diff --git a/charts/incubator/kimai/Chart.yaml b/charts/incubator/kimai/Chart.yaml index 12022a8e67c..3434d9fbbb6 100644 --- a/charts/incubator/kimai/Chart.yaml +++ b/charts/incubator/kimai/Chart.yaml @@ -3,11 +3,11 @@ appVersion: "1.20" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 11.1.2 + version: 14.0.1 - condition: mariadb.enabled name: mariadb repository: https://deps.truecharts.org/ - version: 5.0.35 + version: 9.0.17 description: Kimai is a free, open source and online time-tracking software designed for small businesses and freelancers. home: https://truecharts.org/charts/incubator/kimai icon: https://truecharts.org/img/hotlink-ok/chart-icons/kimai.png @@ -25,7 +25,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/incubator/kimai - https://github.com/kevinpapst/kimai2 - https://github.com/tobybatch/kimai2 -version: 7.0.0 +version: 8.0.0 annotations: truecharts.org/catagories: | - productivity diff --git a/charts/incubator/kimai/questions.yaml b/charts/incubator/kimai/questions.yaml index 721462ece2e..3b50291e280 100644 --- a/charts/incubator/kimai/questions.yaml +++ b/charts/incubator/kimai/questions.yaml @@ -6,48 +6,57 @@ questions: # Include{global} # Include{workload} # Include{workloadDeployment} - # Include{replicas1} # Include{podSpec} # Include{containerMain} - - variable: env - group: "App Configuration" - label: "Image Environment" - schema: - additional_attrs: true - type: dict - attrs: - - variable: ADMINMAIL - label: "Admin E-mail" - schema: - type: string - default: "" - required: true - - variable: ADMINPASS - label: "Admin Password" - schema: - type: string - default: "" - required: true - private: true - - variable: trust_hosts - label: "TRUSTED_HOSTS" - description: "Comma separated list of trusted hosts." - schema: - type: string - default: "YOUR.FQDN or YOUR.NAS.IP" # Include{containerBasic} # Include{containerAdvanced} # Include{containerConfig} -# Include{podOptions} -# Include{serviceRoot} - - variable: main - label: "Main Service" - description: "The Primary service on which the healthcheck runs, often the webUI" + - variable: kimai + group: App Configuration + label: Kimai + schema: + additional_attrs: true + type: dict + attrs: + - variable: credentials + group: App Configuration + label: Admin Credentials schema: additional_attrs: true type: dict attrs: + - variable: adminMail + label: Admin e-mail address + description: Email address of the admin account. + schema: + type: string + default: "" + required: true + - variable: adminPass + label: Admin password + description: Password for the admin account. + schema: + type: string + default: "" + required: true + private: true + - variable: trusted_hosts + label: Trusted Hosts + description: Comma separated list of trusted hosts. Sets the environment variable TRUSTED_HOSTS. + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Trusted Host + schema: + type: string + default: "" + required: true +# Include{podOptions} +# Include{serviceRoot} +# Include{serviceMain} # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main @@ -103,13 +112,13 @@ questions: description: "The UserID of the user running the application" schema: type: int - default: 33 + default: 0 - variable: runAsGroup label: "runAsGroup" description: "The groupID of the user running the application" schema: type: int - default: 33 + default: 0 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} @@ -118,7 +127,7 @@ questions: description: "The group that should own ALL storage." schema: type: int - default: 568 + default: 33 # Include{resources} # Include{advanced} diff --git a/charts/incubator/kimai/templates/NOTES.txt b/charts/incubator/kimai/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/kimai/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/kimai/templates/_configmap.tpl b/charts/incubator/kimai/templates/_configmap.tpl new file mode 100644 index 00000000000..16a3cb9551b --- /dev/null +++ b/charts/incubator/kimai/templates/_configmap.tpl @@ -0,0 +1,23 @@ +{{/* Define the configmap */}} +{{- define "kimai.configmap" -}} + +{{- $trusted_hosts := .Values.kimai.trusted_hosts -}} + +{{- if not (mustHas "localhost" $trusted_hosts) -}} + {{- $trusted_hosts = mustAppend $trusted_hosts "localhost" -}} +{{- end }} +kimai-config: + enabled: true + data: + APP_ENV: prod + DB_TYPE: mysql + DB_PORT: "3306" + DB_USER: {{ .Values.mariadb.mariadbDatabase }} + DB_BASE: {{ .Values.mariadb.mariadbUsername }} + {{/* Admin credentials */}} + ADMINMAIL: {{ .Values.kimai.credentials.adminMail }} + ADMINPASS: {{ .Values.kimai.credentials.adminPass }} + {{/* Trusted Hosts */}} + TRUSTED_HOSTS: {{ join "," $trusted_hosts }} + memory_limit: 256M +{{- end -}} diff --git a/charts/incubator/kimai/templates/_secrets.tpl b/charts/incubator/kimai/templates/_secrets.tpl index 8adbee153e1..01ba63f2925 100644 --- a/charts/incubator/kimai/templates/_secrets.tpl +++ b/charts/incubator/kimai/templates/_secrets.tpl @@ -1,20 +1,14 @@ {{/* Define the secrets */}} -{{- define "kimai.secrets" -}} ---- +{{- define "kimai.secret" -}} +{{- $secretName := (printf "%s-kimai-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) -}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: kimai-secrets -{{- $kimaiprevious := lookup "v1" "Secret" .Release.Namespace "kimai-secrets" }} -{{- $app_secret := "" }} -data: - {{- if $kimaiprevious}} - APP_SECRET: {{ index $kimaiprevious.data "APP_SECRET" }} - {{- else }} - {{- $app_secret := randAlphaNum 32 }} - APP_SECRET: {{ $app_secret | b64enc }} - {{- end }} +{{- $app_secret := randAlphaNum 32 -}} +{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) -}} + {{- $app_secret = index .data "APP_SECRET" | b64dec -}} +{{- end }} +kimai-secret: + enabled: true + data: + APP_SECRET: {{ $app_secret }} {{- end -}} diff --git a/charts/incubator/kimai/templates/common.yaml b/charts/incubator/kimai/templates/common.yaml index 1e9026ec785..9a711c20234 100644 --- a/charts/incubator/kimai/templates/common.yaml +++ b/charts/incubator/kimai/templates/common.yaml @@ -1,8 +1,18 @@ {{/* Make sure all variables are set properly */}} -{{- include "tc.common.loader.init" . }} +{{- include "tc.v1.common.loader.init" . }} + +{{- $secret := include "kimai.secret" . | fromYaml -}} +{{- if $secret -}} + {{ $secret := (mustMergeOverwrite .Values.secret $secret) }} + {{- $_ := set .Values "secret" $secret -}} +{{- end -}} + +{{- $config := include "kimai.configmap" . | fromYaml -}} +{{- if $config -}} + {{ $config := (mustMergeOverwrite .Values.configmap $config) }} + {{- $_ := set .Values "configmap" $config -}} +{{- end -}} -{{/* Render secrets for kimai */}} -{{- include "kimai.secrets" . }} {{/* Render the templates */}} -{{ include "tc.common.loader.apply" . }} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/charts/incubator/kimai/values.yaml b/charts/incubator/kimai/values.yaml index 38ed2980d31..fcef8676756 100644 --- a/charts/incubator/kimai/values.yaml +++ b/charts/incubator/kimai/values.yaml @@ -1,40 +1,62 @@ image: repository: tccr.io/truecharts/kimai - tag: v1.20@sha256:f13b70aa746b3d8a754bcf1f78dbdfde95b94f443ee17b9e3474ab0ebf6068e3 + tag: v2.0.35@sha256:064005e7296208101c07aa22c911bd3b886ae1d33ecc144e8cc158f47de0fe8e pullPolicy: IfNotPresent -securityContext: - readOnlyRootFilesystem: false +kimai: + credentials: + adminMail: admin@change.me + adminPass: ChangeME + trusted_hosts: + - localhost -podSecurityContext: - runAsUser: 33 - runAsGroup: 33 - -secretEnv: - ADMINMAIL: "admin@mysecretdomain.com" - ADMINPASS: "MvvTfjagiaqDprGNVA" - -env: - DB_TYPE: "mysql" - DB_PORT: "3306" - DB_USER: "{{ .Values.mariadb.mariadbDatabase }}" - DB_BASE: "{{ .Values.mariadb.mariadbUsername }}" - APP_ENV: "prod" - TRUSTED_HOSTS: "{{ .Values.env.trust_hosts }},localhost" - # User Defined - trust_hosts: "127.0.0.1" - DB_PASS: - secretKeyRef: - name: mariadbcreds - key: mariadb-password - DB_HOST: - secretKeyRef: - name: mariadbcreds - key: plainhost - APP_SECRET: - secretKeyRef: - name: kimai-secrets - key: APP_SECRET +workload: + main: + podSpec: + securityContext: + fsGroup: 33 + containers: + main: + securityContext: + readOnlyRootFilesystem: false + runAsUser: 0 + runAsGroup: 0 + capabilities: + disableS6Caps: true + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + env: + DB_PASS: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: mariadb-password + DB_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: plainhost + APP_SECRET: + secretKeyRef: + name: kimai-secret + key: APP_SECRET + envFrom: + - configMapRef: + name: kimai-config + probes: + liveness: + enabled: true + path: /en/login + readiness: + enabled: true + path: /en/login + startup: + enabled: true + type: tcp service: main: @@ -43,27 +65,23 @@ service: port: 10198 targetPort: 8001 -probes: - liveness: - path: "/en/login" - readiness: - path: "/en/login" - startup: - path: "/en/login" - persistence: data: enabled: true - mountPath: "/opt/kimai/var/data" + mountPath: /opt/kimai/var/data plugins: enabled: true - mountPath: "/opt/kimai/var/plugins" + mountPath: /opt/kimai/var/plugins + varlock: + enabled: true + type: emptyDir + mountPath: /var/lock mariadb: enabled: true mariadbUsername: kimai mariadbDatabase: kimai - existingSecret: "mariadbcreds" portal: - enabled: true + open: + enabled: true diff --git a/cspell.config.yaml b/cspell.config.yaml index e3efdf5deff..68f775f983d 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -73,6 +73,7 @@ words: - flemmarr - flushtables - forcegc + - FOWNER - fullname - geoip - geoipupdate @@ -112,6 +113,7 @@ words: - kavita - keepalive - killswitch + - kimai - kiwix - kjeld - kube @@ -240,6 +242,8 @@ words: - servername - serverstransports - serviceexpert + - SETGID + - SETUID - sgateway - signup - smallblock @@ -287,11 +291,11 @@ words: - unet - unifi - upsnap - - upsnap - upstreams - userspace - vaapi - valheim + - varlock - vaultwarden - vdev - vikunja