add current deployed charts (without pw)

2025-04-20 21:42:53 +02:00 · 2023-07-24 08:54:15 +00:00 · 2023-07-24 08:54:15 +00:00 · d4dc6837dd
commit d4dc6837dd
parent ebedf7c630
4 changed files with 355 additions and 8 deletions
--- a/k8s/mongo/values.yaml
+++ b/k8s/mongo/values.yaml
@ -0,0 +1,187 @@
 ### helm upgrade --cleanup-on-fail --install aki-transparenzregister-mongo bitnami/mongodb --namespace transparenzregister --create-namespace --values values.yaml
 global:
  storageClass: "csi-beegfs-dynhot-sc"
  namespaceOverride: ""
 namespaceOverride: ""
 clusterDomain: kicluster.local
 ## @param extraDeploy Array of extra objects to deploy with the release
 ## extraDeploy:
 ## - apiVersion: v1
 ##   kind: Service
 ##   metadata:
 ##     ...
 ##   spec:
 ##     ...
 extraDeploy: []
 ## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
 ##
 commonLabels: {}
 ## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
 ##
 commonAnnotations: {}
 ## @section MongoDB(&reg;) parameters
 ##
 image:
  registry: docker.io
  repository: bitnami/mongodb
  tag: 6.0.8-debian-11-r0
  debug: false
 ## @param architecture MongoDB(&reg;) architecture (`standalone` or `replicaset`)
 ## note replicaset needs more configuration
 architecture: standalone
 useStatefulSet: false # StatefulSet instead of a Deployment (only when `architecture=standalone`)
 ## MongoDB(&reg;) Authentication parameters
 ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
 auth:
  enabled: true
  rootUser: root
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
  rootPassword: <some pw>
  ## MongoDB(&reg;) custom users and databases
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
  ## @param auth.usernames List of custom users to be created during the initialization
  ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
  ## @param auth.databases List of custom databases to be created during the initialization
  ##
  usernames: ["aki_transparenzregister"]
  passwords: <[some pw]>
  databases: ["transparenzregister"]
  ## @param auth.username DEPRECATED: use `auth.usernames` instead
  ## @param auth.password DEPRECATED: use `auth.passwords` instead
  ## @param auth.database DEPRECATED: use `auth.databases` instead
  username: ""
  password: ""
  database: ""
  ## @param auth.existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
  ## NOTE: When it's set the previous parameters are ignored.
  existingSecret: ""
 tls:
  ## @param tls.enabled Enable MongoDB(&reg;) TLS support between nodes in the cluster as well as between mongo clients and nodes
  ##
  enabled: false
  ## @param tls.autoGenerated Generate a custom CA and self-signed certificates
  ##
  autoGenerated: true
  ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
  ## NOTE: When it's set it will disable secret creation.
  ##
  existingSecret: ""
  ## Add Custom CA certificate
  ## @param tls.caCert Custom CA certificated (base64 encoded)
  ## @param tls.caKey CA certificate private key (base64 encoded)
  ##
  caCert: ""
  caKey: ""
  ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
  ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
  ##
  pemChainIncluded: false
  standalone:
    ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
    ## NOTE: When it's set it will disable certificate self-generation from existing CA.
    ##
    existingSecret: ""
  image:
    registry: docker.io
    repository: bitnami/nginx
    tag: 1.25.1-debian-11-r9
  ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
  ## extraDnsNames
  ##   "DNS.6": "$my_host"
  ##   "DNS.7": "$test"
  extraDnsNames: []
  ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
  mode: requireTLS
 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
 hostAliases: []
 ## mongo db general settings:
 directoryPerDB: false # not sure whatperformance gains/impact this would have
 disableJavascript: false # should probably be disabled when not needed. Required for serverside map reduce.
 ## overwrite config file for mongo db http://docs.mongodb.org/manual/reference/configuration-options/
 configuration: "" 
 extraFlags: []
 extraEnvVars: []
 ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
 extraEnvVarsSecret: ""
 affinity: {}
 nodeSelector: {}
 tolerations: []
 podLabels: {}
 podAnnotations: {}
 containerSecurityContext:
  enabled: true
  runAsUser: 1001
  runAsGroup: 0
  runAsNonRoot: true
  allowPrivilegeEscalation: false
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
      - ALL
 resources:
  limits: {}
  requests: {}
 containerPorts:
  mongodb: 27017
 sidecars: []
 extraVolumeMounts: []
 extraVolumes: []
 service:
  nameOverride: ""  # service name
  type: NodePort   # others are NodePort and LoadBalancer ( only for standalone architecture)
  portName: mongodb # (only for standalone architecture)
  ports:
    mongodb: 27017 
  nodePorts:
    mongodb: 30217
  ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
  ##
  externalIPs: []
  ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
  extraPorts: []
  ## @param service.annotations Provide any additional annotations that may be required
  annotations: {}
  ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
  ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  externalTrafficPolicy: Local
 persistence:
  enabled: true
  ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  ## Ignored when mongodb.architecture=replicaset
  existingClaim: ""
  ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
  resourcePolicy: ""
  storageClass: "csi-beegfs-dynhot-sc"
  ## @param persistence.accessModes PV Access Mode
  ##
  accessModes:
    - ReadWriteOnce
  annotations: {}
--- a/k8s/mongo/values.yml
+++ b/k8s/mongo/values.yml
@ -1,3 +0,0 @@
 auth: 
  usernames: [aki_transparenzregister]
  passwords: [n&Q%hcB4plTvPOCif8A0]
--- a/k8s/postgres/values.yaml
+++ b/k8s/postgres/values.yaml
@ -0,0 +1,168 @@
 ### helm upgrade --cleanup-on-fail --install aki-transparenzregister-postgre bitnami/postgresql --namespace transparenzregister --create-namespace --values values.yaml
 global:
  storageClass: "csi-beegfs-dynhot-sc"
  postgresql:
    ## @param global.postgresql.auth.postgresPassword Password for the "postgres" admin user (overrides `auth.postgresPassword`)
    ## @param global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
    ## @param global.postgresql.auth.password Password for the custom user to create (overrides `auth.password`)
    ## @param global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
    ## @param global.postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`).
    ## @param global.postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
    ## @param global.postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
    ## @param global.postgresql.auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
    ##
    auth:
      postgresPassword: <some pw>
      username: "aki_transparenzregister"
      password: <some pw>
      database: "transparenzregister"
      existingSecret: ""
      secretKeys:
        adminPasswordKey: ""
        userPasswordKey: ""
    ## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
    ##
    service:
      ports:
        postgresql: ""
 clusterDomain: kicluster.local
 extraDeploy: []
 commonLabels: {}
 commonAnnotations: {}
 image:
  registry: docker.io
  repository: bitnami/postgresql
  tag: 15.3.0-debian-11-r24
 ## Authentication parameters
 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#setting-the-root-password-on-first-run
 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-on-first-run
 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run
 ##
 auth:
  ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
  ##
  enablePostgresUser: true
  ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided
  ##
  postgresPassword: ""
  ## @param auth.username Name for a custom user to create
  ##
  username: ""
  ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided
  ##
  password: ""
  ## @param auth.database Name for a custom database to create
  ##
  database: ""
  ## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
  ##
  existingSecret: ""
  ## @param auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
  ## @param auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
  ## @param auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
  ##
  secretKeys:
    adminPasswordKey: postgres-password
    userPasswordKey: password
  ## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable
  ##
  usePasswordFiles: false
 architecture: standalone
 containerPorts:
  postgresql: 30432
 ## @param postgresqlDataDir PostgreSQL data dir folder
 ##
 postgresqlDataDir: /bitnami/postgresql/data
 shmVolume:
  enabled: true
  sizeLimit: ""
 ## TLS configuration
 ##
 tls:
  ## @param tls.enabled Enable TLS traffic support
  ##
  enabled: false
  ## @param tls.autoGenerated Generate automatically self-signed TLS certificates
  ##
  autoGenerated: false
  ## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's
  ##
  preferServerCiphers: true
  ## @param tls.certificatesSecret Name of an existing secret that contains the certificates
  ##
  certificatesSecret: ""
  ## @param tls.certFilename Certificate filename
  ##
  certFilename: ""
  ## @param tls.certKeyFilename Certificate key filename
  ##
  certKeyFilename: ""
  ## @param tls.certCAFilename CA Certificate filename
  ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate
  ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html
  ##
  certCAFilename: ""
  ## @param tls.crlFilename File containing a Certificate Revocation List
  ##
  crlFilename: ""
 ## @section PostgreSQL Primary parameters
 ##
 primary:
  ## @param primary.name Name of the primary database (eg primary, master, leader, ...)
  name: primary
  ## @param primary.configuration PostgreSQL Primary main configuration to be injected as ConfigMap
  ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
  configuration: ""
  ## @param primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration)
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
  extendedConfiguration: ""
  service:
    type: NodePort
    ports:
      postgresql: 5432
    nodePorts:
      postgresql: 30432
    annotations: {}
    ## @param primary.service.externalTrafficPolicy Enable client source IP preservation
    ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
    ##
    externalTrafficPolicy: Cluster
    ## @param primary.service.extraPorts Extra ports to expose in the PostgreSQL primary service
    extraPorts: []
  persistence:
    enabled: true
    existingClaim: ""
    mountPath: /bitnami/postgresql
    ## @param primary.persistence.subPath The subdirectory of the volume to mount to
    ## Useful in dev environments and one PV for multiple services
    subPath: ""
    storageClass: "csi-beegfs-dynhot-sc"
    ## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume
    ##
    accessModes:
      - ReadWriteOnce
    annotations: {}
    ## @param primary.persistence.labels Labels for the PVC
    ##
    labels: {}
    ## @param primary.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
    ## selector:
    ##   matchLabels:
    ##     app: my-app
    ##
    selector: {}
    ## @param primary.persistence.dataSource Custom PVC data source
    ##
    dataSource: {}
--- a/k8s/postgres/values.yml
+++ b/k8s/postgres/values.yml
@ -1,5 +0,0 @@
 global:
  postgresql:
    auth:
      username: aki_transparenzregister
      password: 0lg3PMj8%Tx!1E1Kw!C9