From 422f19eb547de3d8f85979944fe7ac11a7f949b1 Mon Sep 17 00:00:00 2001 From: Daniel Del Rio Figueira Date: Thu, 16 Jan 2025 14:14:57 +0100 Subject: [PATCH 1/3] Updated bitnami registry --- Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 37255f6..fb9d269 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -28,13 +28,13 @@ dependencies: repository: "https://download.passbolt.com/charts/passbolt-library" - name: redis version: 17.15.2 - repository: "https://charts.bitnami.com/bitnami" + repository: "oci://registry-1.docker.io/bitnamicharts" condition: redisDependencyEnabled - name: mariadb version: 11.5.7 - repository: "https://charts.bitnami.com/bitnami" + repository: "oci://registry-1.docker.io/bitnamicharts" condition: mariadbDependencyEnabled - name: postgresql version: 13.2.3 - repository: "https://charts.bitnami.com/bitnami" + repository: "oci://registry-1.docker.io/bitnamicharts" condition: postgresqlDependencyEnabled From 9c4ce17fb4125e7b38206e9858859a9d2c7330b4 Mon Sep 17 00:00:00 2001 From: Daniel Del Rio Figueira Date: Thu, 16 Jan 2025 14:21:54 +0100 Subject: [PATCH 2/3] Updated Chart.lock as well --- Chart.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index 92332b2..37db7c6 100644 --- a/Chart.lock +++ b/Chart.lock @@ -3,13 +3,13 @@ dependencies: repository: https://download.passbolt.com/charts/passbolt-library version: 0.2.7 - name: redis - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts version: 17.15.2 - name: mariadb - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts version: 11.5.7 - name: postgresql - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts version: 13.2.3 -digest: sha256:541a5a0685f8f792ef99c2de7c29b73ae543563f4ff4f795797d65bfc88c3222 -generated: "2023-11-09T16:43:25.437028891+01:00" +digest: sha256:03492f569f9d139a995793d26fa13888751f98e95ad7abe7520924ece5afbdeb +generated: "2025-01-16T14:21:04.226362693+01:00" From 99e0d0f2c1cb2042aea729c06808c9817ed81069 Mon Sep 17 00:00:00 2001 From: Daniel Del Rio Figueira Date: Thu, 16 Jan 2025 15:08:48 +0100 Subject: [PATCH 3/3] Release 1.3.1 and bump passbolt version to 4.10.1-1-ce --- CHANGELOG.md | 9 +- Chart.yaml | 2 +- README.md | 272 +++++++++++++++++++++++------------------------ README.md.gotmpl | 4 +- RELEASE_NOTES.md | 6 +- values.yaml | 2 +- 6 files changed, 150 insertions(+), 145 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6248ab..430b75c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,14 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.3.0...HEAD) +## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.3.1...HEAD) + +## [1.3.1] - 2025-01-16 + +### Fixed + +- Updated Bitnami registry name +- Bump passbolt docker image tag to 4.10.1-1-ce ## [1.3.0] - 2024-11-13 diff --git a/Chart.yaml b/Chart.yaml index fb9d269..a98b0d4 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.3.0 +version: 1.3.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/README.md b/README.md index db4bb4e..a680100 100644 --- a/README.md +++ b/README.md @@ -115,146 +115,146 @@ chart and deletes the release. ## Requirements | Repository | Name | Version | -|-------------------------------------------------------|------------------|---------| -| https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | -| https://charts.bitnami.com/bitnami | redis | 17.15.2 | +| ----------------------------------------------------- | ---------------- | ------- | | https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | +| oci://registry-1.docker.io/bitnamicharts | mariadb | 11.5.7 | +| oci://registry-1.docker.io/bitnamicharts | redis | 17.15.2 | ## Values -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Configure passbolt deployment affinity | -| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | -| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | -| app.cache.redis.sentinelProxy.image | object | `{"registry":"","repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | -| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | -| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | -| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | -| app.database.kind | string | `"mariadb"` | | -| app.databaseInitContainer | object | `{"enabled":true}` | Configure pasbolt deployment init container that waits for database | -| app.databaseInitContainer.enabled | bool | `true` | Toggle pasbolt deployment init container that waits for database | -| app.extraContainers | list | `[]` | Configure additional containers to be added to the pod | -| app.extraPodLabels | object | `{}` | | -| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | -| app.image.registry | string | `""` | Configure pasbolt deployment image repsitory | -| app.image.repository | string | `"passbolt/passbolt"` | | -| app.image.tag | string | `"4.9.1-1-ce"` | Overrides the image tag whose default is the chart appVersion. | -| app.resources | object | `{}` | | -| app.tls | object | `{}` | | -| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | -| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | -| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | -| cronJobEmail | object | `{"enabled":true,"extraPodLabels":{},"schedule":"* * * * *"}` | Enable email cron | -| extraVolumeMounts | list | `[]` | Add additional volume mounts, e.g. for overwriting config files | -| extraVolumes | list | `[]` | Add additional volumes, e.g. for overwriting config files | -| fullnameOverride | string | `""` | Value to override the whole fullName | -| global.imagePullSecrets | list | `[]` | | -| global.imageRegistry | string | `""` | | -| gpgExistingSecret | string | `""` | Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys. | -| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | -| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | -| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | -| imagePullSecrets | list | `[]` | Configure image pull secrets | -| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | -| ingress.enabled | bool | `false` | Enable passbolt ingress | -| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | -| ingress.tls | list | `[]` | Configure passbolt ingress tls | -| jobCreateGpgKeys.extraPodLabels | object | `{}` | | -| jobCreateJwtKeys.extraPodLabels | object | `{}` | | -| jwtCreateKeysForced | bool | `false` | Forces overwrite JWT keys | -| jwtExistingSecret | string | `""` | Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys. | -| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | -| jwtServerPrivate | string | `""` | JWT server private key in base64 | -| jwtServerPublic | string | `""` | JWT server public key in base64 | -| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | -| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | -| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | -| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | -| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | -| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | -| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | -| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | -| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | -| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | -| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | -| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | -| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | -| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | -| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | -| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | -| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | -| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | -| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | -| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | -| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | -| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | -| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | -| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | -| nameOverride | string | `""` | Value to override the chart name on default | -| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | -| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | -| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | -| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | -| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | -| passboltEnv.configMapName | string | `""` | | -| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | -| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | -| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | -| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | -| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | -| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | -| passboltEnv.plain.EMAIL_DEFAULT_FROM_NAME | string | `"Passbolt"` | Configure passbolt default email from name | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TIMEOUT | int | `30` | Configure passbolt default email timeout | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | -| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | -| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | -| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | -| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | -| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | -| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | -| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | -| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | -| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | -| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | -| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | -| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | -| passboltEnv.secretName | string | `""` | | -| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | -| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | -| postgresqlDependencyEnabled | bool | `false` | Install postgresql as a depending chart | -| rbacEnabled | bool | `true` | Enable role based access control | -| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | -| redis.auth.enabled | bool | `true` | Enable redis authentication | -| redis.auth.password | string | `"CHANGEME"` | Configure redis password | -| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | -| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | -| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | -| service.annotations | object | `{}` | Annotations to add to the service | -| service.ports | object | `{"http":{"name":"http","port":80,"targetPort":80},"https":{"name":"https","port":443,"targetPort":443}}` | Configure the service ports | -| service.ports.http.name | string | `"http"` | Configure passbolt HTTP service port name | -| service.ports.http.port | int | `80` | Configure passbolt HTTP service port | -| service.ports.http.targetPort | int | `80` | Configure passbolt HTTP service targetPort | -| service.ports.https | object | `{"name":"https","port":443,"targetPort":443}` | Configure the HTTPS port | -| service.ports.https.name | string | `"https"` | Configure passbolt HTTPS service port name | -| service.ports.https.port | int | `443` | Configure passbolt HTTPS service port | -| service.ports.https.targetPort | int | `443` | Configure passbolt HTTPS service targetPort | -| service.type | string | `"ClusterIP"` | Configure passbolt service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| tolerations | list | `[]` | Configure passbolt deployment tolerations | +| Key | Type | Default | Description | +| ------------------------------------------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| affinity | object | `{}` | Configure passbolt deployment affinity | +| app.cache.redis.enabled | bool | `true` | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | +| app.cache.redis.sentinelProxy.enabled | bool | `true` | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | +| app.cache.redis.sentinelProxy.image | object | `{"registry":"","repository":"haproxy","tag":"latest"}` | Configure redis sentinel proxy image | +| app.cache.redis.sentinelProxy.image.repository | string | `"haproxy"` | Configure redis sentinel image repository | +| app.cache.redis.sentinelProxy.image.tag | string | `"latest"` | Configure redis sentinel image tag | +| app.cache.redis.sentinelProxy.resources | object | `{}` | Configure redis sentinel container resources | +| app.database.kind | string | `"mariadb"` | | +| app.databaseInitContainer | object | `{"enabled":true}` | Configure pasbolt deployment init container that waits for database | +| app.databaseInitContainer.enabled | bool | `true` | Toggle pasbolt deployment init container that waits for database | +| app.extraContainers | list | `[]` | Configure additional containers to be added to the pod | +| app.extraPodLabels | object | `{}` | | +| app.image.pullPolicy | string | `"IfNotPresent"` | Configure pasbolt deployment image pullPolicy | +| app.image.registry | string | `""` | Configure pasbolt deployment image repsitory | +| app.image.repository | string | `"passbolt/passbolt"` | | +| app.image.tag | string | `"4.10.1-1-ce"` | Overrides the image tag whose default is the chart appVersion. | +| app.resources | object | `{}` | | +| app.tls | object | `{}` | | +| autoscaling.enabled | bool | `false` | Enable autoscaling on passbolt deployment | +| autoscaling.maxReplicas | int | `100` | Configure autoscaling maximum replicas | +| autoscaling.minReplicas | int | `1` | Configure autoscaling minimum replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Configure autoscaling target CPU uptilization percentage | +| cronJobEmail | object | `{"enabled":true,"extraPodLabels":{},"schedule":"* * * * *"}` | Enable email cron | +| extraVolumeMounts | list | `[]` | Add additional volume mounts, e.g. for overwriting config files | +| extraVolumes | list | `[]` | Add additional volumes, e.g. for overwriting config files | +| fullnameOverride | string | `""` | Value to override the whole fullName | +| global.imagePullSecrets | list | `[]` | | +| global.imageRegistry | string | `""` | | +| gpgExistingSecret | string | `""` | Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys. | +| gpgPath | string | `"/etc/passbolt/gpg"` | Configure passbolt gpg directory | +| gpgServerKeyPrivate | string | `""` | Gpg server private key in base64 | +| gpgServerKeyPublic | string | `""` | Gpg server public key in base64 | +| imagePullSecrets | list | `[]` | Configure image pull secrets | +| ingress.annotations | object | `{}` | Configure passbolt ingress annotations | +| ingress.enabled | bool | `false` | Enable passbolt ingress | +| ingress.hosts | list | `[]` | Configure passbolt ingress hosts | +| ingress.tls | list | `[]` | Configure passbolt ingress tls | +| jobCreateGpgKeys.extraPodLabels | object | `{}` | | +| jobCreateJwtKeys.extraPodLabels | object | `{}` | | +| jwtCreateKeysForced | bool | `false` | Forces overwrite JWT keys | +| jwtExistingSecret | string | `""` | Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys. | +| jwtPath | string | `"/etc/passbolt/jwt"` | Configure passbolt jwt directory | +| jwtServerPrivate | string | `""` | JWT server private key in base64 | +| jwtServerPublic | string | `""` | JWT server public key in base64 | +| livenessProbe | object | `{"initialDelaySeconds":20,"periodSeconds":10}` | Configure passbolt container livenessProbe | +| mariadb.architecture | string | `"replication"` | Configure mariadb architecture | +| mariadb.auth.database | string | `"passbolt"` | Configure mariadb auth database | +| mariadb.auth.password | string | `"CHANGEME"` | Configure mariadb auth password | +| mariadb.auth.replicationPassword | string | `"CHANGEME"` | Configure mariadb auth replicationPassword | +| mariadb.auth.rootPassword | string | `"root"` | Configure mariadb auth root password | +| mariadb.auth.username | string | `"CHANGEME"` | Configure mariadb auth username | +| mariadb.primary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the primary instance. | +| mariadb.primary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"existingClaim":"","labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | Primary persistent volume access Modes | +| mariadb.primary.persistence.annotations | object | `{}` | Primary persistent volume claim annotations | +| mariadb.primary.persistence.enabled | bool | `true` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.primary.persistence.existingClaim | string | `""` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored. | +| mariadb.primary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.primary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.primary.persistence.size | string | `"8Gi"` | Primary persistent volume size | +| mariadb.primary.persistence.storageClass | string | `""` | Primary persistent volume storage Class | +| mariadb.primary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadb.secondary | object | `{"persistence":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}}` | Configure parameters for the secondary instance. | +| mariadb.secondary.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"labels":{},"selector":{},"size":"8Gi","storageClass":"","subPath":""}` | Configure persistence options. | +| mariadb.secondary.persistence.accessModes | list | `["ReadWriteOnce"]` | Secondary persistent volume access Modes | +| mariadb.secondary.persistence.annotations | object | `{}` | Secondary persistent volume claim annotations | +| mariadb.secondary.persistence.enabled | bool | `true` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | +| mariadb.secondary.persistence.labels | object | `{}` | Labels for the PVC | +| mariadb.secondary.persistence.selector | object | `{}` | Selector to match an existing Persistent Volume | +| mariadb.secondary.persistence.size | string | `"8Gi"` | Secondary persistent volume size | +| mariadb.secondary.persistence.storageClass | string | `""` | Secondary persistent volume storage Class | +| mariadb.secondary.persistence.subPath | string | `""` | Subdirectory of the volume to mount at | +| mariadbDependencyEnabled | bool | `true` | Install mariadb as a depending chart | +| nameOverride | string | `""` | Value to override the chart name on default | +| networkPolicy.enabled | bool | `false` | Enable network policies to allow ingress access passbolt pods | +| networkPolicy.label | string | `"app.kubernetes.io/name"` | Configure network policies label for ingress deployment | +| networkPolicy.namespaceLabel | string | `"ingress-nginx"` | Configure network policies namespaceLabel for namespaceSelector | +| networkPolicy.podLabel | string | `"ingress-nginx"` | Configure network policies podLabel for podSelector | +| nodeSelector | object | `{}` | Configure passbolt deployment nodeSelector | +| passboltEnv.configMapName | string | `""` | | +| passboltEnv.extraEnv | list | `[]` | Environment variables to add to the passbolt pods | +| passboltEnv.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the passbolt pods | +| passboltEnv.plain.APP_FULL_BASE_URL | string | `"https://passbolt.local"` | Configure passbolt fullBaseUrl | +| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | `"127.0.0.1"` | Configure passbolt cake cache server | +| passboltEnv.plain.DEBUG | bool | `false` | Toggle passbolt debug mode | +| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | `"no-reply@passbolt.local"` | Configure passbolt default email from | +| passboltEnv.plain.EMAIL_DEFAULT_FROM_NAME | string | `"Passbolt"` | Configure passbolt default email from name | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | `"127.0.0.1"` | Configure passbolt default email host | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | `587` | Configure passbolt default email service port | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TIMEOUT | int | `30` | Configure passbolt default email timeout | +| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | `true` | Toggle passbolt tls | +| passboltEnv.plain.KUBECTL_DOWNLOAD_CMD | string | `"curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\""` | Download Command for kubectl | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | `"/var/www/passbolt/config/jwt/jwt.key"` | Configure passbolt jwt private key path | +| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | `"/var/www/passbolt/config/jwt/jwt.pem"` | Configure passbolt jwt public key path | +| passboltEnv.plain.PASSBOLT_KEY_EMAIL | string | `"passbolt@yourdomain.com"` | Configure email used on gpg key. This is used when automatically creating a new gpg server key and when automatically calculating the fingerprint. | +| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | `"https://www.passbolt.com/privacy"` | Configure passbolt privacy url | +| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | `true` | Toggle passbolt jwt authentication | +| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | `"/etc/passbolt/subscription_key.txt"` | Configure passbolt license path | +| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | `true` | Toggle passbolt public registration | +| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | `false` | Toggle passbolt selenium mode | +| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | `true` | Configure passbolt to force ssl | +| passboltEnv.secret.CACHE_CAKE_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt cake cache password | +| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | `"passbolt"` | Configure passbolt default database | +| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default database password | +| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default database username | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | `"CHANGEME"` | Configure passbolt default email service password | +| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | `"CHANGEME"` | Configure passbolt default email service username | +| passboltEnv.secretName | string | `""` | | +| podAnnotations | object | `{}` | Map of annotation for passbolt server pod | +| podSecurityContext | object | `{}` | Security Context configuration for passbolt server pod | +| postgresqlDependencyEnabled | bool | `false` | Install postgresql as a depending chart | +| rbacEnabled | bool | `true` | Enable role based access control | +| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configure passbolt container RadinessProbe | +| redis.auth.enabled | bool | `true` | Enable redis authentication | +| redis.auth.password | string | `"CHANGEME"` | Configure redis password | +| redis.sentinel.enabled | bool | `true` | Enable redis sentinel | +| redisDependencyEnabled | bool | `true` | Install redis as a depending chart | +| replicaCount | int | `2` | If autoscaling is disabled this will define the number of pods to run | +| service.annotations | object | `{}` | Annotations to add to the service | +| service.ports | object | `{"http":{"name":"http","port":80,"targetPort":80},"https":{"name":"https","port":443,"targetPort":443}}` | Configure the service ports | +| service.ports.http.name | string | `"http"` | Configure passbolt HTTP service port name | +| service.ports.http.port | int | `80` | Configure passbolt HTTP service port | +| service.ports.http.targetPort | int | `80` | Configure passbolt HTTP service targetPort | +| service.ports.https | object | `{"name":"https","port":443,"targetPort":443}` | Configure the HTTPS port | +| service.ports.https.name | string | `"https"` | Configure passbolt HTTPS service port name | +| service.ports.https.port | int | `443` | Configure passbolt HTTPS service port | +| service.ports.https.targetPort | int | `443` | Configure passbolt HTTPS service targetPort | +| service.type | string | `"ClusterIP"` | Configure passbolt service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| tolerations | list | `[]` | Configure passbolt deployment tolerations | ## Running tests diff --git a/README.md.gotmpl b/README.md.gotmpl index 7a33da8..5afc0f8 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -116,9 +116,9 @@ chart and deletes the release. | Repository | Name | Version | |-------------------------------------------------------|------------------|---------| -| https://charts.bitnami.com/bitnami | mariadb | 11.5.7 | -| https://charts.bitnami.com/bitnami | redis | 17.15.2 | | https://download.passbolt.com/charts/passbolt-library | passbolt-library | 0.2.7 | +| oci://registry-1.docker.io/bitnamicharts | mariadb | 11.5.7 | +| oci://registry-1.docker.io/bitnamicharts | redis | 17.15.2 | {{ template "chart.valuesSection" . }} diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index ab01ad1..da8377e 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,3 @@ -Announcing the immediate availability of passbolt's helm chart 1.2.0 +Announcing the immediate availability of passbolt's helm chart 1.3.1 -This is a minor change release that fixes bugs reported by the community when -using custom secrets and configmaps and also adds support to add extra containers -to the deployment. +This is a minor change release that updates the bitnami registry name. diff --git a/values.yaml b/values.yaml index bac1b63..1bf08c1 100644 --- a/values.yaml +++ b/values.yaml @@ -124,7 +124,7 @@ app: # -- Configure pasbolt deployment image pullPolicy pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. - tag: 4.9.1-1-ce + tag: 4.10.1-1-ce # Allowed options: mariadb, mysql or postgresql database: kind: mariadb