feat(kitchenowl): add kitchenowl (#3353)
* feat(kitchenowl): add kitchenowl * feat(kitchenowl): add kitchenowl * try rootless * runas root
This commit is contained in:
30
charts/incubator/kitchenowl/.helmignore
Normal file
30
charts/incubator/kitchenowl/.helmignore
Normal file
@@ -0,0 +1,30 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
# helm-docs templates
|
||||
*.gotmpl
|
||||
# docs folder
|
||||
/docs
|
||||
# icon
|
||||
icon.png
|
||||
29
charts/incubator/kitchenowl/Chart.yaml
Normal file
29
charts/incubator/kitchenowl/Chart.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
apiVersion: v2
|
||||
appVersion: "0.20.1466"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.4.8
|
||||
deprecated: false
|
||||
description: KitchenOwl is a smart self-hosted grocery list and recipe manager.
|
||||
home: https://github.com/truecharts/charts/tree/master/charts/incubator/kitchenowl
|
||||
icon: https://truecharts.org/img/chart-icons/kitchenowl.png
|
||||
keywords:
|
||||
- recipes
|
||||
- kitchen
|
||||
- grocery
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: kitchenowl
|
||||
sources:
|
||||
- https://tombursch.github.io/kitchenowl
|
||||
type: application
|
||||
version: 0.0.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- utilities
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
0
charts/incubator/kitchenowl/README.md
Normal file
0
charts/incubator/kitchenowl/README.md
Normal file
BIN
charts/incubator/kitchenowl/icon.png
Normal file
BIN
charts/incubator/kitchenowl/icon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 102 KiB |
261
charts/incubator/kitchenowl/questions.yaml
Normal file
261
charts/incubator/kitchenowl/questions.yaml
Normal file
@@ -0,0 +1,261 @@
|
||||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
protocols:
|
||||
- "$kubernetes-resource_configmap_portal_protocol"
|
||||
host:
|
||||
- "$kubernetes-resource_configmap_portal_host"
|
||||
ports:
|
||||
- "$kubernetes-resource_configmap_portal_port"
|
||||
questions:
|
||||
- variable: portal
|
||||
group: "Container Image"
|
||||
label: "Configure Portal Button"
|
||||
schema:
|
||||
type: dict
|
||||
hidden: true
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable"
|
||||
description: "enable the portal button"
|
||||
schema:
|
||||
hidden: true
|
||||
editable: false
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{global}
|
||||
- variable: controller
|
||||
group: "Controller"
|
||||
label: ""
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: advanced
|
||||
label: "Show Advanced Controller Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: type
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Controller Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "deployment"
|
||||
required: true
|
||||
enum:
|
||||
- value: "deployment"
|
||||
description: "Deployment"
|
||||
- value: "statefulset"
|
||||
description: "Statefulset"
|
||||
- value: "daemonset"
|
||||
description: "Daemonset"
|
||||
- variable: replicas
|
||||
description: "Number of desired pod replicas"
|
||||
label: "Desired Replicas"
|
||||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
required: true
|
||||
- variable: strategy
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Update Strategy"
|
||||
schema:
|
||||
type: string
|
||||
default: "Recreate"
|
||||
required: true
|
||||
enum:
|
||||
- value: "Recreate"
|
||||
description: "Recreate: Kill existing pods before creating new ones"
|
||||
- value: "RollingUpdate"
|
||||
description: "RollingUpdate: Create new pods and then kill old ones"
|
||||
- value: "OnDelete"
|
||||
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||||
# Include{controllerExpert}
|
||||
# Include{containerConfig}
|
||||
- variable: service
|
||||
group: "Networking and Services"
|
||||
label: "Configure Service(s)"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelector}
|
||||
- variable: main
|
||||
label: "Main Service Port Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: "Port"
|
||||
description: "This port exposes the container port on the service"
|
||||
schema:
|
||||
type: int
|
||||
default: 10246
|
||||
required: true
|
||||
- variable: advanced
|
||||
label: "Show Advanced settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: enabled
|
||||
label: "Enable the port"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: protocol
|
||||
label: "Port Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "HTTP"
|
||||
enum:
|
||||
- value: HTTP
|
||||
description: "HTTP"
|
||||
- value: "HTTPS"
|
||||
description: "HTTPS"
|
||||
- value: TCP
|
||||
description: "TCP"
|
||||
- value: "UDP"
|
||||
description: "UDP"
|
||||
- variable: nodePort
|
||||
label: "Node Port (Optional)"
|
||||
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||||
schema:
|
||||
type: int
|
||||
min: 9000
|
||||
max: 65535
|
||||
- variable: targetPort
|
||||
label: "Target Port"
|
||||
description: "The internal(!) port on the container the Application runs on"
|
||||
schema:
|
||||
type: int
|
||||
default: 80
|
||||
- variable: serviceexpert
|
||||
group: "Networking and Services"
|
||||
label: "Show Expert Config"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: hostNetwork
|
||||
group: "Networking and Services"
|
||||
label: "Host-Networking (Complicated)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
- variable: persistence
|
||||
label: "Integrated Persistent Storage"
|
||||
description: "Integrated Persistent Storage"
|
||||
group: "Storage and Persistence"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: data
|
||||
label: "App Data Storage"
|
||||
description: "Stores the Application Data."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceAdvanced}
|
||||
# Include{persistenceList}
|
||||
- variable: ingress
|
||||
label: ""
|
||||
group: "Ingress"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Ingress"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
# Include{ingressTLS}
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressExpert}
|
||||
# Include{ingressList}
|
||||
# Include{security}
|
||||
- variable: advancedSecurity
|
||||
label: "Show Advanced Security Settings"
|
||||
group: "Security and Permissions"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: securityContext
|
||||
label: "Security Context"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: privileged
|
||||
label: "Privileged mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: "ReadOnly Root Filesystem"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: "Allow Privilege Escalation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: "runAsNonRoot"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
# Include{securityContextAdvanced}
|
||||
- variable: podSecurityContext
|
||||
group: "Security and Permissions"
|
||||
label: "Pod Security Context"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{podSecurityContextAdvanced}
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
20
charts/incubator/kitchenowl/templates/_secrets.tpl
Normal file
20
charts/incubator/kitchenowl/templates/_secrets.tpl
Normal file
@@ -0,0 +1,20 @@
|
||||
{{/* Define the secrets */}}
|
||||
{{- define "kitchenowl.secrets" -}}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: kitchenowl-secrets
|
||||
{{- $kitchenowlprevious := lookup "v1" "Secret" .Release.Namespace "kitchenowl-secrets" }}
|
||||
{{- $jwt_secret := "" }}
|
||||
data:
|
||||
{{- if $kitchenowlprevious}}
|
||||
JWT_SECRET_KEY: {{ index $kitchenowlprevious.data "JWT_SECRET_KEY" }}
|
||||
{{- else }}
|
||||
{{- $jwt_secret := randAlphaNum 32 }}
|
||||
JWT_SECRET_KEY: {{ $jwt_secret | b64enc }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
5
charts/incubator/kitchenowl/templates/common.yaml
Normal file
5
charts/incubator/kitchenowl/templates/common.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{ include "kitchenowl.secrets" . }}
|
||||
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
55
charts/incubator/kitchenowl/values.yaml
Normal file
55
charts/incubator/kitchenowl/values.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/kitchenowl-web
|
||||
pullPolicy: IfNotPresent
|
||||
tag: beta@sha256:98bd597b1f863f76339b6debec17d6e4a4c8d7b7288a4de11d86f3042d1b85d0
|
||||
|
||||
backendImage:
|
||||
repository: tccr.io/truecharts/kitchenowl-backend
|
||||
pullPolicy: IfNotPresent
|
||||
tag: beta@sha256:dd34ca9627b295dbd39bc25bc91cd4afa134ca66d094de1a51cb7b2bbdf4a861
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
env:
|
||||
FRONT_URL: "http://localhost:10246"
|
||||
# Backend listens on 5000 websockets.
|
||||
BACK_URL: "localhost:5000"
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: HTTP
|
||||
targetPort: 80
|
||||
port: 10246
|
||||
|
||||
additionalContainers:
|
||||
backend:
|
||||
name: backend
|
||||
image: "{{ .Values.backendImage.repository }}:{{ .Values.backendImage.tag }}"
|
||||
env:
|
||||
- name: FRONT_URL
|
||||
value: "{{ .Values.env.FRONT_URL }}"
|
||||
# Backend also listens on 80, but afaik there is no use as of now
|
||||
# Changed port to 81 to avoid conflict with frontend
|
||||
- name: HTTP_PORT
|
||||
value: "81"
|
||||
- name: JWT_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kitchenowl-secrets
|
||||
key: JWT_SECRET_KEY
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: "/data"
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/data"
|
||||
Reference in New Issue
Block a user