Merge pull request #41 from fhswf/pr-helm-deploy-kicluster

add current deployed charts (without pw)
2025-11-04 00:35:19 +01:00 · 2023-08-10 17:58:44 +02:00
parent c3631d8148 d4dc6837dd
commit 2d4933c7f8
4 changed files with 355 additions and 8 deletions
--- a/k8s/mongo/values.yaml
+++ b/k8s/mongo/values.yaml
@@ -0,0 +1,187 @@
+### helm upgrade --cleanup-on-fail --install aki-transparenzregister-mongo bitnami/mongodb --namespace transparenzregister --create-namespace --values values.yaml
+
+global:
+  storageClass: "csi-beegfs-dynhot-sc"
+  namespaceOverride: ""
+
+namespaceOverride: ""
+clusterDomain: kicluster.local
+
+## @param extraDeploy Array of extra objects to deploy with the release
+## extraDeploy:
+## - apiVersion: v1
+##   kind: Service
+##   metadata:
+##     ...
+##   spec:
+##     ...
+extraDeploy: []
+
+## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
+##
+commonLabels: {}
+## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
+##
+commonAnnotations: {}
+
+## @section MongoDB(&reg;) parameters
+##
+image:
+  registry: docker.io
+  repository: bitnami/mongodb
+  tag: 6.0.8-debian-11-r0
+  debug: false
+
+## @param architecture MongoDB(&reg;) architecture (`standalone` or `replicaset`)
+## note replicaset needs more configuration
+architecture: standalone
+useStatefulSet: false # StatefulSet instead of a Deployment (only when `architecture=standalone`)
+
+## MongoDB(&reg;) Authentication parameters
+## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
+auth:
+  enabled: true
+  rootUser: root
+  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
+  rootPassword: <some pw>
+  ## MongoDB(&reg;) custom users and databases
+  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
+  ## @param auth.usernames List of custom users to be created during the initialization
+  ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
+  ## @param auth.databases List of custom databases to be created during the initialization
+  ##
+  usernames: ["aki_transparenzregister"]
+  passwords: <[some pw]>
+  databases: ["transparenzregister"]
+  ## @param auth.username DEPRECATED: use `auth.usernames` instead
+  ## @param auth.password DEPRECATED: use `auth.passwords` instead
+  ## @param auth.database DEPRECATED: use `auth.databases` instead
+  username: ""
+  password: ""
+  database: ""
+
+  ## @param auth.existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
+  ## NOTE: When it's set the previous parameters are ignored.
+  existingSecret: ""
+
+tls:
+  ## @param tls.enabled Enable MongoDB(&reg;) TLS support between nodes in the cluster as well as between mongo clients and nodes
+  ##
+  enabled: false
+  ## @param tls.autoGenerated Generate a custom CA and self-signed certificates
+  ##
+  autoGenerated: true
+  ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
+  ## NOTE: When it's set it will disable secret creation.
+  ##
+  existingSecret: ""
+  ## Add Custom CA certificate
+  ## @param tls.caCert Custom CA certificated (base64 encoded)
+  ## @param tls.caKey CA certificate private key (base64 encoded)
+  ##
+  caCert: ""
+  caKey: ""
+  ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
+  ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
+  ##
+  pemChainIncluded: false
+  standalone:
+    ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
+    ## NOTE: When it's set it will disable certificate self-generation from existing CA.
+    ##
+    existingSecret: ""
+  
+  image:
+    registry: docker.io
+    repository: bitnami/nginx
+    tag: 1.25.1-debian-11-r9
+  ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
+  ## extraDnsNames
+  ##   "DNS.6": "$my_host"
+  ##   "DNS.7": "$test"
+  extraDnsNames: []
+  ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
+  mode: requireTLS
+
+
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+hostAliases: []
+## mongo db general settings:
+directoryPerDB: false # not sure whatperformance gains/impact this would have
+disableJavascript: false # should probably be disabled when not needed. Required for serverside map reduce.
+
+## overwrite config file for mongo db http://docs.mongodb.org/manual/reference/configuration-options/
+configuration: "" 
+
+extraFlags: []
+extraEnvVars: []
+## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
+extraEnvVarsSecret: ""
+
+affinity: {}
+nodeSelector: {}
+tolerations: []
+
+podLabels: {}
+podAnnotations: {}
+
+containerSecurityContext:
+  enabled: true
+  runAsUser: 1001
+  runAsGroup: 0
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+      - ALL
+
+resources:
+  limits: {}
+  requests: {}
+
+containerPorts:
+  mongodb: 27017
+
+sidecars: []
+extraVolumeMounts: []
+extraVolumes: []
+
+service:
+  nameOverride: ""  # service name
+  type: NodePort   # others are NodePort and LoadBalancer ( only for standalone architecture)
+  portName: mongodb # (only for standalone architecture)
+  ports:
+    mongodb: 27017 
+
+  nodePorts:
+    mongodb: 30217
+
+  ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
+  ##
+  externalIPs: []
+  ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+  extraPorts: []
+  ## @param service.annotations Provide any additional annotations that may be required
+  annotations: {}
+  ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
+  ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  externalTrafficPolicy: Local
+
+persistence:
+  enabled: true
+  ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  ## Ignored when mongodb.architecture=replicaset
+  existingClaim: ""
+  ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
+  resourcePolicy: ""
+  storageClass: "csi-beegfs-dynhot-sc"
+  ## @param persistence.accessModes PV Access Mode
+  ##
+  accessModes:
+    - ReadWriteOnce
+  annotations: {}
--- a/k8s/mongo/values.yml
+++ b/k8s/mongo/values.yml
@@ -1,3 +0,0 @@
-auth: 
-  usernames: [aki_transparenzregister]
-  passwords: [n&Q%hcB4plTvPOCif8A0]
--- a/k8s/postgres/values.yaml
+++ b/k8s/postgres/values.yaml
@@ -0,0 +1,168 @@
+### helm upgrade --cleanup-on-fail --install aki-transparenzregister-postgre bitnami/postgresql --namespace transparenzregister --create-namespace --values values.yaml
+
+global:
+  storageClass: "csi-beegfs-dynhot-sc"
+  postgresql:
+    ## @param global.postgresql.auth.postgresPassword Password for the "postgres" admin user (overrides `auth.postgresPassword`)
+    ## @param global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
+    ## @param global.postgresql.auth.password Password for the custom user to create (overrides `auth.password`)
+    ## @param global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
+    ## @param global.postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`).
+    ## @param global.postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
+    ## @param global.postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
+    ## @param global.postgresql.auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
+    ##
+    auth:
+      postgresPassword: <some pw>
+      username: "aki_transparenzregister"
+      password: <some pw>
+      database: "transparenzregister"
+      existingSecret: ""
+      secretKeys:
+        adminPasswordKey: ""
+        userPasswordKey: ""
+    ## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
+    ##
+    service:
+      ports:
+        postgresql: ""
+
+clusterDomain: kicluster.local
+extraDeploy: []
+commonLabels: {}
+commonAnnotations: {}
+
+image:
+  registry: docker.io
+  repository: bitnami/postgresql
+  tag: 15.3.0-debian-11-r24
+  
+## Authentication parameters
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#setting-the-root-password-on-first-run
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-on-first-run
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run
+##
+auth:
+  ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
+  ##
+  enablePostgresUser: true
+  ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided
+  ##
+  postgresPassword: ""
+  ## @param auth.username Name for a custom user to create
+  ##
+  username: ""
+  ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided
+  ##
+  password: ""
+  ## @param auth.database Name for a custom database to create
+  ##
+  database: ""
+  ## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
+  ##
+  existingSecret: ""
+  ## @param auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
+  ## @param auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
+  ## @param auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
+  ##
+  secretKeys:
+    adminPasswordKey: postgres-password
+    userPasswordKey: password
+  ## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable
+  ##
+  usePasswordFiles: false
+
+architecture: standalone
+containerPorts:
+  postgresql: 30432
+
+## @param postgresqlDataDir PostgreSQL data dir folder
+##
+postgresqlDataDir: /bitnami/postgresql/data
+
+shmVolume:
+  enabled: true
+  sizeLimit: ""
+  
+## TLS configuration
+##
+tls:
+  ## @param tls.enabled Enable TLS traffic support
+  ##
+  enabled: false
+  ## @param tls.autoGenerated Generate automatically self-signed TLS certificates
+  ##
+  autoGenerated: false
+  ## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's
+  ##
+  preferServerCiphers: true
+  ## @param tls.certificatesSecret Name of an existing secret that contains the certificates
+  ##
+  certificatesSecret: ""
+  ## @param tls.certFilename Certificate filename
+  ##
+  certFilename: ""
+  ## @param tls.certKeyFilename Certificate key filename
+  ##
+  certKeyFilename: ""
+  ## @param tls.certCAFilename CA Certificate filename
+  ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate
+  ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html
+  ##
+  certCAFilename: ""
+  ## @param tls.crlFilename File containing a Certificate Revocation List
+  ##
+  crlFilename: ""
+
+## @section PostgreSQL Primary parameters
+##
+primary:
+  ## @param primary.name Name of the primary database (eg primary, master, leader, ...)
+  name: primary
+  ## @param primary.configuration PostgreSQL Primary main configuration to be injected as ConfigMap
+  ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
+  configuration: ""
+  ## @param primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration)
+  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
+  extendedConfiguration: ""
+
+  service:
+    type: NodePort
+    ports:
+      postgresql: 5432
+    nodePorts:
+      postgresql: 30432
+
+    annotations: {}
+    ## @param primary.service.externalTrafficPolicy Enable client source IP preservation
+    ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## @param primary.service.extraPorts Extra ports to expose in the PostgreSQL primary service
+    extraPorts: []
+
+  persistence:
+    enabled: true
+    existingClaim: ""
+    mountPath: /bitnami/postgresql
+    ## @param primary.persistence.subPath The subdirectory of the volume to mount to
+    ## Useful in dev environments and one PV for multiple services
+    subPath: ""
+    storageClass: "csi-beegfs-dynhot-sc"
+    ## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume
+    ##
+    accessModes:
+      - ReadWriteOnce
+    annotations: {}
+    ## @param primary.persistence.labels Labels for the PVC
+    ##
+    labels: {}
+    ## @param primary.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
+    ## selector:
+    ##   matchLabels:
+    ##     app: my-app
+    ##
+    selector: {}
+    ## @param primary.persistence.dataSource Custom PVC data source
+    ##
+    dataSource: {}
--- a/k8s/postgres/values.yml
+++ b/k8s/postgres/values.yml
@@ -1,5 +0,0 @@
-global:
-  postgresql:
-    auth:
-      username: aki_transparenzregister
-      password: 0lg3PMj8%Tx!1E1Kw!C9