diff --git a/charts/adminer/Chart.yaml b/charts/adminer/Chart.yaml index 033fd33f..ee3c93cf 100644 --- a/charts/adminer/Chart.yaml +++ b/charts/adminer/Chart.yaml @@ -2,6 +2,12 @@ annotations: category: DatabaseManagement apiVersion: v2 appVersion: 4.8.1 +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x description: Adminer is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consist of a single file ready to deploy to the target server. Adminer is available for MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Firebird, SimpleDB, @@ -18,10 +24,11 @@ keywords: - database - sql maintainers: - - name: Firmansyah Nainggolan + - name: firmansyahn email: firmansyah@nainggolan.id url: https://firmansyah.nainggolan.id name: adminer sources: - https://www.adminer.org -version: 0.1.1 +type: application +version: 0.1.2 diff --git a/charts/adminer/templates/Certificate.yaml b/charts/adminer/templates/Certificate.yaml new file mode 100644 index 00000000..6a1ad5fd --- /dev/null +++ b/charts/adminer/templates/Certificate.yaml @@ -0,0 +1,83 @@ +{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} +{{- if and .Values.ingress.tls .Values.ingress.certManager.create (not .Values.ingress.selfSigned)}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + issuerRef: + group: {{ .Values.ingress.certManager.issuerRef.group }} + kind: {{ .Values.ingress.certManager.issuerRef.kind }} + name: {{ .Values.ingress.certManager.issuerRef.name }} + privateKey: + algorithm: ECDSA + rotationPolicy: Always + size: 256 + subject: + countries: + - ID + organizations: + - {{ .Values.organization | quote }} + organizationalUnits: + - {{ .Release.Name | quote }} + localities: + - Asgard + provinces: + - Yggdrasil + dnsNames: + - {{ .Values.ingress.hostname | quote }} + {{- range $.Values.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} +--- +{{- if .Values.istio.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Values.istio.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + issuerRef: + group: {{ .Values.ingress.certManager.issuerRef.group }} + kind: {{ .Values.ingress.certManager.issuerRef.kind }} + name: {{ .Values.ingress.certManager.issuerRef.name }} + privateKey: + algorithm: ECDSA + rotationPolicy: Always + size: 256 + subject: + countries: + - ID + organizations: + - {{ .Values.organization | quote }} + organizationalUnits: + - {{ .Release.Name | quote }} + localities: + - Asgard + provinces: + - Yggdrasil + dnsNames: + - {{ .Values.ingress.hostname | quote }} + {{- range $.Values.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/Deployment.yaml b/charts/adminer/templates/Deployment.yaml new file mode 100644 index 00000000..bb0cf697 --- /dev/null +++ b/charts/adminer/templates/Deployment.yaml @@ -0,0 +1,169 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + annotations: + checksum/secrets: {{ include (print $.Template.BasePath "/Secret.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ .Values.serviceAccountName }} + {{- include "adminer.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: adminer + image: {{ include "adminer.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + {{- if .Values.config.plugins }} + - name: ADMINER_PLUGINS + value: {{ .Values.config.plugins }} + {{- end }} + {{- if .Values.config.design }} + - name: ADMINER_DESIGN + value: {{ .Values.config.design }} + {{- end }} + {{- if .Values.config.externalserver }} + - name: ADMINER_DEFAULT_SERVER + value: {{ .Values.config.externalserver }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ if .Values.config.base_url }}{{- with urlParse (tpl .Values.config.base_url .) }}{{ .path }}{{ end }}{{ end }}/health + port: {{ .Values.containerPorts.http }} + {{- if .Values.config.base_url}} + httpHeaders: + - name: Host + value: {{ regexReplaceAll ":\\d+$" (urlParse (tpl .Values.config.base_url .)).host "" }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ if .Values.config.base_url }}{{- with urlParse (tpl .Values.config.base_url .) }}{{ .path }}{{ end }}{{ end }}/health + port: {{ .Values.containerPorts.http }} + {{- if .Values.config.base_url}} + httpHeaders: + - name: Host + value: {{ regexReplaceAll ":\\d+$" (urlParse (tpl .Values.config.base_url .)).host "" }} + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.extraVolumeMounts }} + volumeMounts: + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.extraVolumes }} + volumes: + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/Ingress.yaml b/charts/adminer/templates/Ingress.yaml new file mode 100644 index 00000000..eac8868d --- /dev/null +++ b/charts/adminer/templates/Ingress.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.ingress.enabled (not .Values.istio.enabled) }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager.create }} + annotations: + {{- if .Values.ingress.certManager.tlsAcme }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.tls .Values.ingress.extraTls }} + tls: + {{- if .Values.ingress.tls }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/Secret-tls.yaml b/charts/adminer/templates/Secret-tls.yaml new file mode 100644 index 00000000..1f007143 --- /dev/null +++ b/charts/adminer/templates/Secret-tls.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned (not .Values.ingress.certManager.create ) }} +{{- $ca := genCA "adminer-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +--- +{{- if .Values.istio.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Values.istio.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/Secret.yaml b/charts/adminer/templates/Secret.yaml new file mode 100644 index 00000000..0df8ac48 --- /dev/null +++ b/charts/adminer/templates/Secret.yaml @@ -0,0 +1,18 @@ +{{- if and (not .Values.auth.existingSecret) (not .Values.auth.existingSecretPerPassword) }} +{{- $secretName := include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "context" $)}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: freeradius + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/Service.yaml b/charts/adminer/templates/Service.yaml new file mode 100644 index 00000000..e05f0241 --- /dev/null +++ b/charts/adminer/templates/Service.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: adminer + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and .Values.service.externalTrafficPolicy (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerClass)) }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + protocol: UDP + targetPort: {{ .Values.containerPorts.http }} + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (coalesce .Values.service.nodePorts.http .Values.service.nodePort)) }} + nodePort: {{ coalesce .Values.service.nodePorts.http .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: adminer +--- \ No newline at end of file diff --git a/charts/adminer/templates/ServiceAccount.yaml b/charts/adminer/templates/ServiceAccount.yaml new file mode 100644 index 00000000..88d9595f --- /dev/null +++ b/charts/adminer/templates/ServiceAccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "adminer.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: adminer + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/_helpers.tpl b/charts/adminer/templates/_helpers.tpl index 6ae0569a..7d2f55d4 100644 --- a/charts/adminer/templates/_helpers.tpl +++ b/charts/adminer/templates/_helpers.tpl @@ -1,77 +1,33 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "adminer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "adminer.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "adminer.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} +{{/* Create the name of the service account to use for the deployment */}} +{{- define "adminer.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} -{{/* -Common labels -*/}} -{{- define "adminer.labels" -}} -helm.sh/chart: {{ include "adminer.chart" . }} -{{ include "adminer.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} +{{/* Return the proper Adminer image name */}} +{{- define "adminer.image" -}} + {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} -{{/* -Selector labels -*/}} -{{- define "adminer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "adminer.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "adminer.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} - {{- default (include "adminer.fullname" .) .Values.serviceAccount.name }} -{{- else }} - {{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} +{{/* Return the proper Docker Image Registry Secret Names */}} +{{- define "adminer.imagePullSecrets" -}} + {{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} +{{- end -}} {{/* Create the name of the SSL certificate to use */}} {{- define "istioCertificateSecret2" -}} -{{- default (printf "%s-tls" (include "adminer.fullname" .)) .Values.istio.certificate.existingSecret }} +{{- default (printf "%s-tls" (include "common.names.fullname" .)) .Values.istio.certificate.existingSecret }} {{- end }} {{ define "istioCertificateSecret" }} {{- if .Values.istio.certificate.existingSecret }} {{ .Values.istio.certificate.existingSecret }} {{- else }} - {{- default (printf "%s-tls" (include "adminer.fullname" .)) }} + {{- default (printf "%s-tls" (include "common.names.fullname" .)) }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/deployment.yaml b/charts/adminer/templates/deployment.yaml deleted file mode 100644 index f5f750ae..00000000 --- a/charts/adminer/templates/deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "adminer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ include "adminer.name" . }} - helm.sh/chart: {{ include "adminer.chart" . }} -{{- with .Values.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "adminer.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "adminer.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- with .Values.labels }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.config.port }} - protocol: TCP - env: -{{- if .Values.config.plugins }} - - name: ADMINER_PLUGINS - value: {{ .Values.config.plugins }} -{{- end }} -{{- if .Values.config.design }} - - name: ADMINER_DESIGN - value: {{ .Values.config.design }} -{{- end }} -{{- if .Values.config.externalserver }} - - name: ADMINER_DEFAULT_SERVER - value: {{ .Values.config.externalserver }} -{{- end }} - livenessProbe: - httpGet: - path: {{if .Values.config.base_url }}{{- with urlParse (tpl .Values.config.base_url .) }}{{ .path }}{{end}}{{end}}/health - port: {{ .Values.config.port }} -{{- if .Values.config.base_url}} - httpHeaders: - - name: Host - value: {{ regexReplaceAll ":\\d+$" (urlParse (tpl .Values.config.base_url .)).host "" }} -{{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 15 }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 30 }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold | default 20 }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds | default 5 }} - readinessProbe: - httpGet: - path: {{if .Values.config.base_url }}{{- with urlParse (tpl .Values.config.base_url .) }}{{ .path }}{{end}}{{end}}/health - port: {{ .Values.config.port }} -{{- if .Values.config.base_url}} - httpHeaders: - - name: Host - value: {{ regexReplaceAll ":\\d+$" (urlParse (tpl .Values.config.base_url .)).host "" }} -{{- end }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 15 }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 30 }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold | default 20 }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds | default 5 }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - serviceAccountName: {{ include "adminer.serviceAccountName" . }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - affinity: -{{- if .Values.affinity }} -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} ---- \ No newline at end of file diff --git a/charts/adminer/templates/ingress.yaml b/charts/adminer/templates/ingress.yaml deleted file mode 100644 index a3244bde..00000000 --- a/charts/adminer/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "adminer.fullname" . -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "adminer.fullname" . }}-ingress - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "adminer.name" . | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} -{{- end }} diff --git a/charts/adminer/templates/istio/Gateway.yaml b/charts/adminer/templates/istio/Gateway.yaml new file mode 100644 index 00000000..5d01f71f --- /dev/null +++ b/charts/adminer/templates/istio/Gateway.yaml @@ -0,0 +1,36 @@ +{{- if .Capabilities.APIVersions.Has "networking.istio.io/v1beta1" }} +{{- if and .Values.istio.enabled .Values.istio.gateway.enabled }} +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + istio: {{ .Values.istio.ingressGateway }} + servers: + {{- range .Values.istio.gateway.servers }} + - port: + name: {{ .name }} + number: {{ .port }} + protocol: {{ .protocol }} + hosts: + - {{ $.Values.ingress.hostname | quote }} + {{- range $.Values.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} + {{- if and (eq .protocol "HTTPS") (or $.Values.ingress.tls $.Values.ingress.extraTls) }} + tls: + credentialName: {{ printf "%s-tls" $.Values.ingress.hostname }} + mode: SIMPLE + {{- end }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/istio/VirtualService.yaml b/charts/adminer/templates/istio/VirtualService.yaml new file mode 100644 index 00000000..eaefa8f0 --- /dev/null +++ b/charts/adminer/templates/istio/VirtualService.yaml @@ -0,0 +1,32 @@ +{{- if .Capabilities.APIVersions.Has "networking.istio.io/v1beta1" }} +{{- if and .Values.istio.enabled .Values.istio.virtualService.enabled (not .Values.istio.virtualService.existingVirtualService) }} +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + gateways: + - {{ include "common.names.fullname" . }} + {{- if .Values.ingress.hostname }} + hosts: + - {{ .Values.ingress.hostname | quote }} + {{- range $.Values.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} + http: + - route: + - destination: + host: {{ printf "%s.%s.svc.%s" (include "common.names.fullname" $) (include "common.names.namespace" $) .Values.istio.clusterName }} + port: + number: {{ .Values.service.ports.http }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/adminer/templates/istio/certificate.yaml b/charts/adminer/templates/istio/certificate.yaml deleted file mode 100644 index 5213d2d9..00000000 --- a/charts/adminer/templates/istio/certificate.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Certificate" }} -{{- if and .Values.istio.enabled .Values.istio.certificate.create }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Release.Name }}-cert - namespace: {{ .Values.istio.namespace }} - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "adminer.labels" . | nindent 4 }} -spec: - secretName: {{ include "istioCertificateSecret" . }} - issuerRef: - group: {{ .Values.istio.certificate.issuerRef.group }} - kind: {{ .Values.istio.certificate.issuerRef.kind }} - name: {{ .Values.istio.certificate.issuerRef.name }} - #name: letsencrypt-prd - privateKey: - algorithm: ECDSA - rotationPolicy: Always - size: 256 - subject: - countries: - - ID - organizations: - - {{ .Values.organization | quote }} - organizationalUnits: - - {{ .Release.Name | quote }} - localities: - - Asgard - provinces: - - Yggdrasil - dnsNames: - {{- if .Values.istio.hosts }} - {{- toYaml .Values.istio.hosts | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} ---- \ No newline at end of file diff --git a/charts/adminer/templates/istio/gateway.yaml b/charts/adminer/templates/istio/gateway.yaml deleted file mode 100644 index 76171319..00000000 --- a/charts/adminer/templates/istio/gateway.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "networking.istio.io/v1beta1/Gateway" }} -{{- if and .Values.istio.enabled .Values.istio.gateway.enabled }} -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: {{ .Release.Name }}-gateway - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "adminer.labels" . | nindent 4 }} -spec: - selector: - istio: {{ .Values.istio.gateway.ingressGateway }} - servers: - {{- range .Values.istio.gateway.servers }} - - port: - {{- with .port }} - number: {{ .number }} - name: {{ .name }} - protocol: {{ .protocol }} - {{- end }} - hosts: - {{- range $.Values.istio.hosts }} - - {{ . | quote }} - {{- end }} - {{- if .tls }} - tls: - {{- with .tls }} - credentialName: {{ include "istioCertificateSecret" $ }} - mode: {{ .mode }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} ---- \ No newline at end of file diff --git a/charts/adminer/templates/istio/virtualservice.yaml b/charts/adminer/templates/istio/virtualservice.yaml deleted file mode 100644 index c876d9e9..00000000 --- a/charts/adminer/templates/istio/virtualservice.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "networking.istio.io/v1beta1/VirtualService" }} -{{- if and .Values.istio.enabled .Values.istio.virtualService.enabled }} -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: {{ .Release.Name }} - {{- with .Values.commonAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "adminer.labels" . | nindent 4 }} - app.kubernetes.io/component: adminer -spec: - hosts: - {{- if .Values.istio.hosts }} - {{- toYaml .Values.istio.hosts | nindent 4 }} - {{- end }} - gateways: - - {{ .Release.Name }}-gateway - http: - - route: - - destination: - host: {{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local - port: - number: {{ .Values.service.ports.http }} -{{- end }} -{{- end }} ---- \ No newline at end of file diff --git a/charts/adminer/templates/service.yaml b/charts/adminer/templates/service.yaml deleted file mode 100644 index b6293e7f..00000000 --- a/charts/adminer/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "adminer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/name: {{ include "adminer.name" . }} - helm.sh/chart: {{ include "adminer.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.externalTrafficPolicy (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.ports.http }} - protocol: TCP - targetPort: 8080 - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (coalesce .Values.service.nodePorts.http .Values.service.nodePort)) }} - nodePort: {{ coalesce .Values.service.nodePorts.http .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - app.kubernetes.io/name: {{ include "adminer.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} ---- \ No newline at end of file diff --git a/charts/adminer/templates/serviceaccount.yaml b/charts/adminer/templates/serviceaccount.yaml deleted file mode 100644 index 92466986..00000000 --- a/charts/adminer/templates/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -################################ -## Adminer ServiceAccount -################################# -{{- if .Values.serviceAccount.create }} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ include "adminer.serviceAccountName" . }} - labels: - app.kubernetes.io/name: {{ include "adminer.name" . }} - helm.sh/chart: {{ include "adminer.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.labels }} - {{ toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.serviceAccount.annotations}} - annotations: - {{ toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/adminer/values-prod.yaml b/charts/adminer/values-prod.yaml deleted file mode 100644 index 6c2319aa..00000000 --- a/charts/adminer/values-prod.yaml +++ /dev/null @@ -1,18 +0,0 @@ -affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - preference: - matchExpressions: - - key: node-role.kubernetes.io/worker - operator: Exists - -istio: - enabled: true - hosts: - - "adminer.app.tazbiya.com" - -tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists \ No newline at end of file diff --git a/charts/adminer/values-test.yaml b/charts/adminer/values-test.yaml new file mode 100644 index 00000000..6a294218 --- /dev/null +++ b/charts/adminer/values-test.yaml @@ -0,0 +1,29 @@ +affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: node-role.kubernetes.io/worker + operator: Exists + +ingress: + enabled: true + hostname: adminer.dxm.nainggolan.id + extraHosts: + - name: macam.macam.com + - name: macam.macam.id + tls: true + selfSigned: true + +istio: + enabled: true + ingressGateway: ingress-app + +tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists diff --git a/charts/adminer/values.yaml b/charts/adminer/values.yaml index 3c1c6736..4a5f18d3 100644 --- a/charts/adminer/values.yaml +++ b/charts/adminer/values.yaml @@ -90,9 +90,26 @@ image: ## It turns BASH and/or NAMI debugging in the image ## debug: false -## @param architecture Adminer architecture (`standalone` or `replication`) -## -architecture: standalone + +auth: + ## @param auth.existingSecret An already existing secret containing auth info + ## e.g: + ## existingSecret: + ## name: mySecret + ## keyMapping: + ## client-user-password: myPasswordKey + ## + existingSecret: "" + ## @param auth.existingSecretPerPassword Override `existingSecret` and other secret values + ## e.g: + ## existingSecretPerPassword: + ## keyMapping: + ## clientUserPassword: ADMINER_ADMIN_PASSWORD + ## databasePassword: password + ## databasePassword: + ## name: adminer.pocwatt-adminer-cluster.credentials + ## + existingSecretPerPassword: {} configuration: "" ## @param existingConfigmap Name of existing ConfigMap with Adminer configuration @@ -122,7 +139,6 @@ config: plugins: "" design: "pepa-linha" externalserver: "" - port: 8080 base_url: "" service: @@ -145,10 +161,17 @@ service: ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" + ## @param service.ipFamilyPolicy Adminer Kubernetes service ipFamilyPolicy policy + ## + ipFamilyPolicy: SingleStack ## @param service.externalTrafficPolicy Enable client source IP preservation ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster + ## @param service.loadBalancerClass Enables to use a load balancer implementation other than the cloud provider default. + ## https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + ## + loadBalancerClass: "" ## @param service.loadBalancerSourceRanges Address that are allowed when Adminer service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## E.g. @@ -172,60 +195,148 @@ service: ## clientIP: ## timeoutSeconds: 300 sessionAffinityConfig: {} - -## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## Configure the ingress resource that allows you to access the Jenkins installation +## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: + ## @param ingress.enabled Enable ingress record generation for Jenkins + ## enabled: false - annotations: {} - tls: [] - hosts: [] + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: adminer.local + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.certManager Create a TLS secret for this ingress record using self-signed certificates generated by cert-manager + ## + certManager: + create: false + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: selfsigned-issuer + tlsAcme: true + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: adminer.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - adminer.local + ## secretName: adminer.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: adminer.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] -# kubectl create secret generic ca --from-file=ca.pem -# cat > login-ssl.php << EOF -# "/secrets/ca.pem")); -# EOF -# kubectl create configmap plugins-enabled --from-file=login-ssl.php -# volumeMounts: -# - name: ca -# mountPath: "/secrets/" -# readOnly: true -# - name: plugins-enabled -# mountPath: "/var/www/html/plugins-enabled/" -# readOnly: true - -# volumes: -# - name: ca -# secret: -# secretName: ca -# - name: plugins-enabled -# configMap: -# name: plugins-enabled - -# If the adminer stops heartbeating for 5 minutes (30*20s) kill the -# adminer and let Kubernetes restart it -livenessProbe: - initialDelaySeconds: 15 - timeoutSeconds: 30 - failureThreshold: 20 - periodSeconds: 30 - -readinessProbe: - initialDelaySeconds: 15 - timeoutSeconds: 30 - failureThreshold: 20 - periodSeconds: 30 +## @param containerPorts.http Adminer HTTP container port +## +containerPorts: + http: 8080 +## Adminer Pod security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable security context for Adminer pods +## @param podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem +## +podSecurityContext: + enabled: false + fsGroup: 101 + runAsUser: 101 +## Adminer container security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Adminer container securityContext +## @param containerSecurityContext.runAsUser User ID for the Adminer container +## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: false + capabilities: {} + runAsUser: 101 + runAsNonRoot: true -resources: - limits: - cpu: 2000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -237,17 +348,138 @@ resources: # requests: # cpu: 100m # memory: 128Mi +resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi +## Configure extra options for FreeRADIUS containers' liveness, readiness and startup probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 120 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 10 + successThreshold: 1 +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 60 + timeoutSeconds: 2 + failureThreshold: 3 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 +## @param customStartupProbe Override default startup probe for FreeRADIUS containers +## +customStartupProbe: {} +## @param customLivenessProbe Override default liveness probe for FreeRADIUS containers +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe for FreeRADIUS containers +## +customReadinessProbe: {} +## @param startupWaitOptions Override default builtin startup wait check options for FreeRADIUS containers +## `bitnami/mariadb` Docker image has built-in startup check mechanism, +## which periodically checks if FreeRADIUS service has started up and stops it +## if all checks have failed after X tries. Use these to control these checks. +## ref: https://github.com/bitnami/bitnami-docker-mariadb/pull/240 +## Example (with default options): +## startupWaitOptions: +## retries: 300 +## waitTime: 2 +## +startupWaitOptions: {} +## @param extraFlags FreeRADIUS additional command line flags +## Can be used to specify command line flags, for example: +## E.g. +## extraFlags: "--max-connect-errors=1000 --max_connections=155" +## +extraFlags: "" +## @param extraEnvVars Extra environment variables to be set on FreeRADIUS containers +## E.g. +## extraEnvVars: +## - name: TZ +## value: "Europe/Paris" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for FreeRADIUS containers +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for FreeRADIUS containers +## +extraEnvVarsSecret: "" + + +## @section RBAC parameter +# -# Create ServiceAccount +## Specifies whether a ServiceAccount should be created +## serviceAccount: - # Specifies whether a ServiceAccount should be created + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Adminer pods + ## create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the release name - name: ~ - - # Annotations to add to worker kubernetes service account. + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## annotations: {} +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Specify whether RBAC resources should be created and used + ## + create: false + ## @param rbac.rules Custom RBAC rules + ## Example: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] nodeSelector: {} @@ -257,34 +489,23 @@ affinity: {} istio: enabled: false - namespace: istio-system - hosts: - - "adminer.app.example.id" - - certificate: - create: true - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: selfsigned-issuer - existingSecret: ~ + clusterName: cluster.local + ingressGateway: ingressgateway + ingressNamespace: istio-ingress gateway: enabled: true - ingressGateway: ingressgateway servers: - - port: - number: 80 - name: http-adminer - protocol: HTTP - - port: - number: 443 - name: https-adminer - protocol: HTTPS - tls: - mode: SIMPLE + - name: http-adminer + port: 80 + protocol: HTTP + - name: https-adminer + port: 443 + protocol: HTTPS + existingGateway: ~ virtualService: enabled: true + existingVirtualService: ~ organization: Adminer \ No newline at end of file