Skip to content

Commit

Permalink
Update CA support (#3)
Browse files Browse the repository at this point in the history 
* Update ca support

* Update K8s API versions

* Update probes
  • Loading branch information
@stevehipwell
stevehipwell authored Feb 12, 2020
1 parent b989081 commit 9fdd7de
Show file tree
Hide file tree
Showing 16 changed files with 150 additions and 128 deletions.
2 changes: 1 addition & 1 deletion charts/confluence-server/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: confluence-server
version: 1.2.0
version: 1.3.0
appVersion: 7.3.1
description: Atlassian Confluence Server is where you create, organise and discuss work with your team. Capture the knowledge that's too often lost in email inboxes and shared network drives in Confluence - where it's easy to find, use, and update. Give every team, project, or department its own space to create the things they need, whether it's meeting notes, product requirements, file lists, or project plans, you can get more done in Confluence.
keywords:
Expand Down
91 changes: 44 additions & 47 deletions charts/confluence-server/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,7 @@ This chart bootstraps a [atlassian/confluence-server](https://hub.docker.com/r/a

## Prerequisites

- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
- Kubernetes 1.14+

## Installing the Chart

Expand All @@ -26,7 +24,7 @@ To install the chart with the release name `my-release`:
$ helm install --name my-release stable/confluence-server
```

The command deploys *Confluence Server* on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
The command deploys _Confluence Server_ on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

> **Tip**: List all releases using `helm list`
Expand All @@ -42,55 +40,54 @@ The command removes all the Kubernetes components associated with the chart and

## Configuration

The following table lists the configurable parameters of the *Confluence Server* chart and their default values.

| Parameter | Description | Default|
| --- | --- | --- |
| `image.repository` | Docker repository to use | `atlassian/confluence-server` |
| `image.tag` | Docker tag to use | `7.3.1` |
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
| `nameOverride` | String to partially override `confluence-server.fullname` template (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override `confluence-server.fullname` template | `nil` |
| `securityContext` | Security context for the *Confluence Server* container | `fsGroup: 2002`
| `service.type` | Type of service | `ClusterIP` |
| `service.port` | Service port | `8080` |
| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |
| `caCerts.key` | Key on the secret containing additional CA certificates | `nil` |
| `psql.host` | External *PostgreSQL* host to use (if this is set the additional `psql` values need to be set) | `nil` |
| `psql.port` | External *PostgreSQL* port | `nil` |
| `psql.database` | External *PostgreSQL* database | `nil` |
| `psql.username` | External *PostgreSQL* username | `nil` |
| `psql.password.secret` | Name of the secret containing the external *PostgreSQL* password | `nil` |
| `psql.password.key` | Key on the secret containing the external *PostgreSQL* password | `nil` |
| `envVars.jvmMinMemory` | JVM minimum memory | `384M` |
| `envVars.jvmMaxMemory` | JVM maximum memory | `768M` |
| `envVars.jvmMemoryOptions` | JVM memory options | `-XX:MaxMetaspaceSize=512m -XX:MaxDirectMemorySize=10m` |
| `envVars.synchronyMaxMemory` | Synchrony maximum memory | `0m` |
| `env` | List of environmental variable to apply to the deployment | `nil` |
| `persistence.enabled` | Create a volume (PVC) for storage | `false` |
| `persistence.existingClaim` | An existing PVC to use instead of creating a new one | `nil` |
| `persistence.accessMode` | The PVC access mode | `ReadWriteOnce` |
| `persistence.storageClass` | The PVC storage class (use `-` for default) | `standard` |
| `persistence.size` | The size of the PVC to create | `8Gi` |
| `podAnnotations` | Pod Annotations | `{}` |
| `resources` | Resource requests and limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `affinity` | Map of node/pod affinities | `{}` |
| `ingress.enabled` | Create an ingress | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` |
| `ingress.path` | Path for ingress rules | `/` |
| `ingress.hosts` | List of ingress hosts | `[]` |
| `ingress.tls` | List of TLS configurations (`ingress.tls[n].secretName`, `ingress.tls[n].hosts[m])` | `[]` |
| `postgresql.enabled` | Enable *PostgreSQL* sub chart | `false` |
The following table lists the configurable parameters of the _Confluence Server_ chart and their default values.

| Parameter | Description | Default |
| ---------------------------- | -------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
| `image.repository` | Docker repository to use | `atlassian/confluence-server` |
| `image.tag` | Docker tag to use | `7.3.1` |
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
| `nameOverride` | String to partially override `confluence-server.fullname` template (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override `confluence-server.fullname` template | `nil` |
| `securityContext` | Security context for the _Confluence Server_ container | `fsGroup: 2002` |
| `service.type` | Type of service | `ClusterIP` |
| `service.port` | Service port | `8080` |
| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |
| `psql.host` | External _PostgreSQL_ host to use (if this is set the additional `psql` values need to be set) | `nil` |
| `psql.port` | External _PostgreSQL_ port | `nil` |
| `psql.database` | External _PostgreSQL_ database | `nil` |
| `psql.username` | External _PostgreSQL_ username | `nil` |
| `psql.password.secret` | Name of the secret containing the external _PostgreSQL_ password | `nil` |
| `psql.password.key` | Key on the secret containing the external _PostgreSQL_ password | `nil` |
| `envVars.jvmMinMemory` | JVM minimum memory | `384M` |
| `envVars.jvmMaxMemory` | JVM maximum memory | `768M` |
| `envVars.jvmMemoryOptions` | JVM memory options | `-XX:MaxMetaspaceSize=512m -XX:MaxDirectMemorySize=10m` |
| `envVars.synchronyMaxMemory` | Synchrony maximum memory | `0m` |
| `env` | List of environmental variable to apply to the deployment | `nil` |
| `persistence.enabled` | Create a volume (PVC) for storage | `false` |
| `persistence.existingClaim` | An existing PVC to use instead of creating a new one | `nil` |
| `persistence.accessMode` | The PVC access mode | `ReadWriteOnce` |
| `persistence.storageClass` | The PVC storage class (use `-` for default) | `standard` |
| `persistence.size` | The size of the PVC to create | `8Gi` |
| `podAnnotations` | Pod Annotations | `{}` |
| `resources` | Resource requests and limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `affinity` | Map of node/pod affinities | `{}` |
| `ingress.enabled` | Create an ingress | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` |
| `ingress.path` | Path for ingress rules | `/` |
| `ingress.hosts` | List of ingress hosts | `[]` |
| `ingress.tls` | List of TLS configurations (`ingress.tls[n].secretName`, `ingress.tls[n].hosts[m])` | `[]` |
| `postgresql.enabled` | Enable _PostgreSQL_ sub chart | `false` |

## Database

By default the [atlassian/confluence-server](https://hub.docker.com/r/atlassian/confluence-server/) image will create a [H2](https://www.h2database.com/html/main.html) database for evaluation purposes, this should **NOT be used in production**. You can either allow this chart to create a [PostgreSQL](https://hub.docker.com/_/postgres) instance specifically for *Confluence Server* by specifying `postgresql.enabled` as `true` or you can use an external *PostgreSQL* instance by specifying the connection details on `psql`.
By default the [atlassian/confluence-server](https://hub.docker.com/r/atlassian/confluence-server/) image will create a [H2](https://www.h2database.com/html/main.html) database for evaluation purposes, this should **NOT be used in production**. You can either allow this chart to create a [PostgreSQL](https://hub.docker.com/_/postgres) instance specifically for _Confluence Server_ by specifying `postgresql.enabled` as `true` or you can use an external _PostgreSQL_ instance by specifying the connection details on `psql`.

## Persistence

The [atlassian/confluence-server](https://hub.docker.com/r/atlassian/confluence-server/) image stores the *Confluence Server* data and configurations at the `/var/atlassian/application-data/confluence` path in the container.
The [atlassian/confluence-server](https://hub.docker.com/r/atlassian/confluence-server/) image stores the _Confluence Server_ data and configurations at the `/var/atlassian/application-data/confluence` path in the container.

Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Configuration](#configuration) section to configure the PVC or to disable persistence.
21 changes: 11 additions & 10 deletions charts/confluence-server/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: apps/v1beta2
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "confluence-server.fullname" . }}
Expand Down Expand Up @@ -28,10 +28,11 @@ spec:
{{- if .Values.caCerts }}
initContainers:
- name: ca-certs
image: adoptopenjdk/openjdk8:alpine
image: adoptopenjdk/openjdk11:alpine
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/jre/lib/security/cacerts\" /var/atlassian/application-data/confluence/cacerts; keytool -importcert -file /var/atlassian/application-data/confluence/secrets/cas/{{ .Values.caCerts.key }} -alias {{ .Values.caCerts.key }} -keystore /var/atlassian/application-data/confluence/cacerts -storepass changeit -trustcacerts -noprompt;"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /var/atlassian/application-data/confluence/cacerts; for f in /var/atlassian/application-data/confluence/secrets/cas; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /var/atlassian/application-data/confluence/cacerts -storepass changeit -trustcacerts -noprompt; done;"]

volumeMounts:
- mountPath: /var/atlassian/application-data/confluence
name: {{ include "confluence-server.pvcname" . }}
Expand All @@ -53,19 +54,19 @@ spec:
- name: synchrony
containerPort: 8091
protocol: TCP
livenessProbe:
readinessProbe:
httpGet:
path: /
path: /status
port: http
initialDelaySeconds: 120
initialDelaySeconds: 300
periodSeconds: 30
failureThreshold: 6
timeoutSeconds: 10
readinessProbe:
livenessProbe:
httpGet:
path: /
path: /status
port: http
initialDelaySeconds: 120
initialDelaySeconds: 480
periodSeconds: 30
failureThreshold: 6
timeoutSeconds: 10
Expand All @@ -80,7 +81,7 @@ spec:
- name: JVM_SUPPORT_RECOMMENDED_ARGS
{{- if .Values.caCerts }}
value: {{ printf "-Djavax.net.ssl.trustStore=/var/atlassian/application-data/confluence/cacerts %s -Dsynchrony.memory.max=%s" .Values.envVars.jvmMemoryOptions .Values.envVars.synchronyMaxMemory | quote }}
{{ else }}
{{- else }}
value: {{ printf "%s -Dsynchrony.memory.max=%s" .Values.envVars.jvmMemoryOptions .Values.envVars.synchronyMaxMemory | quote }}
{{- end }}
{{- if .Values.ingress.enabled }}
Expand Down
2 changes: 1 addition & 1 deletion charts/confluence-server/templates/ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "confluence-server.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
Expand Down
1 change: 0 additions & 1 deletion charts/confluence-server/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ service:

# caCerts:
# secret: my-secret
# key: cacerts

## These settings are only required if you wish to use an existing postgresql instance
##
Expand Down
2 changes: 1 addition & 1 deletion charts/jira-software/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: jira-software
version: 1.2.1
version: 1.3.0
appVersion: 8.7.1
description: Atlassian Jira Software is built for every member of your software team to plan, track, and release great software.
keywords:
Expand Down
5 changes: 1 addition & 4 deletions charts/jira-software/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,7 @@ This chart bootstraps a [atlassian/jira-software](https://hub.docker.com/r/atlas

## Prerequisites

- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
- Kubernetes 1.14+

## Installing the Chart

Expand Down Expand Up @@ -54,7 +52,6 @@ The following table lists the configurable parameters of the _Jira Software_ cha
| `service.type` | Type of service | `ClusterIP` |
| `service.port` | Service port | `8080` |
| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |
| `caCerts.key` | Key on the secret containing additional CA certificates | `nil` |
| `psql.host` | External _PostgreSQL_ host to use (if this is set the additional `psql` values need to be set) | `nil` |
| `psql.port` | External _PostgreSQL_ port | `nil` |
| `psql.database` | External _PostgreSQL_ database | `nil` |
Expand Down
Loading

0 comments on commit 9fdd7de

Please sign in to comment.