowEmptyPassword }}
@ -38,21 +51,25 @@ spec:
{{- if .Values.mariadb.enabled }}
value: {{ template "ghost.mariadb.fullname" . }}
{{- else }}
value: {{ default "" .Values.externalDatabase.host | quote }}
value: {{ .Values.externalDatabase.host | quote }}
{{- end }}
- name: MARIADB_PORT_NUMBER
{{- if .Values.mariadb.enabled }}
value: "3306"
{{- else }}
value: {{ .Values.externalDatabase.port | quote }}
{{- end }}
- name: GHOST_DATABASE_NAME
{{- if .Values.mariadb.enabled }}
value: {{ default "" .Values.mariadb.mariadbDatabase | quote }}
value: {{ .Values.mariadb.db.name | quote }}
{{- else }}
value: {{ default "" .Values.externalDatabase.database | quote }}
value: {{ .Values.externalDatabase.database | quote }}
{{- end }}
- name: GHOST_DATABASE_USER
{{- if .Values.mariadb.enabled }}
value: {{ default "" .Values.mariadb.mariadbUser | quote }}
value: {{ .Values.mariadb.db.user | quote }}
{{- else }}
value: {{ default "" .Values.externalDatabase.user | quote }}
value: {{ .Values.externalDatabase.user | quote }}
{{- end }}
- name: GHOST_DATABASE_PASSWORD
{{- if .Values.mariadb.enabled }}
@ -61,56 +78,84 @@ spec:
name: {{ template "ghost.mariadb.fullname" . }}
key: mariadb-password
{{- else }}
value: {{ default "" .Values.externalDatabase.password | quote }}
value: {{ .Values.externalDatabase.password | quote }}
{{- end }}
- name: GHOST_HOST
value: {{ include "ghost.host" . | quote }}
- name: GHOST_PROTOCOL
value: {{ .Values.ghostProtocol | quote }}
- name: GHOST_PORT_NUMBER
value: {{ default "80" .Values.ghostPort | quote }}
{{- if .Values.ghostPort }}
value: {{ .Values.ghostPort | quote }}
{{- else }}
value: {{ .Values.service.port | quote }}
{{- end }}
- name: GHOST_USERNAME
value: {{ default "" .Values.ghostUsername | quote }}
value: {{ .Values.ghostUsername | quote }}
- name: GHOST_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "ghost.fullname" . }}
key: ghost-password
- name: GHOST_EMAIL
value: {{ default "" .Values.ghostEmail | quote }}
value: {{ .Values.ghostEmail | quote }}
- name: BLOG_TITLE
value: {{ default "" .Values.ghostBlogTitle | quote }}
value: {{ .Values.ghostBlogTitle | quote }}
{{- if .Values.smtpHost }}
- name: SMTP_HOST
value: {{ default "" .Values.smtpHost | quote }}
value: {{ .Values.smtpHost | quote }}
{{- end }}
{{- if .Values.smtpPort }}
- name: SMTP_PORT
value: {{ default "" .Values.smtpPort | quote }}
value: {{ .Values.smtpPort | quote }}
{{- end }}
{{- if .Values.smtpUser }}
- name: SMTP_USER
value: {{ default "" .Values.smtpUser | quote }}
value: {{ .Values.smtpUser | quote }}
{{- end }}
{{- if .Values.smtpPassword }}
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "ghost.fullname" . }}
key: smtp-password
{{- end }}
{{- if .Values.smtpFromAddress }}
- name: SMTP_FROM_ADDRESS
value: {{ .Values.smtpFromAddress | quote }}
{{- end }}
{{- if .Values.smtpService }}
- name: SMTP_SERVICE
value: {{ default "" .Values.smtpService | quote }}
value: {{ .Values.smtpService | quote }}
{{- end }}
ports:
- name: http
containerPort: 2368
livenessProbe:
httpGet:
path: /ghost
path: {{ .Values.ghostPath }}
port: http
httpHeaders:
- name: Host
value: {{ include "ghost.host" . | quote }}
{{- if eq .Values.ghostProtocol "https" }}
- name: X-Forwarded-Proto
value: https
{{- end }}
initialDelaySeconds: 120
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
httpGet:
path: /ghost
path: {{ .Values.ghostPath }}
port: http
httpHeaders:
- name: Host
value: {{ include "ghost.host" . | quote }}
{{- if eq .Values.ghostProtocol "https" }}
- name: X-Forwarded-Proto
value: https
{{- end }}
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 5
@ -127,4 +172,12 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}

43
charts/ghost/templates/ingress.yaml Executable file
View File

@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "ghost.fullname" . }}
labels:
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: {{ template "ghost.fullname" $ }}
servicePort: http
{{- end }}
tls:
{{- range .Values.ingress.hosts }}
{{- if .tls }}
- hosts:
{{- if .tlsHosts }}
{{- range $host := .tlsHosts }}
- {{ $host }}
{{- end }}
{{- else }}
- {{ .name }}
{{- end }}
secretName: {{ .tlsSecret }}
{{- end }}
{{- end }}
{{- end }}

16
charts/ghost/templates/pvc.yaml
View File

@ -4,21 +4,15 @@ apiVersion: v1
metadata:
name: {{ template "ghost.fullname" . }}
labels:
app: {{ template "ghost.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{ include "ghost.storageClass" . }}
{{- end -}}

16
charts/ghost/templates/secrets.yaml
View File

@ -3,15 +3,17 @@ kind: Secret
metadata:
name: {{ template "ghost.fullname" . }}
labels:
app: {{ template "ghost.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{ if .Values.ghostPassword }}
{{- if .Values.ghostPassword }}
ghost-password: {{ .Values.ghostPassword | b64enc | quote }}
{{ else }}
{{- else }}
ghost-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}
{{- end }}
{{- if .Values.smtpPassword }}
smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }}
{{- end }}

33
charts/ghost/templates/svc.yaml
View File

@ -3,18 +3,29 @@ kind: Service
metadata:
name: {{ template "ghost.fullname" . }}
labels:
app: {{ template "ghost.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
app: "{{ template "ghost.fullname" . }}"
chart: "{{ template "ghost.chart" . }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
type: {{ .Values.serviceType }}
{{- if eq .Values.serviceType "LoadBalancer" }}
loadBalancerIP: {{ default "" .Values.ghostLoadBalancerIP }}
type: {{ .Values.service.type }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }}
{{- end }}
ports:
- name: http
port: {{ default "80" .Values.ghostPort }}
targetPort: http
- name: http
port: {{ .Values.service.port }}
targetPort: http
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}}
nodePort: {{ .Values.service.nodePorts.http }}
{{- end }}
selector:
app: {{ template "ghost.fullname" . }}
app: "{{ template "ghost.fullname" . }}"

163
charts/ghost/values.schema.json Executable file
View File

@ -0,0 +1,163 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"ghostUsername": {
"type": "string",
"title": "User",
"form": true
},
"ghostPassword": {
"type": "string",
"title": "Password",
"form": true,
"description": "Defaults to a random 10-character alphanumeric string if not set"
},
"ghostEmail": {
"type": "string",
"title": "Admin email",
"form": true
},
"ghostBlogTitle": {
"type": "string",
"title": "Blog Name",
"form": true
},
"ghostHost": {
"type": "string",
"title": "Host",
"form": true,
"description": "Hostname used to generate application URLs"
},
"persistence": {
"type": "object",
"properties": {
"size": {
"type": "string",
"title": "Persistent Volume Size",
"form": true,
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi"
}
}
},
"mariadb": {
"type": "object",
"form": true,
"title": "MariaDB Details",
"properties": {
"enabled": {
"type": "boolean",
"title": "Use a new MariaDB database hosted in the cluster",
"form": true,
"description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database parameters"
},
"master": {
"type": "object",
"properties": {
"persistence": {
"type": "object",
"properties": {
"size": {
"type": "string",
"title": "Volume Size",
"form": true,
"hidden": {
"condition": false,
"value": "mariadb.enabled"
},
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi"
}
}
}
}
}
}
},
"externalDatabase": {
"type": "object",
"title": "External Database Details",
"description": "If MariaDB is disabled. Use this section to specify the external database details",
"form": true,
"properties": {
"host": {
"type": "string",
"form": true,
"title": "Database Host",
"hidden": "mariadb.enabled"
},
"user": {
"type": "string",
"form": true,
"title": "Database Username",
"hidden": "mariadb.enabled"
},
"password": {
"type": "string",
"form": true,
"title": "Database Password",
"hidden": "mariadb.enabled"
},
"database": {
"type": "string",
"form": true,
"title": "Database Name",
"hidden": "mariadb.enabled"
},
"port": {
"type": "integer",
"form": true,
"title": "Database Port",
"hidden": "mariadb.enabled"
}
}
},
"resources": {
"type": "object",
"title": "Required Resources",
"description": "Configure resource requests",
"form": true,
"properties": {
"requests": {
"type": "object",
"properties": {
"memory": {
"type": "string",
"form": true,
"render": "slider",
"title": "Memory Request",
"sliderMin": 10,
"sliderMax": 2048,
"sliderUnit": "Mi"
},
"cpu": {
"type": "string",
"form": true,
"render": "slider",
"title": "CPU Request",
"sliderMin": 10,
"sliderMax": 2000,
"sliderUnit": "m"
}
}
}
}
},
"securityContext": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"title": "Enable Pod Security Context",
"description": "When disabled, an initContainer will be used to set required folder permissions",
"form": true
}
}
}
}
}

237
charts/ghost/values.yaml
View File

@ -1,36 +1,63 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami Ghost image version
## ref: https://hub.docker.com/r/bitnami/ghost/tags/
##
image: bitnami/ghost:1.21.5-r0
image:
registry: docker.io
repository: bitnami/ghost
tag: 3.1.1-debian-9-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Busybox image used to configure volume permissions
## String to partially override ghost.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override ghost.fullname template
##
# fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
image:
name: busybox
tag: 1.27.1
# pullPolicy:
registry: docker.io
repository: bitnami/minideb
tag: stretch
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
# imagePullPolicy:
## Ghost host to create application URLs
## Ghost protocol, host, port and path to create application URLs
## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration
##
ghostProtocol: http
# ghostHost:
## Ghost port to create application URLs along with host.
## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration
##
ghostPort: 80
## loadBalancerIP for the Ghost Service (optional, cloud specific)
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
# ghostLoadBalancerIP:
# ghostPort:
ghostPath: /
## User of the application
## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration
@ -55,7 +82,7 @@ ghostBlogTitle: User's Blog
## Set to `yes` to allow the container to be started with blank passwords
## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables
allowEmptyPassword: yes
allowEmptyPassword: "yes"
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/bitnami-docker-redmine/#smtp-configuration
@ -64,71 +91,101 @@ allowEmptyPassword: yes
# smtpPort:
# smtpUser:
# smtpPassword:
# smtpFromAddress
# smtpService:
##
## External database configuration
##
externalDatabase:
## All of these values are only used when mariadb.enabled is set to false
## Database host
# host:
host: localhost
## Database user
# user: bn_ghost
## non-root Username for Wordpress Database
user: bn_ghost
## Database password
# password:
password: ""
## Database name
# database: bitnami_ghost
database: bitnami_ghost
## Database port number
port: 3306
##
## MariaDB chart configuration
##
## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml
##
mariadb:
## Whether to use the database specified as a requirement or not. For example, to configure the chart with an existing database server.
## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
enabled: true
## Disable MariaDB replication
replication:
enabled: false
## Create a database and a database user
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
db:
name: bitnami_ghost
user: bn_ghost
## If the password is not specified, mariadb will generates a random password
##
# password:
## MariaDB admin password
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run
##
# mariadbRootPassword:
## Create a database
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run
##
mariadbDatabase: bitnami_ghost
## Create a database user
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
mariadbUser: bn_ghost
## Password for mariadbUser
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
# mariadbPassword:
# rootUser:
# password:
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: true
## mariadb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
master:
persistence:
enabled: true
## mariadb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
serviceType: LoadBalancer
service:
type: LoadBalancer
# HTTP Port
port: 80
## loadBalancerIP:
##
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
nodePorts:
http: ""
## Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## Service annotations done as key:value pairs
annotations:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
@ -145,6 +202,7 @@ persistence:
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
path: /bitnami
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
@ -153,3 +211,66 @@ resources:
requests:
memory: 512Mi
cpu: 300m
## Configure the ingress resource that allows you to access the
## Ghost installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
enabled: false
## Set this to true in order to add the corresponding annotations for cert-manager
certManager: false
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
annotations:
# kubernetes.io/ingress.class: nginx
## The list of hostnames to be covered with this ingress record.
## Most likely this will be just one host, but in the event more hosts are needed, this is an array
hosts:
- name: ghost.local
path: /
## Set this to true in order to enable TLS on the ingress record
tls: false
## Optionally specify the TLS hosts for the ingress record
## Useful when the Ingress controller supports www-redirection
## If not specified, the above host name will be used
# tlsHosts:
# - www.ghost.local
# - ghost.local
## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
tlsSecret: ghost.local-tls
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
# - name: ghost.local-tls
# key:
# certificate:
## Node selector for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
##
nodeSelector: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

12
releases/ghost.yaml
View File

@ -6,7 +6,7 @@ metadata:
namespace: demo
annotations:
fluxcd.io/automated: "false"
fluxcd.io/tag.chart-image: glob:1.21.*
fluxcd.io/tag.chart-image: glob:3.1.1-debian-9-*
spec:
releaseName: ghost
chart:
@ -14,14 +14,16 @@ spec:
ref: master
path: charts/ghost
values:
image: bitnami/ghost:1.21.5-r0
image: bitnami/ghost:3.1.1-debian-9-r0
persistence:
enabled: false
resources:
requests:
memory: 32Mi
cpu: 10m
serviceType: ClusterIP
service:
type: ClusterIP
mariadb:
persistence:
enabled: false
master:
persistence:
enabled: false

4
releases/mongodb.yaml
View File

@ -12,11 +12,11 @@ spec:
chart:
repository: https://kubernetes-charts.storage.googleapis.com/
name: mongodb
version: 4.9.0
version: 7.6.3
values:
image:
repository: bitnami/mongodb
tag: 4.0.3
tag: 4.0.13
usePassword: false
persistence:
enabled: false

6
releases/redis.yaml
View File

@ -6,7 +6,7 @@ metadata:
namespace: demo
annotations:
fluxcd.io/automated: "true"
fluxcd.io/tag.chart-image: semver:~4.0
fluxcd.io/tag.chart-image: semver:~5.0
fluxcd.io/locked: "true"
fluxcd.io/locked_msg: "Halt updates for now"
fluxcd.io/locked_user: "Stefan Prodan <stefan@weave.works>"
@ -15,7 +15,7 @@ spec:
chart:
repository: https://kubernetes-charts.storage.googleapis.com/
name: redis
version: 5.1.3
version: 10.3.1
valueFileSecrets:
# the redis-auth secret contains the password value
- name: redis-auth
@ -23,7 +23,7 @@ spec:
usePassword: true
image:
repository: bitnami/redis
tag: 4.0.12
tag: 5.0.7
service:
type: ClusterIP
port: 6379

34
workloads/podinfo-dep.yaml
View File

@ -9,7 +9,7 @@ metadata:
annotations:
fluxcd.io/automated: "true"
fluxcd.io/tag.init: regex:^3.10.*
fluxcd.io/tag.podinfod: semver:~2.1
fluxcd.io/tag.podinfod: semver:~3.1
spec:
strategy:
rollingUpdate:
@ -22,6 +22,7 @@ spec:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9797"
labels:
app: podinfo
spec:
@ -33,21 +34,30 @@ spec:
- "1"
containers:
- name: podinfod
image: stefanprodan/podinfo:2.1.0
image: stefanprodan/podinfo:3.1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9898
name: http
protocol: TCP
- name: http
containerPort: 9898
protocol: TCP
- name: http-metrics
containerPort: 9797
protocol: TCP
- name: grpc
containerPort: 9999
protocol: TCP
command:
- ./podinfo
- --port=9898
- --level=info
- --random-delay=false
- --random-error=false
- ./podinfo
- --port=9898
- --port-metrics=9797
- --grpc-port=9999
- --grpc-service-name=podinfo
- --level=info
- --random-delay=false
- --random-error=false
env:
- name: PODINFO_UI_MESSAGE
value: "Greetings human!"
- name: PODINFO_UI_COLOR
value: "#34577c"
livenessProbe:
httpGet:
path: /healthz