From e1b3fadb266bb59cd6a5eb48d44638a6762693a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Tue, 13 Apr 2021 15:37:52 +0200 Subject: [PATCH] Release Crowd Helm Chart (#45) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- CONTRIBUTING.md | 6 + charts/crowd/.helmignore | 29 + charts/crowd/.kube-linter.yaml | 5 + charts/crowd/Chart.yaml | 29 + charts/crowd/README.md | 310 +++++++++ charts/crowd/README.md.gotmpl | 165 +++++ charts/crowd/templates/NOTES.txt | 24 + charts/crowd/templates/_crowd.tpl | 90 +++ charts/crowd/templates/bundle.yaml | 169 +++++ charts/crowd/values.yaml | 938 ++++++++++++++++++++++++++++ charts/crowd/values_production.yaml | 87 +++ charts/crowd/values_standalone.yaml | 53 ++ scripts/helm-docs.sh | 11 + 13 files changed, 1916 insertions(+) create mode 100644 charts/crowd/.helmignore create mode 100644 charts/crowd/.kube-linter.yaml create mode 100644 charts/crowd/Chart.yaml create mode 100644 charts/crowd/README.md create mode 100644 charts/crowd/README.md.gotmpl create mode 100644 charts/crowd/templates/NOTES.txt create mode 100644 charts/crowd/templates/_crowd.tpl create mode 100644 charts/crowd/templates/bundle.yaml create mode 100644 charts/crowd/values.yaml create mode 100644 charts/crowd/values_production.yaml create mode 100644 charts/crowd/values_standalone.yaml create mode 100755 scripts/helm-docs.sh diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0acddbf4..b9b3fdd7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -97,6 +97,12 @@ The documentation for each chart is done with [helm-docs](https://github.com/nor See [here](https://github.com/norwoodj/helm-docs#installation) how to install the tool. Don't forget to execute `helm-docs` before pushing ;), our workflows will check that. +We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges): + +``` +bash scripts/helm-docs.sh +``` + **NOTE**: When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file. ### Major Changes diff --git a/charts/crowd/.helmignore b/charts/crowd/.helmignore new file mode 100644 index 00000000..c432f6ce --- /dev/null +++ b/charts/crowd/.helmignore @@ -0,0 +1,29 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# Custom +values_* +README.md.gotmpl +.kube-linter.yaml +examples/ diff --git a/charts/crowd/.kube-linter.yaml b/charts/crowd/.kube-linter.yaml new file mode 100644 index 00000000..da0ee5c8 --- /dev/null +++ b/charts/crowd/.kube-linter.yaml @@ -0,0 +1,5 @@ +--- +checks: + exclude: + - (( prepend )) + - "run-as-non-root" \ No newline at end of file diff --git a/charts/crowd/Chart.yaml b/charts/crowd/Chart.yaml new file mode 100644 index 00000000..a76751f4 --- /dev/null +++ b/charts/crowd/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: crowd +description: Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azure AD - and control application authentication permissions in one single location +type: application +version: 0.4.0 +appVersion: 4.2.3 +keywords: + - atlassian + - crowd + - data center +home: https://www.atlassian.com/software/crowd +icon: https://media.trustradius.com/product-logos/CP/PJ/9AQZ6ALXTFKJ-180x180.PNG +sources: + - https://hub.docker.com/r/atlassian/crowd +maintainers: + - name: SRE + email: sre@bedag.ch +dependencies: +- name: manifests + version: "~0.5.0" + repository: https://bedag.github.io/helm-charts +annotations: + artifacthub.io/containsSecurityUpdates: "false" + artifacthub.io/prerelease: "false" + artifacthub.io/changes: | + - "[Added]: Chart Release" + artifacthub.io/images: | + - name: crowd + image: atlassian/crowd:4.2.3 diff --git a/charts/crowd/README.md b/charts/crowd/README.md new file mode 100644 index 00000000..4228473f --- /dev/null +++ b/charts/crowd/README.md @@ -0,0 +1,310 @@ +# Crowd + +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azure AD - and control application authentication permissions in one single location + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| SRE | sre@bedag.ch | | + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://bedag.github.io/helm-charts | manifests | ~0.5.0 | + +## Source Code + +* + +# Major Changes + +Major Changes to functions are documented with the version affected. **Before upgrading the dependency version, check this section out!** + +| **Change** | **Chart Version** | **Description** | **Commits/PRs** | +| :----------- | :---------------- | :--------------------- | :-------------- | +||||| + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| autoscaling.annotations | object | `{}` | Configure HPA Annotations | +| autoscaling.apiVersion | string | `""` | Configure the api version used for the Job resource. | +| autoscaling.behavior | object | `{}` | Define [Scaling Policies](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior) for the HPA resource. | +| autoscaling.enabled | bool | `true` | Enable HPA resource | +| autoscaling.labels | object | `{}` | Merges given labels with common labels | +| autoscaling.maxReplicas | string | `nil` | maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. | +| autoscaling.metrics | list | `[]` | Define [Custom Metrics](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics) rules | +| autoscaling.minReplicas | string | 1 | minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. | +| autoscaling.scaleTargetRef | string | `nil` | scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count. | +| autoscaling.targetCPUUtilizationPercentage | string | `nil` | Set the averageUtilization for the CPU resrouce as integer percentage (e.g. 50 = 50%) | +| autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Set the averageUtilization for the Memory resrouce as integer percentage (e.g. 50 = 50%) | +| cache.accessModes | list | `["ReadWriteOnce"]` | Define Access modes for Crowd Cache persistence | +| cache.annotations | object | `{}` | Define storageclass for Crowd Cache Persistent Volume Claim | +| cache.enabled | bool | `false` | Enable persistent Crowd Home Cache | +| cache.size | string | `"2Gi"` | Define requested storage size for Crowd Cache | +| cache.storageClass | string | `""` | Define storageclass for Crowd Cache Persistence | +| commonLabels | object | `{}` | Common Labels are added to each kubernetes resource manifest. | +| crowd.catalina_opts | list | `[]` | Enter Catalina Options which are used for the `CATALINA_OPTS` environment variables | +| crowd.cluster.enabled | bool | `false` | Run Atlassian Crowd in Data Center Mode | +| crowd.cluster.nodeName | bool | `true` | If enabled automatically adds Pod Name as Node name for the cluster (`-Dcluster.node.name=crowd-X`) | +| crowd.home | string | `"/var/atlassian/application-data/crowd"` | Atlassian Crowd Home Directory | +| crowd.jvm_args | list | `[]` | Enter JVM Options which are used for the `JVM_SUPPORT_RECOMMENDED_ARGS` environment variables | +| crowd.memory.max | string | `"768m"` | Maxium JVM Memory (`JVM_MAXIMUM_MEMORY`) | +| crowd.memory.min | string | `"384m"` | Minimum JVM Memory (`JVM_MINIMUM_MEMORY`) | +| crowd.persistence | bool | `true` | Disable predefined persistence for crowd | +| crowd.port | int | `8095` | Port published on Crowd Pod | +| crowd.timezone | string | "UTC" | Define the timezone for the crowd instance | +| extraResources | list | `[]` | Enter Extra Resources managed by the Crowd Release | +| fullnameOverride | string | `""` | Overwrite `lib.utils.common.fullname` output | +| global.defaultTag | string | `""` | Global Docker Image Tag declaration. Will be used as default tag, if no tag is given by child | +| global.imagePullPolicy | string | `""` | Global Docker Image Pull Policy declaration. Will overwrite all child .pullPolicy fields. | +| global.imagePullSecrets | list | `[]` | Global Docker Image Pull Secrets declaration. Added to local Docker Image Pull Secrets. | +| global.imageRegistry | string | `""` | Global Docker Image Registry declaration. Will overwrite all child .registry fields. | +| global.storageClass | string | `""` | Global StorageClass declaration. Can be used to overwrite StorageClass fields. | +| home.accessModes | list | `["ReadWriteOnce"]` | Define Access modes for Crowd Home | +| home.annotations | object | `{}` | Define storageclass for Crowd Home Persistent Volume Claim | +| home.enabled | bool | `true` | Enable persistent Crowd Home | +| home.size | string | `"10Gi"` | Define requested storage size for Crowd Home | +| home.storageClass | string | `""` | Define storageclass for Crowd Home Persistence | +| ingress.annotations | object | `{}` | Configure Ingress Annotations | +| ingress.apiVersion | string | `""` | Configure the api version used for the ingress resource. | +| ingress.backend | object | `{}` | Configure a [default backend](https://kubernetes.io/docs/concepts/services-networking/ingress/#default-backend) for this ingress resource | +| ingress.customRules | list | `[]` | Configure Custom Ingress [Rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#resource-backend) | +| ingress.enabled | bool | `false` | Enable Ingress Resource | +| ingress.hosts | list | `[]` | Configure Ingress [Hosts](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules) (Required) | +| ingress.ingressClass | string | `""` | Configure the [default ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class) for this ingress. | +| ingress.labels | object | `{}` | Configure Ingress additional Labels | +| ingress.tls | list | `[]` | Configure Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) | +| jmxExporter.config | object | See values.yaml | Configure JMX Exporter configuration. The `jmxUrl` configuration will be set automatically, if not overwritten. [See all Configurations](https://github.com/prometheus/jmx_exporter#configuration) | +| jmxExporter.enabled | bool | `false` | Enables [JMX Exporter](https://github.com/bitnami/bitnami-docker-jmx-exporter) as Sidecar | +| jmxExporter.endpoint | object | `{"interval":"10s","path":"/","scrapeTimeout":"10s"}` | Additional Configuration for the ServiceMonitor Endpoint (Overwrites .serviceMonitor.endpoints) | +| jmxExporter.labels | object | `{"app.kubernetes.io/component":"metrics"}` | Component Specific Labels. | +| jmxExporter.name | string | `"jmx"` | Name for all component parts (ports, resources). Useful when you are using the component multiple times | +| jmxExporter.port | int | `5556` | Exposed JMX Exporter Port (Service and Sidecar) | +| jmxExporter.targetPort | int | `5555` | Define which Port to scrape. Points to the Port where the jmx metrics are exposed on the Maincar. | +| kubeCapabilities | string | `$.Capabilities.KubeVersion.GitVersion` | Overwrite the Kube GitVersion | +| nameOverride | string | `""` | Overwrite "lib.internal.common.name" output | +| overwriteLabels | object | `{}` | Overwrites default labels, but not resource specific labels and common labels | +| pdb.apiVersion | string | `""` | Configure the api version used for the Pdb resource | +| pdb.enabled | bool | `true` | Enable Pdb Resource | +| pdb.labels | object | `{}` | Merges given labels with common labels | +| pdb.maxUnavailable | string | `nil` | Number or percentage of pods which is allowed to be unavailable during a disruption | +| pdb.minAvailable | string | `nil` | Number or percentage of pods which must be available during a disruption. If neither `minAvailable` or `maxUnavailable` is set, de Policy defaults to `minAvailable: 1` | +| pdb.selectorLabels | object | `{}` | Define SelectorLabels for the pdb | +| proxy.httpProxy.host | string | `""` | Configure HTTP Proxy Hostname/IP (without protocol://) | +| proxy.httpProxy.port | int | `nil` | Configure HTTP Proxy Port | +| proxy.httpProxy.protocol | string | http | Configure HTTP Proxy Protocol (http/https) | +| proxy.httpsProxy.host | string | `""` | Configure HTTPS Proxy Hostname/IP (without protocol://) | +| proxy.httpsProxy.port | int | `nil` | Configure HTTPS Proxy Port | +| proxy.httpsProxy.protocol | string | http | Configure HTTPS Proxy Protocol (http/https) | +| proxy.noProxy | list | `[]` | Configure No Proxy Hosts noProxy: [ "localhost", "127.0.0.1" ] | +| selectorLabels | object | `{}` | Define default [selectorLabels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | +| service.annotations | object | `{}` | Configure Service additional Annotations ([Monitor Labels](https://www.weave.works/docs/cloud/latest/tasks/monitor/configuration-k8s/)) | +| service.apiVersion | string | v1 | Configure the api version used | +| service.enabled | bool | `true` | Enable Service Resource | +| service.extraPorts | list | `[]` | Add additional ports to the service | +| service.labels | object | `{}` | Configure Service additional Labels | +| service.loadBalancerIP | string | `""` | Configure Service [loadBalancerIP](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer). Set the LoadBalancer service type to internal only. | +| service.loadBalancerSourceRanges | list | `[]` | Configure Service [loadBalancerSourceRanges](https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service) | +| service.nodePort | string | `""` | Specify the nodePort value for the LoadBalancer and NodePort service types | +| service.port | int | 80 | Configure Service Port (Required) | +| service.portName | string | http | Configure Service Port name | +| service.selector | object | `{}` | Configure Service Selector Labels | +| service.targetPort | string | http | Configure Service TargetPort | +| service.type | string | `"ClusterIP"` | Configure Service [Type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | +| shared.accessModes | list | `["ReadWriteMany"]` | Configure PVC [Access Modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | +| shared.annotations | object | `{}` | Configure PVC additional Annotations ([Monitor Labels](https://www.weave.works/docs/cloud/latest/tasks/monitor/configuration-k8s/)) | +| shared.apiVersion | string | `""` | Configure the api version used for the Pod resource | +| shared.dataSource | string | `nil` | Data Sources are currently only supported for [CSI Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-snapshot-and-restore-volume-from-snapshot-support) | +| shared.enabled | bool | `true` | Enable PVC Resource | +| shared.labels | object | `bedag-lib.commonLabels` | Merges given labels with common labels | +| shared.selector | object | `{}` | Configure PVC [Selector](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector) | +| shared.size | string | `"10Gi"` | Define requested storage size | +| shared.storageClass | string | `""` | Configure PVC [Storage Class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1) | +| statefulset.affinity | object | `{}` | Pod [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | +| statefulset.apiVersion | string | `""` | Configure the api version used for the Statefulset resource | +| statefulset.args | object | `{}` | Configure arguments for executed command | +| statefulset.command | object | `{}` | Configure executed container command | +| statefulset.containerFields | object | `{}` | Extra fields used on the container definition | +| statefulset.containerName | string | `.Chart.Name` | Configure Container Name | +| statefulset.environment | list | `[]` | Configure Environment Variables (Refer to values.yaml) | +| statefulset.forceRedeploy | bool | `false` | | +| statefulset.image.pullPolicy | string | `nil` | Configure Docker Pull Policy. Will be overwritten if set by global variable. | +| statefulset.image.registry | string | `"docker.io"` | Configure Docker Registry. Will be overwritten if set by global variable. | +| statefulset.image.repository | string | `"atlassian/crowd"` | Configure Docker Repository | +| statefulset.image.tag | string | Tag defaults to `.Chart.Appversion`, if not set | Configure Docker Image tag | +| statefulset.imagePullSecrets | list | `[]` | Define [ImagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). Will be overwritten if set by global variable. | +| statefulset.initContainers | list | `[]` | Pod [initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| statefulset.labels | object | `{}` | Merges given labels with common labels | +| statefulset.lifecycle | object | `{}` | Container [Lifecycle](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | +| statefulset.livenessProbe | object | `{"failureThreshold":6,"httpGet":{"path":"/","port":"http","scheme":"HTTP"},"initialDelaySeconds":120,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10}` | Container [LivenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command) | +| statefulset.nodeSelector | object | `{}` | Pod [NodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | +| statefulset.podAnnotations | object | `{}` | Pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) are only added for the pod | +| statefulset.podFields | object | `{}` | Add extra field to the [Pod Template](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podtemplate-v1-core) if not available as value. | +| statefulset.podLabels | object | `{}` | Pod [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) are only added for the pod | +| statefulset.podManagementPolicy | string | `""` | Statefulset [Management Policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies). **Statefulset only** | +| statefulset.podSecurityContext | object | `{}` | Pod [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| statefulset.ports | list | `[]` | Configure Container Ports | +| statefulset.priorityClassName | string | `""` | Pod [priorityClassName](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass) | +| statefulset.readinessProbe | object | `{"failureThreshold":6,"httpGet":{"path":"/","port":"http","scheme":"HTTP"},"initialDelaySeconds":15,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10}` | Container [ReadinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) | +| statefulset.replicaCount | int | `1` | Amount of Replicas deployed | +| statefulset.resources | object | `{}` | Configure Container [Resource](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| statefulset.restartPolicy | string | `nil` | Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy | +| statefulset.rollingUpdatePartition | string | `""` | Statefulset [Update Pratition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions). **Statefulset only** | +| statefulset.securityContext | object | `{}` | Container [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| statefulset.selectorLabels | object | `{}` | Define SelectorLabels for the Pod Template | +| statefulset.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| statefulset.serviceAccount.apiVersion | string | v1 | Configure the api version used | +| statefulset.serviceAccount.automountServiceAccountToken | bool | `true` | (bool) AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. | +| statefulset.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | +| statefulset.serviceAccount.enabled | bool | `false` | Specifies whether a service account is enabled or not | +| statefulset.serviceAccount.globalPullSecrets | bool | `false` | Evaluate global set pullsecrets and mount, if set | +| statefulset.serviceAccount.imagePullSecrets | list | `[]` | ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. | +| statefulset.serviceAccount.labels | object | `{}` | Merges given labels with common labels | +| statefulset.serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | +| statefulset.serviceAccount.secrets | list | `[]` | Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount | +| statefulset.serviceName | string | `""` | Define a Service for the Statefulset | +| statefulset.sidecars | list | `[]` | Allows to add sidecars to your [maincar]](https://kubernetes.io/docs/concepts/workloads/pods/#using-pods) | +| statefulset.startupProbe | object | `{}` | Container [StartupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes) | +| statefulset.statefulsetExtras | object | `{}` | Extra Fields for Statefulset Manifest | +| statefulset.tolerations | object | `{}` | Pod [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| statefulset.updateStrategy | string | `"RollingUpdate"` | Statefulset [Update Strategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets). **Statefulset only** | +| statefulset.volumeClaimTemplates | list | `[]` | Statefulset [volumeClaimTemplates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#components). **Statefulset only** | +| statefulset.volumeMounts | list | `[]` | Configure Container [volumeMounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/) | +| statefulset.volumes | list | `[]` | Additional [Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) | +| volumePermissions.directories | list | `["/crowd"]` | Configure destination directories. The Change Owner/Mode operation will be applied to these directories. Can be String or Slice. | +| volumePermissions.enabled | bool | `false` | Enables Volume Permissions | +| volumePermissions.mode | int | `nil` | Configure permission mode (eg. 755). If not set no permission mode will be applied. | +| volumePermissions.name | string | `permission` | Volume Permission Container Name | +| volumePermissions.runAsGroup | int | `2004` | (int) Configure the directory Group Owner. | +| volumePermissions.runAsUser | int | `2004` | (int) Configure the directory User Owner. | + +This Chart implements the Bedag Manifest Chart. Therefor there are a lot of values for you to play around. + +## Configuration + +Generally Configuration for Crowd is done via Environment variables. See all the possible configurations on the [Crowd Docker Image](https://hub.docker.com/r/atlassian/crowd). Our intent with this chart is to keep configurations and resource layout as flexible as possible. This way have the possibility the deploy Crowd to your needs. + +### Server Mode (Standalone) + +When running Crowd in Server Mode, you can have a single instance of Crowd running simultaneously. + +To Run Crowd in Server Mode, simply toggle the `crowd.cluster.enabled` option to `false`: + +``` +crowd: + cluster: + enabled: false +``` + +### Data Center Mode (Clustered) + +When running Crowd in Data Center Mode, you have the ability to have multiple Crowd instances running at once, providing a HA setup. For more information read about [Crowd Data Center](https://www.atlassian.com/enterprise/data-center/crowd) + +To run Crowd in Data Center Mode, simply toggle the `crowd.cluster.enabled` option to `true`: + +``` +crowd: + cluster: + enabled: true +``` + +By enabling clustered mode, you enable the following resources, which aren't available in standalone mode: + + * [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) + * [Shared PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) + +These are only useful when running Data Center Mode. + +### Persistence (Server/Data Center) + +Read the following before configuring persistence for your Crowd instance. + +Currently there are three default mounts supported by this chart: + + * `$.Values.home` - Mounts a volume to the entire Crowd home directory (`$.Values.crowd.home`) + * `$.Values.shared` - Mounts a volume to the `shared` directory in the Crowd home (Data Center only) + +If that doesn't fit your setup, you can add your volumes/volumemounts through given values and disable the named volumes. + +#### Disable Persistence + +Disable all the predefined persistence from the chart (Will disable all the above mentioned mounts): + +``` +crowd: + persistence: false +``` + +Disable persistence for the Home directory + +``` +home: + enabled: false +``` + +Disable persistence for the Shared directory (Data Center Only) + +``` +shared: + enabled: false +``` + +### Tomcat Proxy + +If your Crowd instance is deployed behind a reverse proxy/ingress, then you will need to specify the following environment variables + +``` +- name: ATL_PROXY_NAME + value: "{ (index .Values.ingress.hosts 0).host }" +- name: ATL_PROXY_PORT + value: "443" +- name: ATL_TOMCAT_SCHEME + value: "https" +- name: ATL_TOMCAT_SECURE + value: "true" +``` + +More information about the image can be found on the [Crowd documentation](https://hub.docker.com/r/atlassian/crowd). + +### VolumePermissions + +VolumePermissions is a slim initContainer, which sets the correct permissions on all the mounts. This is effectively required only the first time the application is deployed. We recommend disabling it when having large data directories in your jira home, since the startup could extend to several minutes. Disable volumePermissions like: + +``` +volumePermissions: + enabled: false +``` + +## Known Issues/Solutions + +Here we have documented some issues and solutions while running Crowd on Kubernetes. + +### Data Center Setup + +Here's how we got Crowd in Data Center working. + + 1. Spin up the first deployment with a single Pod. + 2. Go through the setup via Web interface (Setup license etc.) + * When altering the Database configuration crowd will reload itself. **Don't** touch anything while it's doing that. Watch the logs and reaccess is via Web Interface only after it says it's ready. We had very weird behaviors when not doing so. + 3. When the instance is functional, scale up the amount of pods and confirm they are joining the cluster. + +If you encounter any other issues or have tips, let us know. + +### Database Changelog Lock + +This can happen when the livenessprobe kills crowd to early. You will find the following message in your pod (and it will be crashing): + +``` +[liquibase] Waiting for changelog lock.... +``` + +You will need to do some fixing in the database. [See the following article for more](https://confluence.atlassian.com/crowdkb/crowd-server-does-not-start-could-not-acquire-change-log-lock-1019399699.html). To prevent this, increase the `initialDelaySeconds` value for the livenessProbe. + diff --git a/charts/crowd/README.md.gotmpl b/charts/crowd/README.md.gotmpl new file mode 100644 index 00000000..f868c41c --- /dev/null +++ b/charts/crowd/README.md.gotmpl @@ -0,0 +1,165 @@ +# Crowd + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{/* + Chart Maintainers +*/}} +{{ template "chart.maintainersSection" . }} + +{{/* + Chart Requirements +*/}} +{{ template "chart.requirementsSection" . }} + +{{/* + Chart Sources +*/}} +{{ template "chart.sourcesSection" . }} + +# Major Changes + +Major Changes to functions are documented with the version affected. **Before upgrading the dependency version, check this section out!** + +| **Change** | **Chart Version** | **Description** | **Commits/PRs** | +| :----------- | :---------------- | :--------------------- | :-------------- | +||||| + + +{{/* + Chart Values +*/}} +{{ template "chart.valuesSection" . }} + +This Chart implements the Bedag Manifest Chart. Therefor there are a lot of values for you to play around. + +## Configuration + +Generally Configuration for Crowd is done via Environment variables. See all the possible configurations on the [Crowd Docker Image](https://hub.docker.com/r/atlassian/crowd). Our intent with this chart is to keep configurations and resource layout as flexible as possible. This way have the possibility the deploy Crowd to your needs. + + +### Server Mode (Standalone) + +When running Crowd in Server Mode, you can have a single instance of Crowd running simultaneously. + +To Run Crowd in Server Mode, simply toggle the `crowd.cluster.enabled` option to `false`: + +``` +crowd: + cluster: + enabled: false +``` + +### Data Center Mode (Clustered) + +When running Crowd in Data Center Mode, you have the ability to have multiple Crowd instances running at once, providing a HA setup. For more information read about [Crowd Data Center](https://www.atlassian.com/enterprise/data-center/crowd) + +To run Crowd in Data Center Mode, simply toggle the `crowd.cluster.enabled` option to `true`: + +``` +crowd: + cluster: + enabled: true +``` + +By enabling clustered mode, you enable the following resources, which aren't available in standalone mode: + + * [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) + * [Shared PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) + +These are only useful when running Data Center Mode. + +### Persistence (Server/Data Center) + +Read the following before configuring persistence for your Crowd instance. + +Currently there are three default mounts supported by this chart: + + * `$.Values.home` - Mounts a volume to the entire Crowd home directory (`$.Values.crowd.home`) + * `$.Values.shared` - Mounts a volume to the `shared` directory in the Crowd home (Data Center only) + +If that doesn't fit your setup, you can add your volumes/volumemounts through given values and disable the named volumes. + +#### Disable Persistence + +Disable all the predefined persistence from the chart (Will disable all the above mentioned mounts): + +``` +crowd: + persistence: false +``` + +Disable persistence for the Home directory + +``` +home: + enabled: false +``` + +Disable persistence for the Shared directory (Data Center Only) + +``` +shared: + enabled: false +``` + +### Tomcat Proxy + +If your Crowd instance is deployed behind a reverse proxy/ingress, then you will need to specify the following environment variables + +``` +- name: ATL_PROXY_NAME + value: "{ (index .Values.ingress.hosts 0).host }" +- name: ATL_PROXY_PORT + value: "443" +- name: ATL_TOMCAT_SCHEME + value: "https" +- name: ATL_TOMCAT_SECURE + value: "true" +``` + +More information about the image can be found on the [Crowd documentation](https://hub.docker.com/r/atlassian/crowd). + +### VolumePermissions + +VolumePermissions is a slim initContainer, which sets the correct permissions on all the mounts. This is effectively required only the first time the application is deployed. We recommend disabling it when having large data directories in your jira home, since the startup could extend to several minutes. Disable volumePermissions like: + +``` +volumePermissions: + enabled: false +``` + +## Known Issues/Solutions + +Here we have documented some issues and solutions while running Crowd on Kubernetes. + +### Data Center Setup + +Here's how we got Crowd in Data Center working. + + 1. Spin up the first deployment with a single Pod. + 2. Go through the setup via Web interface (Setup license etc.) + * When altering the Database configuration crowd will reload itself. **Don't** touch anything while it's doing that. Watch the logs and reaccess is via Web Interface only after it says it's ready. We had very weird behaviors when not doing so. + 3. When the instance is functional, scale up the amount of pods and confirm they are joining the cluster. + +If you encounter any other issues or have tips, let us know. + +### Database Changelog Lock + +This can happen when the livenessprobe kills crowd to early. You will find the following message in your pod (and it will be crashing): + +``` +[liquibase] Waiting for changelog lock.... +``` + +You will need to do some fixing in the database. [See the following article for more](https://confluence.atlassian.com/crowdkb/crowd-server-does-not-start-could-not-acquire-change-log-lock-1019399699.html). To prevent this, increase the `initialDelaySeconds` value for the livenessProbe. + + + + diff --git a/charts/crowd/templates/NOTES.txt b/charts/crowd/templates/NOTES.txt new file mode 100644 index 00000000..3bc3a96b --- /dev/null +++ b/charts/crowd/templates/NOTES.txt @@ -0,0 +1,24 @@ + Next Steps + + 1. Visit the Crowd Setup page and finish the setup manually: + + {{ include "bedag-lib.utils.notes.public" (dict "ingress" $.Values.ingress "service" $.Values.service "context" $)| indent 8 }} + + + NOTE: Before you can join additional nodes go through the setup process and complete it. Otherwise you + will have a hard time bootstraping the Crowd cluster. + + 2. Confirm Crowd Setup is complete: + + {{ include "bedag-lib.utils.notes.public" (dict "path" "/crowd/console/setup/setuplicense.action" "ingress" $.Values.ingress "service" $.Values.service "context" $) | indent 8 }} + + + 3. Configure Crowd to your needs. + + Upgrade + + To upgrade your Crowd cluster, first visit the upgrade page: + + * https://confluence.atlassian.com/crowd/upgrading-crowd-22544441.html + + Then you can simply change the image tag to the newer version. For more details take a look at the README.md. diff --git a/charts/crowd/templates/_crowd.tpl b/charts/crowd/templates/_crowd.tpl new file mode 100644 index 00000000..55f3095d --- /dev/null +++ b/charts/crowd/templates/_crowd.tpl @@ -0,0 +1,90 @@ +{{/* + Crowd Component Label +*/}} +{{- define "crowd.component" -}} +app.kubernetes.io/component: "crowd" +{{- end -}} + +{{/* +Crowd Mode Label +*/}} +{{- define "crowd.mode" -}} + {{- if $.Values.crowd.cluster.enabled -}} +atlassian.com/mode: "clustered" + {{- else -}} +atlassian.com/mode: "standalone" + {{- end -}} +{{- end -}} + +{{/* +Crowd Labels +*/}} +{{- define "crowd.Labels" -}} +atlassian.com/component: "crowd" +app.kubernetes.io/part-of: "crowd" +{{ include "crowd.mode" $ | indent 0 }} +{{- end -}} + +{{/* +Crowd Home +*/}} +{{- define "crowd.home" -}} +{{ .Values.crowd.home | trimSuffix "/" }} +{{- end -}} + +{{/* + Crowd JVM Arguments +*/}} +{{- define "crowd.jvm_args" -}} +{{ if $.Values.crowd.jvm_args }}{{- include "lib.utils.strings.stringify" (dict "list" $.Values.crowd.jvm_args "delimiter" " " "context" $) }}{{- end }} {{ include "bedag-lib.utils.helpers.javaProxies" (dict "proxy" $.Values.proxy "context" $) }} +{{- end -}} + +{{/* + Crowd Catalina Options +*/}} +{{- define "crowd.catalina_opts" -}} +{{ if $.Values.crowd.cluster.enabled }}{{ if $.Values.crowd.cluster.nodeName }}-Dcluster.node.name="$POD_NAME"{{ end }}{{ end }}{{ if $.Values.crowd.catalina_opts }}{{- include "lib.utils.strings.stringify" (dict "list" $.Values.crowd.catalina_opts "delimiter" " " "context" $) }}{{- end }} +{{- end -}} + + +{{/* + Crowd Volumepermission Preset +*/}} +{{- define "crowd.volumePermission.values" -}} + {{- if $.Values.volumePermissions.enabled }} +enabled: true + {{- if or (and $.Values.crowd.persistence (or (and $.Values.crowd.clustered $.Values.shared.enabled) $.Values.home.enabled)) $.Values.volumePermissions.volumeMounts }} +volumeMounts: + {{- if $.Values.volumePermissions.volumeMounts }} + {{- toYaml $.Values.volumePermissions.volumeMounts | nindent 2 }} + {{- end }} + {{- if $.Values.crowd.persistence }} + {{- if and $.Values.crowd.clustered $.Values.shared.enabled }} + - name: shared + mountPath: /crowd/share + {{- end }} + {{- if $.Values.home.enabled }} + - name: home + mountPath: /crowd/data + {{- end }} + {{- end }} + {{- end }} + {{- else }} +enabled: false + {{- end }} +{{- end -}} + + +{{/* + Crowd Environment Variables based on Configuration +*/}} +{{- define "crowd.configuration" -}} +- name: "JVM_MINIMUM_MEMORY" + value: {{ $.Values.crowd.memory.min }} +- name: "JVM_MAXIMUM_MEMORY" + value: {{ $.Values.crowd.memory.max }} +- name: "CROWD_HOME" + value: {{ template "crowd.home" . }} +- name: "ATL_TOMCAT_PORT" + value: {{ $.Values.crowd.port | quote }} +{{- end -}} diff --git a/charts/crowd/templates/bundle.yaml b/charts/crowd/templates/bundle.yaml new file mode 100644 index 00000000..84018f25 --- /dev/null +++ b/charts/crowd/templates/bundle.yaml @@ -0,0 +1,169 @@ +{{/* + +Copyright © 2021 Bedag Informatik AG + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +*/}} +{{- include "bedag-lib.manifest.bundle" $ | nindent 0 }} + +{{/* + Define Crowd Chart Bundle +*/}} +{{- define "chart.bundle" -}} +common: + commonLabels: {{- include "crowd.Labels" $ | nindent 4 }} + {{- if $.Values.crowd.timezone }} + timezone: "{{ $.Values.crowd.timezone }}" + {{- end }} +resources: + {{- if and $.Values.extraResources (kindIs "slice" $.Values.extraResources) }} + {{- toYaml $.Values.extraResources | nindent 2 }} + {{- end }} + + {{ $jmxExporter := (fromYaml (include "bedag-lib.utils.presets" (dict "preset" "jmxexporter" "values" $.Values.jmxExporter "context" $))) }} + {{- if $jmxExporter.extraResources }} + {{- toYaml $jmxExporter.extraResources | nindent 2 }} + {{- end }} + + - type: "statefulset" + values: {{ toYaml $.Values.statefulset | nindent 6 }} + overwrites: + + {{/* + InitContainers + */}} + initContainers: + {{- if and $.Values.statefulset.initContainers (kindIs "slice" $.Values.statefulset.initContainers) }} + {{- toYaml $.Values.statefulset | nindent 8 }} + {{- end }} + {{ include "bedag-lib.utils.presets" (dict "preset" "permissions" "values" (mergeOverwrite $.Values.volumePermissions (fromYaml (include "crowd.volumePermission.values" $))) "returnAsArray" true "context" $) | nindent 8 }} + + + {{/* + Keep replicaCount on 1, when Crowd is not running + clustered mode or Crowd is being installed. + */}} + {{- if or (and ($.Release.IsInstall) ($.Values.crowd.cluster.enabled)) (not $.Values.crowd.cluster.enabled) }} + replicaCount: 1 + {{- end }} + + {{/* + Predefined Environment Variables + */}} + environment: + {{- if $.Values.statefulset.environment }} + {{- include "lib.utils.lists.exceptionList" (dict "list" $.Values.statefulset.environment "exceptions" (list "CROWD_HOME" "JVM_MINIMUM_MEMORY" "JVM_MAXIMUM_MEMORY" "JVM_SUPPORT_RECOMMENDED_ARGS" "ATL_TOMCAT_PORT" "CATALINA_OPTS") "context" $) | nindent 8 }} + {{- end }} + {{- include "crowd.configuration" $ | nindent 8 }} + - name: "JVM_SUPPORT_RECOMMENDED_ARGS" + value: {{ include "lib.utils.strings.template" (dict "value" (include "crowd.jvm_args" $) "context" $) | squote }} + - name: "CATALINA_OPTS" + value: {{ include "lib.utils.strings.template" (dict "value" (include "crowd.catalina_opts" $) "context" $) | squote }} + + + {{/* + Predefined Ports + */}} + ports: + {{- if $.Values.statefulset.ports }} + {{- toYaml $.Values.statefulset.ports | nindent 8 }} + {{- end }} + {{- if $jmxExporter.ports }} + {{- toYaml $jmxExporter.ports | nindent 8 }} + {{- end }} + - name: http + containerPort: {{ $.Values.crowd.port }} + protocol: TCP + + {{/* + Predefined Statefulset VolumeMounts + */}} + volumeMounts: + {{- if $.Values.statefulset.volumeMounts }} + {{- toYaml $.Values.statefulset.volumeMounts | nindent 8 }} + {{- end }} + {{- if $.Values.crowd.persistence }} + {{- if $.Values.home.enabled }} + - name: "home" + mountPath: {{ include "crowd.home" $ }} + {{- end }} + {{- if and $.Values.crowd.cluster.enabled $.Values.shared.enabled }} + - name: "shared" + mountPath: {{ include "crowd.home" $ }}/shared + {{- end }} + {{- end }} + + {{/* + Predefined Statefulset Volumes + */}} + volumes: + {{- if $.Values.statefulset.volumes }} + {{- toYaml $.Values.statefulset.volumes | nindent 8 }} + {{- end }} + {{- if $jmxExporter.volumes }} + {{- toYaml $jmxExporter.volumes | nindent 8 }} + {{- end }} + {{- if $.Values.crowd.persistence }} + {{- if and $.Values.crowd.cluster.enabled $.Values.shared.enabled }} + - name: shared + persistentVolumeClaim: + claimName: {{ include "bedag-lib.utils.common.fullname" (dict "name" "shared" "context" $) }} + {{- end }} + {{- end }} + + {{/* + Predefined Statefulset VolumeClaimTemplates + */}} + volumeClaimTemplates: + {{- if $.Values.statefulset.volumeClaimTemplates }} + {{- toYaml $.Values.statefulset.volumeClaimTemplates | nindent 8 }} + {{- end }} + {{- if $.Values.crowd.persistence }} + {{- if $.Values.home.enabled }} + - {{- include "bedag-lib.template.persistentvolumeclaim" (dict "pvc" $.Values.home "fullname" "home" "context" $) | nindent 10 }} + {{- end }} + {{- end }} + + + {{/* + Predefined Statefulset Sidecars + */}} + {{- if or $jmxExporter.container $.Values.statefulset.sidecars }} + sidecars: + {{- if $jmxExporter.container }} + - {{- toYaml $jmxExporter.container | nindent 10 }} + {{- end }} + {{- if $.Values.statefulset.sidecars }} + {{- toYaml $.Values.statefulset.sidecars | nindent 8 }} + {{- end }} + {{- end }} + + - type: "service" + values: {{ toYaml $.Values.service | nindent 6 }} + - type: "ingress" + values: {{ toYaml $.Values.ingress | nindent 6 }} + {{- if and $.Values.pdb (gt (int $.Values.statefulset.replicaCount) 1) }} + - type: "podDisruptionBudget" + values: {{ toYaml $.Values.pdb | nindent 6 }} + {{- end }} + {{- if $.Values.crowd.cluster.enabled }} + - type: "horizontalPodAutoscaler" + values: {{ toYaml $.Values.autoscaling | nindent 6 }} + {{- if and $.Values.crowd.persistence $.Values.shared.enabled }} + - type: "persistentVolumeClaim" + values: {{ toYaml $.Values.shared | nindent 6 }} + name: "shared" + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/crowd/values.yaml b/charts/crowd/values.yaml new file mode 100644 index 00000000..a1e48200 --- /dev/null +++ b/charts/crowd/values.yaml @@ -0,0 +1,938 @@ +## Global Values +## +global: + + ## Global Docker Image Registry + # global.imageRegistry -- Global Docker Image Registry declaration. Will overwrite all child .registry fields. + imageRegistry: "" + + ## Global Default Image Tag + # global.defaultTag -- Global Docker Image Tag declaration. Will be used as default tag, if no tag is given by child + defaultTag: "" + + ## Global Docker Image PullPolicy + # global.imagePullPolicy -- Global Docker Image Pull Policy declaration. Will overwrite all child .pullPolicy fields. + imagePullPolicy: "" + + ## Global StorageClass + # global.storageClass -- Global StorageClass declaration. Can be used to overwrite StorageClass fields. + storageClass: "" + + ## Global Image Pull Secrets + # global.imagePullSecrets -- Global Docker Image Pull Secrets declaration. Added to local Docker Image Pull Secrets. + imagePullSecrets: [] + +## Crowd Configuration +crowd: + + ## crowd Instance Timezone + # crowd.timezone -- Define the timezone for the crowd instance + # @default -- "UTC" + timezone: "Europe/Zurich" + + ## Crowd Home Directory + # crowd.home -- Atlassian Crowd Home Directory + home: "/var/atlassian/application-data/crowd" + + ## crowd Persistence + # crowd.persistence -- Disable predefined persistence for crowd + persistence: true + + ## ATL_TOMCAT_PORT Configuration + # crowd.port -- Port published on Crowd Pod + port: 8095 + + ## Memory Configuration + memory: + + ## Minimum JVM Memory + # crowd.memory.min -- Minimum JVM Memory (`JVM_MINIMUM_MEMORY`) + min: "384m" + + ## Maximum JVM Memory + # crowd.memory.max -- Maxium JVM Memory (`JVM_MAXIMUM_MEMORY`) + max: "768m" + + ## JVM Agruments Options + # crowd.jvm_args -- Enter JVM Options which are used for the `JVM_SUPPORT_RECOMMENDED_ARGS` environment variables + jvm_args: [] + + ## Catalina Arguments Options + # crowd.catalina_opts -- Enter Catalina Options which are used for the `CATALINA_OPTS` environment variables + catalina_opts: [] + + ## Crowd Data Center Configuration + cluster: + + ## Run Crowd DataCenter Mode + # crowd.cluster.enabled -- Run Atlassian Crowd in Data Center Mode + enabled: false + + ## Run Crowd DataCenter Mode + # crowd.cluster.nodeName -- If enabled automatically adds Pod Name as Node name for the cluster (`-Dcluster.node.name=crowd-X`) + nodeName: true + + +## Extra Resources +# extraResources -- Enter Extra Resources managed by the Crowd Release +extraResources: [] + +## Common Values +## + +## Overwrite Name Template +# nameOverride -- Overwrite "lib.internal.common.name" output +nameOverride: "" + +## Overwrite Fullname Template +# fullnameOverride -- Overwrite `lib.utils.common.fullname` output +fullnameOverride: "" + +## Common Labels +# commonLabels -- Common Labels are added to each kubernetes resource manifest. +commonLabels: {} + +## Overwrite Labels +# overwriteLabels -- Overwrites default labels, but not resource specific labels and common labels +overwriteLabels: {} + +## Selector Labels +# selectorLabels -- Define default [selectorLabels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +selectorLabels: {} + +## Version Capabilities +# kubeCapabilities -- Overwrite the Kube GitVersion +# @default -- `$.Capabilities.KubeVersion.GitVersion` +kubeCapabilities: "" + + +## Proxy Values +## +proxy: + + ## HTTP Proxy Configuration + httpProxy: + + ## HTTP Proxy Host Configuration + # proxy.httpProxy.host -- Configure HTTP Proxy Hostname/IP (without protocol://) + host: "" + + ## HTTP Proxy Port Configuration + # proxy.httpProxy.port -- (int) Configure HTTP Proxy Port + port: + + ## HTTP Proxy Protocol Configuration + # proxy.httpProxy.protocol -- Configure HTTP Proxy Protocol (http/https) + # @default -- http + protocol: "" + + ## HTTPS Proxy Configuration + httpsProxy: + + ## HTTPS Proxy Host Configuration + # proxy.httpsProxy.host -- Configure HTTPS Proxy Hostname/IP (without protocol://) + host: "" + + ## HTTP Proxy Port Configuration + # proxy.httpsProxy.port -- (int) Configure HTTPS Proxy Port + port: + + ## HTTP Proxy Protocol Configuration + # proxy.httpsProxy.protocol -- Configure HTTPS Proxy Protocol (http/https) + # @default -- http + protocol: "" + + ## No Proxy Hosts Configuration + # proxy.noProxy -- Configure No Proxy Hosts + # noProxy: [ "localhost", "127.0.0.1" ] + noProxy: [] + + +## - Statefulset +## Reference: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ +## +statefulset: + + ## Statefulset API version + # statefulset.apiVersion -- Configure the api version used for the Statefulset resource + apiVersion: "" + + ## Statefulset Labels + # statefulset.labels -- Merges given labels with common labels + labels: {} + + ## Statefulset Service + # statefulset.serviceName -- Define a Service for the Statefulset + serviceName: "" + + ## Statefulset Selector Labels + # statefulset.selectorLabels -- Define SelectorLabels for the Pod Template + selectorLabels: {} + + ## Amount of Replicas + # statefulset.replicaCount -- Amount of Replicas deployed + replicaCount: 1 + + ## Statefulset Pod Management Policy + # statefulset.podManagementPolicy -- Statefulset [Management Policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies). **Statefulset only** + podManagementPolicy: "" + + ## StrategyType, can be set to RollingUpdate or OnDelete by default. + # statefulset.updateStrategy -- Statefulset [Update Strategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets). **Statefulset only** + updateStrategy: RollingUpdate + + ## Partition update strategy + # statefulset.rollingUpdatePartition -- Statefulset [Update Pratition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions). **Statefulset only** + rollingUpdatePartition: "" + + ## Persistent Volume Template Configuration + # statefulset.volumeClaimTemplates -- Statefulset [volumeClaimTemplates](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#components). **Statefulset only** + volumeClaimTemplates: [] + # - metadata: + # name: example + # annotations: {} + # spec: + # accessModes: [ "ReadWriteOnce" ] + # resources: + # requests: + # storage: "1Gi" + # storageClassName: { include "lib.utils.storageClass" (dict "persistence" .Values.persistence "context" $.Values) } + + + ## Statefulset Extra Values + # statefulset.statefulsetExtras -- Extra Fields for Statefulset Manifest + statefulsetExtras: {} + # + + ## Pod Configuration + ## https://github.com/bedag/helm-charts/tree/master/charts/manifests/templates/manifests/README.md#pod-template + ## Full Configuration + + ## Image Pull Secrets + # statefulset.imagePullSecrets -- Define [ImagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). Will be overwritten if set by global variable. + imagePullSecrets: [] + + ## Pod Labels + # statefulset.podLabels -- Pod [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) are only added for the pod + podLabels: {} + + ## Pod Annotations + # statefulset.podAnnotations -- Pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) are only added for the pod + podAnnotations: {} + + ## Pod ForceRedeploy + ## statefulset.forceRedeploy -- Adds timestamp annotation, causing your pods to be redeployed everytime a new release applied. + forceRedeploy: false + + ## Extra Pod Fields + # statefulset.podFields -- Add extra field to the [Pod Template](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podtemplate-v1-core) if not available as value. + podFields: {} + # hostNetwork: true + + ## Additional Kubernetes Volumes + # statefulset.volumes -- Additional [Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) + volumes: [] + # - name: cache + # emptyDir: {} + # - name: share + # persistentVolumeClaim: + # claimName: 'shared' + + ## RestartPolicy Configuration + # statefulset.restartPolicy -- Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + restartPolicy: + + ## Affinity Configuration + # statefulset.affinity -- Pod [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) + affinity: {} + + ## NodeSelector Configuration + # statefulset.nodeSelector -- Pod [NodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) + nodeSelector: {} + + ## Tolerations Configuration + # statefulset.tolerations -- Pod [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) + tolerations: {} + + ## Priority Configuration + # statefulset.priorityClassName -- Pod [priorityClassName](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass) + priorityClassName: "" + + ## Pod SecurityContext Configuration + # statefulset.podSecurityContext -- Pod [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) + podSecurityContext: {} + + ## Pod Initcontainers + # statefulset.initContainers -- Pod [initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) + initContainers: [] + # - name: init-myservice + # image: busybox:1.28 + # command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + + ## Pod SideCar Containers + # statefulset.sidecars -- Allows to add sidecars to your [maincar]](https://kubernetes.io/docs/concepts/workloads/pods/#using-pods) + sidecars: [] + + # + ## - ServiceAccount + ## Reference: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## API Reference: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#serviceaccount-v1-core + ## + serviceAccount: + + ## ServiceAccount Creation + # statefulset.serviceAccount.enabled -- Specifies whether a service account is enabled or not + enabled: false + + ## ServiceAccount Creation + # statefulset.serviceAccount.create -- Specifies whether a service account should be created + create: false + + ## ServiceAccount API version + # statefulset.serviceAccount.apiVersion -- Configure the api version used + # @default -- v1 + apiVersion: "" + + ## ServiceAccount Labels + # statefulset.serviceAccount.labels -- Merges given labels with common labels + labels: {} + + ## ServiceAccount Annotations + # statefulset.serviceAccount.annotations -- Annotations to add to the service account + annotations: {} + + ## ServiceAccount Auto Mount Service Token + # statefulset.serviceAccount.automountServiceAccountToken -- (bool) AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. + automountServiceAccountToken: true + + ## ServiceAccount Image pull secrets + # statefulset.serviceAccount.imagePullSecrets -- ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. + imagePullSecrets: [] + + ## ServiceAccount Global PullSecrets + # statefulset.serviceAccount.globalPullSecrets -- Evaluate global set pullsecrets and mount, if set + globalPullSecrets: false + + ## ServiceAccount Secrets + # statefulset.serviceAccount.secrets -- Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount + secrets: [] + + ## ServiceAccount Name + # statefulset.serviceAccount.name -- If not set and create is true, a name is generated using the fullname template + name: "" + + + ## Container Configuration + ## https://github.com/bedag/helm-charts/tree/master/charts/manifests/templates/manifests/README.md#container-template + ## Full Configuration + + + # + ## -- Container + ## Reference: https://kubernetes.io/de/docs/concepts/containers/ + ## Container API Object - https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core + # + + ## Custom Container Name + # statefulset.containerName -- Configure Container Name + # @default -- `.Chart.Name` + containerName: + + ## Docker Image definition. + image: + # statefulset.image.registry -- Configure Docker Registry. Will be overwritten if set by global variable. + registry: docker.io + + # statefulset.image.repository -- Configure Docker Repository + repository: atlassian/crowd + + # statefulset.image.pullPolicy -- Configure Docker Pull Policy. Will be overwritten if set by global variable. + pullPolicy: + + # statefulset.image.tag -- Configure Docker Image tag + # @default -- Tag defaults to `.Chart.Appversion`, if not set + tag: + + ## Container Resources + # statefulset.resources -- Configure Container [Resource](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) + resources: + {} + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + + ## Container Command + # statefulset.command -- Configure executed container command + command: + {} + + ## Container Command Args + # statefulset.args -- Configure arguments for executed command + args: + {} + + ## Environment Variables + # statefulset.environment -- Configure Environment Variables (Refer to values.yaml) + environment: + [] + # - name: "MY_ENV" + # value: "someValue" + # secret: true + # - name: SOME_SPEC + # valueFrom: + # fieldRef: + # fieldPath: spec.* + # + + ## Container Ports + # statefulset.ports -- Configure Container Ports + ports: + [] + # - name: "health" + # containerPort: 9090 + # protocol: TCP + + ## Additional Volume Mounts + # statefulset.volumeMounts -- Configure Container [volumeMounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/) + volumeMounts: + [] + # - name: "cache" + # mountPath: /cache + # - name: "share" + # mountPath: /var/data/share + + ## Container SecurityContext + # statefulset.securityContext -- Container [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) + securityContext: + {} + + ## ReadinessProbe Configuration + # statefulset.readinessProbe -- Container [ReadinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) + readinessProbe: + failureThreshold: 6 + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + + ## LivenessProbe Configuration + # statefulset.livenessProbe -- Container [LivenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command) + livenessProbe: + failureThreshold: 6 + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + + ## StartupProbe Configuration + # statefulset.startupProbe -- Container [StartupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes) + startupProbe: + {} + # httpGet: + # path: /health + # port: http + # failureThreshold: 30 + # periodSeconds: 10 + + ## Container Lifecycle Hooks + # statefulset.lifecycle -- Container [Lifecycle](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) + lifecycle: + {} + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] + + ## Container ExtraFields + # statefulset.containerFields -- Extra fields used on the container definition + containerFields: + {} + # stdinOnce: true + + +## - Service +## Reference: https://kubernetes.io/docs/concepts/services-networking/service/ +## +service: + + ## Service Enable + # service.enabled -- Enable Service Resource + enabled: true + + ## Service API version + # service.apiVersion -- Configure the api version used + # @default -- v1 + apiVersion: "" + + ## Service Labels + # service.labels -- Configure Service additional Labels + labels: {} + + ## Service Annotations + # service.annotations -- Configure Service additional Annotations ([Monitor Labels](https://www.weave.works/docs/cloud/latest/tasks/monitor/configuration-k8s/)) + annotations: {} + + ## Service Type + # service.type -- Configure Service [Type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). + type: ClusterIP + + ## Service Port Name + # service.portName -- Configure Service Port name + # @default -- http + portName: "http" + + ## Service Port + # service.port -- Configure Service Port (Required) + # @default -- 80 + port: 8095 + + ## Service Target Port + # service.targetPort -- Configure Service TargetPort + # @default -- http + targetPort: "http" + + ## Service Extra Ports + # service.extraPorts -- Add additional ports to the service + extraPorts: [] + + ## Service NodePort ([Reference](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)) + # service.nodePort -- Specify the nodePort value for the LoadBalancer and NodePort service types + nodePort: "" + + ## Service Loadbalancer IP + # service.loadBalancerIP -- Configure Service [loadBalancerIP](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer). Set the LoadBalancer service type to internal only. + loadBalancerIP: "" + + ## Service Load Balancer SourceRanges + # service.loadBalancerSourceRanges -- Configure Service [loadBalancerSourceRanges](https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service) + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + + ## Service ClusterIP + # service.clusterIP -- Configure Service [clusterIP](https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address) + # @default -- None + # clusterIP: None + + ## Service Selector + # service.selector -- Configure Service Selector Labels + selector: {} + + + +## - Ingress +## Reference: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + + ## Enable Ingress + # ingress.enabled -- Enable Ingress Resource + enabled: false + + ## Ingress API version + # ingress.apiVersion -- Configure the api version used for the ingress resource. + apiVersion: "" + + ## Ingress Labels + # ingress.labels -- Configure Ingress additional Labels + labels: {} + + ## Ingress Annotations + # ingress.annotations -- Configure Ingress Annotations + annotations: {} + # kubernetes.io/ingress.class: nginx (Deprecated) + # kubernetes.io/tls-acme: "true" + + ## Ingress Default Backend + # ingress.backend -- Configure a [default backend](https://kubernetes.io/docs/concepts/services-networking/ingress/#default-backend) for this ingress resource + backend: {} + # service: + # name: backend + # port: + # number: 80 + + ## Ingress Default Class + # ingress.ingressClass -- Configure the [default ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class) for this ingress. + ingressClass: "" + + ## Ingress HTTP Rules + # ingress.hosts -- Configure Ingress [Hosts](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules) (Required) + hosts: [] + + # ingress.hosts[0].host -- Ingress Hostname + # - host: chart-example.local + # + # ingress.hosts[0].paths -- Ingress Paths + # paths: + # + ## Path with service backend + # + # ingress.hosts[0].paths[0].path -- Ingress Path Context + # - path: "/" + # + # ingress.hosts[0].paths[0].serviceName -- Ingress Path service backend name + # @default -- `bedag-lib.utils.common.fullname` + # serviceName: "" + # + # ingress.hosts[0].paths[0].servicePort -- Ingress Path service backend port + # @default -- http + # servicePort: "" + # + ## Path with resource backend + # + # ingress.hosts[0].paths[1].path -- Ingress Path Context + # - path: "/storage" + # + # ingress.hosts[0].paths[1].pathType -- Ingress path [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) + # @default -- Prefix + # pathType: "ImplementationSpecific" + # + # ingress.hosts[0].paths[1].resource -- Ingress path resource backend + # resource: + # apiGroup: k8s.example.com + # kind: StorageBucket + # name: icon-assets + # + # ingress.hosts[0].paths[2].path -- Direct Ingress Path. Defaults to service backend. + # - "/" + # + + ## Ingress TLS Configuration + # ingress.tls -- Configure Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + ## Custom Ingress Rules + # ingress.customRules -- Configure Custom Ingress [Rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#resource-backend) + customRules: [] + # - http: + # paths: + # - path: /icons + # pathType: ImplementationSpecific + # backend: + # resource: + # apiGroup: k8s.example.com + # kind: StorageBucket + # name: icon-assets + +## - Pod disruption budget +## Reference: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ +## +pdb: + + ## Enable Pdb + # pdb.enabled -- Enable Pdb Resource + enabled: true + + ## Pdb API version + # pdb.apiVersion -- Configure the api version used for the Pdb resource + apiVersion: "" + + ## Pdb Labels + # pdb.labels -- Merges given labels with common labels + labels: {} + + ## Pdb Selector Labels + # pdb.selectorLabels -- Define SelectorLabels for the pdb + selectorLabels: {} + + ## Pdb minAvailable + # pdb.minAvailable -- Number or percentage of pods which must be available during a disruption. If neither `minAvailable` or `maxUnavailable` is set, de Policy defaults to `minAvailable: 1` + minAvailable: + + ## Pdb maxUnavailable + # pdb.maxUnavailable -- Number or percentage of pods which is allowed to be unavailable during a disruption + maxUnavailable: + + +# +## - Horizontal Pod Autoscaler +## Reference: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## +autoscaling: + + ## Horizontal Pod Autoscaler Enable + # autoscaling.enabled -- Enable HPA resource + enabled: true + + ## Horizontal Pod Autoscaler API version + # autoscaling.apiVersion -- Configure the api version used for the Job resource. + apiVersion: "" + + ## Horizontal Pod Autoscaler Labels + # autoscaling.labels -- Merges given labels with common labels + labels: {} + + ## Horizontal Pod Autoscaler Annotations + # autoscaling.annotations -- Configure HPA Annotations + annotations: {} + + ## Horizontal Pod Autoscaler Target + # autoscaling.scaleTargetRef -- scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count. + scaleTargetRef: + + ## Horizontal Pod Autoscaler minimum Replicas + # autoscaling.minReplicas -- minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. + # @default -- 1 + minReplicas: + + ## Horizontal Pod Autoscaler minimum Replicas + # autoscaling.maxReplicas -- maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. + maxReplicas: + + ## Horizontal Pod Autoscaler Target CPU + # autoscaling.targetCPUUtilizationPercentage -- Set the averageUtilization for the CPU resrouce as integer percentage (e.g. 50 = 50%) + targetCPUUtilizationPercentage: + + ## Horizontal Pod Autoscaler Target Memory + # autoscaling.targetMemoryUtilizationPercentage -- Set the averageUtilization for the Memory resrouce as integer percentage (e.g. 50 = 50%) + targetMemoryUtilizationPercentage: + + ## Horizontal Pod Autoscaler Custom Metric Rules + # autoscaling.metrics -- Define [Custom Metrics](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics) rules + metrics: [] + # + # - type: External + # external: + # metric: + # name: queue_messages_ready + # selector: "queue=worker_tasks" + # target: + # type: AverageValue + # averageValue: 30 + # + # - type: Object + # object: + # metric: + # name: requests-per-second + # describedObject: + # apiVersion: networking.k8s.io/v1beta1 + # kind: Ingress + # name: main-route + # target: + # type: Value + # value: 10k + + ## Horizontal Pod Autoscaler Scale Behavior + # autoscaling.behavior -- Define [Scaling Policies](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior) for the HPA resource. + behavior: {} + # + # scaleDown: + # policies: + # - type: Pods + # value: 4 + # periodSeconds: 60 + # - type: Percent + # value: 10 + # periodSeconds: 60 + + +# +## - Persistent Volume Claim +## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +shared: + + ## Enable PVC + # shared.enabled -- Enable PVC Resource + enabled: true + + ## PVC API version + # shared.apiVersion -- Configure the api version used for the Pod resource + apiVersion: "" + + ## PVC Labels + # shared.labels -- Merges given labels with common labels + # @default -- `bedag-lib.commonLabels` + labels: {} + + ## PVC Annotations + # shared.annotations -- Configure PVC additional Annotations ([Monitor Labels](https://www.weave.works/docs/cloud/latest/tasks/monitor/configuration-k8s/)) + annotations: {} + + ## PVC Access Modes + # shared.accessModes -- Configure PVC [Access Modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) + accessModes: [ "ReadWriteMany" ] + + ## PVC Storage Class + # shared.storageClass -- Configure PVC [Storage Class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1) + storageClass: "" + + ## PersistentVolumeClaim resources + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resources + # shared.size -- Define requested storage size + size: 10Gi + + ## PVC Selector + # shared.selector -- Configure PVC [Selector](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector) + selector: {} + + ## PVC Data Sources + # shared.dataSource -- Data Sources are currently only supported for [CSI Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-snapshot-and-restore-volume-from-snapshot-support) + dataSource: + # name: existing-src-pvc-name + # kind: PersistentVolumeClaim + +# +## Home Persistence Configuration +## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#introduction +## +home: + + ## PersistentVolumeClaim Enable + # home.enabled -- Enable persistent Crowd Home + enabled: true + + ## PersistentVolumeClaim Access Mode + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes + # home.accessModes -- Define Access modes for Crowd Home + accessModes: [ "ReadWriteOnce" ] + + ## PersistentVolumeClaim resources + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resources + # home.size -- Define requested storage size for Crowd Home + size: 10Gi + + ## PersistentVolumeClaim storageClass + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class + # home.storageClass -- Define storageclass for Crowd Home Persistence + storageClass: "" + + ## PersistentVolumeClaim Annotations + # home.annotations -- Define storageclass for Crowd Home Persistent Volume Claim + annotations: {} + +# +## Cache Persistence Configuration +## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#introduction +## +cache: + + ## PersistentVolumeClaim Enable + # cache.enabled -- Enable persistent Crowd Home Cache + enabled: false + + ## PersistentVolumeClaim Access Mode + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes + # cache.accessModes -- Define Access modes for Crowd Cache persistence + accessModes: [ "ReadWriteOnce" ] + + ## PersistentVolumeClaim resources + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resources + # cache.size -- Define requested storage size for Crowd Cache + size: 2Gi + + ## PersistentVolumeClaim storageClass + ## Reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class + # cache.storageClass -- Define storageclass for Crowd Cache Persistence + storageClass: "" + + ## PersistentVolumeClaim Annotations + # cache.annotations -- Define storageclass for Crowd Cache Persistent Volume Claim + annotations: {} + + + + + +# +## VolumePermissions Configuration +volumePermissions: + + ## Volume Permission Enable + # volumePermissions.enabled -- Enables Volume Permissions + enabled: false + + ## Volume Permission Name + # volumePermissions.name -- Volume Permission Container Name + # @default -- `permission` + name: "" + + ## User Configuration (CHMOD User) + # volumePermissions.runAsUser -- (int) Configure the directory User Owner. + #@ @default -- `0` + runAsUser: 2004 + + ## Group Configuration (CHMOD Group) + # volumePermissions.runAsGroup -- (int) Configure the directory Group Owner. + #@ @default -- `0` + runAsGroup: 2004 + + ## Directory Mode (Optional) + # volumePermissions.mode -- (int) Configure permission mode (eg. 755). If not set no permission mode will be applied. + mode: + + ## Destination Directories + # volumePermissions.directories -- Configure destination directories. The Change Owner/Mode operation will be applied to these directories. Can be String or Slice. + directories: [ "/crowd" ] + + ## Container Configuration + ## https://github.com/bedag/helm-charts/tree/master/charts/manifests/templates/manifests#container-template + ## Supports all the values from the referenced template. Find all available values in the link above. + + +# +## JMX Exporter Configuration +jmxExporter: + + ## Enable JMX Exporter + # jmxExporter.enabled -- Enables [JMX Exporter](https://github.com/bitnami/bitnami-docker-jmx-exporter) as Sidecar + enabled: false + + ## Component Name + # jmxExporter.name -- Name for all component parts (ports, resources). Useful when you are using the component multiple times + name: "jmx" + + ## Component Specific Labels + # jmxExporter.labels -- Component Specific Labels. + labels: + app.kubernetes.io/component: metrics + + ## JMX Exporter TargetPort + # jmxExporter.targetPort -- Define which Port to scrape. Points to the Port where the jmx metrics are exposed on the Maincar. + targetPort: 5555 + + ## JMX Exporter Port + # jmxExporter.port -- Exposed JMX Exporter Port (Service and Sidecar) + port: 5556 + + ## Prometheus Endpoint Configuration + # jmxExporter.endpoint -- Additional Configuration for the ServiceMonitor Endpoint (Overwrites .serviceMonitor.endpoints) + endpoint: + path: "/" + interval: 10s + scrapeTimeout: 10s + + ## JMX Exporter Configuration + # jmxExporter.config -- Configure JMX Exporter configuration. The `jmxUrl` configuration will be set automatically, if not overwritten. [See all Configurations](https://github.com/prometheus/jmx_exporter#configuration) + # @default -- See values.yaml + config: + lowercaseOutputName: true + lowercaseOutputLabelNames: true + ssl: false + + ## Container Configuration + ## https://github.com/bedag/helm-charts/tree/master/charts/manifests/templates/manifests/README.md#container-template + ## Supports all the values from the referenced template. Find all available values in the link above. + + ## Service Configuration + ## https://github.com/bedag/helm-charts/tree/master/charts/manifests/templates/manifests/README.md#service + ## Supports all the values from the referenced template. Find all available values in the link above. + + ## ServiceMonitor Configuration + ## https://github.com/bedag/helm-charts/tree/master/charts/manifests/templates/manifests/README.md#servicemonitor + ## Supports all the values from the referenced template. Find all available values in the link above. diff --git a/charts/crowd/values_production.yaml b/charts/crowd/values_production.yaml new file mode 100644 index 00000000..c8de5022 --- /dev/null +++ b/charts/crowd/values_production.yaml @@ -0,0 +1,87 @@ +## +## Global Configuration +global: + imageRegistry: "company-registry.example.com" + +## JMX Exporter +jmxExporter: + enabled: true + +## Crowd Configuration +crowd: + cluster: + enabled: true + + ## JVM Memory Configuration + memory: + min: "768m" + max: "1536m" + + ## JVM Args (Expose JMX metrics) + jvm_args: + - "-Dcom.sun.management.jmxremote.port=5555" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.rmi.port=5555" + - "-Djava.rmi.server.hostname=127.0.0.1" + +## Proxy Configuration +proxy: + httpProxy: + host: "proxy.example.com" + port: "8080" + httpsProxy: + host: "proxy.example.com" + port: "8080" + noProxy: + - "localhost" + - "127.0.0.1" + - "*.example.com" + - "{{ (index .Values.ingress.hosts 0).host }}" + +## Statefulset Configuration +statefulset: + + ## Resources + resources: + limits: + cpu: 2 + memory: 3Gi + requests: + cpu: 0.5 + memory: 1Gi + + ## Environment Variables + environment: + + ## Tomcat Proxy Configuration + - name: ATL_PROXY_NAME + value: "{{ (index .Values.ingress.hosts 0).host }}" + - name: ATL_PROXY_PORT + value: "443" + - name: ATL_TOMCAT_SCHEME + value: "https" + - name: ATL_TOMCAT_SECURE + value: "true" + +## Persistence Configuration +home: + storageClass: "local" +shared: + storageClass: "nfs-backend" + accessModes: [ "ReadWriteMany" ] + size: "5Gi" + +## Ingress Configuration +ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/session-cookie-max-age: "10800" #3h + nginx.ingress.kubernetes.io/proxy-body-size: "0" + hosts: + - host: crowd.cluster.ingress + paths: [ "/" ] + tls: + - hosts: + - crowd.cluster.ingress diff --git a/charts/crowd/values_standalone.yaml b/charts/crowd/values_standalone.yaml new file mode 100644 index 00000000..ac1845b2 --- /dev/null +++ b/charts/crowd/values_standalone.yaml @@ -0,0 +1,53 @@ +## These values show how you could deploy Crowd in standalone mode +## It's assumed that you are running a postgresql in the same namespace +## +## Crowd Configuration +crowd: + cluster: + enabled: false + memory: + min: "768m" + max: "1536m" + +## Statefulset Configuration +statefulset: + + ## Image + image: + ## Versions https://hub.docker.com/r/atlassian/crowd/tags?page=1&ordering=last_updated + tag: "4.2.1" + + ## Resources + resources: + limits: + cpu: 1 + memory: 3Gi + requests: + cpu: 0.5 + memory: 1Gi + + ## Environment Variables + environment: + ## Tomcat Proxy Configuration + - name: ATL_PROXY_NAME + value: "{{ (index .Values.ingress.hosts 0).host }}" + - name: ATL_PROXY_PORT + value: "443" + - name: ATL_TOMCAT_SCHEME + value: "https" + - name: ATL_TOMCAT_SECURE + value: "true" + +## Ingress Configuration +ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/session-cookie-max-age: "10800" #3h + nginx.ingress.kubernetes.io/proxy-body-size: "0" + hosts: + - host: crowd.cluster.ingress + paths: [ "/" ] + tls: + - hosts: + - crowd.cluster.ingress diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh new file mode 100755 index 00000000..da399c81 --- /dev/null +++ b/scripts/helm-docs.sh @@ -0,0 +1,11 @@ +#!/bin/bash +## Reference: https://github.com/norwoodj/helm-docs +set -eux +CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)/charts" +echo "$CHART_DIR" + +echo "Running Helm-Docs" +docker run \ + -v "$CHART_DIR:/helm-docs" \ + -u $(id -u) \ + jnorwood/helm-docs:latest \ No newline at end of file