diff --git a/charts/osticket/Chart.lock b/charts/osticket/Chart.lock deleted file mode 100644 index 88bc00f9..00000000 --- a/charts/osticket/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: mysql - repository: https://charts.bitnami.com/bitnami - version: 9.3.4 -digest: sha256:b20a4099e40c446a42927a66a78dc1b4971a50ec9e3d23ae1f7bbc423ca4ae7d -generated: "2023-08-03T12:57:06.785652-04:00" diff --git a/charts/osticket/Chart.yaml b/charts/osticket/Chart.yaml index 90fee42f..567cd2fc 100644 --- a/charts/osticket/Chart.yaml +++ b/charts/osticket/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.17.6 +version: 1.17.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,3 +23,8 @@ version: 1.17.6 # It is recommended to use it with quotes. appVersion: "1.17.5" +dependencies: + - name: mysql + version: 0.0.0 + condition: mysql.enabled + diff --git a/charts/osticket/charts/mysql/Chart.lock b/charts/osticket/charts/mysql/Chart.lock deleted file mode 100644 index 8dca1048..00000000 --- a/charts/osticket/charts/mysql/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 2.0.2 -digest: sha256:b36d5a7fe729a1fc43ad9ec93fe0e098bfe5f6a2676262ed4d6ecac731c0a248 -generated: "2022-09-07T21:55:18.909641776Z" diff --git a/charts/osticket/charts/mysql/Chart.yaml b/charts/osticket/charts/mysql/Chart.yaml index 20b55507..ed42ecce 100644 --- a/charts/osticket/charts/mysql/Chart.yaml +++ b/charts/osticket/charts/mysql/Chart.yaml @@ -2,12 +2,6 @@ annotations: category: Database apiVersion: v2 appVersion: 8.0.30 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 2.x.x description: MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications. home: https://github.com/bitnami/charts/tree/master/bitnami/mysql @@ -25,4 +19,4 @@ name: mysql sources: - https://github.com/bitnami/containers/tree/main/bitnami/mysql - https://mysql.com -version: 9.3.4 +version: 0.0.0 diff --git a/charts/osticket/charts/mysql/README.md b/charts/osticket/charts/mysql/README.md index df7b5591..99fc3e5c 100644 --- a/charts/osticket/charts/mysql/README.md +++ b/charts/osticket/charts/mysql/README.md @@ -302,12 +302,6 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r32` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources` | Init container volume-permissions resources | `{}` | diff --git a/charts/osticket/charts/mysql/templates/_helpers.tpl b/charts/osticket/charts/mysql/templates/_helpers.tpl index 322826f9..81d831a5 100644 --- a/charts/osticket/charts/mysql/templates/_helpers.tpl +++ b/charts/osticket/charts/mysql/templates/_helpers.tpl @@ -26,18 +26,11 @@ Return the proper metrics image name {{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} {{- end -}} -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mysql.volumePermissions.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - {{/* Return the proper Docker Image Registry Secret Names */}} {{- define "mysql.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) }} {{- end -}} {{/* @@ -144,7 +137,6 @@ otherwise it generates a random value. {{- define "mysql.checkRollingTags" -}} {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} {{- end -}} {{/* @@ -159,3 +151,11 @@ Compile all warnings into a single message, and call fail. {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} {{- end -}} {{- end -}} + +{{/* +Subpath prefix value to use for pvc mount points +*/}} +{{- define "mysql.subpathPrefix" -}} +{{- $path := default (include "mysql.primary.fullname" .) .Values.primary.persistence.overrideSubpathPrefix -}} +{{- ternary ($path | printf "%s/" ) "" .Values.primary.persistence.existingSubpathPrefix -}} +{{- end }} diff --git a/charts/osticket/charts/mysql/templates/configmap.yaml b/charts/osticket/charts/mysql/templates/configmap.yaml new file mode 100644 index 00000000..2cd53c41 --- /dev/null +++ b/charts/osticket/charts/mysql/templates/configmap.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-scripts +data: + vol-permissions.sh: |- +{{- include "vol-permissions" . | nindent 4 }} \ No newline at end of file diff --git a/charts/osticket/charts/mysql/templates/primary/statefulset.yaml b/charts/osticket/charts/mysql/templates/primary/statefulset.yaml index 6b40de73..2d57c290 100644 --- a/charts/osticket/charts/mysql/templates/primary/statefulset.yaml +++ b/charts/osticket/charts/mysql/templates/primary/statefulset.yaml @@ -73,15 +73,8 @@ spec: initContainers: {{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }} - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - mkdir -p "/bitnami/mysql" - chown "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}" "/bitnami/mysql" - find "/bitnami/mysql" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}" + image: bash + command: ["bash", "-c", "/mnt/scripts/vol-permissions.sh /bitnami/mysql" ] securityContext: runAsUser: 0 {{- if .Values.volumePermissions.resources }} @@ -90,6 +83,12 @@ spec: volumeMounts: - name: data mountPath: /bitnami/mysql + {{- if include "mysql.subpathPrefix" . }} + subPath: {{ include "mysql.subpathPrefix" . | trimSuffix "/" }} + {{- end }} + - name: volume-permissions-scripts + mountPath: /mnt/scripts/vol-permissions.sh + subPath: vol-permissions.sh {{- end }} {{- if .Values.primary.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} @@ -233,6 +232,9 @@ spec: volumeMounts: - name: data mountPath: /bitnami/mysql + {{- if include "mysql.subpathPrefix" . }} + subPath: {{ include "mysql.subpathPrefix" . | trimSuffix "/" }} + {{- end }} {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d @@ -332,6 +334,10 @@ spec: path: mysql-replication-password {{- end }} {{- end }} + - name: volume-permissions-scripts + configMap: + name: {{ include "common.names.fullname" . }}-scripts + defaultMode: 0755 {{- if .Values.primary.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/osticket/charts/mysql/templates/scripts/vol-permissions.tpl b/charts/osticket/charts/mysql/templates/scripts/vol-permissions.tpl new file mode 100644 index 00000000..7f8ab3d3 --- /dev/null +++ b/charts/osticket/charts/mysql/templates/scripts/vol-permissions.tpl @@ -0,0 +1,16 @@ +{{- define "vol-permissions" }} +#!/bin/bash + +DIR="${1}" +USER_ID="${2:-1001}" +GROUP_ID="${3:-1001}" + +echo "Checking and updating ownership in: $DIR for UID:GID = $USER_ID:$GROUP_ID" + +if find "$DIR" \( \! -user "$USER_ID" -o \! -group "$GROUP_ID" \) -exec chown "$USER_ID:$GROUP_ID" {} +; then + echo "Ownership check/update completed successfully." +else + echo "Error: Failed to update file ownership." + exit 1 +fi +{{- end }} \ No newline at end of file diff --git a/charts/osticket/charts/mysql/values.yaml b/charts/osticket/charts/mysql/values.yaml index b0cc4874..3c9224e7 100644 --- a/charts/osticket/charts/mysql/values.yaml +++ b/charts/osticket/charts/mysql/values.yaml @@ -16,6 +16,9 @@ global: imagePullSecrets: [] storageClass: "" +## Flag indicating whether this subchart should be included or not +enabled: true + ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) @@ -73,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnamilegacy/mysql - tag: 8.0.30-debian-11-r15 + tag: "8.0.30-debian-11-r15" # "5.7.43" is the latest tag for mysql v5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -180,12 +183,12 @@ primary: explicit_defaults_for_timestamp basedir=/opt/bitnami/mysql plugin_dir=/opt/bitnami/mysql/lib/plugin + bind_address=0.0.0.0 port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock datadir=/bitnami/mysql/data tmpdir=/opt/bitnami/mysql/tmp max_allowed_packet=16M - bind-address=* pid-file=/opt/bitnami/mysql/tmp/mysqld.pid log-error=/opt/bitnami/mysql/logs/mysqld.log character-set-server=UTF8 @@ -358,10 +361,10 @@ primary: ## startupProbe: enabled: true - initialDelaySeconds: 15 + initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 - failureThreshold: 10 + failureThreshold: 20 successThreshold: 1 ## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers ## @@ -402,6 +405,9 @@ primary: ## NOTE: When it's set the rest of persistence parameters are ignored ## existingClaim: "" + + overrideSubpathPrefix: "" + existingSubpathPrefix: false # If true, then volume mounts will use mysql.primary.fullname as a subpath prefix. ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -944,27 +950,7 @@ volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` ## enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r32 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] ## @param volumePermissions.resources Init container volume-permissions resources ## resources: {} @@ -986,7 +972,7 @@ metrics: ## image: registry: docker.io - repository: bitnami/mysqld-exporter + repository: bitnamilegacy/mysqld-exporter tag: 0.14.0-debian-11-r33 digest: "" pullPolicy: IfNotPresent diff --git a/charts/osticket/templates/_helpers.tpl b/charts/osticket/templates/_helpers.tpl index 41a7d763..8e1871ae 100644 --- a/charts/osticket/templates/_helpers.tpl +++ b/charts/osticket/templates/_helpers.tpl @@ -60,3 +60,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Default mysql host value +*/}} +{{- define "osticket.mysqlHostDefault" -}} +{{- if .Values.mysql.enabled }} +{{- include "osticket.fullname" . }}-mysql +{{- else }} +{{- printf "%s" "" }} +{{- end }} +{{- end }} diff --git a/charts/osticket/templates/deployment.yaml b/charts/osticket/templates/deployment.yaml index feac96dc..9a40900c 100644 --- a/charts/osticket/templates/deployment.yaml +++ b/charts/osticket/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "osticket.name" . }} + name: {{ include "osticket.fullname" . }} labels: {{- include "osticket.labels" . | nindent 4 }} spec: @@ -28,7 +28,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: {{ include "osticket.fullname" . }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -38,7 +38,11 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - secretRef: - name: {{ include "osticket.name" . }} + name: {{ include "osticket.fullname" . }} + {{- if .Values.existingSecret }} + - secretRef: + name: {{ (tpl .Values.existingSecret .) }} + {{- end }} ports: - name: http containerPort: 80 diff --git a/charts/osticket/templates/ingress.yaml b/charts/osticket/templates/ingress.yaml index 701eba61..94416edd 100644 --- a/charts/osticket/templates/ingress.yaml +++ b/charts/osticket/templates/ingress.yaml @@ -20,7 +20,7 @@ metadata: {{- include "osticket.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} @@ -31,14 +31,14 @@ spec: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . | quote }} + - {{ (tpl . $) | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ (tpl .host $) | quote }} http: paths: {{- range .paths }} diff --git a/charts/osticket/templates/secret.yaml b/charts/osticket/templates/secret.yaml index 54062bd0..352ab31a 100644 --- a/charts/osticket/templates/secret.yaml +++ b/charts/osticket/templates/secret.yaml @@ -7,5 +7,5 @@ metadata: type: Opaque stringData: {{- range $key, $val := .Values.env }} - {{ $key }}: {{ $val | quote }} + {{ $key }}: {{ (tpl ($val | toString) $) | quote }} {{- end }} \ No newline at end of file diff --git a/charts/osticket/values.yaml b/charts/osticket/values.yaml index 1554b376..27caf6a1 100644 --- a/charts/osticket/values.yaml +++ b/charts/osticket/values.yaml @@ -8,30 +8,33 @@ image: repository: devinsolutions/osticket pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "1.17.5" + tag: "" command: [] env: https_proxy: "" http_proxy: "" no_proxy: "" - MYSQL_HOST: osticket-mysql.default.svc.cluster.local - MYSQL_USER: osticket - MYSQL_PASSWORD: osticket - MYSQL_DATABASE: osticket - ADMIN_PASSWORD: + MYSQL_HOST: "{{ include \"osticket.mysqlHostDefault\" . }}" + MYSQL_USER: "" + MYSQL_PASSWORD: "" + MYSQL_ROOT_PASSWORD: "" + MYSQL_DATABASE: "" -# NFS and StorageClass are mutually exclusive. +# templatable name for a secret with values added to the pod environment +existingSecret: "" + +# NFS and StorageClass are mutually exclusive. plugins: enabled: false nfs: {} # server: "" # path: "" - storageClass: + storageClass: size: "5Mi" accessMode: "ReadWriteOnce" -# NFS and StorageClass are mutually exclusive. +# NFS and StorageClass are mutually exclusive. logs: enabled: false nfs: @@ -45,15 +48,17 @@ mysql: enabled: true image: debug: true - auth: + auth: createDatabase: true database: osticket username: osticket - password: osticket - rootPassword: osticket + password: "" + rootPassword: "" architecture: "standalone" - - + ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` + ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. + ## + existingSecret: "" imagePullSecrets: [] nameOverride: ""