From d4ca0ccea969375843bd6053ba11d2f3537e3aa9 Mon Sep 17 00:00:00 2001 From: Dustin Falgout Date: Mon, 18 May 2020 17:30:46 -0500 Subject: [PATCH] Add helm chart and accompanying docker image files. --- charts/cloud-server/Chart.yaml | 22 +- charts/cloud-server/README.md | 449 ---------------- charts/cloud-server/templates/NOTES.txt | 63 --- charts/cloud-server/templates/_helpers.tpl | 243 --------- .../cloud-server/templates/cloud-server.yml | 51 ++ charts/cloud-server/templates/deployment.yaml | 231 --------- .../templates/externaldb-secrets.yaml | 10 - charts/cloud-server/templates/ingress.yaml | 45 -- charts/cloud-server/templates/ingress.yml | 66 +++ charts/cloud-server/templates/pvc.yaml | 14 - charts/cloud-server/templates/secrets.yaml | 15 - .../templates/servicemonitor.yaml | 29 -- charts/cloud-server/templates/svc.yaml | 50 -- .../tests/test-mariadb-connection.yaml | 37 -- .../cloud-server/templates/tls-secrets.yaml | 13 - charts/cloud-server/values-production.yaml | 489 ------------------ charts/cloud-server/values.schema.json | 179 ------- charts/cloud-server/values.yaml | 484 ----------------- 18 files changed, 122 insertions(+), 2368 deletions(-) delete mode 100644 charts/cloud-server/README.md delete mode 100644 charts/cloud-server/templates/NOTES.txt delete mode 100644 charts/cloud-server/templates/_helpers.tpl create mode 100644 charts/cloud-server/templates/cloud-server.yml delete mode 100644 charts/cloud-server/templates/deployment.yaml delete mode 100644 charts/cloud-server/templates/externaldb-secrets.yaml delete mode 100644 charts/cloud-server/templates/ingress.yaml create mode 100644 charts/cloud-server/templates/ingress.yml delete mode 100644 charts/cloud-server/templates/pvc.yaml delete mode 100644 charts/cloud-server/templates/secrets.yaml delete mode 100644 charts/cloud-server/templates/servicemonitor.yaml delete mode 100644 charts/cloud-server/templates/svc.yaml delete mode 100644 charts/cloud-server/templates/tests/test-mariadb-connection.yaml delete mode 100644 charts/cloud-server/templates/tls-secrets.yaml delete mode 100644 charts/cloud-server/values-production.yaml delete mode 100644 charts/cloud-server/values.schema.json diff --git a/charts/cloud-server/Chart.yaml b/charts/cloud-server/Chart.yaml index 9b4d5a9..598406f 100644 --- a/charts/cloud-server/Chart.yaml +++ b/charts/cloud-server/Chart.yaml @@ -1,21 +1,9 @@ apiVersion: v2 appVersion: 0.0.1 -description: Web publishing platform for building blogs and websites. -engine: gotpl -home: http://www.wordpress.com/ +description: Elegant Themes Cloud Server icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png -keywords: -- wordpress -- cms -- blog -- http -- web -- application -- php maintainers: -- email: containers@bitnami.com - name: Bitnami -name: wordpress -sources: -- https://github.com/bitnami/bitnami-docker-wordpress -version: 0.0.1 + - email: dustin@elegantthemes.com + name: Elegant Themes +name: cloud-server +version: 0.0.2 diff --git a/charts/cloud-server/README.md b/charts/cloud-server/README.md deleted file mode 100644 index 389c579..0000000 --- a/charts/cloud-server/README.md +++ /dev/null @@ -1,449 +0,0 @@ -# WordPress - -[WordPress](https://wordpress.org/) is one of the most versatile open source content management systems on the market. A publishing platform for building blogs and websites. - -## TL;DR; - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wordpress -``` - -## Introduction - -This chart bootstraps a [WordPress](https://github.com/bitnami/bitnami-docker-wordpress) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the WordPress application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.11+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release bitnami/wordpress -``` - -The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -The following table lists the configurable parameters of the WordPress chart and their default values per section/component: - -### Global parameters - -| Parameter | Description | Default | -|-------------------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | - -### Common parameters - -| Parameter | Description | Default | -|-------------------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `nameOverride` | String to partially override wordpress.fullname | `nil` | -| `fullnameOverride` | String to fully override wordpress.fullname | `nil` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | - -### WordPress parameters - -| Parameter | Description | Default | -|-------------------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `image.registry` | WordPress image registry | `docker.io` | -| `image.repository` | WordPress image name | `bitnami/wordpress` | -| `image.tag` | WordPress image tag | `{TAG_NAME}` | -| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `wordpressSkipInstall` | Skip wizard installation | `false` | -| `wordpressUsername` | User of the application | `user` | -| `wordpressPassword` | Application password | _random 10 character long alphanumeric string_ | -| `wordpressEmail` | Admin email | `user@example.com` | -| `wordpressFirstName` | First name | `FirstName` | -| `wordpressLastName` | Last name | `LastName` | -| `wordpressBlogName` | Blog name | `User's Blog!` | -| `wordpressTablePrefix` | Table prefix | `wp_` | -| `wordpressScheme` | Scheme to generate application URLs [`http`, `https`] | `http` | -| `allowEmptyPassword` | Allow DB blank passwords | `true` | -| `allowOverrideNone` | Set Apache AllowOverride directive to None | `false` | -| `htaccessPersistenceEnabled` | Make `.htaccess` persistence so that it can be customized. [See](#disabling-htaccess) | `false` | -| `customHTAccessCM` | Configmap with custom wordpress-htaccess.conf directives | `nil` | -| `smtpHost` | SMTP host | `nil` | -| `smtpPort` | SMTP port | `nil` | -| `smtpUser` | SMTP user | `nil` | -| `smtpPassword` | SMTP password | `nil` | -| `smtpUsername` | User name for SMTP emails | `nil` | -| `smtpProtocol` | SMTP protocol [`tls`, `ssl`, `none`] | `nil` | -| `extraEnv` | Additional container environment variables | `[]` | -| `extraVolumeMounts` | Additional volume mounts | `[]` | -| `extraVolumes` | Additional volumes | `[]` | -| `sidecars` | Attach additional sidecar containers to the pod | `nil` | -| `replicaCount` | Number of WordPress Pods to run | `1` | -| `updateStrategy` | Set up update strategy | `RollingUpdate` | -| `schedulerName` | Name of the alternate scheduler | `nil` | -| `securityContext.enabled` | Enable security context for WordPress pods | `true` | -| `securityContext.fsGroup` | Group ID for the WordPress filesystem | `1001` | -| `securityContext.runAsUser` | User ID for the WordPress container | `1001` | -| `resources.limits` | The resources limits for the WordPress container | `{}` | -| `resources.requests` | The requested resources for the WordPress container | `{"memory": "512Mi", "cpu": "300m"}` | -| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `podAnnotations` | Pod annotations | `{}` (evaluated as a template) | -| `healthcheckHttps` | Use https for liveliness and readiness | `false` | -| `livenessProbe.enabled` | Enable/disable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `livenessProbeHeaders` | Headers to use for livenessProbe | `{}` | -| `readinessProbe.enabled` | Enable/disable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `readinessProbeHeaders` | Headers to use for readinessProbe | `{}` | -| `service.annotations` | Service annotations | `{}` (evaluated as a template) | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.httpsTargetPort` | Service Target HTTPS port | `https` | -| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` | -| `service.metricsPort` | Service Metrics port | `9117` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.nodePorts.https` | Kubernetes https node port | `""` | -| `service.nodePorts.metrics` | Kubernetes metrics node port | `""` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `nil` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Enable persistence using an existing PVC | `nil` | -| `persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request | `10Gi` | - -### Ingress parameters - -| Parameter | Description | Default | -|-------------------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource | `wordpress.local` | -| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) | -| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | -| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | - -### Database parameters - -| Parameter | Description | Default | -|-------------------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `mariadb.enabled` | Deploy MariaDB container(s) | `true` | -| `mariadb.rootUser.password` | MariaDB admin password | `nil` | -| `mariadb.db.name` | Database name to create | `bitnami_wordpress` | -| `mariadb.db.user` | Database user to create | `bn_wordpress` | -| `mariadb.db.password` | Password for the database | _random 10 character long alphanumeric string_ | -| `mariadb.replication.enabled` | MariaDB replication enabled | `false` | -| `mariadb.master.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.master.persistence.accessModes` | Database Persistent Volume Access Modes | `[ReadWriteOnce]` | -| `mariadb.master.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `externalDatabase.host` | Host of the external database | `localhost` | -| `externalDatabase.user` | Existing username in the external db | `bn_wordpress` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.database` | Name of the existing database | `bitnami_wordpress` | -| `externalDatabase.port` | Database port number | `3306` | - -### Metrics parameters - -| Parameter | Description | Default | -|-------------------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | -| `metrics.resources.limits` | The resources limits for the metrics exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the metrics exporter container | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace where servicemonitor resource should be created | `nil` | -| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | -| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | - -The above parameters map to the env variables defined in [bitnami/wordpress](http://github.com/bitnami/bitnami-docker-wordpress). For more information please refer to the [bitnami/wordpress](http://github.com/bitnami/bitnami-docker-wordpress) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set wordpressUsername=admin \ - --set wordpressPassword=password \ - --set mariadb.mariadbRootPassword=secretpassword \ - bitnami/wordpress -``` - -The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml bitnami/wordpress -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Set Apache AllowOverride directive to None: - -```diff -- allowOverrideNone: false -+ allowOverrideNone: true -``` - -- Number of WordPress Pods to run: - -```diff -- replicaCount: 1 -+ replicaCount: 3 -``` - -- Enable client source IP preservation: - -```diff -- service.externalTrafficPolicy: Cluster -+ service.externalTrafficPolicy: Local -``` - -- PVC Access Mode: - -```diff -- persistence.accessMode: ReadWriteOnce -+ ## To use the /admin portal and to ensure you can scale wordpress you need to provide a -+ ## ReadWriteMany PVC, if you dont have a provisioner for this type of storage -+ ## We recommend that you install the nfs provisioner and map it to a RWO volume -+ ## helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi -+ ## -+ persistence.accessMode: ReadWriteMany -``` - -- Start a side-car prometheus exporter: - -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -Note that [values-production.yaml](values-production.yaml) includes a replicaCount of 3, so there will be 3 WordPress pods. As a result, to use the "/admin" portal and to ensure you can scale wordpress you need to provide a ReadWriteMany PVC, if you don't have a provisioner for this type of storage, we recommend that you install the NFS provisioner chart (with the correct parameters, such as `persistence.enabled=true` and `persistence.size=10Gi`) and map it to a RWO volume. - -Then you can deploy WordPress chart using the proper parameters: - -```console -persistence.storageClass=nfs -mariadb.master.persistence.storageClass=nfs -``` - -### Sidecars - -If you have a need for additional containers to run within the same pod as WordPress (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, you can add extra port definitions using the `service.extraPorts` value: - -```yaml -service: -... - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -### Using an external database - -Sometimes you may want to have Wordpress connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example with the following parameters: - -```console -mariadb.enabled=false -externalDatabase.host=myexternalhost -externalDatabase.user=myuser -externalDatabase.password=mypassword -externalDatabase.database=mydatabase -externalDatabase.port=3306 -``` - -Note also if you disable MariaDB per above you MUST supply values for the `externalDatabase` connection. - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to serve your WordPress application. - -To enable ingress integration, please set `ingress.enabled` to `true` - -### Hosts - -Most likely you will only want to have one hostname that maps to this WordPress installation. If that's your case, the property `ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object is can be specified as an array. You can also use `ingress.extraTLS` to add the TLS configuration for extra hosts. - -For each host indicated at `ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about. - -Indicating TLS will cause WordPress to generate HTTPS URLs, and WordPress will be connected to at port 443. The actual TLS secret do not have to be generated by this chart. However, please note that if TLS is enabled, the ingress record will not work until this secret exists. - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. - -### TLS Secrets - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are three common use cases: - -- Helm generates/manages certificate secrets -- User generates/manages certificates separately -- An additional tool (like [kube-lego](https://kubeapps.com/charts/stable/kube-lego)) manages the secrets for the application - -In the first two cases, one will need a certificate and a key. We would expect them to look like this: - -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - -```console ------BEGIN CERTIFICATE----- -MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV -... -jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 ------END CERTIFICATE----- -``` - -- keys should look like: - -```console ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 -... -wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= ------END RSA PRIVATE KEY----- -``` - -If you are going to use Helm to manage the certificates, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. - -If you are going to manage TLS secrets outside of Helm, please know that you can create a TLS secret (named `wordpress.local-tls` for example). - -Please see [this example](https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls) for more information. - -### Ingress-terminated https - -In cases where HTTPS/TLS is terminated on the ingress, you may run into an issue where non-https liveness and readiness probes result in a 302 (redirect from HTTP to HTTPS) and are interpreted by Kubernetes as not-live/not-ready. (See [Kubernetes issue #47893 on GitHub](https://github.com/kubernetes/kubernetes/issues/47893) for further details about 302 _not_ being interpreted as "successful".) To work around this problem, use `livenessProbeHeaders` and `readinessProbeHeaders` to pass the same headers that your ingress would pass in order to get an HTTP 200 status result. For example (where the following is in a `--values`-referenced file): - -```yaml -livenessProbeHeaders: - - name: X-Forwarded-Proto - value: https -readinessProbeHeaders: - - name: X-Forwarded-Proto - value: https -``` - -Any number of name/value pairs may be specified; they are all copied into the liveness or readiness probe definition. - -### Disabling `.htaccess` - -For performance and security reasons, it is a good practice to configure Apache with `AllowOverride None`. Instead of using `.htaccess` files, Apache will load the same dircetives at boot time. These directives are located in `/opt/bitnami/wordpress/wordpress-htaccess.conf`. The container image includes by default these directives all of the default `.htaccess` files in WordPress (together with the default plugins). To enable this feature, install the chart with the following value: `allowOverrideNone=yes` - -However, some plugins may include `.htaccess` directives that will not be loaded when `AllowOverride` is set to `None`. A way to make them work would be to create your own `wordpress-htaccess.conf` file with all the required dircectives to make the plugin work. After creating it, then create a ConfigMap with it and install the chart with the correct parameters: - -```console -allowOverrideNone=true -customHTAccessCM=custom-htaccess -``` - -Also, some plugins permit editing the `.htaccess` and it might be needed to persit it in order to keep the changes, A way to make it work would be to set `htaccessPersistenceEnabled`. - -```console -allowOverrideNone=false -htaccessPersistenceEnabled=true -``` - -## Persistence - -The [Bitnami WordPress](https://github.com/bitnami/bitnami-docker-wordpress) image stores the WordPress data and configurations at the `/bitnami` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -## Upgrading - -### To 9.0.0 - -The [Bitnami WordPress](https://github.com/bitnami/bitnami-docker-wordpress) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `securityContext.runAsUser`, and `securityContext.fsGroup` to `root`. -Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- No writing permissions will be granted on `wp-config.php` by default. -- Backwards compatibility is not guaranteed. - -To upgrade to `9.0.0`, install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). - -### To 8.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pulls/12642 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to `3.0.0`. The following example assumes that the release name is `wordpress`: - -```console -kubectl patch deployment wordpress-wordpress --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -kubectl delete statefulset wordpress-mariadb --cascade=false -``` diff --git a/charts/cloud-server/templates/NOTES.txt b/charts/cloud-server/templates/NOTES.txt deleted file mode 100644 index e82017a..0000000 --- a/charts/cloud-server/templates/NOTES.txt +++ /dev/null @@ -1,63 +0,0 @@ -** Please be patient while the chart is being deployed ** - -To access your WordPress site from outside the cluster follow the steps below: - -{{- if .Values.ingress.enabled }} - -1. Get the WordPress URL and associate WordPress hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "WordPress URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} -{{- $port := .Values.service.port | toString }} - -1. Get the WordPress URL by running these commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "wordpress.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "WordPress URL: http://$NODE_IP:$NODE_PORT/" - echo "WordPress Admin URL: http://$NODE_IP:$NODE_PORT/admin" - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "wordpress.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "wordpress.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "WordPress URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - echo "WordPress Admin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/admin" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "wordpress.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & - echo "WordPress URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}//" - echo "WordPress Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}//admin" - -{{- end }} -{{- end }} - -2. Open a browser and access WordPress using the obtained URL. - -3. Login with the following credentials below to see your blog: - - echo Username: {{ .Values.wordpressUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "wordpress.fullname" . }} -o jsonpath="{.data.wordpress-password}" | base64 --decode) - -{{- if .Values.metrics.enabled }} - -You can access Apache Prometheus metrics following the steps below: - -1. Get the Apache Prometheus metrics URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "wordpress.fullname" . }} {{ .Values.service.metricsPort }}:{{ .Values.service.metricsPort }} & - echo "Apache Prometheus metrics URL: http://127.0.0.1:{{ .Values.service.metricsPort }}/metrics" - -2. Open a browser and access Apache Prometheus metrics using the obtained URL. - -{{- end }} - -{{- include "wordpress.checkRollingTags" . }} diff --git a/charts/cloud-server/templates/_helpers.tpl b/charts/cloud-server/templates/_helpers.tpl deleted file mode 100644 index 1549437..0000000 --- a/charts/cloud-server/templates/_helpers.tpl +++ /dev/null @@ -1,243 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "wordpress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "wordpress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "wordpress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "wordpress.labels" -}} -app.kubernetes.io/name: {{ include "wordpress.name" . }} -helm.sh/chart: {{ include "wordpress.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -io.cattle.field/appId: {{ include "wordpress.name" . }} -{{- end -}} - -{{/* -Labels to use on {deploy|sts}.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "wordpress.matchLabels" -}} -app.kubernetes.io/name: {{ include "wordpress.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Return the proper WordPress image name -*/}} -{{- define "wordpress.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wordpress.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "wordpress.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "wordpress.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "wordpress.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "wordpress.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "wordpress.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "wordpress.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "mariadb.fullname" .) -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "wordpress.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "wordpress.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.db.name -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "wordpress.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.db.user -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "wordpress.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "mariadb.fullname" .) -}} -{{- else -}} - {{- printf "%s-%s" .Release.Name "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "wordpress.checkRollingTags" -}} -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} -{{- end -}} diff --git a/charts/cloud-server/templates/cloud-server.yml b/charts/cloud-server/templates/cloud-server.yml new file mode 100644 index 0000000..6567408 --- /dev/null +++ b/charts/cloud-server/templates/cloud-server.yml @@ -0,0 +1,51 @@ +# Cloud Server Service +apiVersion: v1 +kind: Service +metadata: + name: cloud-server + namespace: cloud-server +spec: + selector: + app: cloud-server + ports: + - port: 9000 + targetPort: 9000 + name: fastcgi +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloud-server + namespace: cloud-server + labels: + app: cloud-server +spec: + replicas: 3 + selector: + matchLabels: + app: cloud-server + template: + metadata: + labels: + app: cloud-server + spec: + containers: + - name: cloud-server + image: elegantthemes/cloud-server:{{ .Chart.appVersion }} + ports: + - name: fastcgi + containerPort: 9000 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 600Mi + volumeMounts: + - name: workspace + mountPath: /workspace + volumes: + - name: workspace + emptyDir: {} diff --git a/charts/cloud-server/templates/deployment.yaml b/charts/cloud-server/templates/deployment.yaml deleted file mode 100644 index 5b12be5..0000000 --- a/charts/cloud-server/templates/deployment.yaml +++ /dev/null @@ -1,231 +0,0 @@ -apiVersion: {{ template "wordpress.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "wordpress.fullname" . }} - labels: {{- include "wordpress.labels" . | nindent 4 }} -spec: - selector: - matchLabels: {{- include "wordpress.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "wordpress.labels" . | nindent 8 }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "wordpress.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "wordpress.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: -{{- include "wordpress.imagePullSecrets" . | indent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "status.localhost" - {{- if .Values.affinity }} - affinity: {{- include "wordpress.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "wordpress.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "wordpress.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.initContainers }} - initContainers: {{- include "wordpress.tplValue" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wordpress - image: {{ template "wordpress.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - {{- if .Values.image.debug }} - - name: NAMI_DEBUG - value: "--log-level trace" - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: MARIADB_HOST - value: {{ include "wordpress.databaseHost" . | quote }} - - name: MARIADB_PORT_NUMBER - value: {{ include "wordpress.databasePort" . | quote }} - - name: WORDPRESS_DATABASE_NAME - value: {{ include "wordpress.databaseName" . | quote }} - - name: WORDPRESS_DATABASE_USER - value: {{ include "wordpress.databaseUser" . | quote }} - - name: WORDPRESS_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "wordpress.databaseSecretName" . }} - key: mariadb-password - - name: WORDPRESS_USERNAME - value: {{ .Values.wordpressUsername | quote }} - - name: WORDPRESS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "wordpress.fullname" . }} - key: wordpress-password - - name: WORDPRESS_EMAIL - value: {{ .Values.wordpressEmail | quote }} - - name: WORDPRESS_FIRST_NAME - value: {{ .Values.wordpressFirstName | quote }} - - name: WORDPRESS_LAST_NAME - value: {{ .Values.wordpressLastName | quote }} - - name: WORDPRESS_HTACCESS_OVERRIDE_NONE - value: {{ ternary "yes" "no" .Values.allowOverrideNone | quote }} - - name: WORDPRESS_HTACCESS_PERSISTENCE_ENABLED - value: {{ ternary "yes" "no" .Values.htaccessPersistenceEnabled | quote }} - - name: WORDPRESS_BLOG_NAME - value: {{ .Values.wordpressBlogName | quote }} - - name: WORDPRESS_SKIP_INSTALL - value: {{ ternary "yes" "no" .Values.wordpressSkipInstall | quote }} - - name: WORDPRESS_TABLE_PREFIX - value: {{ .Values.wordpressTablePrefix | quote }} - - name: WORDPRESS_SCHEME - value: {{ .Values.wordpressScheme | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "wordpress.fullname" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpUsername }} - - name: SMTP_USERNAME - value: {{ .Values.smtpUsername | quote }} - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "wordpress.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 8080 - - name: https - containerPort: 8443 - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - httpGet: - path: /wp-login.php - port: {{ ternary "https" "http" .Values.healthcheckHttps }} - {{- if .Values.healthcheckHttps }} - scheme: HTTPS - {{- end }} - {{- if .Values.livenessProbeHeaders }} - httpHeaders: {{- toYaml .Values.livenessProbeHeaders | nindent 16 }} - {{- end }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - httpGet: - path: /wp-login.php - port: {{ ternary "https" "http" .Values.healthcheckHttps }} - {{- if .Values.healthcheckHttps }} - scheme: HTTPS - {{- end }} - {{- if .Values.readinessProbeHeaders }} - httpHeaders: {{- toYaml .Values.readinessProbeHeaders | nindent 16 }} - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /bitnami/wordpress - name: wordpress-data - subPath: wordpress - {{- if and .Values.allowOverrideNone .Values.customHTAccessCM }} - - mountPath: /htaccess - name: custom-htaccess - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "wordpress.tplValue" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "wordpress.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: - - /bin/apache_exporter - - --scrape_uri - - http://status.localhost:8080/server-status/?auto - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "wordpress.tplValue" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if and .Values.allowOverrideNone .Values.customHTAccessCM }} - - name: custom-htaccess - configMap: - name: {{ template "wordpress.customHTAccessCM" . }} - items: - - key: wordpress-htaccess.conf - path: wordpress-htaccess.conf - {{- end }} - - name: wordpress-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "wordpress.fullname" .) }} - {{- else }} - emptyDir: {} - {{ end }} - {{- if .Values.extraVolumes }} - {{- include "wordpress.tplValue" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/charts/cloud-server/templates/externaldb-secrets.yaml b/charts/cloud-server/templates/externaldb-secrets.yaml deleted file mode 100644 index 355bd14..0000000 --- a/charts/cloud-server/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-%s" .Release.Name "externaldb" }} - labels: {{- include "wordpress.labels" . | nindent 4 }} -type: Opaque -data: - mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/charts/cloud-server/templates/ingress.yaml b/charts/cloud-server/templates/ingress.yaml deleted file mode 100644 index c6fa089..0000000 --- a/charts/cloud-server/templates/ingress.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ template "wordpress.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "wordpress.fullname" . }} - labels: {{- include "wordpress.labels" . | nindent 4 }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "wordpress.tplValue" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - - path: / - backend: - serviceName: {{ template "wordpress.fullname" . }} - servicePort: http - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - backend: - serviceName: {{ template "wordpress.fullname" $ }} - servicePort: http - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- toYaml .Values.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/cloud-server/templates/ingress.yml b/charts/cloud-server/templates/ingress.yml new file mode 100644 index 0000000..80efb1e --- /dev/null +++ b/charts/cloud-server/templates/ingress.yml @@ -0,0 +1,66 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-fcgi-params + namespace: cloud-server +data: + SCRIPT_FILENAME: $document_root$fastcgi_script_name + QUERY_STRING: $query_string + REQUEST_METHOD: $request_method + CONTENT_TYPE: $content_type + CONTENT_LENGTH: $content_length + SCRIPT_NAME: $fastcgi_script_name + REQUEST_URI: $request_uri + DOCUMENT_URI: $document_uri + DOCUMENT_ROOT: $document_root + SERVER_PROTOCOL: $server_protocol + REQUEST_SCHEME: $scheme + HTTPS: $https if_not_empty + GATEWAY_INTERFACE: CGI/1.1 + SERVER_SOFTWARE: nginx/$nginx_version + REMOTE_ADDR: $remote_addr + REMOTE_PORT: $remote_port + SERVER_ADDR: $server_addr + SERVER_PORT: $server_port + SERVER_NAME: $server_name + REDIRECT_STATUS: "200" + +--- + +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: cloud-server + namespace: cloud-server + annotations: + cert-manager.io/cluster-issuer: letsencrypt + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: FCGI + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/fastcgi-index: index.php + nginx.ingress.kubernetes.io/fastcgi-params-configmap: cloud-server/ingress-fcgi-params + nginx.ingress.kubernetes.io/limit-connections: "10" + nginx.ingress.kubernetes.io/limit-rps: "10" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + tls: + - hosts: + - cloud.staging.etdevs.com + secretName: cloud-server-tls + rules: + - host: cloud.staging.etdevs.com + http: + paths: + - path: ^(/api/[^/]+)?(/wp-.*) + backend: + serviceName: cloud-server + servicePort: fastcgi + - path: ^(/api/[^/]+)?(/.*\.php) + backend: + serviceName: cloud-server + servicePort: fastcgi + - path: /api(/|$)(.*) + backend: + serviceName: cloud-server + servicePort: fastcgi diff --git a/charts/cloud-server/templates/pvc.yaml b/charts/cloud-server/templates/pvc.yaml deleted file mode 100644 index 0398f9f..0000000 --- a/charts/cloud-server/templates/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "wordpress.fullname" . }} - labels: {{- include "wordpress.labels" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "wordpress.storageClass" . }} -{{- end }} diff --git a/charts/cloud-server/templates/secrets.yaml b/charts/cloud-server/templates/secrets.yaml deleted file mode 100644 index 6c1ad51..0000000 --- a/charts/cloud-server/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "wordpress.fullname" . }} - labels: {{- include "wordpress.labels" . | nindent 4 }} -type: Opaque -data: - {{- if .Values.wordpressPassword }} - wordpress-password: {{ .Values.wordpressPassword | b64enc | quote }} - {{- else }} - wordpress-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} diff --git a/charts/cloud-server/templates/servicemonitor.yaml b/charts/cloud-server/templates/servicemonitor.yaml deleted file mode 100644 index 53aa670..0000000 --- a/charts/cloud-server/templates/servicemonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "wordpress.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "wordpress.labels" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "wordpress.tplValue" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "wordpress.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/cloud-server/templates/svc.yaml b/charts/cloud-server/templates/svc.yaml deleted file mode 100644 index b7ea12b..0000000 --- a/charts/cloud-server/templates/svc.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "wordpress.fullname" . }} - labels: {{- include "wordpress.labels" . | nindent 4 }} - {{- if .Values.service.annotations }} - annotations: {{- include "wordpress.tplValue" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- with .Values.service.loadBalancerSourceRanges }} -{{ toYaml . | indent 4 }} - {{- end }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: {{ .Values.service.httpsTargetPort }} - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - port: {{ .Values.service.metricsPort }} - targetPort: metrics - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics))) }} - nodePort: {{ .Values.service.nodePorts.metrics }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "wordpress.tplValue" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "wordpress.matchLabels" . | nindent 4 }} diff --git a/charts/cloud-server/templates/tests/test-mariadb-connection.yaml b/charts/cloud-server/templates/tests/test-mariadb-connection.yaml deleted file mode 100644 index 52575e1..0000000 --- a/charts/cloud-server/templates/tests/test-mariadb-connection.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.mariadb.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-credentials-test" - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: {{ .Release.Name }}-credentials-test - image: {{ template "wordpress.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: MARIADB_HOST - value: {{ template "mariadb.fullname" . }} - - name: MARIADB_PORT - value: "3306" - - name: WORDPRESS_DATABASE_NAME - value: {{ default "" .Values.mariadb.db.name | quote }} - - name: WORDPRESS_DATABASE_USER - value: {{ default "" .Values.mariadb.db.user | quote }} - - name: WORDPRESS_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mariadb.fullname" . }} - key: mariadb-password - command: - - /bin/bash - - -ec - - | - mysql --host=$MARIADB_HOST --port=$MARIADB_PORT --user=$WORDPRESS_DATABASE_USER --password=$WORDPRESS_DATABASE_PASSWORD - restartPolicy: Never -{{- end }} diff --git a/charts/cloud-server/templates/tls-secrets.yaml b/charts/cloud-server/templates/tls-secrets.yaml deleted file mode 100644 index 7f2e15d..0000000 --- a/charts/cloud-server/templates/tls-secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "wordpress.labels" . | nindent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/cloud-server/values-production.yaml b/charts/cloud-server/values-production.yaml deleted file mode 100644 index 838c2cf..0000000 --- a/charts/cloud-server/values-production.yaml +++ /dev/null @@ -1,489 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami WordPress image version -## ref: https://hub.docker.com/r/bitnami/wordpress/tags/ -## -image: - registry: docker.io - repository: bitnami/wordpress - tag: 5.4.1-debian-10-r8 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## - debug: false - -## String to partially override wordpress.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override wordpress.fullname template -## -# fullnameOverride: - -## User of the application -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressUsername: user - -## Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -# wordpressPassword: - -## Admin email -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressEmail: user@example.com - -## First name -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressFirstName: FirstName - -## Last name -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressLastName: LastName - -## Blog name -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressBlogName: User's Blog! - -## Table prefix -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressTablePrefix: wp_ - -## Scheme to generate application URLs -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressScheme: http - -## Skip wizard installation (only if you use an external database that already contains WordPress data) -## ref: https://github.com/bitnami/bitnami-docker-wordpress#connect-wordpress-docker-container-to-an-existing-database -## -wordpressSkipInstall: false - -## Set up update strategy for wordpress installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -updateStrategy: - type: RollingUpdate - -## Set to `false` to allow the container to be started with blank passwords -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -allowEmptyPassword: true - -## Set Apache allowOverride to None -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -allowOverrideNone: true - -## Persist the custom changes of the htaccess. It depends on the value of -## `.Values.allowOverrideNone`, when `yes` it will persist `/opt/bitnami/wordpress/wordpress-htaccess.conf` -## if `no` it will persist `/opt/bitnami/wordpress/.htaccess` -## -htaccessPersistenceEnabled: false - -# ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) -customHTAccessCM: - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-wordpress/#smtp-configuration -## -# smtpHost: -# smtpPort: -# smtpUser: -# smtpPassword: -# smtpUsername: -# smtpProtocol: - -replicaCount: 3 - -## Additional container environment variables -## Example: Configure SSL for database -## extraEnv: -## - name: WORDPRESS_DATABASE_SSL_CA_FILE -## value: /path/to/ca_cert -## -extraEnv: [] - -## Additional volume mounts -## Example: Mount CA file -## extraVolumeMounts -## - name: ca-cert -## subPath: ca_cert -## mountPath: /path/to/ca_cert -extraVolumeMounts: [] - -## Additional volumes -## Example: Add secret volume -## extraVolumes: -## - name: ca-cert -## secret: -## secretName: ca-cert -## items: -## - key: ca-cert -## path: ca_cert -extraVolumes: [] - -## WordPress containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - limits: {} - requests: - memory: 512Mi - cpu: 300m - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} - -## Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## K8s Security Context for WordPress pods -## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Allow health checks to be pointed at the https port -healthcheckHttps: false - -## WordPress pod extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## If using an HTTPS-terminating load-balancer, the probes may need to behave -## like the balancer to prevent HTTP 302 responses. According to the Kubernetes -## docs, 302 should be considered "successful", but this issue on GitHub -## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. -## -# livenessProbeHeaders: -# - name: X-Forwarded-Proto -# value: https -# readinessProbeHeaders: -# - name: X-Forwarded-Proto -# value: https -livenessProbeHeaders: {} -readinessProbeHeaders: {} - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP -## -service: - type: LoadBalancer - ## HTTP Port - ## - port: 80 - ## HTTPS Port - ## - httpsPort: 443 - ## HTTPS Target Port - ## defaults to https unless overridden to the specified port. - ## if you want the target port to be "http" or "80" you can specify that here. - ## - httpsTargetPort: https - ## Metrics Port - ## - metricsPort: 9117 - ## Node Ports to expose - ## nodePorts: - ## http: - ## https: - ## metrics: - nodePorts: - http: "" - https: "" - metrics: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - annotations: {} - ## Limits which cidr blocks can connect to service's load balancer - ## Only valid if service.type: LoadBalancer - loadBalancerSourceRanges: [] - ## Extra ports to expose (normally used with the `sidecar` value) - # extraPorts: - -## Configure the ingress resource that allows you to access the -## WordPress installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## Set to true to enable ingress record generation - ## - enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - - ## When the ingress is enabled, a host pointing to this will be created - ## - hostname: wordpress.local - - ## Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - - ## The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: wordpress.local - ## path: / - - ## The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - wordpress.local - ## secretName: wordpress.local-tls - - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - secrets: [] - ## - name: wordpress.local-tls - ## key: - ## certificate: - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - ## wordpress data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## - ## To use the /admin portal and to ensure you can scale wordpress you need to provide a - ## ReadWriteMany PVC, if you dont have a provisioner for this type of storage - ## We recommend that you install the nfs provisioner and map it to a RWO volume - ## helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi - accessMode: ReadWriteMany - size: 10Gi - -## -## MariaDB chart configuration -## -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters - enabled: true - ## Disable MariaDB replication - replication: - enabled: false - - ## Create a database and a database user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - db: - name: bitnami_wordpress - user: bn_wordpress - ## If the password is not specified, mariadb will generates a random password - ## - # password: - - ## MariaDB admin password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run - ## - # rootUser: - # password: - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - master: - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - -## -## External Database Configuration -## -## All of these values are only used when mariadb.enabled is set to false -## -externalDatabase: - ## Database host - ## - host: localhost - - ## non-root Username for Wordpress Database - ## - user: bn_wordpress - - ## Database password - ## - password: "" - - ## Database name - ## - database: bitnami_wordpress - - ## Database port number - ## - port: 3306 - -## Prometheus Exporter / Metrics -## -metrics: - enabled: true - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.8.0-debian-10-r36 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Metrics exporter pod Annotation and Labels - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - - ## Metrics exporter containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - limits: {} - requests: {} - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - enabled: false - ## Specify the namespace in which the serviceMonitor resource will be created - # namespace: "" - ## Specify the interval at which metrics should be scraped - interval: 30s - ## Specify the timeout after which the scrape is ended - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} - -## Add sidecars to the pod. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -## Add init containers to the pod. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/wordpress/wp-conntent. Should work with extraVolumeMounts and extraVolumes'] -## -initContainers: {} diff --git a/charts/cloud-server/values.schema.json b/charts/cloud-server/values.schema.json deleted file mode 100644 index 1566f40..0000000 --- a/charts/cloud-server/values.schema.json +++ /dev/null @@ -1,179 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "wordpressUsername": { - "type": "string", - "title": "Username", - "form": true - }, - "wordpressPassword": { - "type": "string", - "title": "Password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "wordpressEmail": { - "type": "string", - "title": "Admin email", - "form": true - }, - "wordpressBlogName": { - "type": "string", - "title": "Blog Name", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "mariadb": { - "type": "object", - "title": "MariaDB Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Use a new MariaDB database hosted in the cluster", - "form": true, - "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details" - }, - "master": { - "type": "object", - "properties": { - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Volume Size", - "form": true, - "hidden": { - "condition": false, - "value": "mariadb.enabled" - }, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - } - } - } - } - }, - "externalDatabase": { - "type": "object", - "title": "External Database Details", - "description": "If MariaDB is disabled. Use this section to specify the external database details", - "form": true, - "properties": { - "host": { - "type": "string", - "form": true, - "title": "Database Host", - "hidden": "mariadb.enabled" - }, - "user": { - "type": "string", - "form": true, - "title": "Database Username", - "hidden": "mariadb.enabled" - }, - "password": { - "type": "string", - "form": true, - "title": "Database Password", - "hidden": "mariadb.enabled" - }, - "database": { - "type": "string", - "form": true, - "title": "Database Name", - "hidden": "mariadb.enabled" - }, - "port": { - "type": "integer", - "form": true, - "title": "Database Port", - "hidden": "mariadb.enabled" - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress Details", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the WordPress installation." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "condition": false, - "value": "ingress.enabled" - } - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Metrics", - "description": "Prometheus Exporter / Metrics", - "form": true - } - } - } - } -} diff --git a/charts/cloud-server/values.yaml b/charts/cloud-server/values.yaml index 3370e90..e69de29 100644 --- a/charts/cloud-server/values.yaml +++ b/charts/cloud-server/values.yaml @@ -1,484 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami WordPress image version -## ref: https://hub.docker.com/r/bitnami/wordpress/tags/ -## -image: - registry: docker.io - repository: bitnami/wordpress - tag: 5.4.1-debian-10-r8 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## - debug: false - -## String to partially override wordpress.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override wordpress.fullname template -## -# fullnameOverride: - -## User of the application -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressUsername: user - -## Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -# wordpressPassword: - -## Admin email -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressEmail: user@example.com - -## First name -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressFirstName: FirstName - -## Last name -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressLastName: LastName - -## Blog name -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressBlogName: User's Blog! - -## Table prefix -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressTablePrefix: wp_ - -## Scheme to generate application URLs -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -wordpressScheme: http - -## Skip wizard installation (only if you use an external database that already contains WordPress data) -## ref: https://github.com/bitnami/bitnami-docker-wordpress#connect-wordpress-docker-container-to-an-existing-database -## -wordpressSkipInstall: false - -## Set up update strategy for wordpress installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -updateStrategy: - type: RollingUpdate - -## Set to `false` to allow the container to be started with blank passwords -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -allowEmptyPassword: true - -## Set Apache allowOverride to None -## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables -## -allowOverrideNone: false - -## Persist the custom changes of the htaccess. It depends on the value of -## `.Values.allowOverrideNone`, when `yes` it will persist `/opt/bitnami/wordpress/wordpress-htaccess.conf` -## if `no` it will persist `/opt/bitnami/wordpress/.htaccess` -## -htaccessPersistenceEnabled: false - -# ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) -customHTAccessCM: - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-wordpress/#smtp-configuration -## -# smtpHost: -# smtpPort: -# smtpUser: -# smtpPassword: -# smtpUsername: -# smtpProtocol: - -replicaCount: 1 - -## Additional container environment variables -## Example: Configure SSL for database -## extraEnv: -## - name: WORDPRESS_DATABASE_SSL_CA_FILE -## value: /path/to/ca_cert -## -extraEnv: [] - -## Additional volume mounts -## Example: Mount CA file -## extraVolumeMounts -## - name: ca-cert -## subPath: ca_cert -## mountPath: /path/to/ca_cert -extraVolumeMounts: [] - -## Additional volumes -## Example: Add secret volume -## extraVolumes: -## - name: ca-cert -## secret: -## secretName: ca-cert -## items: -## - key: ca-cert -## path: ca_cert -extraVolumes: [] - -## WordPress containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - limits: {} - requests: - memory: 512Mi - cpu: 300m - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} - -## Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## K8s Security Context for WordPress pods -## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Allow health checks to be pointed at the https port -healthcheckHttps: false - -## WordPress pod extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## If using an HTTPS-terminating load-balancer, the probes may need to behave -## like the balancer to prevent HTTP 302 responses. According to the Kubernetes -## docs, 302 should be considered "successful", but this issue on GitHub -## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. -## -# livenessProbeHeaders: -# - name: X-Forwarded-Proto -# value: https -# readinessProbeHeaders: -# - name: X-Forwarded-Proto -# value: https -livenessProbeHeaders: {} -readinessProbeHeaders: {} - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP -## -service: - type: LoadBalancer - ## HTTP Port - ## - port: 80 - ## HTTPS Port - ## - httpsPort: 443 - ## HTTPS Target Port - ## defaults to https unless overridden to the specified port. - ## if you want the target port to be "http" or "80" you can specify that here. - ## - httpsTargetPort: https - ## Metrics Port - ## - metricsPort: 9117 - ## Node Ports to expose - ## nodePorts: - ## http: - ## https: - ## metrics: - nodePorts: - http: "" - https: "" - metrics: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - annotations: {} - ## Limits which cidr blocks can connect to service's load balancer - ## Only valid if service.type: LoadBalancer - loadBalancerSourceRanges: [] - ## Extra ports to expose (normally used with the `sidecar` value) - # extraPorts: - -## Configure the ingress resource that allows you to access the -## WordPress installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## Set to true to enable ingress record generation - ## - enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - - ## When the ingress is enabled, a host pointing to this will be created - ## - hostname: wordpress.local - - ## Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - - ## The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: wordpress.local - ## path: / - - ## The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - wordpress.local - ## secretName: wordpress.local-tls - - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - secrets: [] - ## - name: wordpress.local-tls - ## key: - ## certificate: - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - ## wordpress data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - accessMode: ReadWriteOnce - size: 10Gi - -## -## MariaDB chart configuration -## -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters - enabled: true - ## Disable MariaDB replication - replication: - enabled: false - - ## Create a database and a database user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - db: - name: bitnami_wordpress - user: bn_wordpress - ## If the password is not specified, mariadb will generates a random password - ## - # password: - - ## MariaDB admin password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run - ## - # rootUser: - # password: - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - master: - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - -## -## External Database Configuration -## -## All of these values are only used when mariadb.enabled is set to false -## -externalDatabase: - ## Database host - ## - host: localhost - - ## non-root Username for Wordpress Database - ## - user: bn_wordpress - - ## Database password - ## - password: "" - - ## Database name - ## - database: bitnami_wordpress - - ## Database port number - ## - port: 3306 - -## Prometheus Exporter / Metrics -## -metrics: - enabled: false - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.8.0-debian-10-r36 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Metrics exporter pod Annotation and Labels - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - - ## Metrics exporter containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - limits: {} - requests: {} - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - enabled: false - ## Specify the namespace in which the serviceMonitor resource will be created - # namespace: "" - ## Specify the interval at which metrics should be scraped - interval: 30s - ## Specify the timeout after which the scrape is ended - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} - -## Add sidecars to the pod. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -## Add init containers to the pod. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/wordpress/wp-conntent. Should work with extraVolumeMounts and extraVolumes'] -## -initContainers: {}