Commit eaef42c3 authored by Tim's avatar Tim

Initial commit

parents
Pipeline #89 failed with stages
*/charts
requirements.lock
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v1
appVersion: "2.15"
description: A Helm chart for Kubernetes
name: mautic
version: 0.1.0
dependencies:
- name: mysql
version: 1.0.0
repository: https://chartmuseum.indie.host
condition: mysql.deploy
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mautic.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "mautic.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mautic.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mautic.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
namespace={{ .Release.Namespace }}
release={{ .Release.Name }}
pushd $(mktemp -d)
# Args pattern, length
function gen_random(){
head -c 4096 /dev/urandom | LC_CTYPE=C tr -cd $1 | head -c $2
}
# Args: secretname, args
function generate_secret_if_needed(){
secret_args=( "${@:2}")
secret_name=$1
if ! $(kubectl --namespace=$namespace get secret $secret_name > /dev/null 2>&1); then
kubectl --namespace=$namespace create secret generic $secret_name ${secret_args[@]}
else
echo "secret \"$secret_name\" already exists"
fi;
kubectl --namespace=$namespace label \
--overwrite \
secret $secret_name {{ include "mautic.standardLabels" . | replace ": " "=" | replace "\n" " " }}
}
generate_secret_if_needed $release --from-literal=mysql-password=$(gen_random 'a-zA-Z0-9' 64) --from-literal=mysql-root-password=$(gen_random 'a-zA-Z0-9' 64) --from-literal=secret=$(gen_random 'a-zA-Z0-9' 64)
{{/* vim: set filetype=mustache: */}}
{{- define "mautic.standardLabels" -}}
app.kubernetes.io/name: {{ include "mautic.name" . }}
helm.sh/chart: {{ include "mautic.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "mautic.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mautic.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "mautic.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name for the password secret key.
*/}}
{{- define "mautic.ingress.tls" -}}
{{- if .Values.ingress.tls -}}
{{- .Values.ingress.tls -}}
{{- else -}}
{{ .Release.Name }}-tls
{{- end -}}
{{- end -}}
{{/*
Create the name for the database secret.
*/}}
{{- define "mautic.secretName" -}}
{{- if .Values.secret.deploy -}}
{{- default .Release.Name .Values.secret.name -}}
{{- else -}}
{{- .Values.secret.name -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified job name.
Due to the job only being allowed to run once, we add the chart revision so helm
upgrades don't cause errors trying to create the already ran job.
Due to the helm delete not cleaning up these jobs, we add a randome value to
reduce collision
*/}}
{{- define "mautic.secrets.jobname" -}}
{{- $name := include "mautic.fullname" . | trunc 55 | trimSuffix "-" -}}
{{- $rand := randAlphaNum 3 | lower }}
{{- printf "%s.%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mautic.secrets.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default "secrets" .Values.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name .Chart.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "stash.name" -}}
{{- default "stash" .Values.stash.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "stash.fullname" -}}
{{- if .Values.stash.fullnameOverride -}}
{{- .Values.stash.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default "stash" .Values.stash.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name .Chart.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create secret name for stash
*/}}
{{- define "stash.secret.name" -}}
{{- if .Values.stash.secret.deploy -}}
{{ include "stash.fullname" . }}
{{- else }}
{{- .Values.global.stash.secret.name -}}
{{- end -}}
{{- end -}}
{{- if .Values.secrets.deploy -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "mautic.secrets.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-3"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
data:
generate-secrets: |
{{ include (print $.Template.BasePath "/_generate_secrets.tpl") . | indent 4 }}
{{- end }}
apiVersion: apps/v1
metadata:
name: {{ include "mautic.fullname" . }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "mautic.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "mautic.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
initContainers:
- name: wait-for-mysql
image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
imagePullPolicy: {{ .Values.init.image.pullPolicy }}
command:
- sh
- -c
- |
until printf "." && nc -z -w 2 {{ .Release.Name }}-mysql {{ .Values.mysql.service.port }}; do
sleep 2;
done;
echo 'mysql OK ✓'
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: MAUTIC_DB_HOST
value: {{ template "mysql.fullname" . }}
- name: MAUTIC_DB_USER
value: {{ .Values.global.mysql.mysqlUser | quote }}
- name: MAUTIC_DB_NAME
value: {{ .Values.global.mysql.mysqlDatabase | quote }}
- name: MAUTIC_DB_PORT
value: {{ .Values.mysql.service.port | quote }}
- name: MAUTIC_DB_VERSION
value: {{ .Values.mysqlVersion | quote }}
- name: MAUTIC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}
key: mysql-password
- name: MAILER_FROM_EMAIL
value: {{ .Values.mailer.email | quote }}
- name: MAILER_FROM_NAME
value: {{ .Values.mailer.name | quote }}
- name: MAILER_TRANSPORT
value: {{ .Values.mailer.transport | quote }}
- name: MAILER_HOST
value: {{ .Values.mailer.host | quote }}
- name: MAILER_PORT
value: {{ .Values.mailer.port | quote }}
- name: MAILER_PASSWORD
value: {{ .Values.mailer.password | quote }}
- name: MAILER_ENCRYPTION
value: {{ .Values.mailer.encryption | quote}}
- name: MAILER_AUTH_MODE
value: {{ .Values.mailer.authMode | quote }}
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}
key: mautic-secret
- name: MAUTIC_URL
value: {{ .Values.ingress.host | quote }}
- name: MAUTIC_TRUSTED_PROXIES
value: {{ .Values.trustedProxies | quote }}
volumeMounts:
- mountPath: /data
name: data
subPath: data
resources:
{{ toYaml .Values.resources | indent 12 }}
- name: web
image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}"
imagePullPolicy: {{ .Values.web.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "mautic.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.ingress.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "mautic.fullname" . }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ template "mautic.ingress.tls" . }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.path }}
backend:
serviceName: {{ template "mautic.fullname" . }}
servicePort: http
{{- end }}
{{- if .Values.secrets.deploy }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "mautic.secrets.jobname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
metadata:
labels:
app: {{ template "mautic.name" . }}
release: {{ .Release.Name }}
spec:
{{ with .Values.securityContext }}
securityContext:
runAsUser: {{ .runAsUser }}
fsGroup: {{ .fsGroup }}
{{ end }}
{{- if .Values.rbac.create }}
serviceAccountName: {{ template "mautic.secrets.fullname" . }}
{{- end }}
restartPolicy: Never
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.secrets.image.repository }}:{{ .Values.secrets.image.tag }}"
command: ['/bin/bash', '/scripts/generate-secrets']
imagePullPolicy: {{ .Values.secrets.image.pullPolicy }}
volumeMounts:
- name: scripts
mountPath: /scripts
resources:
{{ toYaml .Values.resources | indent 12 }}
volumes:
- name: scripts
configMap:
name: {{ template "mautic.secrets.fullname" . }}
{{- end }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "mautic.fullname" . }}
labels:
app: {{ template "mautic.name" . }}
chart: {{ template "mautic.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessModes | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
apiVersion: stash.appscode.com/v1alpha1
kind: Restic
metadata:
name: {{ template "mautic.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
spec:
selector:
matchLabels:
app: {{ template "mautic.name" . }}
release: {{ .Release.Name }}
fileGroups:
- path: /data
retentionPolicyName: {{ coalesce .Values.stash.retention.name .Values.global.stash.retention.name | quote }}
tags:
- data
backend:
s3:
endpoint: {{ coalesce .Values.stash.endpoint .Values.global.stash.endpoint | quote }}
bucket: {{ coalesce .Values.stash.bucket .Values.global.stash.bucket | default .Release.Name | quote }}
prefix: app
storageSecretName: {{ include "stash.secret.name" . }}
schedule: {{ coalesce .Values.stash.schedule .Values.global.stash.schedule | quote }}
volumeMounts:
- mountPath: /data
name: data
subPath: data
retentionPolicies:
- name: {{ coalesce .Values.stash.retention.name .Values.global.stash.retention.name | quote }}
keepLast: {{ coalesce .Values.stash.retention.keepLast .Values.global.stash.retention.keepLast }}
prune: {{ coalesce .Values.stash.retention.prune .Values.global.stash.retention.prune }}
{{- if .Values.secrets.genpass }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "mautic.secrets.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "mautic.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "mautic.secrets.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "mautic.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "mautic.secrets.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "mautic.secrets.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.secrets.deploy }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "mautic.secrets.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "mautic.fullname" . }}
labels:
{{ include "mautic.standardLabels" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "mautic.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
# Default values for nextcloud.
replicaCount: 1
fullnameOverride:
image:
repository: indiehosters/mautic
tag: 12.5
pullPolicy: IfNotPresent
init:
image:
repository: alpine
tag: 3.8
pullPolicy: IfNotPresent
secrets:
deploy: true
image:
repository: registry.gitlab.com/gitlab-org/build/cng/kubectl
tag: 1f8690f03f7aeef27e727396927ab3cc96ac89e7
repository: alpine
web:
image:
repository: indiehosters/mautic-web
tag: 12.5
pullPolicy: IfNotPresent
rbac:
create: true
global:
mysql:
# mysqlRootPassword:
mysqlUser: mautic
# mysqlPassword:
mysqlDatabase: mautic
stash:
endpoint: minio.example.com
schedule: "30 1 * * *"
retention:
name: keep-last-5
keepLast: 5
prune: true
secret:
deploy: false
name: stash-secret
mysqlVersion: 5.6.42
mailer:
name:
email:
password:
encryption:
host:
port:
authMode:
transport:
service:
type: ClusterIP
port: 80
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
path: /
host: mautic.example.com
## default to releaseName-tls
# tls: nextcloud-example-com-tls
persistence:
annotations: {}
enabled: true
accessModes: ReadWriteOnce
size: 8Gi
storageClass: rbd
# existingClaim: existing-pvc
mysql:
deploy: true
secret:
deploy: false
dump:
maxBackups: 1
cronTime: "20 1 * * *"
stash:
# s3/minio bucket name, default to release name
# bucket:
endpoint:
schedule: "30 1 * * *"
retention:
name:
keepLast:
prune:
secret:
deploy: false
# awsSecretAccessKey: secret
# awsAccessKeyID: secret
# resticPassword: secret
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment