diff --git a/charts/stable/snipe-it/Chart.yaml b/charts/stable/snipe-it/Chart.yaml index 48e2432a3d7..d7b9e4ef522 100644 --- a/charts/stable/snipe-it/Chart.yaml +++ b/charts/stable/snipe-it/Chart.yaml @@ -8,6 +8,10 @@ dependencies: name: mariadb repository: https://truecharts.org/ version: 2.0.7 +- condition: redis.enabled + name: redis + repository: https://truecharts.org + version: 2.0.6 description: "Open source asset management" home: https://github.com/truecharts/apps/tree/master/charts/stable/snipe-it icon: https://truecharts.org/_static/img/appicons/snipe-it.png @@ -25,7 +29,7 @@ name: snipe-it sources: - https://snipeitapp.com/ - https://hub.docker.com/r/linuxserver/ -version: 1.0.8 +version: 2.0.0 annotations: truecharts.org/catagories: | - management diff --git a/charts/stable/snipe-it/questions.yaml b/charts/stable/snipe-it/questions.yaml index 7c29ed5cac5..b9cab73da93 100644 --- a/charts/stable/snipe-it/questions.yaml +++ b/charts/stable/snipe-it/questions.yaml @@ -75,7 +75,473 @@ questions: - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" # Include{controllerExpert} - + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: APP_URL + label: "APP_URL" + description: "This is the url to your application, beginning with http:// or https:// (if you're running Snipe-IT over SSL). This should not have a trailing slash." + schema: + type: string + default: "" + required: true + - variable: APP_TRUSTED_PROXIES + label: "APP_TRUSTED_PROXIES" + description: "APP_TRUSTED_PROXIES" + schema: + type: string + default: "172.16.0.0/16" + required: true + - variable: APP_LOCALE + label: "APP_LOCALE" + description: "Set this to reflect the two-letter or 5-letter abbreviation for the language you'd like to use for Snipe-IT" + schema: + type: string + default: "en" + required: true + enum: + - value: "en" + description: "English (US)" + - value: "en-GB" + description: "English (UK)" + - value: "af" + description: "Afrikaans" + - value: "ar" + description: "Arabic" + - value: "bg" + description: "Bulgarian" + - value: "zh-CN" + description: "Chinese Simplified" + - value: "zh-TW" + description: "Chinese Traditional" + - value: "hr" + description: "Croatian" + - value: "cs" + description: "Czech" + - value: "da" + description: "Danish" + - value: "nl" + description: "Dutch" + - value: "et" + description: "Estonian" + - value: "fi" + description: "Finnish" + - value: "fr" + description: "French" + - value: "de" + description: "German" + - value: "el" + description: "Greek" + - value: "he" + description: "Hebrew" + - value: "hu" + description: "Hungarian" + - value: "id" + description: "Indonesian" + - value: "en-ID" + description: "English, Indonesia" + - value: "ga-IE" + description: "Irish" + - value: "it" + description: "Italian" + - value: "ja" + description: "Japanese" + - value: "ko" + description: "Korean" + - value: "lv" + description: "Latvian" + - value: "lt" + description: "Lithuanian" + - value: "ms" + description: "Malay" + - value: "mi" + description: "Maori" + - value: "mn" + description: "Mongolian" + - value: "no" + description: "Norwegian" + - value: "fa" + description: "Persian" + - value: "pl" + description: "Polish" + - value: "pt-PT" + description: "Portuguese" + - value: "pt-BR" + description: "Portuguese, Brazilian" + - value: "ro" + description: "Romanian" + - value: "ru" + description: "Russian" + - value: "es-ES" + description: "Spanish" + - value: "es-CO" + description: "Spanish, Colombia" + - value: "sv-SE" + description: "Swedish" + - value: "ta" + description: "Tamil" + - value: "tr" + description: "Turkish" + - value: "vi" + description: "Vietnamese" + - value: "zu" + description: "Zulu" + - variable: IMAGE_LIB + label: "IMAGE_LIB" + description: "GD Library or Imagemagick are required to generate barcodes for Snipe-IT" + schema: + type: string + default: "gd" + required: true + enum: + - value: "gd" + description: "GD Library" + - value: "imagick" + description: "ImageMagick" + - variable: sessionsettings + label: "Session Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: SESSION_LIFETIME + label: "SESSION_LIFETIME" + description: "Specify the time in minutes that the session should remain valid." + schema: + type: int + default: 30 + required: true + - variable: EXPIRE_ON_CLOSE + label: "EXPIRE_ON_CLOSE" + description: "Specify whether or not the logged in session should be expired when the user closes their browser window." + schema: + type: boolean + default: false + - variable: ENCRYPT + label: "ENCRYPT" + description: "Specify whether you wish to use encrypted cookies for your Snipe-IT sessions." + schema: + type: boolean + default: false + - variable: COOKIE_NAME + label: "COOKIE_NAME" + description: "If you are running multiple Snipe-IT installs, you should probably set this to a unique name for each one so that your browser doesn't get sessions confused." + schema: + type: string + default: "snipeit_session" + required: true + - variable: COOKIE_DOMAIN + label: "COOKIE_DOMAIN" + description: "Specify what domain name Snipe-IT should honor cookies from.should be set to whatever the domain name is of your Snipe-IT installation if you choose to use it." + schema: + type: string + default: "" + - variable: SECURE_COOKIES + label: "SECURE_COOKIES" + description: "By setting this option to true, session cookies will only be sent back to the server if the browser has a HTTPS connection." + schema: + type: boolean + default: false + - variable: API_TOKEN_EXPIRATION_YEARS + label: "API_TOKEN_EXPIRATION_YEARS" + description: "This sets how long the API tokens should be valid for." + schema: + type: int + default: 40 + required: true + - variable: loginsettings + label: "Login Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: LOGIN_MAX_ATTEMPTS + label: "LOGIN_MAX_ATTEMPTS" + description: "The maximum number of failed attempts allowed before the user is throttled." + schema: + type: int + default: 5 + required: true + - variable: LOGIN_LOCKOUT_DURATION + label: "LOGIN_LOCKOUT_DURATION" + description: " The duration (in seconds) that the user should be blocked from attempting to authenticate again." + schema: + type: int + default: 60 + required: true + - variable: miscsettings + label: "Misc Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: LOG + label: "LOG" + description: "Whether to use a single log file, or multiple date-based log files for your app error logs." + schema: + type: string + default: "daily" + required: true + enum: + - value: "single" + description: "Single File" + - value: "daily" + description: "Daily Files" + - variable: APP_LOG_MAX_FILES + label: "APP_LOG_MAX_FILES" + description: "Max number of daily app log files to retain." + schema: + type: int + default: 10 + required: true + - variable: ALLOW_IFRAMING + label: "ALLOW_IFRAMING" + description: "Set this to true if you need to run Snipe-IT within an iframe." + schema: + type: boolean + default: false + - variable: APP_ALLOW_INSECURE_HOSTS + label: "APP_ALLOW_INSECURE_HOSTS" + description: "Set this to this to true ONLY if you if you can’t make your APP_URL match the actual URL of your application, and your hosting environment is secure and not accessible to the outside world." + schema: + type: boolean + default: false + - variable: GOOGLE_MAPS_API + label: "GOOGLE_MAPS_API" + description: "Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages." + schema: + type: string + default: "" + - variable: LDAP_MEM_LIM + label: "LDAP_MEM_LIM" + description: "Memory limit for LDAP execution" + schema: + type: string + default: "500M" + required: true + - variable: LDAP_TIME_LIM + label: "LDAP_TIME_LIM" + description: "Time limit for LDAP execution" + schema: + type: int + default: 600 + required: true + - variable: API_THROTTLE_PER_MINUTE + label: "API_THROTTLE_PER_MINUTE" + description: "Number of requests to allow per minute." + schema: + type: int + default: 120 + required: true + - variable: ENABLE_HSTS + label: "ENABLE_HSTS" + description: "HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking." + schema: + type: boolean + default: false + - variable: ENABLE_CSP + label: "ENABLE_CSP" + description: "Disable the content security policy that restricts what scripts, images and styles can load." + schema: + type: boolean + default: false + - variable: CORS_ALLOWED_ORIGINS + label: "CORS_ALLOWED_ORIGINS" + schema: + type: string + default: "null" + - variable: REFERRER_POLICY + label: "REFERRER_POLICY" + description: "This is an additional security header that browsers use to determine whether they should report back URL referrer information." + schema: + type: string + default: "same-origin" + - variable: mailsettings + label: "Mail Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: MAIL_DRIVER + label: "MAIL_DRIVER" + description: "Specify the driver you would like to use." + schema: + type: string + default: "log" + enum: + - value: "log" + description: "log" + - value: "smtp" + description: "smtp" + - value: "mail" + description: "mail" + - value: "sendmail" + description: "sendmail" + - variable: MAIL_HOST + label: "MAIL_HOST" + description: "Specify the hostname for your outgoing mail server. Keep in mind that this server must be accessible from the server you're running Snipe-IT on." + schema: + type: string + default: "" + - variable: MAIL_PORT + label: "MAIL_PORT" + description: "Set the port number that your mail server expects to send from." + schema: + type: int + default: 587 + - variable: MAIL_USERNAME + label: "MAIL_USERNAME" + description: "Set the username of the authenticated user you'll be sending email as." + schema: + type: string + default: "" + - variable: MAIL_PASSWORD + label: "MAIL_PASSWORD" + description: "Set the password for the authenticated user you'll be sending as." + schema: + type: string + default: "" + private: true + - variable: MAIL_ENCRYPTION + label: "MAIL_ENCRYPTION" + description: "Here you may specify the encryption protocol that should be used when the application sends e-mail messages." + schema: + type: string + default: "null" + enum: + - value: "null" + description: "null" + - value: "tls" + description: "tls" + - value: "ssl" + description: "ssl" + - variable: MAIL_FROM_ADDR + label: "MAIL_FROM_ADDR" + description: "Specify an email address that is used globally for all e-mails that are sent by your application." + schema: + type: string + default: "" + - variable: MAIL_FROM_NAME + label: "MAIL_FROM_NAME" + description: "Specify the name that should show up in the recipient's inbox when they receive email from your Snipe-IT instance." + schema: + type: string + default: "" + - variable: MAIL_REPLYTO_ADDR + label: "MAIL_REPLYTO_ADDR" + description: " Specify the address that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_ADDR, but it is required." + schema: + type: string + default: "" + - variable: MAIL_REPLYTO_NAME + label: "MAIL_REPLYTO_NAME" + description: "Specify the name that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_NAME , but it is required." + schema: + type: string + default: "" + - variable: MAIL_AUTO_EMBED + label: "MAIL_AUTO_EMBED" + description: "Whether or not to embed images in emails (via CID or base64) versus linking to them." + schema: + type: boolean + default: true + - variable: MAIL_AUTO_EMBED_METHOD + label: "MAIL_AUTO_EMBED_METHOD" + description: "Method that should be used for attaching inline images. Options are attachment (for CID) or base64." + schema: + type: string + default: "base64" + enum: + - value: "base64" + description: "base64" + - value: "attachment" + description: "attachment" + - variable: publicawssettings + label: "Public AWS S3 Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUBLIC_AWS_SECRET_ACCESS_KEY + label: "PUBLIC_AWS_SECRET_ACCESS_KEY" + schema: + type: string + default: "" + private: true + - variable: PUBLIC_AWS_ACCESS_KEY_ID + label: "PUBLIC_AWS_ACCESS_KEY_ID" + schema: + type: string + default: "" + private: true + - variable: PUBLIC_AWS_DEFAULT_REGION + label: "PUBLIC_AWS_DEFAULT_REGION" + schema: + type: string + default: "" + - variable: PUBLIC_AWS_BUCKET + label: "PUBLIC_AWS_BUCKET" + schema: + type: string + default: "" + - variable: PUBLIC_AWS_URL + label: "PUBLIC_AWS_URL" + schema: + type: string + default: "" + - variable: PUBLIC_AWS_BUCKET_ROOT + label: "PUBLIC_AWS_BUCKET_ROOT" + schema: + type: string + default: "" + - variable: privateawssettings + label: "Private AWS S3 Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PRIVATE_AWS_SECRET_ACCESS_KEY + label: "PRIVATE_AWS_SECRET_ACCESS_KEY" + schema: + type: string + default: "" + private: true + - variable: PRIVATE_AWS_ACCESS_KEY_ID + label: "PRIVATE_AWS_ACCESS_KEY_ID" + schema: + type: string + default: "" + private: true + - variable: PRIVATE_AWS_DEFAULT_REGION + label: "PRIVATE_AWS_DEFAULT_REGION" + schema: + type: string + default: "" + - variable: PRIVATE_AWS_BUCKET + label: "PRIVATE_AWS_BUCKET" + schema: + type: string + default: "" + - variable: PRIVATE_AWS_URL + label: "PRIVATE_AWS_URL" + schema: + type: string + default: "" + - variable: PRIVATE_AWS_BUCKET_ROOT + label: "PRIVATE_AWS_BUCKET_ROOT" + schema: + type: string + default: "" # Include{containerConfig} - variable: service @@ -173,9 +639,9 @@ questions: additional_attrs: true type: dict attrs: - - variable: config - label: "App Config Storage" - description: "Stores the Application Configuration." + - variable: logs + label: "App Logs Storage" + description: "Stores the Application Logs." schema: additional_attrs: true type: dict diff --git a/charts/stable/snipe-it/templates/_secrets.tpl b/charts/stable/snipe-it/templates/_secrets.tpl new file mode 100644 index 00000000000..cf46348d2c5 --- /dev/null +++ b/charts/stable/snipe-it/templates/_secrets.tpl @@ -0,0 +1,20 @@ +{{/* Define the secrets */}} +{{- define "snipeit.secrets" -}} +--- + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: snipeit-secrets +{{- $snipeitprevious := lookup "v1" "Secret" .Release.Namespace "snipeit-secrets" }} +{{- $app_key := "" }} +data: + {{- if $snipeitprevious}} + APP_KEY: {{ index $snipeitprevious.data "APP_KEY" }} + {{- else }} + {{- $app_key := randAlphaNum 32 }} + APP_KEY: {{ $app_key | b64enc }} + {{- end }} + +{{- end -}} diff --git a/charts/stable/snipe-it/templates/common.yaml b/charts/stable/snipe-it/templates/common.yaml index 9705d4f5fa6..4c91ac2d4f2 100644 --- a/charts/stable/snipe-it/templates/common.yaml +++ b/charts/stable/snipe-it/templates/common.yaml @@ -1,2 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.setup" . }} -{{ include "common.all" . }} +{{/* Render secrets for snipeit */}} +{{- include "snipeit.secrets" . }} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/charts/stable/snipe-it/values.yaml b/charts/stable/snipe-it/values.yaml index 956addd5862..8fd7de28078 100644 --- a/charts/stable/snipe-it/values.yaml +++ b/charts/stable/snipe-it/values.yaml @@ -1,17 +1,7 @@ image: repository: tccr.io/truecharts/snipe-it pullPolicy: IfNotPresent - tag: v5.4.1@sha256:8c4dd0e7cd888cf57958e76b56d03b94c6eb0f701f26bc63a618dcba1b55be82 - -secret: {} - -# See more environment variables in the snipe documentation -# https://github.com/linuxserver/docker-snipe-it#parameters -env: - NGINX_APP_URL: '{{ include "common.names.fullname" . }}:8080' - MYSQL_USER: snipe-it - MYSQL_DATABASE: "snipe-it" - MYSQL_PORT_3306_TCP_PORT: "3306" + tag: v5.4.1@sha256:392cd5a87a094675702b2f81a84213624851d2c4adec2dbad207a91f7d39d3d4 securityContext: runAsNonRoot: false @@ -21,6 +11,57 @@ podSecurityContext: runAsUser: 0 runAsGroup: 0 +env: + APP_ENV: "production" + APP_DEBUG: false + DB_CONNECTION: "mysql" + DB_USERNAME: "{{ .Values.mariadb.mariadbUsername }}" + DB_DATABASE: "{{ .Values.mariadb.mariadbDatabase }}" + DB_PORT: "3306" + REDIS_PORT: "6379" + SESSION_DRIVER: "redis" + CACHE_DRIVER: "redis" + QUEUE_DRIVER: "redis" + APP_TIMEZONE: "{{ .Values.TZ }}" + FILESYSTEM_DISK: "local" + # User Defined + APP_URL: "http://localhost:80" + APP_LOCALE: "en" + MAX_RESULTS: 500 + IMAGE_LIB: "gd" + # Session + SESSION_LIFETIME: 30 + EXPIRE_ON_CLOSE: false + ENCRYPT: false + COOKIE_NAME: "snipeit_session" + SECURE_COOKIES: false + API_TOKEN_EXPIRATION_YEARS: 40 + # Login + LOGIN_MAX_ATTEMPTS: 5 + LOGIN_LOCKOUT_DURATION: 60 + +envValueFrom: + DB_HOST: + secretKeyRef: + name: mariadbcreds + key: plainhost + DB_PASSWORD: + secretKeyRef: + name: mariadbcreds + key: mariadb-password + REDIS_HOST: + secretKeyRef: + name: rediscreds + key: plainhost + REDIS_PASSWORD: + secretKeyRef: + name: rediscreds + key: redis-password + APP_KEY: + secretKeyRef: + name: snipeit-secrets + key: APP_KEY + service: main: ports: @@ -29,24 +70,69 @@ service: targetPort: 80 persistence: - varrun: + logs: enabled: true - config: - enabled: true - mountPath: "/config" - -envValueFrom: - MYSQL_PORT_3306_TCP_ADDR: - secretKeyRef: - name: mariadbcreds - key: plainhost - MYSQL_PASSWORD: - secretKeyRef: - name: mariadbcreds - key: mariadb-password + mountPath: "/var/www/html/storage/logs" mariadb: enabled: true mariadbUsername: snipe-it mariadbDatabase: snipe-it existingSecret: "mariadbcreds" + +# Enabled redis +redis: + enabled: true + existingSecret: "rediscreds" + +upgradeContainers: + migratedb: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: logs + mountPath: "/var/www/html/storage/logs" + env: + - name: APP_ENV + value: "production" + - name: REDIS_PORT + value: "6379" + - name: SESSION_DRIVER + value: "redis" + - name: QUEUE_DRIVER + value: "redis" + - name: APP_ENV + value: "redis" + - name: DB_CONNECTION + value: "mysql" + - name: DB_PORT + value: "3306" + - name: DB_USERNAME + value: "{{ .Values.mariadb.mariadbUsername }}" + - name: DB_DATABASE + value: "{{ .Values.mariadb.mariadbDatabase }}" + - name: DB_HOST + valueFrom: + secretKeyRef: + name: mariadbcreds + key: plainhost + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: mariadbcreds + key: mariadb-password + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: rediscreds + key: plainhost + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: rediscreds + key: redis-password + - name: APP_KEY + valueFrom: + secretKeyRef: + name: snipeit-secrets + key: APP_KEY + command: ["php", "artisan", "migrate"]