github-personal/databunker
1
0
Fork 0
mirror of https://github.com/outbackdingo/databunker.git synced 2026-01-27 10:18:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

use magento as an example

Browse Source
This commit is contained in:
stremovsky
2021-12-22 12:46:09 +02:00
parent 80efeef8f5
commit f2e0acdd6d
11 changed files with 801 additions and 408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
charts/databunker/templates/NOTES.txt
View File

@@ -2,49 +2,74 @@ CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
** Please be patient while the chart is being deployed **
1. Get the Databunker URL:
{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
{{- if .Values.ingress.enabled }}
{{- if empty (include "databunker.host" .) -}}
###############################################################################
### ERROR: You did not provide an external host in your 'helm install' call ###
###############################################################################
You should be able to access your new Databunker installation through
This deployment will be incomplete until you configure Databunker with a resolvable
host. To configure Databunker with the URL of your service:
http://{{- .Values.ingress.hostname }}/
1. Get the Databunker URL by running:
{{- else if eq .Values.service.type "LoadBalancer" }}
{{- if eq .Values.service.type "NodePort" }}
export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}")
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
{{- else if eq .Values.service.type "LoadBalancer" }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.secretName" . }} -o jsonpath="{.data.databunker-password}" | base64 --decode)
export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
{{- end }}
export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.databaseSecretName" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode)
{{- $port:=.Values.service.port | toString }}
echo "Databunker URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/"
2. Complete your Databunker deployment by running:
{{- else if eq .Values.service.type "ClusterIP" }}
{{- if .Values.mariadb.enabled }}
echo "Databunker URL: http://127.0.0.1:8080/"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }}
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \
--set databunkerHost=$APP_HOST,databunkerPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- else }}
## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \
--set databunkerPassword=$APP_PASSWORD,databunkerHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- end }}
{{- if eq .Values.service.type "NodePort" }}
{{- else -}}
1. Get the Databunker URL by running:
Or running:
{{- if eq .Values.service.type "ClusterIP" }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "Databunker URL: http://$NODE_IP:$NODE_PORT/"
echo "Store URL: http{{ if .Values.databunkerUseHttps }}s{{ end }}://127.0.0.1:8080/"
echo "Admin URL: http{{ if .Values.databunkerUseSecureAdmin }}s{{ end }}://127.0.0.1:8080/{{ .Values.databunkerAdminUri }}"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }}
{{- else }}
{{- $port:=.Values.service.port | toString }}
{{- $httpsPort:=.Values.service.httpsPort | toString }}
echo "Store URL: http{{ if .Values.databunkerUseHttps }}s{{ end }}://{{ include "databunker.host" . }}{{ if not (or (and (eq $port "80") (not .Values.databunkerUseHttps)) (and (eq $httpsPort "443") (.Values.databunkerUseHttps))) }}:{{ if .Values.databunkerUseHttps }}{{ .Values.service.httpsPort }}{{ else }}{{ .Values.service.port }}{{ end }}{{ end }}/"
echo "Admin URL: http{{ if .Values.databunkerUseSecureAdmin }}s{{ end }}://{{ include "databunker.host" . }}{{ if not (or (and (eq $port "80") (not .Values.databunkerUseSecureAdmin)) (and (eq $httpsPort "443") (.Values.databunkerUseSecureAdmin))) }}:{{ if .Values.databunkerUseSecureAdmin }}{{ .Values.service.httpsPort }}{{ else }}{{ .Values.service.port }}{{ end }}{{ end }}/{{ .Values.databunkerAdminUri }}"
{{- end }}
2. Get your Databunker login credentials by running:
echo Masterkey: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.secretName" . }} -o jsonpath="{.data.databunker-masterkey}" | base64 --decode)
echo Roottoken: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.secretName" . }} -o jsonpath="{.data.databunker-roottoken}" | base64 --decode)
echo Username : {{ .Values.databunkerUsername }}
echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.secretName" . }} -o jsonpath="{.data.databunker-password}" | base64 --decode)
{{- end }}
{{- else -}}
@@ -54,16 +79,26 @@ APP VERSION: {{ .Chart.AppVersion }}
This deployment will be incomplete until you configure Databunker with a resolvable database
host. To configure Databunker to use and external database host:
1. Complete your Databunker deployment by running:
{{- if eq .Values.service.type "NodePort" }}
export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
{{- else if eq .Values.service.type "LoadBalancer" }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
{{- else }}
export APP_HOST=127.0.0.1
{{- end }}
export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "databunker.secretName" . }} -o jsonpath="{.data.databunker-password}" | base64 --decode)
## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \
--set databunkerPassword=$APP_PASSWORD,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
--set databunkerPassword=$APP_PASSWORD,databunkerHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}

124
charts/databunker/templates/_certificates.tpl Normal file
View File

@@ -0,0 +1,124 @@
{{/* Templates for certificates injection */}}
{{/*
Return the proper image name used for setting up Certificates
*/}}
{{- define "certificates.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.certificates.image "global" .Values.global) }}
{{- end -}}
{{- define "certificates.initContainer" -}}
{{- if .Values.certificates.customCAs }}
- name: certificates
image: {{ include "certificates.image" . }}
imagePullPolicy: {{ .Values.certificates.image.pullPolicy }}
{{- if .Values.image.pullSecrets}}
imagePullSecrets:
{{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
- name: {{ . }}
{{- end }}
{{- end }}
command:
{{- if .Values.certificates.command }}
{{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 4 }}
{{- else if .Values.certificates.customCertificate.certificateSecret }}
- sh
- -c
- install_packages ca-certificates openssl
{{- else }}
- sh
- -c
- install_packages ca-certificates openssl
&& openssl req -new -x509 -days 3650 -nodes -sha256
-subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
-out {{ .Values.certificates.customCertificate.certificateLocation }}
-keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req
&& chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.certificates.customCertificate.keyLocation }}
{{- end }}
{{- if .Values.certificates.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.certificates.extraEnvVars }}
env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 4 }}
{{- end }}
envFrom:
{{- if .Values.certificates.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.certificates.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }}
{{- end }}
volumeMounts:
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
{{- end }}
{{- define "certificates.volumes" -}}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
emptyDir:
medium: "Memory"
- name: etc-ssl-private
emptyDir:
medium: "Memory"
- name: custom-ca-certificates
projected:
defaultMode: 0400
sources:
{{- range $index, $customCA := .Values.certificates.customCAs }}
- secret:
name: {{ $customCA.secret }}
# items not specified, will mount all keys
{{- end }}
{{- end -}}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
secret:
secretName: {{ .Values.certificates.customCertificate.certificateSecret }}
{{- if .Values.certificates.customCertificate.chainSecret }}
- name: custom-certificate-chain
secret:
secretName: {{ .Values.certificates.customCertificate.chainSecret.name }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "certificates.volumeMounts" -}}
{{- if .Values.certificates.customCAs }}
- name: etc-ssl-certs
mountPath: /etc/ssl/certs/
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private/
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end -}}
{{- if .Values.certificates.customCertificate.certificateSecret }}
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.certificateLocation }}
subPath: tls.crt
readOnly: true
- name: custom-certificate
mountPath: {{ .Values.certificates.customCertificate.keyLocation }}
subPath: tls.key
readOnly: true
{{- if .Values.certificates.customCertificate.chainSecret }}
- name: custom-certificate-chain
mountPath: {{ .Values.certificates.customCertificate.chainLocation }}
subPath: {{ .Values.certificates.customCertificate.chainSecret.key }}
readOnly: true
{{- end }}
{{- end -}}
{{- end -}}

35
charts/databunker/templates/_helpers.tpl
View File

@@ -6,6 +6,41 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "databunker.elasticsearch.fullname" -}}
{{- printf "%s-%s-coordinating-only" .Release.Name "elasticsearch" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Get the user defined LoadBalancerIP for this release.
Note, returns 127.0.0.1 if using ClusterIP.
*/}}
{{- define "databunker.serviceIP" -}}
{{- if eq .Values.service.type "ClusterIP" -}}
127.0.0.1
{{- else -}}
{{- .Values.service.loadBalancerIP | default "" -}}
{{- end -}}
{{- end -}}
{{/*
Gets the host to be used for this application.
If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty.
When using Ingress, it will be set to the Ingress hostname.
*/}}
{{- define "databunker.host" -}}
{{- if .Values.ingress.enabled }}
{{- $host := .Values.ingress.hostname | default "" -}}
{{- default (include "databunker.serviceIP" .) $host -}}
{{- else -}}
{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}}
{{- default (include "databunker.serviceIP" .) $host -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper certificate image name
*/}}

83
charts/databunker/templates/deployment.yaml
View File

@@ -1,7 +1,9 @@
{{- if (or .Values.mariadb.enabled .Values.externalDatabase.host) -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -13,7 +15,7 @@ spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
{{- end }}
replicas: {{ .Values.replicaCount }}
template:
@@ -79,54 +81,7 @@ spec:
- name: databunker-data
mountPath: /bitnami/databunker
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: certificates
image: {{ template "certificates.image" . }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }}
imagePullSecrets:
{{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
- name: {{ . }}
{{- end }}
command:
{{- if .Values.certificates.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }}
{{- else if .Values.certificates.customCertificate.certificateSecret }}
- sh
- -c
- install_packages ca-certificates openssl
{{- else }}
- sh
- -c
- install_packages ca-certificates openssl
&& openssl req -new -x509 -days 3650 -nodes -sha256
-subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
-out /etc/ssl/certs/ssl-cert-snakeoil.pem
-keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req
{{- end }}
{{- if .Values.certificates.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }}
{{- end }}
env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }}
envFrom:
{{- if .Values.certificates.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.certificates.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }}
{{- end }}
volumeMounts:
- name: etc-ssl-certs
mountPath: /etc/ssl/certs
readOnly: false
- name: etc-ssl-private
mountPath: /etc/ssl/private
readOnly: false
- name: custom-ca-certificates
mountPath: /usr/local/share/ca-certificates
readOnly: true
{{- end }}
{{- include "certificates.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.names.fullname" . }}
image: {{ template "databunker.image" . }}
@@ -193,6 +148,12 @@ spec:
- name: SMTP_PROTOCOL
value: {{ .Values.smtpProtocol | quote }}
{{- end }}
{{- if .Values.certificates.customCAs }}
- name: SSL_CERTIFICATE
value: {{ .Values.certificates.customCertificate.certificateLocation }}
- name: SSL_CERTIFICATE_KEY
value: {{ .Values.certificates.customCertificate.keyLocation }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
@@ -209,8 +170,13 @@ spec:
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
ports:
##- name: http
## containerPort: {{ .Values.containerPorts.http }}
- name: https
containerPort: {{ .Values.containerPorts.https }}
{{- if .Values.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
@@ -237,12 +203,29 @@ spec:
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: {{ .Values.startupProbe.path }}
port: http
httpHeaders:
- name: Host
value: {{ include "magento.host" . | quote }}
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: databunker-data
mountPath: /bitnami/databunker
{{- include "certificates.volumeMounts" . | nindent 12 }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -279,6 +262,8 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
{{- include "certificates.volumes" . | indent 8 }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end -}}

13
charts/databunker/templates/externaldb-secrets.yaml
View File

@@ -1,10 +1,17 @@
{{- if not .Values.mariadb.enabled }}
{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ include "common.names.fullname" . }}-externaldb"
name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
{{- end }}

35
charts/databunker/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: replica
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ template "common.names.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPU }}
{{- end }}
{{- if .Values.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemory }}
{{- end }}
{{- end }}

22
charts/databunker/templates/ingress.yaml
View File

@@ -3,26 +3,36 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
spec:
rules:
{{- range (coalesce .Values.ingress.extraHosts .Values.ingress.hosts) }}
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname | quote }}
http:
paths:
- path: {{ default "/" .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:

59
charts/databunker/templates/networkpolicy-backend-ingress.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-backend" (include "common.names.fullname" .) }}
name: {{ printf "%s-backend-mariadb" (include "common.names.fullname" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -25,3 +25,60 @@ spec:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 14 }}
{{- end }}
---
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-backend-elasticseach" (include "common.names.fullname" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- if .Values.networkPolicy.ingressRules.customBackendSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }}
{{- else }}
app.kubernetes.io/name: elasticsearch
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 14 }}
{{- end }}
---
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }}
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ printf "%s-backend-elasticseach-nodes" (include "common.names.fullname" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- if .Values.networkPolicy.ingressRules.customBackendSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }}
{{- else }}
app.kubernetes.io/name: elasticsearch
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: elasticsearch
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

20
charts/databunker/templates/svc.yaml
View File

@@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -12,25 +13,34 @@ metadata:
spec:
type: {{ .Values.service.type }}
sessionAffinity: {{ default "None" .Values.service.sessionAffinity }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
{{- if (and .Values.service.clusterIP (eq .Values.service.type "ClusterIP")) }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
{{- if (and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer")) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
{{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
ports:
##- name: http
## port: {{ .Values.service.port }}
## targetPort: http
## {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }}
## nodePort: {{ .Values.service.nodePorts.http }}
## {{- else if eq .Values.service.type "ClusterIP" }}
## nodePort: null
## {{- end }}
- name: https
port: {{ .Values.service.httpsPort }}
targetPort: https
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
{{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }}
nodePort: {{ .Values.service.nodePorts.https }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
publishNotReadyAddresses: true

25
charts/databunker/templates/tls-secrets.yaml
View File

@@ -1,9 +1,11 @@
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
@@ -15,5 +17,28 @@ type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }}
{{- $ca := genCA "databunker-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}

712
charts/databunker/values.yaml
View File

@@ -21,19 +21,18 @@ global:
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override databunker.fullname template (will maintain the release name)
## @param nameOverride String to partially override databunker.fullname template
##
nameOverride: ""
## @param fullnameOverride String to fully override databunker.fullname template
##
fullnameOverride: ""
## @param commonAnnotations Common annotations to add to all Databunker resources (sub-charts are not considered). Evaluated as a template
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all Databunker resources (sub-charts are not considered). Evaluated as a template
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
@@ -43,8 +42,8 @@ extraDeploy: []
## Bitnami Databunker image version
## ref: https://hub.docker.com/r/bitnami/databunker/tags/
## @param image.registry Databunker image registry
## @param image.repository Databunker Image name
## @param image.tag Databunker Image tag
## @param image.repository Databunker image repository
## @param image.tag Databunker image tag (immutable tags are recommended)
## @param image.pullPolicy Databunker image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
@@ -58,10 +57,9 @@ image:
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
@@ -69,16 +67,33 @@ image:
## Set to true if you would like to see extra information on logs
##
debug: false
## @param replicaCount Number of Databunker Pods to run (requires ReadWriteMany PVC support)
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases:
## Necessary for apache-exporter to work
##
- ip: "127.0.0.1"
hostnames:
- "status.localhost"
## @param replicaCount Number of Databunker Pods to run
##
replicaCount: 1
## @param databunkerSkipInstall Skip Databunker installation wizard. Useful for migrations and restoring from SQL dump
## ref: https://github.com/bitnami/bitnami-docker-databunker#configuration
##
databunkerSkipInstall: false
## @param databunkerHost Databunker host to create application URLs
## ref: https://github.com/bitnami/bitnami-docker-databunker#configuration
##
databunkerHost: "localhost"
## @param databunkerMasterkey Databunker main encyption key (24 char hext string)
## ref: https://github.com/bitnami/bitnami-docker-databunker#configuration
##
databunkerHost: ""
## @param databunkerUsername User of the application
## ref: https://github.com/bitnami/bitnami-docker-databunker#configuration
##
databunkerMasterkey: ""
## @param databunkerPassword Application password
## Defaults to a random uuid string if not set. You can set it to "DEMO" to enable demo access.
@@ -103,21 +118,12 @@ args: ["-c", "/bin/busybox sleep 22; /databunker/bin/databunker -init -db databu
##
updateStrategy:
type: RollingUpdate
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases:
## Necessary for apache-exporter to work
##
- ip: "127.0.0.1"
hostnames:
- "status.localhost"
## @param extraEnvVars Extra environment variables
## For example:
## - name: BEARER_AUTH
## value: true
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## @param extraEnvVarsCM ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
@@ -127,9 +133,16 @@ extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`
##
extraVolumeMounts: []
## @param extraContainerPorts Array of additional container ports for the Databunker container
## e.g:
## extraContainerPorts:
## - name: myservice
## containerPort: 9090
##
extraContainerPorts: []
## @param initContainers Add additional init containers to the pod (evaluated as a template)
##
initContainers: []
@@ -143,19 +156,6 @@ tolerations: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/bitnami-docker-databunker/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil)
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
smtpProtocol: ""
## @param containerPorts [object] Container ports
##
containerPorts:
@@ -165,40 +165,6 @@ containerPorts:
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: "None"
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: false
## @param persistence.storageClass PVC Storage Class for Databunker volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessMode PVC Access Mode for Databunker volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessMode: ReadWriteOnce
## @param persistence.size PVC Storage Request for Databunker volume
##
size: 8Gi
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: ""
## @param persistence.hostPath If defined, the databunker-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
@@ -209,16 +175,17 @@ podAffinityPreset: ""
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
@@ -227,20 +194,33 @@ nodeAffinityPreset:
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param resources [object] CPU/Memory resource requests/limits
## Configure resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the Databunker container
## @param resources.requests The requested resourcesc for the Databunker container
##
resources:
requests:
memory: 512Mi
cpu: 300m
## Example:
## limits:
## cpu: 250m
## memory: 256Mi
limits: {}
## Examples:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable Databunker pods' Security Context
@@ -258,10 +238,6 @@ containerSecurityContext:
enabled: true
runAsUser: 1001
## Configure extra options for liveness probe
## Databunker core exposes /user/login to unauthenticated requests, making it a good
## default liveness and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Databunker.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.path Request path for livenessProbe
@@ -280,10 +256,6 @@ livenessProbe:
failureThreshold: 5
successThreshold: 1
## Configure extra options for readiness probe
## Databunker core exposes /user/login to unauthenticated requests, making it a good
## default liveness and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Databunker.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
@@ -296,10 +268,28 @@ livenessProbe:
readinessProbe:
enabled: true
path: /status
initialDelaySeconds: 30
initialDelaySeconds: 40
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 5
timeoutSeconds: 3
failureThreshold: 6
successThreshold: 1
## Configure extra options for startupProbe probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /status
initialDelaySeconds: 40
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 60
successThreshold: 1
## @param customLivenessProbe Override default liveness probe
##
@@ -307,6 +297,9 @@ customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
##
lifecycleHooks: {}
@@ -319,124 +312,103 @@ podAnnotations: {}
##
podLabels: {}
## @section Traffic Exposure Parameters
## @section NetworkPolicy parameters
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
## Add networkpolicies
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.port Service HTTP port
##
#port: 3000
## @param service.httpsPort Service HTTPS port
##
httpsPort: 3000
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Databunker Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
loadBalancerIP: ""
## @param service.nodePorts [object] Kubernetes node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
https: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## Configure the ingress resource that allows you to access the
## Databunker installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
networkPolicy:
## @param networkPolicy.enabled Enable network policies
## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication
##
enabled: false
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus)
## @param networkPolicy.metrics.namespaceSelector databunker Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace.
## @param networkPolicy.metrics.podSelector databunker Monitoring pod selector labels. These labels will be used to identify the Prometheus pods.
##
metrics:
enabled: false
## e.g:
## podSelector:
## label: monitoring
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: monitoring
##
namespaceSelector: {}
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
## @param networkPolicy.ingress.namespaceSelector databunker Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
## @param networkPolicy.ingress.podSelector databunker Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
##
ingress:
enabled: false
## e.g:
## podSelector:
## label: ingress
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb, elasticsearch) only accessible by databunker's pods.
## @param networkPolicy.ingressRules.customBackendSelector databunker Backend selector labels. These labels will be used to identify the backend pods.
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes databunker only accessible from a particular origin
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector databunker Namespace selector label that is allowed to access databunker. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector databunker Pods selector label that is allowed to access databunker. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.customRules databunker Custom network policy ingress rule
##
ingressRules:
## mariadb and elacticsearch backends only can be accessed from databunker
##
backendOnlyAccessibleByFrontend: false
## Additional custom backend selector
## e.g:
## customBackendSelector:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
customBackendSelector: {}
## Allow only from the indicated:
##
accessOnlyFrom:
enabled: false
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: access
##
namespaceSelector: {}
## custom ingress rules
## e.g:
## customRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
customRules: {}
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules databunker Custom network policy rule
##
egressRules:
# Deny connections to external. This is not compatible with an external database.
denyConnectionsToExternal: false
## Additional custom egress rules
## e.g:
## customRules:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
customRules: {}
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.hostname Default host for the ingress resource
##
hostname: databunker.local
## @param ingress.path The Path to Databunker. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: databunker.local
## path: /
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - databunker.local
## secretName: databunker.local-tls
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: databunker.local-tls
## key:
## certificate:
##
secrets: []
## @section Database parameters
@@ -448,25 +420,36 @@ mariadb:
## To use an external database set this to false and configure the externalDatabase parameters
##
enabled: true
## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`)
## Override MariaDB default image as 10.5 is not supported https://devdocs.databunker.com/guides/v2.4/install-gde/system-requirements.html#database
## ref: https://github.com/bitnami/bitnami-docker-mariadb
## @param mariadb.image.registry MariaDB image registry
## @param mariadb.image.repository MariaDB image repository
## @param mariadb.image.tag MariaDB image tag (immutable tags are recommended)
##
image:
registry: docker.io
repository: bitnami/mariadb
tag: 10.3.32-debian-10-r32
## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication`
##
architecture: standalone
## MariaDB Authentication parameters
## @param mariadb.auth.rootPassword Password for the MariaDB `root` user
## @param mariadb.auth.database Database name to create
## @param mariadb.auth.username Database user to create
## @param mariadb.auth.password Password for the database
##
auth:
## @param mariadb.auth.rootPassword Password for the MariaDB `root` user
## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run
##
rootPassword: ""
## @param mariadb.auth.database Database name to create
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run
##
database: databunkerdb
## @param mariadb.auth.username Database user to create
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
username: bunkeruser
## @param mariadb.auth.password Password for the database
##
password: ""
primary:
## Enable persistence using Persistent Volume Claims
@@ -491,22 +474,32 @@ mariadb:
accessModes:
- ReadWriteOnce
size: 8Gi
## Set path in case you want to use local host path volumes (not recommended in production)
##
hostPath: ""
## Use an existing PVC
##
existingClaim: ""
## External database configuration
## @param externalDatabase.host Host of the existing database
## @param externalDatabase.port Port of the existing database
## @param externalDatabase.user Existing username in the external db
## @param externalDatabase.password Password for the above username
## @param externalDatabase.database Name of the existing database
##
externalDatabase:
## @param externalDatabase.host Host of the existing database
##
host: ""
## @param externalDatabase.port Port of the existing database
##
port: 3306
## @param externalDatabase.user Existing username in the external db
##
user: bunkeruser
## @param externalDatabase.password Password for the above username
##
password: ""
## @param externalDatabase.database Name of the existing database
##
database: databunkerdb
## @section Volume Permissions parameters
## Init containers parameters:
@@ -517,8 +510,8 @@ volumePermissions:
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image name
## @param volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.repository Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
@@ -527,10 +520,9 @@ volumePermissions:
repository: bitnami/bitnami-shell
tag: 10-debian-10-r280
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
@@ -541,8 +533,8 @@ volumePermissions:
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits The resources limits for the container
## @param volumePermissions.resources.requests The requested resources for the container
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resourcesc for the init container
##
resources:
## Example:
@@ -556,17 +548,135 @@ volumePermissions:
## memory: 128Mi
requests: {}
## @section Traffic Exposure Parameters
## Kubernetes configuration
## For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.port Service HTTP port
##
port: 8080
## @param service.httpsPort Service HTTPS port
##
httpsPort: 8443
## @param service.clusterIP Static clusterIP or None for headless services
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerSourceRanges Control hosts connecting to "LoadBalancer" only
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Databunker Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts.http Kubernetes http node port
## @param service.nodePorts.https Kubernetes https node port
## e.g:
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
https: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## Configure the ingress resource that allows you to access the
## Databunker installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: false
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param ingress.pathType Default path type for the ingress resource
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress resource
##
hostname: databunker.local
## @param ingress.path Default path for the ingress resource
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS for `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
## let the chart create self-signed certificates for you
##
tls: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## Example:
## extraHosts:
## - name: databunker.local
## path: /
##
extraHosts: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## Example:
## extraTls:
## - hosts:
## - databunker.local
## secretName: databunker.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY-----
## name should line up with a secretName set further up
##
## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
##
## - name: databunker.local-tls
## key:
## certificate:
##
secrets: []
## @section Metrics parameters
## Prometheus Exporter / Metrics
##
metrics:
## @param metrics.enabled Start a exporter side-car
## @param metrics.enabled Start a side-car prometheus exporter
##
enabled: false
## @param metrics.image.registry Apache exporter image registry
## @param metrics.image.repository Apache exporter image repository
## @param metrics.image.tag Apache exporter image tag
## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended)
## @param metrics.image.pullPolicy Image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
##
@@ -574,29 +684,56 @@ metrics:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.10.1-debian-10-r82
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param metrics.resources Metrics exporter resource requests and limits
## Metrics exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param metrics.resources.limits The resources limits for the metrics container
## @param metrics.resources.requests The requested resources for the metrics container
##
resources: {}
resources:
## Example:
## limits:
## cpu: 250m
## memory: 256Mi
limits: {}
## Examples:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
## Prometheus exporter service parameters
##
## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"
service:
## @param metrics.service.type Prometheus metrics service type
##
type: ClusterIP
## @param metrics.service.port Service Metrics port
##
port: 9117
## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.metrics.service.port }}"
## @section Certificate injection parameters
## Add custom certificates and certificate authorities to databunker container
## Add custom certificates and certificate authorities to Databunker container
##
certificates:
## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add
@@ -609,15 +746,19 @@ certificates:
customCertificate:
certificateSecret: ""
chainSecret:
name: secret-name
key: secret-key
name: ""
key: ""
certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem
keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key
chainLocation: /etc/ssl/certs/mychain.pem
## @param certificates.customCAs Defines a list of secrets to import into the container trust store
##
customCAs: []
customCAs:
- secret: "databunker"
## @param certificates.command Override default container command (useful when using custom images)
## e.g:
## - secret: custom-CA
## - secret: more-custom-CAs
##
command: []
## @param certificates.args Override default container args (useful when using custom images)
@@ -634,7 +775,7 @@ certificates:
extraEnvVarsSecret: ""
## @param certificates.image.registry Container sidecar registry
## @param certificates.image.repository Container sidecar image
## @param certificates.image.tag Container sidecar image tag
## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended)
## @param certificates.image.pullPolicy Container sidecar image pull policy
## @param certificates.image.pullSecrets Container sidecar image pull secrets
##
@@ -647,97 +788,26 @@ certificates:
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## e.g:
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section NetworkPolicy parameters
## @section Other Parameters
## Add networkpolicies
## Autoscaling configuration
## @param autoscaling.enabled Enable autoscaling for replicas
## @param autoscaling.minReplicas Minimum number of replicas
## @param autoscaling.maxReplicas Maximum number of replicas
## @param autoscaling.targetCPU Target CPU utilization percentage
## @param autoscaling.targetMemory Target Memory utilization percentage
##
networkPolicy:
## @param networkPolicy.enabled Enable network policies
## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication
##
autoscaling:
enabled: false
## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus)
## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace.
## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods.
##
metrics:
enabled: false
## e.g:
## podSelector:
## label: monitoring
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: monitoring
##
namespaceSelector: {}
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
## @param networkPolicy.ingress.namespaceSelector [object] Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
## @param networkPolicy.ingress.podSelector [object] Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
##
ingress:
enabled: false
## e.g:
## podSelector:
## label: ingress
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb) only accessible by databunker's pods.
## @param networkPolicy.ingressRules.customBackendSelector [object] Backend selector labels. These labels will be used to identify the backend pods.
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes databunker only accessible from a particular origin
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access databunker. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector [object] Pods selector label that is allowed to access databunker. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.customRules [object] Custom network policy ingress rule
##
ingressRules:
## mariadb backend only can be accessed from databunker
##
backendOnlyAccessibleByFrontend: false
customBackendSelector: {}
## Allow only from the indicated:
accessOnlyFrom:
enabled: false
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## custom ingress rules
## e.g:
## customRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
customRules: {}
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules [object] Custom network policy rule
##
egressRules:
# Deny connections to external. This is not compatible with an external database.
denyConnectionsToExternal: false
## Additional custom egress rules
## e.g:
## customRules:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
customRules: {}
minReplicas: 1
maxReplicas: 11
targetCPU: ""
targetMemory: ""