diff --git a/charts/wordpress-dependencies/.helmignore b/charts/wordpress-dependencies/.helmignore new file mode 100644 index 0000000..fb56657 --- /dev/null +++ b/charts/wordpress-dependencies/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ diff --git a/charts/wordpress-dependencies/Chart.lock b/charts/wordpress-dependencies/Chart.lock new file mode 100644 index 0000000..615c991 --- /dev/null +++ b/charts/wordpress-dependencies/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: wordpress + repository: https://charts.bitnami.com/bitnami + version: 22.2.0 +- name: library-chart + repository: https://inseefrlab.github.io/helm-charts-interactive-services + version: 1.5.21 +digest: sha256:1199a3c3e59b4635c1d8194a16640dbd9e5eaf38fbbf63dea47fbd786e83e167 +generated: "2024-04-19T15:53:07.7120882+02:00" diff --git a/charts/wordpress-dependencies/Chart.yaml b/charts/wordpress-dependencies/Chart.yaml new file mode 100644 index 0000000..57ca70b --- /dev/null +++ b/charts/wordpress-dependencies/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: wordpress-dependency +type: application +version: 1.0.4 + +appVersion: "1" +dependencies: + - name: wordpress + version: 22.2.0 + repository: https://charts.bitnami.com/bitnami + - name: library-chart + version: 1.5.21 + repository: https://inseefrlab.github.io/helm-charts-interactive-services \ No newline at end of file diff --git a/charts/wordpress-dependencies/README.md b/charts/wordpress-dependencies/README.md new file mode 100644 index 0000000..006c3d0 --- /dev/null +++ b/charts/wordpress-dependencies/README.md @@ -0,0 +1,772 @@ + + +# Bitnami package for WordPress + +WordPress is the world's most popular blogging and content management platform. Powerful yet simple, everyone from students to global corporations use it to build beautiful, functional websites. + +[Overview of WordPress](http://www.wordpress.org) + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/wordpress +``` + +Looking to use WordPress in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +This chart bootstraps a [WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/tree/main/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the WordPress application, and the [Bitnami Memcached chart](https://github.com/bitnami/charts/tree/main/bitnami/memcached) that can be used to cache database queries. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `commonLabels` | Labels to add to all deployed resources | `{}` | +| `commonAnnotations` | Annotations to add to all deployed resources | `{}` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + +### WordPress Image parameters + +| Name | Description | Value | +| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- | +| `image.registry` | WordPress image registry | `REGISTRY_NAME` | +| `image.repository` | WordPress image repository | `REPOSITORY_NAME/wordpress` | +| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | +| `image.pullSecrets` | WordPress image pull secrets | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | + +### WordPress Configuration parameters + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------- | ------------------ | +| `wordpressUsername` | WordPress username | `user` | +| `wordpressPassword` | WordPress user password | `""` | +| `existingSecret` | Name of existing secret containing WordPress credentials | `""` | +| `wordpressEmail` | WordPress user email | `user@example.com` | +| `wordpressFirstName` | WordPress user first name | `FirstName` | +| `wordpressLastName` | WordPress user last name | `LastName` | +| `wordpressBlogName` | Blog name | `User's Blog!` | +| `wordpressTablePrefix` | Prefix to use for WordPress database tables | `wp_` | +| `wordpressScheme` | Scheme to use to generate WordPress URLs | `http` | +| `wordpressSkipInstall` | Skip wizard installation | `false` | +| `wordpressExtraConfigContent` | Add extra content to the default wp-config.php file | `""` | +| `wordpressConfiguration` | The content for your custom wp-config.php file (advanced feature) | `""` | +| `existingWordPressConfigurationSecret` | The name of an existing secret with your custom wp-config.php file (advanced feature) | `""` | +| `wordpressConfigureCache` | Enable W3 Total Cache plugin and configure cache settings | `false` | +| `wordpressPlugins` | Array of plugins to install and activate. Can be specified as `all` or `none`. | `none` | +| `apacheConfiguration` | The content for your custom httpd.conf file (advanced feature) | `""` | +| `existingApacheConfigurationConfigMap` | The name of an existing secret with your custom httpd.conf file (advanced feature) | `""` | +| `customPostInitScripts` | Custom post-init.d user scripts | `{}` | +| `smtpHost` | SMTP server host | `""` | +| `smtpPort` | SMTP server port | `""` | +| `smtpUser` | SMTP username | `""` | +| `smtpPassword` | SMTP user password | `""` | +| `smtpProtocol` | SMTP protocol | `""` | +| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` | +| `allowEmptyPassword` | Allow the container to be started with blank passwords | `true` | +| `allowOverrideNone` | Configure Apache to prohibit overriding directives with htaccess files | `false` | +| `overrideDatabaseSettings` | Allow overriding the database settings persisted in wp-config.php | `false` | +| `htaccessPersistenceEnabled` | Persist custom changes on htaccess files | `false` | +| `customHTAccessCM` | The name of an existing ConfigMap with custom htaccess rules | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Array with extra environment variables to add to the WordPress container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + +### WordPress Multisite Configuration parameters + +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `multisite.enable` | Whether to enable WordPress Multisite configuration. | `false` | +| `multisite.host` | WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. | `""` | +| `multisite.networkType` | WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. | `subdomain` | +| `multisite.enableNipIoRedirect` | Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. | `false` | + +### WordPress deployment parameters + +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of WordPress replicas to deploy | `1` | +| `updateStrategy.type` | WordPress deployment strategy type | `RollingUpdate` | +| `schedulerName` | Alternate scheduler | `""` | +| `terminationGracePeriodSeconds` | In seconds, time given to the WordPress pod to terminate gracefully | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `priorityClassName` | Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand | `""` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | WordPress pod host aliases | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes for WordPress pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for WordPress container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the WordPress pod | `[]` | +| `initContainers` | Add additional init containers to the WordPress pods | `[]` | +| `podLabels` | Extra labels for WordPress pods | `{}` | +| `podAnnotations` | Annotations for WordPress pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `containerPorts.http` | WordPress HTTP container port | `8080` | +| `containerPorts.https` | WordPress HTTPS container port | `8443` | +| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` | +| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on WordPress containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on WordPress containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `lifecycleHooks` | for the WordPress container(s) to automate configuration before or after startup | `{}` | + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | WordPress service type | `LoadBalancer` | +| `service.ports.http` | WordPress service HTTP port | `80` | +| `service.ports.https` | WordPress service HTTPS port | `443` | +| `service.httpsTargetPort` | Target port for HTTPS | `https` | +| `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.nodePorts.https` | Node port for HTTPS | `""` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | WordPress service Cluster IP | `""` | +| `service.loadBalancerIP` | WordPress service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | WordPress service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | WordPress service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for WordPress service | `{}` | +| `service.extraPorts` | Extra port to expose on WordPress service | `[]` | +| `ingress.enabled` | Enable ingress record generation for WordPress | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.hostname` | Default host for the ingress record. The hostname is templated and thus can contain other variable references. | `wordpress.local` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.tlsWwwPrefix` | Adds www subdomain to default cert | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record. The host names are templated and thus can contain other variable references. | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + +### Persistence Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `persistence.storageClass` | Persistent Volume storage class | `""` | +| `persistence.accessModes` | Persistent Volume access modes | `[]` | +| `persistence.accessMode` | Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) | `ReadWriteOnce` | +| `persistence.size` | Persistent Volume size | `10Gi` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `pdb.create` | Enable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable Horizontal POD autoscaling for WordPress | `false` | +| `autoscaling.minReplicas` | Minimum number of WordPress replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of WordPress replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` | + +### Metrics Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | +| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` | +| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | +| `metrics.containerPorts.metrics` | Prometheus exporter container port | `9117` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on Prometheus exporter containers | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on Prometheus exporter containers | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe on Prometheus exporter containers | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `metrics.service.ports.metrics` | Prometheus metrics service port | `9150` | +| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | + +### NetworkPolicy parameters + +| Name | Description | Value | +| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable network policies | `false` | +| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` | +| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | +| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | +| `networkPolicy.ingress.enabled` | Enable network policy for Ingress Proxies | `false` | +| `networkPolicy.ingress.namespaceSelector` | Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. | `{}` | +| `networkPolicy.ingress.podSelector` | Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. | `{}` | +| `networkPolicy.ingressRules.backendOnlyAccessibleByFrontend` | Enable ingress rule that makes the backend (mariadb) only accessible by testlink's pods. | `false` | +| `networkPolicy.ingressRules.customBackendSelector` | Backend selector labels. These labels will be used to identify the backend pods. | `{}` | +| `networkPolicy.ingressRules.accessOnlyFrom.enabled` | Enable ingress rule that makes testlink only accessible from a particular origin | `false` | +| `networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access testlink. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.accessOnlyFrom.podSelector` | Pods selector label that is allowed to access testlink. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.customRules` | Custom network policy ingress rule | `{}` | +| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | + +### Database Parameters + +| Name | Description | Value | +| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------- | +| `mariadb.enabled` | Deploy a MariaDB server to satisfy the applications database requirements | `true` | +| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | +| `mariadb.auth.rootPassword` | MariaDB root password | `""` | +| `mariadb.auth.database` | MariaDB custom database | `bitnami_wordpress` | +| `mariadb.auth.username` | MariaDB custom user name | `bn_wordpress` | +| `mariadb.auth.password` | MariaDB custom user password | `""` | +| `mariadb.primary.persistence.enabled` | Enable persistence on MariaDB using PVC(s) | `true` | +| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class | `""` | +| `mariadb.primary.persistence.accessModes` | Persistent Volume access modes | `[]` | +| `mariadb.primary.persistence.size` | Persistent Volume size | `8Gi` | +| `externalDatabase.host` | External Database server host | `localhost` | +| `externalDatabase.port` | External Database server port | `3306` | +| `externalDatabase.user` | External Database username | `bn_wordpress` | +| `externalDatabase.password` | External Database user password | `""` | +| `externalDatabase.database` | External Database database name | `bitnami_wordpress` | +| `externalDatabase.existingSecret` | The name of an existing secret with database credentials. Evaluated as a template | `""` | +| `memcached.enabled` | Deploy a Memcached server for caching database queries | `false` | +| `memcached.auth.enabled` | Enable Memcached authentication | `false` | +| `memcached.auth.username` | Memcached admin user | `""` | +| `memcached.auth.password` | Memcached admin password | `""` | +| `memcached.auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` | +| `memcached.service.port` | Memcached service port | `11211` | +| `externalCache.host` | External cache server host | `localhost` | +| `externalCache.port` | External cache server port | `11211` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set wordpressUsername=admin \ + --set wordpressPassword=password \ + --set mariadb.auth.rootPassword=secretpassword \ + oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/wordpress/values.yaml) + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Known limitations + +When performing admin operations that require activating the maintenance mode (such as updating a plugin or theme), it's activated in only one replica (see: [bug report](https://core.trac.wordpress.org/ticket/50797)). This implies that WP could be attending requests on other replicas while performing admin operations, with unpredictable consequences. + +To avoid that, you can manually activate/deactivate the maintenance mode on every replica using the WP CLI. For instance, if you installed WP with three replicas, you can run the commands below to activate the maintenance mode in all of them (assuming that the release name is `wordpress`): + +```console +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[0].metadata.name}') -c wordpress -- wp maintenance-mode activate +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[1].metadata.name}') -c wordpress -- wp maintenance-mode activate +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[2].metadata.name}') -c wordpress -- wp maintenance-mode activate +``` + +### External database support + +You may want to have WordPress connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#database-parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: + +```console +mariadb.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=3306 +``` + +If the database already contains data from a previous WordPress installation, set the `wordpressSkipInstall` parameter to `true`. This parameter forces the container to skip the WordPress installation wizard. Otherwise, the container will assume it is a fresh installation and execute the installation wizard, potentially modifying or resetting the data in the existing database. + +[Refer to the container documentation for more information](https://github.com/bitnami/containers/tree/main/bitnami/wordpress#connect-wordpress-container-to-an-existing-database). + +### Memcached + +This chart provides support for using Memcached to cache database queries and objects improving the website performance. To enable this feature, set `wordpressConfigureCache` and `memcached.enabled` parameters to `true`. + +When this feature is enabled, a Memcached server will be deployed in your K8s cluster using the Bitnami Memcached chart and the [W3 Total Cache](https://wordpress.org/plugins/w3-total-cache/) plugin will be activated and configured to use the Memcached server for database caching. + +It is also possible to use an external cache server rather than installing one inside your cluster. To achieve this, the chart allows you to specify credentials for an external cache server with the [`externalCache` parameter](#database-parameters). You should also disable the Memcached installation with the `memcached.enabled` option. Here is an example: + +```console +wordpressConfigureCache=true +memcached.enabled=false +externalCache.host=myexternalcachehost +externalCache.port=11211 +``` + +### Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### TLS secrets + +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`. + +### `.htaccess` files + +For performance and security reasons, it is a good practice to configure Apache with the `AllowOverride None` directive. Instead of using `.htaccess` files, Apache will load the same directives at boot time. These directives are located in `/opt/bitnami/wordpress/wordpress-htaccess.conf`. + +By default, the container image includes all the default `.htaccess` files in WordPress (together with the default plugins). To enable this feature, install the chart with the value `allowOverrideNone=yes`. + +However, some plugins may include `.htaccess` directives that will not be loaded when `AllowOverride` is set to `None`. To make them work, create a custom `wordpress-htaccess.conf` file with all the required directives. After creating it, create a Kubernetes ConfigMap with it (for example, named `custom-htaccess`) and install the chart with the correct parameters as shown below: + +```text + allowOverrideNone=true + customHTAccessCM=custom-htaccess +``` + +Some plugins permit editing the `.htaccess` file and it may be necessary to persist it in order to keep those edits. To make these plugins work, set the `htaccessPersistenceEnabled` parameter as shown below: + +```text + allowOverrideNone=false + htaccessPersistenceEnabled=true +``` + +## Persistence + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image stores the WordPress data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +wordpress: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as WordPress (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Learn more about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Notable changes + +### 13.2.0 + +Removed support for limiting auto-updates to WordPress core via the `wordpressAutoUpdateLevel` option. To update WordPress core, we recommend you use the `helm upgrade` command to update your deployment instead of using the built-in update functionality. + +### 11.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image was refactored and now the source code is published in GitHub in the `rootfs` folder of the container image. + +In addition, several new features have been implemented: + +- Multisite mode is now supported via `multisite.*` options. +- Plugins can be installed and activated on the first deployment via the `wordpressPlugins` option. +- Added support for limiting auto-updates to WordPress core via the `wordpressAutoUpdateLevel` option. In addition, auto-updates have been disabled by default. To update WordPress core, we recommend to swap the container image version for your deployment instead of using the built-in update functionality. + +To enable the new features, it is not possible to do it by upgrading an existing deployment. Instead, it is necessary to perform a fresh deploy. + +## Upgrading + +### To 20.0.0 + +This major release bumps the and MariaDB chart version to [16.x.x](https://github.com/bitnami/charts/pull/23054); no major issues are expected during the upgrade. + +### To 19.0.0 + +This major release bumps the MariaDB version to 11.2. No major issues are expected during the upgrade. + +### To 18.0.0 + +This major release bumps the MariaDB version to 11.1. No major issues are expected during the upgrade. + +### To 17.0.0 + +This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade. + +### To 16.0.0 + +This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade. + +### To 14.0.0 + +This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) for upgrading from MariaDB 10.5 to 10.6. No major issues are expected during the upgrade. + +### To 13.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +- `service.port` and `service.httpsPort` have been regrouped under the `service.ports` map. +- `metrics.service.port` has been regrouped under the `metrics.service.ports` map. +- `serviceAccountName` has been deprecated in favor of `serviceAccount` map. + +Additionally updates the MariaDB & Memcached subcharts to their newest major `10.x.x` and `6.x.x`, respectively, which contain similar changes. + +### To 12.0.0 + +WordPress version was bumped to its latest major, `5.8.x`. Though no incompatibilities are expected while upgrading from previous versions, WordPress recommends backing up your application first. + +Site backups can be easily performed using tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + +### To 11.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image was refactored and now the source code is published in GitHub in the `rootfs` folder of the container image. + +Compatibility is not guaranteed due to the amount of involved changes, however no breaking changes are expected. + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### Additional upgrade notes + +- MariaDB dependency version was bumped to a new major version that introduces several incompatibilities. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-800) for more information. +- If you want to upgrade to this version from a previous one installed with Helm v3, there are two alternatives: + - Install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + - Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `wordpress`). + +> Warning: please create a backup of your database before running any of these actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5. + +Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: + +```console +export WORDPRESS_PASSWORD=$(kubectl get secret --namespace default wordpress -o jsonpath="{.data.wordpress-password}" | base64 -d) +export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d) +export MARIADB_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d) +export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +``` + +Upgrade your release (maintaining the version) disabling MariaDB and scaling WordPress replicas to 0: + +```console +helm upgrade wordpress oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4 +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +Finally, upgrade you release to `10.0.0` reusing the existing PVC, and enabling back MariaDB: + +```console +helm upgrade wordpress oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +You should see the lines below in MariaDB container logs: + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +... +mariadb 12:13:24.98 INFO ==> Using persisted data +mariadb 12:13:25.01 INFO ==> Running mysql_upgrade +... +``` + +### To 9.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `securityContext.runAsUser`, and `securityContext.fsGroup` to `0`. +Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices. + +Consequences: + +- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. +- No writing permissions will be granted on `wp-config.php` by default. +- Backwards compatibility is not guaranteed. + +To upgrade to `9.0.0`, it's recommended to install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + +### To 8.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the API's deprecated, resulting in compatibility breakage. + +This major version signifies this change. + +### To 3.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to `3.0.0`. The following example assumes that the release name is `wordpress`: + +```console +kubectl patch deployment wordpress-wordpress --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl delete statefulset wordpress-mariadb --cascade=false +``` + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/wordpress-dependencies/charts/library-chart-1.5.21.tgz b/charts/wordpress-dependencies/charts/library-chart-1.5.21.tgz new file mode 100644 index 0000000..c81a7a0 Binary files /dev/null and b/charts/wordpress-dependencies/charts/library-chart-1.5.21.tgz differ diff --git a/charts/wordpress-dependencies/charts/wordpress-22.2.0.tgz b/charts/wordpress-dependencies/charts/wordpress-22.2.0.tgz new file mode 100644 index 0000000..294c673 Binary files /dev/null and b/charts/wordpress-dependencies/charts/wordpress-22.2.0.tgz differ diff --git a/charts/wordpress-dependencies/curl b/charts/wordpress-dependencies/curl new file mode 100644 index 0000000..e69de29 diff --git a/charts/wordpress-dependencies/index.yaml b/charts/wordpress-dependencies/index.yaml new file mode 100644 index 0000000..73be1d0 --- /dev/null +++ b/charts/wordpress-dependencies/index.yaml @@ -0,0 +1,161 @@ +apiVersion: v1 +entries: + common: + - annotations: + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.19.0 + created: "2024-04-15T08:17:31.201694+02:00" + description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. + digest: 89e4008ba84ebc4b1838b7266bd991958f57eedb841e9268726de971dc78cfd1 + home: https://bitnami.com + icon: https://bitnami.com/downloads/logos/bitnami-mark.png + keywords: + - common + - helper + - template + - function + - bitnami + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: common + sources: + - https://github.com/bitnami/charts + type: library + urls: + - charts/common-2.19.0.tgz + version: 2.19.0 + mariadb: + - annotations: + category: Database + images: | + - name: mariadb + image: docker.io/bitnami/mariadb:11.2.3-debian-12-r4 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-12-r8 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 11.2.3 + created: "2024-04-15T08:17:31.2084884+02:00" + dependencies: + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 68baeb5bed0d05469e805fff6745b68ddd77a585033a0d03fcc90ab108677529 + home: https://bitnami.com + icon: https://bitnami.com/assets/stacks/mariadb/img/mariadb-stack-220x234.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mariadb + urls: + - charts/mariadb-16.5.0.tgz + version: 16.5.0 + memcached: + - annotations: + category: Infrastructure + images: | + - name: memcached + image: docker.io/bitnami/memcached:1.6.24-debian-12-r0 + - name: memcached-exporter + image: docker.io/bitnami/memcached-exporter:0.14.2-debian-12-r10 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 1.6.24 + created: "2024-04-15T08:17:31.213548+02:00" + dependencies: + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x + description: Memcached is an high-performance, distributed memory object caching + system, generic in nature, but intended for use in speeding up dynamic web applications + by alleviating database load. + digest: 729aa0fc402dcc3eb493028ef124a744f907b8dba997519bb7dea588703a3c5f + home: https://bitnami.com + icon: https://bitnami.com/assets/stacks/memcached/img/memcached-stack-220x234.png + keywords: + - memcached + - cache + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: memcached + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/memcached + urls: + - charts/memcached-6.14.0.tgz + version: 6.14.0 + wordpress: + - annotations: + category: CMS + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r8 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + - name: wordpress + image: docker.io/bitnami/wordpress:6.4.3-debian-12-r20 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.4.3 + created: "2024-04-15T08:17:31.201694+02:00" + dependencies: + - condition: memcached.enabled + name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.x.x + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 13bb5d3f211ed22015c505a6d6508eabdf6f7bcb1e45f462362b0c5c870ffebf + home: https://bitnami.com + icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - wordpress-20.1.2.tgz + version: 20.1.2 +generated: "2024-04-15T08:17:31.1874317+02:00" diff --git a/charts/wordpress-dependencies/templates.old/NOTES.txt b/charts/wordpress-dependencies/templates.old/NOTES.txt new file mode 100644 index 0000000..722c965 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/NOTES.txt @@ -0,0 +1,96 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/wordpress/entrypoint.sh /opt/bitnami/scripts/apache/run.sh + +{{- else }} + +Your WordPress site can be accessed through the following DNS name from within your cluster: + + {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.ports.http }}) + +To access your WordPress site from outside the cluster follow the steps below: + +{{- if .Values.ingress.enabled }} + +1. Get the WordPress URL and associate WordPress hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "WordPress URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} +{{- $port := .Values.service.ports.http | toString }} + +1. Get the WordPress URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "WordPress URL: http://$NODE_IP:$NODE_PORT/" + echo "WordPress Admin URL: http://$NODE_IP:$NODE_PORT/admin" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "WordPress URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}/" + echo "WordPress Admin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}/admin" + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.http }}:{{ .Values.service.ports.http }} & + echo "WordPress URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}//" + echo "WordPress Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}//admin" + +{{- end }} +{{- end }} + +2. Open a browser and access WordPress using the obtained URL. + +3. Login with the following credentials below to see your blog: + + echo Username: {{ .Values.wordpressUsername }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.wordpress-password}" | base64 -d) + +{{- if .Values.metrics.enabled }} + +You can access Apache Prometheus metrics following the steps below: + +1. Get the Apache Prometheus metrics URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Apache Prometheus metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +2. Open a browser and access Apache Prometheus metrics using the obtained URL. + +{{- end }} +{{- end }} + +{{- include "wordpress.validateValues" . }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "volumePermissions") "context" $) }} diff --git a/charts/wordpress-dependencies/templates.old/_helpers.tpl b/charts/wordpress-dependencies/templates.old/_helpers.tpl new file mode 100644 index 0000000..7483623 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/_helpers.tpl @@ -0,0 +1,286 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "wordpress.mariadb.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "mariadb" "chartValues" .Values.mariadb "context" $) -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "wordpress.memcached.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "memcached" "chartValues" .Values.memcached "context" $) -}} +{{- end -}} + +{{/* +Return the proper WordPress image name +*/}} +{{- define "wordpress.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "wordpress.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "wordpress.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "wordpress.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "wordpress.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wordpress.customHTAccessCM" -}} +{{- printf "%s" .Values.customHTAccessCM -}} +{{- end -}} + +{{/* +Return the WordPress configuration secret +*/}} +{{- define "wordpress.configSecretName" -}} +{{- if .Values.existingWordPressConfigurationSecret -}} + {{- printf "%s" (tpl .Values.existingWordPressConfigurationSecret $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for WordPress configuration +*/}} +{{- define "wordpress.createConfigSecret" -}} +{{- if and .Values.wordpressConfiguration (not .Values.existingWordPressConfigurationSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the WordPress Apache configuration configmap +*/}} +{{- define "wordpress.apache.configmapName" -}} +{{- if .Values.existingApacheConfigurationConfigMap -}} + {{- printf "%s" (tpl .Values.existingApacheConfigurationConfigMap $) -}} +{{- else -}} + {{- printf "%s-apache-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for Apache configuration +*/}} +{{- define "wordpress.apache.createConfigmap" -}} +{{- if and .Values.apacheConfiguration (not .Values.existingApacheConfigurationConfigMap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Hostname +*/}} +{{- define "wordpress.databaseHost" -}} +{{- if .Values.mariadb.enabled }} + {{- if eq .Values.mariadb.architecture "replication" }} + {{- printf "%s-primary" (include "wordpress.mariadb.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} + {{- end -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.host -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Port +*/}} +{{- define "wordpress.databasePort" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "3306" -}} +{{- else -}} + {{- printf "%d" (.Values.externalDatabase.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Database Name +*/}} +{{- define "wordpress.databaseName" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" .Values.mariadb.auth.database -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.database -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB User +*/}} +{{- define "wordpress.databaseUser" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" .Values.mariadb.auth.username -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Secret Name +*/}} +{{- define "wordpress.databaseSecretName" -}} +{{- if .Values.mariadb.enabled }} + {{- if .Values.mariadb.auth.existingSecret -}} + {{- printf "%s" .Values.mariadb.auth.existingSecret -}} + {{- else -}} + {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} + {{- end -}} +{{- else if .Values.externalDatabase.existingSecret -}} + {{- include "common.tplvalues.render" (dict "value" .Values.externalDatabase.existingSecret "context" $) -}} +{{- else -}} + {{- printf "%s-externaldb" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Memcached Hostname +*/}} +{{- define "wordpress.cacheHost" -}} +{{- if .Values.memcached.enabled }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- printf "%s.%s.svc.%s" (include "wordpress.memcached.fullname" .) $releaseNamespace $clusterDomain -}} +{{- else -}} + {{- printf "%s" .Values.externalCache.host -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Memcached Port +*/}} +{{- define "wordpress.cachePort" -}} +{{- if .Values.memcached.enabled }} + {{- printf "11211" -}} +{{- else -}} + {{- printf "%d" (.Values.externalCache.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the WordPress Secret Name +*/}} +{{- define "wordpress.secretName" -}} +{{- if .Values.existingSecret }} + {{- printf "%s" .Values.existingSecret -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the SMTP Secret Name +*/}} +{{- define "wordpress.smtpSecretName" -}} +{{- if .Values.smtpExistingSecret }} + {{- printf "%s" .Values.smtpExistingSecret -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "wordpress.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "wordpress.validateValues.configuration" .) -}} +{{- $messages := append $messages (include "wordpress.validateValues.htaccess" .) -}} +{{- $messages := append $messages (include "wordpress.validateValues.database" .) -}} +{{- $messages := append $messages (include "wordpress.validateValues.cache" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of WordPress - Custom wp-config.php +*/}} +{{- define "wordpress.validateValues.configuration" -}} +{{- if and (or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret) (not .Values.wordpressSkipInstall) -}} +wordpress: wordpressConfiguration + You are trying to use a wp-config.php file. This setup is only supported + when skipping wizard installation (--set wordpressSkipInstall=true). +{{- end -}} +{{- end -}} + +{{/* +Validate values of WordPress - htaccess configuration +*/}} +{{- define "wordpress.validateValues.htaccess" -}} +{{- if and .Values.customHTAccessCM .Values.allowOverrideNone -}} +wordpress: customHTAccessCM + You are trying to use custom htaccess rules but Apache was configured + to prohibit overriding directives with htaccess files. To use this feature, + allow overriding Apache directives (--set allowOverrideNone=false). +{{- end -}} +{{- end -}} + +{{/* Validate values of WordPress - Database */}} +{{- define "wordpress.validateValues.database" -}} +{{- if and (not .Values.mariadb.enabled) (or (empty .Values.externalDatabase.host) (empty .Values.externalDatabase.port) (empty .Values.externalDatabase.database)) -}} +wordpress: database + You disable the MariaDB installation but you did not provide the required parameters + to use an external database. To use an external database, please ensure you provide + (at least) the following values: + + externalDatabase.host=DB_SERVER_HOST + externalDatabase.database=DB_NAME + externalDatabase.port=DB_SERVER_PORT +{{- end -}} +{{- end -}} + +{{/* Validate values of WordPress - Cache */}} +{{- define "wordpress.validateValues.cache" -}} +{{- if and .Values.wordpressConfigureCache (not .Values.memcached.enabled) (or (empty .Values.externalCache.host) (empty .Values.externalCache.port)) -}} +wordpress: cache + You enabled cache via W3 Total Cache without but you did not enable the Memcached + installation nor you did provided the required parameters to use an external cache server. + Please enable the Memcached installation (--set memcached.enabled=true) or + provide the external cache server values: + + externalCache.host=CACHE_SERVER_HOST + externalCache.port=CACHE_SERVER_PORT +{{- end -}} +{{- end -}} diff --git a/charts/wordpress-dependencies/templates.old/config-secret.yaml b/charts/wordpress-dependencies/templates.old/config-secret.yaml new file mode 100644 index 0000000..9dff348 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/config-secret.yaml @@ -0,0 +1,18 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "wordpress.createConfigSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + wp-config.php: {{ .Values.wordpressConfiguration | b64enc }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/deployment.yaml b/charts/wordpress-dependencies/templates.old/deployment.yaml new file mode 100644 index 0000000..720d8fa --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/deployment.yaml @@ -0,0 +1,389 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (include "wordpress.createConfigSecret" .) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if (include "wordpress.createConfigSecret" .) }} + checksum/config-secret: {{ include (print $.Template.BasePath "/config-secret.yaml") . | sha256sum }} + {{- end }} + {{- end }} + spec: + {{- include "wordpress.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- if .Values.hostAliases }} + # yamllint disable rule:indentation + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "wordpress.serviceAccountName" .}} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if or (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) (.Values.initContainers) }} + initContainers: + {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: "{{ include "wordpress.volumePermissions.image" . }}" + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p /bitnami/wordpress + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + find /bitnami/wordpress -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R $(id -u):$(id -G | cut -d " " -f2) + {{- else }} + find /bitnami/wordpress -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto " }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/wordpress + name: wordpress-data + subPath: wordpress + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: wordpress + image: {{ include "wordpress.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" ( dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" ( dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} + - name: WORDPRESS_SKIP_BOOTSTRAP + value: {{ ternary "yes" "no" .Values.wordpressSkipInstall | quote }} + {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} + # Override the default data to persist omiting wp-config.php from the list since + # it is mounted as a read-only file from a Secret + - name: WORDPRESS_DATA_TO_PERSIST + value: "wp-content" + {{- else }} + - name: MARIADB_HOST + value: {{ include "wordpress.databaseHost" . | quote }} + - name: MARIADB_PORT_NUMBER + value: {{ include "wordpress.databasePort" . | quote }} + - name: WORDPRESS_DATABASE_NAME + value: {{ include "wordpress.databaseName" . | quote }} + - name: WORDPRESS_DATABASE_USER + value: {{ include "wordpress.databaseUser" . | quote }} + - name: WORDPRESS_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.databaseSecretName" . }} + key: mariadb-password + - name: WORDPRESS_USERNAME + value: {{ .Values.wordpressUsername | quote }} + - name: WORDPRESS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.secretName" . }} + key: wordpress-password + - name: WORDPRESS_EMAIL + value: {{ .Values.wordpressEmail | quote }} + - name: WORDPRESS_FIRST_NAME + value: {{ .Values.wordpressFirstName | quote }} + - name: WORDPRESS_LAST_NAME + value: {{ .Values.wordpressLastName | quote }} + - name: WORDPRESS_HTACCESS_OVERRIDE_NONE + value: {{ ternary "yes" "no" .Values.allowOverrideNone | quote }} + - name: WORDPRESS_ENABLE_HTACCESS_PERSISTENCE + value: {{ ternary "yes" "no" .Values.htaccessPersistenceEnabled | quote }} + - name: WORDPRESS_BLOG_NAME + value: {{ .Values.wordpressBlogName | quote }} + - name: WORDPRESS_TABLE_PREFIX + value: {{ .Values.wordpressTablePrefix | quote }} + - name: WORDPRESS_SCHEME + value: {{ .Values.wordpressScheme | quote }} + - name: WORDPRESS_EXTRA_WP_CONFIG_CONTENT + value: {{ .Values.wordpressExtraConfigContent | quote }} + - name: WORDPRESS_PLUGINS + value: {{ join "," .Values.wordpressPlugins | quote }} + - name: WORDPRESS_OVERRIDE_DATABASE_SETTINGS + value: {{ ternary "yes" "no" .Values.overrideDatabaseSettings | quote }} + {{- end }} + {{- if .Values.multisite.enable }} + - name: WORDPRESS_ENABLE_MULTISITE + value: "yes" + - name: WORDPRESS_MULTISITE_HOST + value: {{ .Values.multisite.host | quote }} + - name: WORDPRESS_MULTISITE_EXTERNAL_HTTP_PORT_NUMBER + value: {{ .Values.service.ports.http | quote }} + - name: WORDPRESS_MULTISITE_EXTERNAL_HTTPS_PORT_NUMBER + value: {{ .Values.service.ports.https | quote }} + - name: WORDPRESS_MULTISITE_NETWORK_TYPE + value: {{ .Values.multisite.networkType | quote }} + - name: WORDPRESS_MULTISITE_ENABLE_NIP_IO_REDIRECTION + value: {{ ternary "yes" "no" .Values.multisite.enableNipIoRedirect | quote }} + {{- end }} + {{- if .Values.smtpHost }} + - name: SMTP_HOST + value: {{ .Values.smtpHost | quote }} + {{- end }} + {{- if .Values.smtpPort }} + - name: SMTP_PORT + value: {{ .Values.smtpPort | quote }} + {{- end }} + {{- if .Values.smtpUser }} + - name: SMTP_USER + value: {{ .Values.smtpUser | quote }} + {{- end }} + {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.smtpSecretName" . }} + key: smtp-password + {{- end }} + {{- if .Values.smtpProtocol }} + - name: SMTP_PROTOCOL + value: {{ .Values.smtpProtocol | quote }} + {{- end }} + - name: APACHE_HTTP_PORT_NUMBER + value: {{ .Values.containerPorts.http | quote }} + - name: APACHE_HTTPS_PORT_NUMBER + value: {{ .Values.containerPorts.https | quote }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + - name: https + containerPort: {{ .Values.containerPorts.https }} + {{- if .Values.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/wordpress + name: wordpress-data + subPath: wordpress + {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} + - name: wordpress-config + mountPath: /opt/bitnami/wordpress/wp-config.php + subPath: wp-config.php + {{- end }} + {{- if or .Values.apacheConfiguration .Values.existingApacheConfigurationConfigMap }} + - name: apache-config + mountPath: /opt/bitnami/apache/conf/httpd.conf + subPath: httpd.conf + {{- end }} + {{- if and (not .Values.allowOverrideNone) .Values.customHTAccessCM }} + - mountPath: /opt/bitnami/apache/conf/vhosts/htaccess + name: custom-htaccess + {{- end }} + {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} + - mountPath: /docker-entrypoint-init.d + name: custom-postinit + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "wordpress.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/apache_exporter + - --scrape_uri + - http://status.localhost:8080/server-status/?auto + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.metrics }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} + - name: wordpress-config + secret: + secretName: {{ include "wordpress.configSecretName" . }} + defaultMode: 0644 + {{- end }} + {{- if or .Values.apacheConfiguration .Values.existingApacheConfigurationConfigMap }} + - name: apache-config + configMap: + name: {{ include "wordpress.apache.configmapName" . }} + defaultMode: 0644 + {{- end }} + {{- if and (not .Values.allowOverrideNone) .Values.customHTAccessCM }} + - name: custom-htaccess + configMap: + name: {{ include "wordpress.customHTAccessCM" . }} + items: + - key: wordpress-htaccess.conf + path: wordpress-htaccess.conf + {{- end }} + {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} + - name: custom-postinit + configMap: + name: {{ printf "%s-postinit" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- end }} + - name: wordpress-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/wordpress-dependencies/templates.old/externaldb-secrets.yaml b/charts/wordpress-dependencies/templates.old/externaldb-secrets.yaml new file mode 100644 index 0000000..ae5edb1 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/externaldb-secrets.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/extra-list.yaml b/charts/wordpress-dependencies/templates.old/extra-list.yaml new file mode 100644 index 0000000..2d35a58 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/hpa.yaml b/charts/wordpress-dependencies/templates.old/hpa.yaml new file mode 100644 index 0000000..2426dd2 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/hpa.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "common.names.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/httpd-configmap.yaml b/charts/wordpress-dependencies/templates.old/httpd-configmap.yaml new file mode 100644 index 0000000..30a434a --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/httpd-configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "wordpress.apache.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-apache-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + httpd.conf: |- + {{- .Values.apacheConfiguration | nindent 4 }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/ingress.yaml b/charts/wordpress-dependencies/templates.old/ingress.yaml new file mode 100644 index 0000000..3fe25b4 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/ingress.yaml @@ -0,0 +1,62 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ tpl .Values.ingress.hostname $ | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ tpl .Values.ingress.hostname $ | quote }} + {{- if or (.Values.ingress.tlsWwwPrefix) (eq (index .Values.ingress.annotations "nginx.ingress.kubernetes.io/from-to-www-redirect") "true" ) }} + - {{ printf "www.%s" (tpl .Values.ingress.hostname $) | quote }} + {{- end }} + secretName: {{ printf "%s-tls" (tpl .Values.ingress.hostname $) }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/metrics-svc.yaml b/charts/wordpress-dependencies/templates.old/metrics-svc.yaml new file mode 100644 index 0000000..1731ac3 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/metrics-svc.yaml @@ -0,0 +1,27 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: metrics + port: {{ .Values.metrics.service.ports.metrics }} + protocol: TCP + targetPort: metrics + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/networkpolicy-backend-ingress.yaml b/charts/wordpress-dependencies/templates.old/networkpolicy-backend-ingress.yaml new file mode 100644 index 0000000..7133256 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/networkpolicy-backend-ingress.yaml @@ -0,0 +1,30 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-backend" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- if .Values.networkPolicy.ingressRules.customBackendSelector }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }} + {{- else }} + app.kubernetes.io/name: mariadb + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + ingress: + - from: + - podSelector: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/networkpolicy-egress.yaml b/charts/wordpress-dependencies/templates.old/networkpolicy-egress.yaml new file mode 100644 index 0000000..9c8a442 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/networkpolicy-egress.yaml @@ -0,0 +1,35 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - to: + - namespaceSelector: {} + {{- end }} + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/networkpolicy-ingress.yaml b/charts/wordpress-dependencies/templates.old/networkpolicy-ingress.yaml new file mode 100644 index 0000000..c05c1e6 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/networkpolicy-ingress.yaml @@ -0,0 +1,63 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + ingress: + {{- if and .Values.ingress.enabled .Values.networkPolicy.ingress.enabled (or .Values.networkPolicy.ingress.namespaceSelector .Values.networkPolicy.ingress.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingress.namespaceSelector }} + - namespaceSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingress.podSelector }} + - podSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.podSelector "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} + - from: + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.metrics.podSelector }} + - podSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector }} + - podSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/pdb.yaml b/charts/wordpress-dependencies/templates.old/pdb.yaml new file mode 100644 index 0000000..07c3777 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/pdb.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/postinit-configmap.yaml b/charts/wordpress-dependencies/templates.old/postinit-configmap.yaml new file mode 100644 index 0000000..48f8b63 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/postinit-configmap.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-postinit" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- if .Values.wordpressConfigureCache }} + {{- $memcachedFullname := include "wordpress.cacheHost" . }} + {{- $memcachedPort := include "wordpress.cachePort" . | int }} + 00-configure-w3-total-cache.sh: |- + #!/bin/bash + + # Add permissions to edit wp-config.php + chmod +w /bitnami/wordpress/wp-config.php + + # Activate W3 Total Cache pairs + wp plugin activate w3-total-cache + wp total-cache fix_environment + + # Choose 'Memcached' as database and object cache method + wp total-cache option set dbcache.engine memcached --type=string + wp total-cache option set objectcache.engine memcached --type=string + wp total-cache flush all + wp total-cache option set dbcache.memcached.servers {{ $memcachedFullname }}:{{ $memcachedPort }} --type=string + wp total-cache option set dbcache.enabled true --type=boolean + wp total-cache option set objectcache.memcached.servers {{ $memcachedFullname }}:{{ $memcachedPort }} --type=string + wp total-cache option set objectcache.enabled true --type=boolean + wp total-cache flush all + + # Revoke permissions to edit wp-config.php + chmod a-w /bitnami/wordpress/wp-config.php + {{- end }} + {{- if .Values.customPostInitScripts }} + {{- include "common.tplvalues.render" (dict "value" .Values.customPostInitScripts "context" $) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/pvc.yaml b/charts/wordpress-dependencies/templates.old/pvc.yaml new file mode 100644 index 0000000..9d4f62f --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/pvc.yaml @@ -0,0 +1,36 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- if not (empty .Values.persistence.accessModes) }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- else }} + - {{ .Values.persistence.accessMode | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }} + {{- end -}} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/secrets.yaml b/charts/wordpress-dependencies/templates.old/secrets.yaml new file mode 100644 index 0000000..22e6a04 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/secrets.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not .Values.existingSecret }} + wordpress-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "wordpress-password" "providedValues" (list "wordpressPassword") "context" $) }} + {{- end }} + {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} + {{- if .Values.smtpPassword }} + smtp-password: {{ .Values.smtpPassword | b64enc | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/serviceaccount.yaml b/charts/wordpress-dependencies/templates.old/serviceaccount.yaml new file mode 100644 index 0000000..0ee982a --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "wordpress.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end -}} diff --git a/charts/wordpress-dependencies/templates.old/servicemonitor.yaml b/charts/wordpress-dependencies/templates.old/servicemonitor.yaml new file mode 100644 index 0000000..e0aa8a9 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/servicemonitor.yaml @@ -0,0 +1,43 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: metrics +{{- end }} diff --git a/charts/wordpress-dependencies/templates.old/svc.yaml b/charts/wordpress-dependencies/templates.old/svc.yaml new file mode 100644 index 0000000..b8739e1 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/svc.yaml @@ -0,0 +1,59 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: https + port: {{ .Values.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.service.httpsTargetPort }} + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/wordpress-dependencies/templates.old/tls-secrets.yaml b/charts/wordpress-dependencies/templates.old/tls-secrets.yaml new file mode 100644 index 0000000..728ab58 --- /dev/null +++ b/charts/wordpress-dependencies/templates.old/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} +{{- $ca := genCA "wordpress-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/wordpress-dependencies/values.schema.json b/charts/wordpress-dependencies/values.schema.json new file mode 100644 index 0000000..6945e87 --- /dev/null +++ b/charts/wordpress-dependencies/values.schema.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "ingress": { + "type": "object", + "form": true, + "title": "Ingress Details", + "properties": { + "enabled": { + "description": "Enable Ingress", + "type": "boolean", + "default": true, + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "k8s.ingress" + } + }, + "hostname": { + "type": "string", + "form": true, + "title": "Hostname", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{project.id}}-{{k8s.randomSubdomain}}-0.{{k8s.domain}}" + } + } + } + } + } +} diff --git a/charts/wordpress-dependencies/values.yaml b/charts/wordpress-dependencies/values.yaml new file mode 100644 index 0000000..43781c6 --- /dev/null +++ b/charts/wordpress-dependencies/values.yaml @@ -0,0 +1,6 @@ +wordpress: + wordpressUsername: "admin" + wordpressPassword: "admin$genes*2023" + ingress: + enabled: true + hostname: wordpress.lab.groupe-genes.fr \ No newline at end of file diff --git a/charts/wordpress-dependencies/wordpress-depedency-1.0.0.tgz b/charts/wordpress-dependencies/wordpress-depedency-1.0.0.tgz new file mode 100644 index 0000000..c532c43 Binary files /dev/null and b/charts/wordpress-dependencies/wordpress-depedency-1.0.0.tgz differ diff --git a/charts/wordpress-dependencies/wordpress-dependency-1.0.1.tgz b/charts/wordpress-dependencies/wordpress-dependency-1.0.1.tgz new file mode 100644 index 0000000..10c6381 Binary files /dev/null and b/charts/wordpress-dependencies/wordpress-dependency-1.0.1.tgz differ diff --git a/charts/wordpress-dependencies/wordpress-dependency-1.0.2.tgz b/charts/wordpress-dependencies/wordpress-dependency-1.0.2.tgz new file mode 100644 index 0000000..faa61e4 Binary files /dev/null and b/charts/wordpress-dependencies/wordpress-dependency-1.0.2.tgz differ diff --git a/charts/wordpress-dependencies/wordpress-dependency-1.0.3.tgz b/charts/wordpress-dependencies/wordpress-dependency-1.0.3.tgz new file mode 100644 index 0000000..990c1f1 Binary files /dev/null and b/charts/wordpress-dependencies/wordpress-dependency-1.0.3.tgz differ diff --git a/charts/wordpress-dependencies/wordpress-dependency-1.0.4.tgz b/charts/wordpress-dependencies/wordpress-dependency-1.0.4.tgz new file mode 100644 index 0000000..52fb569 Binary files /dev/null and b/charts/wordpress-dependencies/wordpress-dependency-1.0.4.tgz differ diff --git a/charts/wordpress-dependencies/wordpress-test-1.0.0.tgz b/charts/wordpress-dependencies/wordpress-test-1.0.0.tgz new file mode 100644 index 0000000..96f8fe3 Binary files /dev/null and b/charts/wordpress-dependencies/wordpress-test-1.0.0.tgz differ diff --git a/charts/wordpress-new-start/.helmignore b/charts/wordpress-new-start/.helmignore new file mode 100644 index 0000000..fb56657 --- /dev/null +++ b/charts/wordpress-new-start/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ diff --git a/charts/wordpress-new-start/Chart.lock b/charts/wordpress-new-start/Chart.lock new file mode 100644 index 0000000..1c327cd --- /dev/null +++ b/charts/wordpress-new-start/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.14.0 +- name: mariadb + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.5.0 +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.19.0 +digest: sha256:f14e7183217316a026257bb89543ec1055b763c37dd4bfba26c2c725ac0e7571 +generated: "2024-03-08T16:54:42.092136196Z" diff --git a/charts/wordpress-new-start/Chart.yaml b/charts/wordpress-new-start/Chart.yaml new file mode 100644 index 0000000..76db870 --- /dev/null +++ b/charts/wordpress-new-start/Chart.yaml @@ -0,0 +1,47 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: CMS + licenses: Apache-2.0 + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r8 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + - name: wordpress + image: docker.io/bitnami/wordpress:6.4.3-debian-12-r20 +apiVersion: v2 +appVersion: 6.4.3 +dependencies: +- condition: memcached.enabled + name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.x.x +- condition: mariadb.enabled + name: mariadb + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.x.x +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: WordPress is the world's most popular blogging and content management platform. Powerful yet simple, everyone from students to global corporations use it to build beautiful, functional websites. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png +keywords: +- application +- blog +- cms +- http +- php +- web +- wordpress +maintainers: +- name: VMware, Inc. + url: https://github.com/bitnami/charts +name: wordpress-new-start +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/wordpress +version: 20.1.5 diff --git a/charts/wordpress-new-start/README.md b/charts/wordpress-new-start/README.md new file mode 100644 index 0000000..006c3d0 --- /dev/null +++ b/charts/wordpress-new-start/README.md @@ -0,0 +1,772 @@ + + +# Bitnami package for WordPress + +WordPress is the world's most popular blogging and content management platform. Powerful yet simple, everyone from students to global corporations use it to build beautiful, functional websites. + +[Overview of WordPress](http://www.wordpress.org) + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/wordpress +``` + +Looking to use WordPress in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +This chart bootstraps a [WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/tree/main/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the WordPress application, and the [Bitnami Memcached chart](https://github.com/bitnami/charts/tree/main/bitnami/memcached) that can be used to cache database queries. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `commonLabels` | Labels to add to all deployed resources | `{}` | +| `commonAnnotations` | Annotations to add to all deployed resources | `{}` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + +### WordPress Image parameters + +| Name | Description | Value | +| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- | +| `image.registry` | WordPress image registry | `REGISTRY_NAME` | +| `image.repository` | WordPress image repository | `REPOSITORY_NAME/wordpress` | +| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | +| `image.pullSecrets` | WordPress image pull secrets | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | + +### WordPress Configuration parameters + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------- | ------------------ | +| `wordpressUsername` | WordPress username | `user` | +| `wordpressPassword` | WordPress user password | `""` | +| `existingSecret` | Name of existing secret containing WordPress credentials | `""` | +| `wordpressEmail` | WordPress user email | `user@example.com` | +| `wordpressFirstName` | WordPress user first name | `FirstName` | +| `wordpressLastName` | WordPress user last name | `LastName` | +| `wordpressBlogName` | Blog name | `User's Blog!` | +| `wordpressTablePrefix` | Prefix to use for WordPress database tables | `wp_` | +| `wordpressScheme` | Scheme to use to generate WordPress URLs | `http` | +| `wordpressSkipInstall` | Skip wizard installation | `false` | +| `wordpressExtraConfigContent` | Add extra content to the default wp-config.php file | `""` | +| `wordpressConfiguration` | The content for your custom wp-config.php file (advanced feature) | `""` | +| `existingWordPressConfigurationSecret` | The name of an existing secret with your custom wp-config.php file (advanced feature) | `""` | +| `wordpressConfigureCache` | Enable W3 Total Cache plugin and configure cache settings | `false` | +| `wordpressPlugins` | Array of plugins to install and activate. Can be specified as `all` or `none`. | `none` | +| `apacheConfiguration` | The content for your custom httpd.conf file (advanced feature) | `""` | +| `existingApacheConfigurationConfigMap` | The name of an existing secret with your custom httpd.conf file (advanced feature) | `""` | +| `customPostInitScripts` | Custom post-init.d user scripts | `{}` | +| `smtpHost` | SMTP server host | `""` | +| `smtpPort` | SMTP server port | `""` | +| `smtpUser` | SMTP username | `""` | +| `smtpPassword` | SMTP user password | `""` | +| `smtpProtocol` | SMTP protocol | `""` | +| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` | +| `allowEmptyPassword` | Allow the container to be started with blank passwords | `true` | +| `allowOverrideNone` | Configure Apache to prohibit overriding directives with htaccess files | `false` | +| `overrideDatabaseSettings` | Allow overriding the database settings persisted in wp-config.php | `false` | +| `htaccessPersistenceEnabled` | Persist custom changes on htaccess files | `false` | +| `customHTAccessCM` | The name of an existing ConfigMap with custom htaccess rules | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Array with extra environment variables to add to the WordPress container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + +### WordPress Multisite Configuration parameters + +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `multisite.enable` | Whether to enable WordPress Multisite configuration. | `false` | +| `multisite.host` | WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. | `""` | +| `multisite.networkType` | WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. | `subdomain` | +| `multisite.enableNipIoRedirect` | Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. | `false` | + +### WordPress deployment parameters + +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of WordPress replicas to deploy | `1` | +| `updateStrategy.type` | WordPress deployment strategy type | `RollingUpdate` | +| `schedulerName` | Alternate scheduler | `""` | +| `terminationGracePeriodSeconds` | In seconds, time given to the WordPress pod to terminate gracefully | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `priorityClassName` | Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand | `""` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | WordPress pod host aliases | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes for WordPress pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for WordPress container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the WordPress pod | `[]` | +| `initContainers` | Add additional init containers to the WordPress pods | `[]` | +| `podLabels` | Extra labels for WordPress pods | `{}` | +| `podAnnotations` | Annotations for WordPress pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `containerPorts.http` | WordPress HTTP container port | `8080` | +| `containerPorts.https` | WordPress HTTPS container port | `8443` | +| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` | +| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on WordPress containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on WordPress containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `lifecycleHooks` | for the WordPress container(s) to automate configuration before or after startup | `{}` | + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | WordPress service type | `LoadBalancer` | +| `service.ports.http` | WordPress service HTTP port | `80` | +| `service.ports.https` | WordPress service HTTPS port | `443` | +| `service.httpsTargetPort` | Target port for HTTPS | `https` | +| `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.nodePorts.https` | Node port for HTTPS | `""` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | WordPress service Cluster IP | `""` | +| `service.loadBalancerIP` | WordPress service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | WordPress service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | WordPress service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for WordPress service | `{}` | +| `service.extraPorts` | Extra port to expose on WordPress service | `[]` | +| `ingress.enabled` | Enable ingress record generation for WordPress | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.hostname` | Default host for the ingress record. The hostname is templated and thus can contain other variable references. | `wordpress.local` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.tlsWwwPrefix` | Adds www subdomain to default cert | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record. The host names are templated and thus can contain other variable references. | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + +### Persistence Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `persistence.storageClass` | Persistent Volume storage class | `""` | +| `persistence.accessModes` | Persistent Volume access modes | `[]` | +| `persistence.accessMode` | Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) | `ReadWriteOnce` | +| `persistence.size` | Persistent Volume size | `10Gi` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `pdb.create` | Enable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable Horizontal POD autoscaling for WordPress | `false` | +| `autoscaling.minReplicas` | Minimum number of WordPress replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of WordPress replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` | + +### Metrics Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | +| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` | +| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | +| `metrics.containerPorts.metrics` | Prometheus exporter container port | `9117` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on Prometheus exporter containers | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on Prometheus exporter containers | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe on Prometheus exporter containers | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `metrics.service.ports.metrics` | Prometheus metrics service port | `9150` | +| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | + +### NetworkPolicy parameters + +| Name | Description | Value | +| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable network policies | `false` | +| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` | +| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | +| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | +| `networkPolicy.ingress.enabled` | Enable network policy for Ingress Proxies | `false` | +| `networkPolicy.ingress.namespaceSelector` | Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. | `{}` | +| `networkPolicy.ingress.podSelector` | Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. | `{}` | +| `networkPolicy.ingressRules.backendOnlyAccessibleByFrontend` | Enable ingress rule that makes the backend (mariadb) only accessible by testlink's pods. | `false` | +| `networkPolicy.ingressRules.customBackendSelector` | Backend selector labels. These labels will be used to identify the backend pods. | `{}` | +| `networkPolicy.ingressRules.accessOnlyFrom.enabled` | Enable ingress rule that makes testlink only accessible from a particular origin | `false` | +| `networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access testlink. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.accessOnlyFrom.podSelector` | Pods selector label that is allowed to access testlink. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.customRules` | Custom network policy ingress rule | `{}` | +| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | + +### Database Parameters + +| Name | Description | Value | +| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------- | +| `mariadb.enabled` | Deploy a MariaDB server to satisfy the applications database requirements | `true` | +| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | +| `mariadb.auth.rootPassword` | MariaDB root password | `""` | +| `mariadb.auth.database` | MariaDB custom database | `bitnami_wordpress` | +| `mariadb.auth.username` | MariaDB custom user name | `bn_wordpress` | +| `mariadb.auth.password` | MariaDB custom user password | `""` | +| `mariadb.primary.persistence.enabled` | Enable persistence on MariaDB using PVC(s) | `true` | +| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class | `""` | +| `mariadb.primary.persistence.accessModes` | Persistent Volume access modes | `[]` | +| `mariadb.primary.persistence.size` | Persistent Volume size | `8Gi` | +| `externalDatabase.host` | External Database server host | `localhost` | +| `externalDatabase.port` | External Database server port | `3306` | +| `externalDatabase.user` | External Database username | `bn_wordpress` | +| `externalDatabase.password` | External Database user password | `""` | +| `externalDatabase.database` | External Database database name | `bitnami_wordpress` | +| `externalDatabase.existingSecret` | The name of an existing secret with database credentials. Evaluated as a template | `""` | +| `memcached.enabled` | Deploy a Memcached server for caching database queries | `false` | +| `memcached.auth.enabled` | Enable Memcached authentication | `false` | +| `memcached.auth.username` | Memcached admin user | `""` | +| `memcached.auth.password` | Memcached admin password | `""` | +| `memcached.auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` | +| `memcached.service.port` | Memcached service port | `11211` | +| `externalCache.host` | External cache server host | `localhost` | +| `externalCache.port` | External cache server port | `11211` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set wordpressUsername=admin \ + --set wordpressPassword=password \ + --set mariadb.auth.rootPassword=secretpassword \ + oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/wordpress/values.yaml) + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Known limitations + +When performing admin operations that require activating the maintenance mode (such as updating a plugin or theme), it's activated in only one replica (see: [bug report](https://core.trac.wordpress.org/ticket/50797)). This implies that WP could be attending requests on other replicas while performing admin operations, with unpredictable consequences. + +To avoid that, you can manually activate/deactivate the maintenance mode on every replica using the WP CLI. For instance, if you installed WP with three replicas, you can run the commands below to activate the maintenance mode in all of them (assuming that the release name is `wordpress`): + +```console +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[0].metadata.name}') -c wordpress -- wp maintenance-mode activate +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[1].metadata.name}') -c wordpress -- wp maintenance-mode activate +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[2].metadata.name}') -c wordpress -- wp maintenance-mode activate +``` + +### External database support + +You may want to have WordPress connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#database-parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: + +```console +mariadb.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=3306 +``` + +If the database already contains data from a previous WordPress installation, set the `wordpressSkipInstall` parameter to `true`. This parameter forces the container to skip the WordPress installation wizard. Otherwise, the container will assume it is a fresh installation and execute the installation wizard, potentially modifying or resetting the data in the existing database. + +[Refer to the container documentation for more information](https://github.com/bitnami/containers/tree/main/bitnami/wordpress#connect-wordpress-container-to-an-existing-database). + +### Memcached + +This chart provides support for using Memcached to cache database queries and objects improving the website performance. To enable this feature, set `wordpressConfigureCache` and `memcached.enabled` parameters to `true`. + +When this feature is enabled, a Memcached server will be deployed in your K8s cluster using the Bitnami Memcached chart and the [W3 Total Cache](https://wordpress.org/plugins/w3-total-cache/) plugin will be activated and configured to use the Memcached server for database caching. + +It is also possible to use an external cache server rather than installing one inside your cluster. To achieve this, the chart allows you to specify credentials for an external cache server with the [`externalCache` parameter](#database-parameters). You should also disable the Memcached installation with the `memcached.enabled` option. Here is an example: + +```console +wordpressConfigureCache=true +memcached.enabled=false +externalCache.host=myexternalcachehost +externalCache.port=11211 +``` + +### Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### TLS secrets + +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`. + +### `.htaccess` files + +For performance and security reasons, it is a good practice to configure Apache with the `AllowOverride None` directive. Instead of using `.htaccess` files, Apache will load the same directives at boot time. These directives are located in `/opt/bitnami/wordpress/wordpress-htaccess.conf`. + +By default, the container image includes all the default `.htaccess` files in WordPress (together with the default plugins). To enable this feature, install the chart with the value `allowOverrideNone=yes`. + +However, some plugins may include `.htaccess` directives that will not be loaded when `AllowOverride` is set to `None`. To make them work, create a custom `wordpress-htaccess.conf` file with all the required directives. After creating it, create a Kubernetes ConfigMap with it (for example, named `custom-htaccess`) and install the chart with the correct parameters as shown below: + +```text + allowOverrideNone=true + customHTAccessCM=custom-htaccess +``` + +Some plugins permit editing the `.htaccess` file and it may be necessary to persist it in order to keep those edits. To make these plugins work, set the `htaccessPersistenceEnabled` parameter as shown below: + +```text + allowOverrideNone=false + htaccessPersistenceEnabled=true +``` + +## Persistence + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image stores the WordPress data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +wordpress: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as WordPress (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Learn more about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Notable changes + +### 13.2.0 + +Removed support for limiting auto-updates to WordPress core via the `wordpressAutoUpdateLevel` option. To update WordPress core, we recommend you use the `helm upgrade` command to update your deployment instead of using the built-in update functionality. + +### 11.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image was refactored and now the source code is published in GitHub in the `rootfs` folder of the container image. + +In addition, several new features have been implemented: + +- Multisite mode is now supported via `multisite.*` options. +- Plugins can be installed and activated on the first deployment via the `wordpressPlugins` option. +- Added support for limiting auto-updates to WordPress core via the `wordpressAutoUpdateLevel` option. In addition, auto-updates have been disabled by default. To update WordPress core, we recommend to swap the container image version for your deployment instead of using the built-in update functionality. + +To enable the new features, it is not possible to do it by upgrading an existing deployment. Instead, it is necessary to perform a fresh deploy. + +## Upgrading + +### To 20.0.0 + +This major release bumps the and MariaDB chart version to [16.x.x](https://github.com/bitnami/charts/pull/23054); no major issues are expected during the upgrade. + +### To 19.0.0 + +This major release bumps the MariaDB version to 11.2. No major issues are expected during the upgrade. + +### To 18.0.0 + +This major release bumps the MariaDB version to 11.1. No major issues are expected during the upgrade. + +### To 17.0.0 + +This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade. + +### To 16.0.0 + +This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade. + +### To 14.0.0 + +This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) for upgrading from MariaDB 10.5 to 10.6. No major issues are expected during the upgrade. + +### To 13.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +- `service.port` and `service.httpsPort` have been regrouped under the `service.ports` map. +- `metrics.service.port` has been regrouped under the `metrics.service.ports` map. +- `serviceAccountName` has been deprecated in favor of `serviceAccount` map. + +Additionally updates the MariaDB & Memcached subcharts to their newest major `10.x.x` and `6.x.x`, respectively, which contain similar changes. + +### To 12.0.0 + +WordPress version was bumped to its latest major, `5.8.x`. Though no incompatibilities are expected while upgrading from previous versions, WordPress recommends backing up your application first. + +Site backups can be easily performed using tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + +### To 11.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image was refactored and now the source code is published in GitHub in the `rootfs` folder of the container image. + +Compatibility is not guaranteed due to the amount of involved changes, however no breaking changes are expected. + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### Additional upgrade notes + +- MariaDB dependency version was bumped to a new major version that introduces several incompatibilities. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-800) for more information. +- If you want to upgrade to this version from a previous one installed with Helm v3, there are two alternatives: + - Install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + - Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `wordpress`). + +> Warning: please create a backup of your database before running any of these actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5. + +Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: + +```console +export WORDPRESS_PASSWORD=$(kubectl get secret --namespace default wordpress -o jsonpath="{.data.wordpress-password}" | base64 -d) +export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d) +export MARIADB_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d) +export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +``` + +Upgrade your release (maintaining the version) disabling MariaDB and scaling WordPress replicas to 0: + +```console +helm upgrade wordpress oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4 +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +Finally, upgrade you release to `10.0.0` reusing the existing PVC, and enabling back MariaDB: + +```console +helm upgrade wordpress oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +You should see the lines below in MariaDB container logs: + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +... +mariadb 12:13:24.98 INFO ==> Using persisted data +mariadb 12:13:25.01 INFO ==> Running mysql_upgrade +... +``` + +### To 9.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `securityContext.runAsUser`, and `securityContext.fsGroup` to `0`. +Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices. + +Consequences: + +- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. +- No writing permissions will be granted on `wp-config.php` by default. +- Backwards compatibility is not guaranteed. + +To upgrade to `9.0.0`, it's recommended to install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + +### To 8.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the API's deprecated, resulting in compatibility breakage. + +This major version signifies this change. + +### To 3.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to `3.0.0`. The following example assumes that the release name is `wordpress`: + +```console +kubectl patch deployment wordpress-wordpress --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl delete statefulset wordpress-mariadb --cascade=false +``` + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/wordpress-new-start/charts/common-2.19.0.tgz b/charts/wordpress-new-start/charts/common-2.19.0.tgz new file mode 100644 index 0000000..999417c Binary files /dev/null and b/charts/wordpress-new-start/charts/common-2.19.0.tgz differ diff --git a/charts/wordpress-new-start/charts/mariadb-16.5.0.tgz b/charts/wordpress-new-start/charts/mariadb-16.5.0.tgz new file mode 100644 index 0000000..8c88035 Binary files /dev/null and b/charts/wordpress-new-start/charts/mariadb-16.5.0.tgz differ diff --git a/charts/wordpress-new-start/charts/memcached-6.14.0.tgz b/charts/wordpress-new-start/charts/memcached-6.14.0.tgz new file mode 100644 index 0000000..af49218 Binary files /dev/null and b/charts/wordpress-new-start/charts/memcached-6.14.0.tgz differ diff --git a/charts/wordpress-new-start/curl b/charts/wordpress-new-start/curl new file mode 100644 index 0000000..e69de29 diff --git a/charts/wordpress-new-start/index.yaml b/charts/wordpress-new-start/index.yaml new file mode 100644 index 0000000..73be1d0 --- /dev/null +++ b/charts/wordpress-new-start/index.yaml @@ -0,0 +1,161 @@ +apiVersion: v1 +entries: + common: + - annotations: + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.19.0 + created: "2024-04-15T08:17:31.201694+02:00" + description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. + digest: 89e4008ba84ebc4b1838b7266bd991958f57eedb841e9268726de971dc78cfd1 + home: https://bitnami.com + icon: https://bitnami.com/downloads/logos/bitnami-mark.png + keywords: + - common + - helper + - template + - function + - bitnami + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: common + sources: + - https://github.com/bitnami/charts + type: library + urls: + - charts/common-2.19.0.tgz + version: 2.19.0 + mariadb: + - annotations: + category: Database + images: | + - name: mariadb + image: docker.io/bitnami/mariadb:11.2.3-debian-12-r4 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-12-r8 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 11.2.3 + created: "2024-04-15T08:17:31.2084884+02:00" + dependencies: + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 68baeb5bed0d05469e805fff6745b68ddd77a585033a0d03fcc90ab108677529 + home: https://bitnami.com + icon: https://bitnami.com/assets/stacks/mariadb/img/mariadb-stack-220x234.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mariadb + urls: + - charts/mariadb-16.5.0.tgz + version: 16.5.0 + memcached: + - annotations: + category: Infrastructure + images: | + - name: memcached + image: docker.io/bitnami/memcached:1.6.24-debian-12-r0 + - name: memcached-exporter + image: docker.io/bitnami/memcached-exporter:0.14.2-debian-12-r10 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 1.6.24 + created: "2024-04-15T08:17:31.213548+02:00" + dependencies: + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x + description: Memcached is an high-performance, distributed memory object caching + system, generic in nature, but intended for use in speeding up dynamic web applications + by alleviating database load. + digest: 729aa0fc402dcc3eb493028ef124a744f907b8dba997519bb7dea588703a3c5f + home: https://bitnami.com + icon: https://bitnami.com/assets/stacks/memcached/img/memcached-stack-220x234.png + keywords: + - memcached + - cache + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: memcached + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/memcached + urls: + - charts/memcached-6.14.0.tgz + version: 6.14.0 + wordpress: + - annotations: + category: CMS + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r8 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r16 + - name: wordpress + image: docker.io/bitnami/wordpress:6.4.3-debian-12-r20 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.4.3 + created: "2024-04-15T08:17:31.201694+02:00" + dependencies: + - condition: memcached.enabled + name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.x.x + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 13bb5d3f211ed22015c505a6d6508eabdf6f7bcb1e45f462362b0c5c870ffebf + home: https://bitnami.com + icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - wordpress-20.1.2.tgz + version: 20.1.2 +generated: "2024-04-15T08:17:31.1874317+02:00" diff --git a/charts/wordpress-new-start/templates/NOTES.txt b/charts/wordpress-new-start/templates/NOTES.txt new file mode 100644 index 0000000..722c965 --- /dev/null +++ b/charts/wordpress-new-start/templates/NOTES.txt @@ -0,0 +1,96 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/wordpress/entrypoint.sh /opt/bitnami/scripts/apache/run.sh + +{{- else }} + +Your WordPress site can be accessed through the following DNS name from within your cluster: + + {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.ports.http }}) + +To access your WordPress site from outside the cluster follow the steps below: + +{{- if .Values.ingress.enabled }} + +1. Get the WordPress URL and associate WordPress hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "WordPress URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} +{{- $port := .Values.service.ports.http | toString }} + +1. Get the WordPress URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "WordPress URL: http://$NODE_IP:$NODE_PORT/" + echo "WordPress Admin URL: http://$NODE_IP:$NODE_PORT/admin" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "WordPress URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}/" + echo "WordPress Admin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}/admin" + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.http }}:{{ .Values.service.ports.http }} & + echo "WordPress URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}//" + echo "WordPress Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}//admin" + +{{- end }} +{{- end }} + +2. Open a browser and access WordPress using the obtained URL. + +3. Login with the following credentials below to see your blog: + + echo Username: {{ .Values.wordpressUsername }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.wordpress-password}" | base64 -d) + +{{- if .Values.metrics.enabled }} + +You can access Apache Prometheus metrics following the steps below: + +1. Get the Apache Prometheus metrics URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Apache Prometheus metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +2. Open a browser and access Apache Prometheus metrics using the obtained URL. + +{{- end }} +{{- end }} + +{{- include "wordpress.validateValues" . }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "volumePermissions") "context" $) }} diff --git a/charts/wordpress-new-start/templates/_helpers.tpl b/charts/wordpress-new-start/templates/_helpers.tpl new file mode 100644 index 0000000..7483623 --- /dev/null +++ b/charts/wordpress-new-start/templates/_helpers.tpl @@ -0,0 +1,286 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "wordpress.mariadb.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "mariadb" "chartValues" .Values.mariadb "context" $) -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "wordpress.memcached.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "memcached" "chartValues" .Values.memcached "context" $) -}} +{{- end -}} + +{{/* +Return the proper WordPress image name +*/}} +{{- define "wordpress.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "wordpress.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "wordpress.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "wordpress.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "wordpress.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wordpress.customHTAccessCM" -}} +{{- printf "%s" .Values.customHTAccessCM -}} +{{- end -}} + +{{/* +Return the WordPress configuration secret +*/}} +{{- define "wordpress.configSecretName" -}} +{{- if .Values.existingWordPressConfigurationSecret -}} + {{- printf "%s" (tpl .Values.existingWordPressConfigurationSecret $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for WordPress configuration +*/}} +{{- define "wordpress.createConfigSecret" -}} +{{- if and .Values.wordpressConfiguration (not .Values.existingWordPressConfigurationSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the WordPress Apache configuration configmap +*/}} +{{- define "wordpress.apache.configmapName" -}} +{{- if .Values.existingApacheConfigurationConfigMap -}} + {{- printf "%s" (tpl .Values.existingApacheConfigurationConfigMap $) -}} +{{- else -}} + {{- printf "%s-apache-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for Apache configuration +*/}} +{{- define "wordpress.apache.createConfigmap" -}} +{{- if and .Values.apacheConfiguration (not .Values.existingApacheConfigurationConfigMap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Hostname +*/}} +{{- define "wordpress.databaseHost" -}} +{{- if .Values.mariadb.enabled }} + {{- if eq .Values.mariadb.architecture "replication" }} + {{- printf "%s-primary" (include "wordpress.mariadb.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} + {{- end -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.host -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Port +*/}} +{{- define "wordpress.databasePort" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "3306" -}} +{{- else -}} + {{- printf "%d" (.Values.externalDatabase.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Database Name +*/}} +{{- define "wordpress.databaseName" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" .Values.mariadb.auth.database -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.database -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB User +*/}} +{{- define "wordpress.databaseUser" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" .Values.mariadb.auth.username -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Secret Name +*/}} +{{- define "wordpress.databaseSecretName" -}} +{{- if .Values.mariadb.enabled }} + {{- if .Values.mariadb.auth.existingSecret -}} + {{- printf "%s" .Values.mariadb.auth.existingSecret -}} + {{- else -}} + {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} + {{- end -}} +{{- else if .Values.externalDatabase.existingSecret -}} + {{- include "common.tplvalues.render" (dict "value" .Values.externalDatabase.existingSecret "context" $) -}} +{{- else -}} + {{- printf "%s-externaldb" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Memcached Hostname +*/}} +{{- define "wordpress.cacheHost" -}} +{{- if .Values.memcached.enabled }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- printf "%s.%s.svc.%s" (include "wordpress.memcached.fullname" .) $releaseNamespace $clusterDomain -}} +{{- else -}} + {{- printf "%s" .Values.externalCache.host -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Memcached Port +*/}} +{{- define "wordpress.cachePort" -}} +{{- if .Values.memcached.enabled }} + {{- printf "11211" -}} +{{- else -}} + {{- printf "%d" (.Values.externalCache.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the WordPress Secret Name +*/}} +{{- define "wordpress.secretName" -}} +{{- if .Values.existingSecret }} + {{- printf "%s" .Values.existingSecret -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the SMTP Secret Name +*/}} +{{- define "wordpress.smtpSecretName" -}} +{{- if .Values.smtpExistingSecret }} + {{- printf "%s" .Values.smtpExistingSecret -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "wordpress.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "wordpress.validateValues.configuration" .) -}} +{{- $messages := append $messages (include "wordpress.validateValues.htaccess" .) -}} +{{- $messages := append $messages (include "wordpress.validateValues.database" .) -}} +{{- $messages := append $messages (include "wordpress.validateValues.cache" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of WordPress - Custom wp-config.php +*/}} +{{- define "wordpress.validateValues.configuration" -}} +{{- if and (or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret) (not .Values.wordpressSkipInstall) -}} +wordpress: wordpressConfiguration + You are trying to use a wp-config.php file. This setup is only supported + when skipping wizard installation (--set wordpressSkipInstall=true). +{{- end -}} +{{- end -}} + +{{/* +Validate values of WordPress - htaccess configuration +*/}} +{{- define "wordpress.validateValues.htaccess" -}} +{{- if and .Values.customHTAccessCM .Values.allowOverrideNone -}} +wordpress: customHTAccessCM + You are trying to use custom htaccess rules but Apache was configured + to prohibit overriding directives with htaccess files. To use this feature, + allow overriding Apache directives (--set allowOverrideNone=false). +{{- end -}} +{{- end -}} + +{{/* Validate values of WordPress - Database */}} +{{- define "wordpress.validateValues.database" -}} +{{- if and (not .Values.mariadb.enabled) (or (empty .Values.externalDatabase.host) (empty .Values.externalDatabase.port) (empty .Values.externalDatabase.database)) -}} +wordpress: database + You disable the MariaDB installation but you did not provide the required parameters + to use an external database. To use an external database, please ensure you provide + (at least) the following values: + + externalDatabase.host=DB_SERVER_HOST + externalDatabase.database=DB_NAME + externalDatabase.port=DB_SERVER_PORT +{{- end -}} +{{- end -}} + +{{/* Validate values of WordPress - Cache */}} +{{- define "wordpress.validateValues.cache" -}} +{{- if and .Values.wordpressConfigureCache (not .Values.memcached.enabled) (or (empty .Values.externalCache.host) (empty .Values.externalCache.port)) -}} +wordpress: cache + You enabled cache via W3 Total Cache without but you did not enable the Memcached + installation nor you did provided the required parameters to use an external cache server. + Please enable the Memcached installation (--set memcached.enabled=true) or + provide the external cache server values: + + externalCache.host=CACHE_SERVER_HOST + externalCache.port=CACHE_SERVER_PORT +{{- end -}} +{{- end -}} diff --git a/charts/wordpress-new-start/templates/config-secret.yaml b/charts/wordpress-new-start/templates/config-secret.yaml new file mode 100644 index 0000000..9dff348 --- /dev/null +++ b/charts/wordpress-new-start/templates/config-secret.yaml @@ -0,0 +1,18 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "wordpress.createConfigSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + wp-config.php: {{ .Values.wordpressConfiguration | b64enc }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/deployment.yaml b/charts/wordpress-new-start/templates/deployment.yaml new file mode 100644 index 0000000..720d8fa --- /dev/null +++ b/charts/wordpress-new-start/templates/deployment.yaml @@ -0,0 +1,389 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + {{- if or .Values.podAnnotations .Values.metrics.enabled (include "wordpress.createConfigSecret" .) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if (include "wordpress.createConfigSecret" .) }} + checksum/config-secret: {{ include (print $.Template.BasePath "/config-secret.yaml") . | sha256sum }} + {{- end }} + {{- end }} + spec: + {{- include "wordpress.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- if .Values.hostAliases }} + # yamllint disable rule:indentation + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "wordpress.serviceAccountName" .}} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if or (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) (.Values.initContainers) }} + initContainers: + {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: "{{ include "wordpress.volumePermissions.image" . }}" + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p /bitnami/wordpress + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + find /bitnami/wordpress -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R $(id -u):$(id -G | cut -d " " -f2) + {{- else }} + find /bitnami/wordpress -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto " }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/wordpress + name: wordpress-data + subPath: wordpress + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: wordpress + image: {{ include "wordpress.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" ( dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" ( dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} + - name: WORDPRESS_SKIP_BOOTSTRAP + value: {{ ternary "yes" "no" .Values.wordpressSkipInstall | quote }} + {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} + # Override the default data to persist omiting wp-config.php from the list since + # it is mounted as a read-only file from a Secret + - name: WORDPRESS_DATA_TO_PERSIST + value: "wp-content" + {{- else }} + - name: MARIADB_HOST + value: {{ include "wordpress.databaseHost" . | quote }} + - name: MARIADB_PORT_NUMBER + value: {{ include "wordpress.databasePort" . | quote }} + - name: WORDPRESS_DATABASE_NAME + value: {{ include "wordpress.databaseName" . | quote }} + - name: WORDPRESS_DATABASE_USER + value: {{ include "wordpress.databaseUser" . | quote }} + - name: WORDPRESS_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.databaseSecretName" . }} + key: mariadb-password + - name: WORDPRESS_USERNAME + value: {{ .Values.wordpressUsername | quote }} + - name: WORDPRESS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.secretName" . }} + key: wordpress-password + - name: WORDPRESS_EMAIL + value: {{ .Values.wordpressEmail | quote }} + - name: WORDPRESS_FIRST_NAME + value: {{ .Values.wordpressFirstName | quote }} + - name: WORDPRESS_LAST_NAME + value: {{ .Values.wordpressLastName | quote }} + - name: WORDPRESS_HTACCESS_OVERRIDE_NONE + value: {{ ternary "yes" "no" .Values.allowOverrideNone | quote }} + - name: WORDPRESS_ENABLE_HTACCESS_PERSISTENCE + value: {{ ternary "yes" "no" .Values.htaccessPersistenceEnabled | quote }} + - name: WORDPRESS_BLOG_NAME + value: {{ .Values.wordpressBlogName | quote }} + - name: WORDPRESS_TABLE_PREFIX + value: {{ .Values.wordpressTablePrefix | quote }} + - name: WORDPRESS_SCHEME + value: {{ .Values.wordpressScheme | quote }} + - name: WORDPRESS_EXTRA_WP_CONFIG_CONTENT + value: {{ .Values.wordpressExtraConfigContent | quote }} + - name: WORDPRESS_PLUGINS + value: {{ join "," .Values.wordpressPlugins | quote }} + - name: WORDPRESS_OVERRIDE_DATABASE_SETTINGS + value: {{ ternary "yes" "no" .Values.overrideDatabaseSettings | quote }} + {{- end }} + {{- if .Values.multisite.enable }} + - name: WORDPRESS_ENABLE_MULTISITE + value: "yes" + - name: WORDPRESS_MULTISITE_HOST + value: {{ .Values.multisite.host | quote }} + - name: WORDPRESS_MULTISITE_EXTERNAL_HTTP_PORT_NUMBER + value: {{ .Values.service.ports.http | quote }} + - name: WORDPRESS_MULTISITE_EXTERNAL_HTTPS_PORT_NUMBER + value: {{ .Values.service.ports.https | quote }} + - name: WORDPRESS_MULTISITE_NETWORK_TYPE + value: {{ .Values.multisite.networkType | quote }} + - name: WORDPRESS_MULTISITE_ENABLE_NIP_IO_REDIRECTION + value: {{ ternary "yes" "no" .Values.multisite.enableNipIoRedirect | quote }} + {{- end }} + {{- if .Values.smtpHost }} + - name: SMTP_HOST + value: {{ .Values.smtpHost | quote }} + {{- end }} + {{- if .Values.smtpPort }} + - name: SMTP_PORT + value: {{ .Values.smtpPort | quote }} + {{- end }} + {{- if .Values.smtpUser }} + - name: SMTP_USER + value: {{ .Values.smtpUser | quote }} + {{- end }} + {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.smtpSecretName" . }} + key: smtp-password + {{- end }} + {{- if .Values.smtpProtocol }} + - name: SMTP_PROTOCOL + value: {{ .Values.smtpProtocol | quote }} + {{- end }} + - name: APACHE_HTTP_PORT_NUMBER + value: {{ .Values.containerPorts.http | quote }} + - name: APACHE_HTTPS_PORT_NUMBER + value: {{ .Values.containerPorts.https | quote }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + - name: https + containerPort: {{ .Values.containerPorts.https }} + {{- if .Values.extraContainerPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/wordpress + name: wordpress-data + subPath: wordpress + {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} + - name: wordpress-config + mountPath: /opt/bitnami/wordpress/wp-config.php + subPath: wp-config.php + {{- end }} + {{- if or .Values.apacheConfiguration .Values.existingApacheConfigurationConfigMap }} + - name: apache-config + mountPath: /opt/bitnami/apache/conf/httpd.conf + subPath: httpd.conf + {{- end }} + {{- if and (not .Values.allowOverrideNone) .Values.customHTAccessCM }} + - mountPath: /opt/bitnami/apache/conf/vhosts/htaccess + name: custom-htaccess + {{- end }} + {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} + - mountPath: /docker-entrypoint-init.d + name: custom-postinit + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "wordpress.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/apache_exporter + - --scrape_uri + - http://status.localhost:8080/server-status/?auto + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.metrics }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} + - name: wordpress-config + secret: + secretName: {{ include "wordpress.configSecretName" . }} + defaultMode: 0644 + {{- end }} + {{- if or .Values.apacheConfiguration .Values.existingApacheConfigurationConfigMap }} + - name: apache-config + configMap: + name: {{ include "wordpress.apache.configmapName" . }} + defaultMode: 0644 + {{- end }} + {{- if and (not .Values.allowOverrideNone) .Values.customHTAccessCM }} + - name: custom-htaccess + configMap: + name: {{ include "wordpress.customHTAccessCM" . }} + items: + - key: wordpress-htaccess.conf + path: wordpress-htaccess.conf + {{- end }} + {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} + - name: custom-postinit + configMap: + name: {{ printf "%s-postinit" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- end }} + - name: wordpress-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/wordpress-new-start/templates/externaldb-secrets.yaml b/charts/wordpress-new-start/templates/externaldb-secrets.yaml new file mode 100644 index 0000000..ae5edb1 --- /dev/null +++ b/charts/wordpress-new-start/templates/externaldb-secrets.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/extra-list.yaml b/charts/wordpress-new-start/templates/extra-list.yaml new file mode 100644 index 0000000..2d35a58 --- /dev/null +++ b/charts/wordpress-new-start/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/hpa.yaml b/charts/wordpress-new-start/templates/hpa.yaml new file mode 100644 index 0000000..2426dd2 --- /dev/null +++ b/charts/wordpress-new-start/templates/hpa.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "common.names.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/httpd-configmap.yaml b/charts/wordpress-new-start/templates/httpd-configmap.yaml new file mode 100644 index 0000000..30a434a --- /dev/null +++ b/charts/wordpress-new-start/templates/httpd-configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "wordpress.apache.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-apache-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + httpd.conf: |- + {{- .Values.apacheConfiguration | nindent 4 }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/ingress.yaml b/charts/wordpress-new-start/templates/ingress.yaml new file mode 100644 index 0000000..3fe25b4 --- /dev/null +++ b/charts/wordpress-new-start/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ tpl .Values.ingress.hostname $ | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ tpl .Values.ingress.hostname $ | quote }} + {{- if or (.Values.ingress.tlsWwwPrefix) (eq (index .Values.ingress.annotations "nginx.ingress.kubernetes.io/from-to-www-redirect") "true" ) }} + - {{ printf "www.%s" (tpl .Values.ingress.hostname $) | quote }} + {{- end }} + secretName: {{ printf "%s-tls" (tpl .Values.ingress.hostname $) }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/metrics-svc.yaml b/charts/wordpress-new-start/templates/metrics-svc.yaml new file mode 100644 index 0000000..1731ac3 --- /dev/null +++ b/charts/wordpress-new-start/templates/metrics-svc.yaml @@ -0,0 +1,27 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: metrics + port: {{ .Values.metrics.service.ports.metrics }} + protocol: TCP + targetPort: metrics + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/networkpolicy-backend-ingress.yaml b/charts/wordpress-new-start/templates/networkpolicy-backend-ingress.yaml new file mode 100644 index 0000000..7133256 --- /dev/null +++ b/charts/wordpress-new-start/templates/networkpolicy-backend-ingress.yaml @@ -0,0 +1,30 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-backend" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- if .Values.networkPolicy.ingressRules.customBackendSelector }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }} + {{- else }} + app.kubernetes.io/name: mariadb + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + ingress: + - from: + - podSelector: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/networkpolicy-egress.yaml b/charts/wordpress-new-start/templates/networkpolicy-egress.yaml new file mode 100644 index 0000000..9c8a442 --- /dev/null +++ b/charts/wordpress-new-start/templates/networkpolicy-egress.yaml @@ -0,0 +1,35 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - to: + - namespaceSelector: {} + {{- end }} + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/networkpolicy-ingress.yaml b/charts/wordpress-new-start/templates/networkpolicy-ingress.yaml new file mode 100644 index 0000000..c05c1e6 --- /dev/null +++ b/charts/wordpress-new-start/templates/networkpolicy-ingress.yaml @@ -0,0 +1,63 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + ingress: + {{- if and .Values.ingress.enabled .Values.networkPolicy.ingress.enabled (or .Values.networkPolicy.ingress.namespaceSelector .Values.networkPolicy.ingress.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingress.namespaceSelector }} + - namespaceSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingress.podSelector }} + - podSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.podSelector "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} + - from: + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.metrics.podSelector }} + - podSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector }} + - podSelector: + matchLabels: + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/pdb.yaml b/charts/wordpress-new-start/templates/pdb.yaml new file mode 100644 index 0000000..07c3777 --- /dev/null +++ b/charts/wordpress-new-start/templates/pdb.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/postinit-configmap.yaml b/charts/wordpress-new-start/templates/postinit-configmap.yaml new file mode 100644 index 0000000..48f8b63 --- /dev/null +++ b/charts/wordpress-new-start/templates/postinit-configmap.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-postinit" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- if .Values.wordpressConfigureCache }} + {{- $memcachedFullname := include "wordpress.cacheHost" . }} + {{- $memcachedPort := include "wordpress.cachePort" . | int }} + 00-configure-w3-total-cache.sh: |- + #!/bin/bash + + # Add permissions to edit wp-config.php + chmod +w /bitnami/wordpress/wp-config.php + + # Activate W3 Total Cache pairs + wp plugin activate w3-total-cache + wp total-cache fix_environment + + # Choose 'Memcached' as database and object cache method + wp total-cache option set dbcache.engine memcached --type=string + wp total-cache option set objectcache.engine memcached --type=string + wp total-cache flush all + wp total-cache option set dbcache.memcached.servers {{ $memcachedFullname }}:{{ $memcachedPort }} --type=string + wp total-cache option set dbcache.enabled true --type=boolean + wp total-cache option set objectcache.memcached.servers {{ $memcachedFullname }}:{{ $memcachedPort }} --type=string + wp total-cache option set objectcache.enabled true --type=boolean + wp total-cache flush all + + # Revoke permissions to edit wp-config.php + chmod a-w /bitnami/wordpress/wp-config.php + {{- end }} + {{- if .Values.customPostInitScripts }} + {{- include "common.tplvalues.render" (dict "value" .Values.customPostInitScripts "context" $) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/pvc.yaml b/charts/wordpress-new-start/templates/pvc.yaml new file mode 100644 index 0000000..9d4f62f --- /dev/null +++ b/charts/wordpress-new-start/templates/pvc.yaml @@ -0,0 +1,36 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- if not (empty .Values.persistence.accessModes) }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- else }} + - {{ .Values.persistence.accessMode | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }} + {{- end -}} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/secrets.yaml b/charts/wordpress-new-start/templates/secrets.yaml new file mode 100644 index 0000000..22e6a04 --- /dev/null +++ b/charts/wordpress-new-start/templates/secrets.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not .Values.existingSecret }} + wordpress-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "wordpress-password" "providedValues" (list "wordpressPassword") "context" $) }} + {{- end }} + {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} + {{- if .Values.smtpPassword }} + smtp-password: {{ .Values.smtpPassword | b64enc | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/templates/serviceaccount.yaml b/charts/wordpress-new-start/templates/serviceaccount.yaml new file mode 100644 index 0000000..0ee982a --- /dev/null +++ b/charts/wordpress-new-start/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "wordpress.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end -}} diff --git a/charts/wordpress-new-start/templates/servicemonitor.yaml b/charts/wordpress-new-start/templates/servicemonitor.yaml new file mode 100644 index 0000000..e0aa8a9 --- /dev/null +++ b/charts/wordpress-new-start/templates/servicemonitor.yaml @@ -0,0 +1,43 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: metrics +{{- end }} diff --git a/charts/wordpress-new-start/templates/svc.yaml b/charts/wordpress-new-start/templates/svc.yaml new file mode 100644 index 0000000..b8739e1 --- /dev/null +++ b/charts/wordpress-new-start/templates/svc.yaml @@ -0,0 +1,59 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: https + port: {{ .Values.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.service.httpsTargetPort }} + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/wordpress-new-start/templates/tls-secrets.yaml b/charts/wordpress-new-start/templates/tls-secrets.yaml new file mode 100644 index 0000000..728ab58 --- /dev/null +++ b/charts/wordpress-new-start/templates/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} +{{- $ca := genCA "wordpress-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/wordpress-new-start/values.schema.json b/charts/wordpress-new-start/values.schema.json new file mode 100644 index 0000000..2651fae --- /dev/null +++ b/charts/wordpress-new-start/values.schema.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "ingress": { + "type": "object", + "form": true, + "title": "Ingress Details", + "properties": { + "enabled": { + "description": "Enable Ingress", + "type": "boolean", + "default": true, + "x-onyxia": { + "hidden": false, + "overwriteDefaultWith": "k8s.ingress" + } + }, + "hostname": { + "type": "string", + "form": true, + "title": "Hostname", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{project.id}}-{{k8s.randomSubdomain}}-0.{{k8s.domain}}" + } + } + } + } + } +} diff --git a/charts/wordpress-new-start/values.schema.json formated b/charts/wordpress-new-start/values.schema.json formated new file mode 100644 index 0000000..a25d193 --- /dev/null +++ b/charts/wordpress-new-start/values.schema.json formated @@ -0,0 +1,175 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "wordpress": { + "wordpressUsername": { + "type": "string", + "title": "Username", + "form": true + }, + "wordpressPassword": { + "type": "string", + "title": "Password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set" + }, + "wordpressEmail": { + "type": "string", + "title": "Admin email", + "form": true + }, + "wordpressBlogName": { + "type": "string", + "title": "Blog Name", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + } + }, + "mariadb": { + "type": "object", + "title": "MariaDB Details", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Use a new MariaDB database hosted in the cluster", + "form": true, + "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details" + }, + "primary": { + "type": "object", + "properties": { + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + } + } + } + } + }, + "ingress": { + "type": "object", + "form": true, + "title": "Ingress Configuration", + "properties": { + "enabled": { + "description": "Enable Ingress", + "type": "boolean", + "default": true, + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "k8s.ingress" + } + }, + "hostname": { + "type": "string", + "form": true, + "title": "Hostname", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{project.id}}-{{k8s.randomSubdomain}}-0.{{k8s.domain}}" + } + } + }, + "tls": { + "type": "boolean", + "form": true, + "title": "Create a TLS secret", + "hidden": { + "value": false, + "path": "ingress/enabled" + } + } + } + }, + "service": { + "type": "object", + "form": true, + "title": "Service Configuration", + "properties": { + "type": { + "type": "string", + "form": true, + "title": "Service Type", + "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Metrics", + "description": "Prometheus Exporter / Metrics", + "form": true + } + } + } +} \ No newline at end of file diff --git a/charts/wordpress-new-start/values.yaml b/charts/wordpress-new-start/values.yaml new file mode 100644 index 0000000..eaf34f9 --- /dev/null +++ b/charts/wordpress-new-start/values.yaml @@ -0,0 +1,1264 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed resources +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed resources +## +commonAnnotations: {} +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity +## @section WordPress Image parameters +## + +## Bitnami WordPress image +## ref: https://hub.docker.com/r/bitnami/wordpress/tags/ +## @param image.registry [default: REGISTRY_NAME] WordPress image registry +## @param image.repository [default: REPOSITORY_NAME/wordpress] WordPress image repository +## @skip image.tag WordPress image tag (immutable tags are recommended) +## @param image.digest WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy WordPress image pull policy +## @param image.pullSecrets WordPress image pull secrets +## @param image.debug Specify if debug values should be set +## +image: + registry: docker.io + repository: bitnami/wordpress + tag: 6.4.3-debian-12-r20 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## @section WordPress Configuration parameters +## WordPress settings based on environment variables +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#environment-variables +## + +## @param wordpressUsername WordPress username +## +wordpressUsername: user +## @param wordpressPassword WordPress user password +## Defaults to a random 10-character alphanumeric string if not set +## +wordpressPassword: "" +## @param existingSecret Name of existing secret containing WordPress credentials +## NOTE: Must contain key `wordpress-password` +## NOTE: When it's set, the `wordpressPassword` parameter is ignored +## +existingSecret: "" +## @param wordpressEmail WordPress user email +## +wordpressEmail: user@example.com +## @param wordpressFirstName WordPress user first name +## +wordpressFirstName: FirstName +## @param wordpressLastName WordPress user last name +## +wordpressLastName: LastName +## @param wordpressBlogName Blog name +## +wordpressBlogName: User's Blog! +## @param wordpressTablePrefix Prefix to use for WordPress database tables +## +wordpressTablePrefix: wp_ +## @param wordpressScheme Scheme to use to generate WordPress URLs +## +wordpressScheme: http +## @param wordpressSkipInstall Skip wizard installation +## NOTE: useful if you use an external database that already contains WordPress data +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#connect-wordpress-docker-container-to-an-existing-database +## +wordpressSkipInstall: false +## @param wordpressExtraConfigContent Add extra content to the default wp-config.php file +## e.g: +## wordpressExtraConfigContent: | +## @ini_set( 'post_max_size', '128M'); +## @ini_set( 'memory_limit', '256M' ); +## +wordpressExtraConfigContent: "" +## @param wordpressConfiguration The content for your custom wp-config.php file (advanced feature) +## NOTE: This will override configuring WordPress based on environment variables (including those set by the chart) +## NOTE: Currently only supported when `wordpressSkipInstall=true` +## +wordpressConfiguration: "" +## @param existingWordPressConfigurationSecret The name of an existing secret with your custom wp-config.php file (advanced feature) +## NOTE: When it's set the `wordpressConfiguration` parameter is ignored +## +existingWordPressConfigurationSecret: "" +## @param wordpressConfigureCache Enable W3 Total Cache plugin and configure cache settings +## NOTE: useful if you deploy Memcached for caching database queries or you use an external cache server +## +wordpressConfigureCache: false +## @param wordpressPlugins Array of plugins to install and activate. Can be specified as `all` or `none`. +## NOTE: If set to all, only plugins that are already installed will be activated, and if set to none, no plugins will be activated +## +wordpressPlugins: none +## @param apacheConfiguration The content for your custom httpd.conf file (advanced feature) +## +apacheConfiguration: "" +## @param existingApacheConfigurationConfigMap The name of an existing secret with your custom httpd.conf file (advanced feature) +## NOTE: When it's set the `apacheConfiguration` parameter is ignored +## +existingApacheConfigurationConfigMap: "" +## @param customPostInitScripts Custom post-init.d user scripts +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress +## NOTE: supported formats are `.sh`, `.sql` or `.php` +## NOTE: scripts are exclusively executed during the 1st boot of the container +## e.g: +## customPostInitScripts: +## enable-multisite.sh: | +## #!/bin/bash +## chmod +w /bitnami/wordpress/wp-config.php +## wp core multisite-install --url=example.com --title="Welcome to the WordPress Multisite" --admin_user="doesntmatternotreallyused" --admin_password="doesntmatternotreallyused" --admin_email="user@example.com" +## cat /docker-entrypoint-init.d/.htaccess > /bitnami/wordpress/.htaccess +## chmod -w bitnami/wordpress/wp-config.php +## .htaccess: | +## RewriteEngine On +## RewriteBase / +## ... +## +customPostInitScripts: {} +## SMTP mail delivery configuration +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress/#smtp-configuration +## @param smtpHost SMTP server host +## @param smtpPort SMTP server port +## @param smtpUser SMTP username +## @param smtpPassword SMTP user password +## @param smtpProtocol SMTP protocol +## +smtpHost: "" +smtpPort: "" +smtpUser: "" +smtpPassword: "" +smtpProtocol: "" +## @param smtpExistingSecret The name of an existing secret with SMTP credentials +## NOTE: Must contain key `smtp-password` +## NOTE: When it's set, the `smtpPassword` parameter is ignored +## +smtpExistingSecret: "" +## @param allowEmptyPassword Allow the container to be started with blank passwords +## +allowEmptyPassword: true +## @param allowOverrideNone Configure Apache to prohibit overriding directives with htaccess files +## +allowOverrideNone: false +## @param overrideDatabaseSettings Allow overriding the database settings persisted in wp-config.php +## +overrideDatabaseSettings: false +## @param htaccessPersistenceEnabled Persist custom changes on htaccess files +## If `allowOverrideNone` is `false`, it will persist `/opt/bitnami/wordpress/wordpress-htaccess.conf` +## If `allowOverrideNone` is `true`, it will persist `/opt/bitnami/wordpress/.htaccess` +## +htaccessPersistenceEnabled: false +## @param customHTAccessCM The name of an existing ConfigMap with custom htaccess rules +## NOTE: Must contain key `wordpress-htaccess.conf` with the file content +## NOTE: Requires setting `allowOverrideNone=false` +## +customHTAccessCM: "" +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param extraEnvVars Array with extra environment variables to add to the WordPress container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" +## @section WordPress Multisite Configuration parameters +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#multisite-configuration +## + +## @param multisite.enable Whether to enable WordPress Multisite configuration. +## @param multisite.host WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. +## @param multisite.networkType WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. +## @param multisite.enableNipIoRedirect Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. +## +multisite: + enable: false + host: "" + networkType: subdomain + enableNipIoRedirect: false +## @section WordPress deployment parameters +## + +## @param replicaCount Number of WordPress replicas to deploy +## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 +## +replicaCount: 1 +## @param updateStrategy.type WordPress deployment strategy type +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods +## e.g: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param schedulerName Alternate scheduler +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds In seconds, time given to the WordPress pod to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand +## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases [array] WordPress pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: + ## Required for Apache exporter to work + ## + - ip: "127.0.0.1" + hostnames: + - "status.localhost" +## @param extraVolumes Optionally specify extra list of additional volumes for WordPress pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for WordPress container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the WordPress pod +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional init containers to the WordPress pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/wordpress/wp-content. Should work with extraVolumeMounts and extraVolumes'] +## +initContainers: [] +## @param podLabels Extra labels for WordPress pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for WordPress pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## WordPress containers' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## Container ports +## @param containerPorts.http WordPress HTTP container port +## @param containerPorts.https WordPress HTTPS container port +## +containerPorts: + http: 8080 + https: 8443 +## @param extraContainerPorts Optionally specify extra list of additional ports for WordPress container(s) +## e.g: +## extraContainerPorts: +## - name: myservice +## containerPort: 9090 +## +extraContainerPorts: [] +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled WordPress pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## Configure extra options for WordPress containers' liveness, readiness and startup probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on WordPress containers +## @skip livenessProbe.httpGet +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + httpGet: + path: /wp-admin/install.php + port: '{{ .Values.wordpressScheme }}' + scheme: '{{ .Values.wordpressScheme | upper }}' + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## E.g. + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe on WordPress containers +## @skip readinessProbe.httpGet +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + httpGet: + path: /wp-login.php + port: '{{ .Values.wordpressScheme }}' + scheme: '{{ .Values.wordpressScheme | upper }}' + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## E.g. + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param startupProbe.enabled Enable startupProbe on WordPress containers +## @skip startupProbe.httpGet +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + httpGet: + path: /wp-login.php + port: '{{ .Values.wordpressScheme }}' + scheme: '{{ .Values.wordpressScheme | upper }}' + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## E.g. + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## @param lifecycleHooks for the WordPress container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @section Traffic Exposure Parameters +## + +## WordPress service parameters +## +service: + ## @param service.type WordPress service type + ## + type: LoadBalancer + ## @param service.ports.http WordPress service HTTP port + ## @param service.ports.https WordPress service HTTPS port + ## + ports: + http: 80 + https: 443 + ## @param service.httpsTargetPort Target port for HTTPS + ## + httpsTargetPort: https + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + https: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param service.clusterIP WordPress service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP WordPress service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges WordPress service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy WordPress service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for WordPress service + ## + annotations: {} + ## @param service.extraPorts Extra port to expose on WordPress service + ## + extraPorts: [] +## Configure the ingress resource that allows you to access the WordPress installation +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + enabled: true + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: mywordpress.lab.groupe-genes.fr + paths: + - path: / + pathType: ImplementationSpecific + ## @param ingress.enabled Enable ingress record generation for WordPress + ## + ## enabled: false + ## @param ingress.pathType Ingress path type + ## + ## pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress record. The hostname is templated and thus can contain other variable references. + ## + ## hostname: wordpress.local + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + ## path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + ## annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.tlsWwwPrefix Adds www subdomain to default cert + ## Creates tls host with ingress.hostname: {{ print "www.%s" .Values.ingress.hostname }} + ## Is enabled if "nginx.ingress.kubernetes.io/from-to-www-redirect" is "true" + tlsWwwPrefix: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record. The host names are templated and thus can contain other variable references. + ## e.g: + ## extraHosts: + ## - name: wordpress.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - wordpress.local + ## secretName: wordpress.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: wordpress.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: wordpress.local + ## http: + ## path: / + ## backend: + ## service: + ## name: wordpress-svc + ## port: + ## name: http + ## + extraRules: [] +## @section Persistence Parameters +## + +## Persistence Parameters +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param persistence.accessModes [array] Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) + ## + accessMode: ReadWriteOnce + ## @param persistence.size Persistent Volume size + ## + size: 10Gi + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r16 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + seLinuxOptions: null + runAsUser: 0 +## @section Other Parameters +## + +## WordPress Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for WordPress pod + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## WordPress Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## @param pdb.create Enable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable +## +pdb: + create: false + minAvailable: 1 + maxUnavailable: "" +## WordPress Autoscaling configuration +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## @param autoscaling.enabled Enable Horizontal POD autoscaling for WordPress +## @param autoscaling.minReplicas Minimum number of WordPress replicas +## @param autoscaling.maxReplicas Maximum number of WordPress replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPU: 50 + targetMemory: 50 +## @section Metrics Parameters +## + +## Prometheus Exporter / Metrics configuration +## +metrics: + ## @param metrics.enabled Start a sidecar prometheus exporter to expose metrics + ## + enabled: false + ## Bitnami Apache exporter image + ## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/ + ## @param metrics.image.registry [default: REGISTRY_NAME] Apache exporter image registry + ## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache exporter image repository + ## @skip metrics.image.tag Apache exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy Apache exporter image pull policy + ## @param metrics.image.pullSecrets Apache exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/apache-exporter + tag: 1.0.6-debian-12-r8 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.containerPorts.metrics Prometheus exporter container port + ## + containerPorts: + metrics: 9117 + ## Configure extra options for Prometheus exporter containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param metrics.livenessProbe.enabled Enable livenessProbe on Prometheus exporter containers + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on Prometheus exporter containers + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.startupProbe.enabled Enable startupProbe on Prometheus exporter containers + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## Prometheus exporter container's resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged + ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Prometheus exporter service parameters + ## + service: + ## @param metrics.service.ports.metrics Prometheus metrics service port + ## + ports: + metrics: 9150 + ## @param metrics.service.annotations [object] Additional custom annotations for Metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.containerPorts.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" +## @section NetworkPolicy parameters +## + +## Add networkpolicies +## +networkPolicy: + ## @param networkPolicy.enabled Enable network policies + ## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication + ## + enabled: false + ## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus) + ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. + ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. + ## + metrics: + enabled: false + ## e.g: + ## podSelector: + ## label: monitoring + ## + podSelector: {} + ## e.g: + ## namespaceSelector: + ## label: monitoring + ## + namespaceSelector: {} + ## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies + ## @param networkPolicy.ingress.namespaceSelector [object] Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. + ## @param networkPolicy.ingress.podSelector [object] Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. + ## + ingress: + enabled: false + ## e.g: + ## podSelector: + ## label: ingress + ## + podSelector: {} + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb) only accessible by testlink's pods. + ## @param networkPolicy.ingressRules.customBackendSelector [object] Backend selector labels. These labels will be used to identify the backend pods. + ## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes testlink only accessible from a particular origin + ## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access testlink. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector [object] Pods selector label that is allowed to access testlink. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.customRules [object] Custom network policy ingress rule + ## + ingressRules: + ## mariadb backend only can be accessed from testlink + ## + backendOnlyAccessibleByFrontend: false + ## Additional custom backend selector + ## e.g: + ## customBackendSelector: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customBackendSelector: {} + ## Allow only from the indicated: + ## + accessOnlyFrom: + enabled: false + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## e.g: + ## namespaceSelector: + ## label: access + ## + namespaceSelector: {} + ## custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} + ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). + ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule + ## + egressRules: + # Deny connections to external. This is not compatible with an external database. + denyConnectionsToExternal: false + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} +## @section Database Parameters +## + +## MariaDB chart configuration +## ref: https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml +## +mariadb: + ## @param mariadb.enabled Deploy a MariaDB server to satisfy the applications database requirements + ## To use an external database set this to false and configure the `externalDatabase.*` parameters + ## + enabled: true + ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` + ## + architecture: standalone + ## MariaDB Authentication parameters + ## @param mariadb.auth.rootPassword MariaDB root password + ## @param mariadb.auth.database MariaDB custom database + ## @param mariadb.auth.username MariaDB custom user name + ## @param mariadb.auth.password MariaDB custom user password + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run + ## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run + ## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run + ## + auth: + rootPassword: "" + database: bitnami_wordpress + username: bn_wordpress + password: "" + ## MariaDB Primary configuration + ## + primary: + ## MariaDB Primary Persistence parameters + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s) + ## @param mariadb.primary.persistence.storageClass Persistent Volume storage class + ## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes + ## @param mariadb.primary.persistence.size Persistent Volume size + ## + persistence: + enabled: true + storageClass: "" + accessModes: + - ReadWriteOnce + size: 8Gi +## External Database Configuration +## All of these values are only used if `mariadb.enabled=false` +## +externalDatabase: + ## @param externalDatabase.host External Database server host + ## + host: localhost + ## @param externalDatabase.port External Database server port + ## + port: 3306 + ## @param externalDatabase.user External Database username + ## + user: bn_wordpress + ## @param externalDatabase.password External Database user password + ## + password: "" + ## @param externalDatabase.database External Database database name + ## + database: bitnami_wordpress + ## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template + ## NOTE: Must contain key `mariadb-password` + ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored + ## + existingSecret: "" +## Memcached chart configuration +## ref: https://github.com/bitnami/charts/blob/main/bitnami/memcached/values.yaml +## +memcached: + ## @param memcached.enabled Deploy a Memcached server for caching database queries + ## + enabled: false + ## Authentication parameters + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/memcached#creating-the-memcached-admin-user + ## + auth: + ## @param memcached.auth.enabled Enable Memcached authentication + ## + enabled: false + ## @param memcached.auth.username Memcached admin user + ## + username: "" + ## @param memcached.auth.password Memcached admin password + ## + password: "" + ## @param memcached.auth.existingPasswordSecret Existing secret with Memcached credentials (must contain a value for `memcached-password` key) + ## + existingPasswordSecret: "" + ## Service parameters + ## + service: + ## @param memcached.service.port Memcached service port + ## + port: 11211 +## External Memcached Configuration +## All of these values are only used if `memcached.enabled=false` +## +externalCache: + ## @param externalCache.host External cache server host + ## + host: localhost + ## @param externalCache.port External cache server port + ## + port: 11211 diff --git a/charts/wordpress-new-start/wordpress-new-start-20.1.2.tgz b/charts/wordpress-new-start/wordpress-new-start-20.1.2.tgz new file mode 100644 index 0000000..17914cd Binary files /dev/null and b/charts/wordpress-new-start/wordpress-new-start-20.1.2.tgz differ diff --git a/charts/wordpress-new-start/wordpress-new-start-20.1.3.tgz b/charts/wordpress-new-start/wordpress-new-start-20.1.3.tgz new file mode 100644 index 0000000..8aca197 Binary files /dev/null and b/charts/wordpress-new-start/wordpress-new-start-20.1.3.tgz differ diff --git a/charts/wordpress-new-start/wordpress-new-start-20.1.4.tgz b/charts/wordpress-new-start/wordpress-new-start-20.1.4.tgz new file mode 100644 index 0000000..a9281dc Binary files /dev/null and b/charts/wordpress-new-start/wordpress-new-start-20.1.4.tgz differ diff --git a/charts/wordpress-new-start/wordpress-new-start-20.1.5.tgz b/charts/wordpress-new-start/wordpress-new-start-20.1.5.tgz new file mode 100644 index 0000000..4c3ff6f Binary files /dev/null and b/charts/wordpress-new-start/wordpress-new-start-20.1.5.tgz differ