Helm Chart corrections and additions

charts/kubectyl/Chart.yaml

@@ -25,6 +25,8 @@ dependencies:
 - name: mariadb
   version: "11.3.0"
   repository: https://charts.bitnami.com/bitnami
+  condition: mariadb.create
 - name: redis
   version: "17.3.11"
   repository: https://charts.bitnami.com/bitnami
+  condition: redis.create

charts/kubectyl/README.md

@@ -0,0 +1,94 @@
+# Kubectyl Panel And Kuber Helm Chart
+
+## Configuration
+
+### Global Values
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `global.timezone` | `string` | `UTC` | Timezone for the panel. |
+
+---
+
+### Ingress
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `ingress.class` | `string` | `nginx` | The Ingress class for routing external traffic to services. |
+| `ingress.panel` | `string` | `panel.example.com` | The full FQDN that your panel will be accessible at. |
+| `ingress.kuber` | `string` | `kuber.example.com` | The full FQDN that the kuber daemon will be accessible at. |
+| `ingress.tls.create` | `bool` | `true` | Boolean to control if the chart should manage the creation of the Certificate resources. This is particularly useful if you have automation around Ingress resources that creates Certificates already. |
+| `ingress.tls.clusterIssuer` | `string` | `letsencrypt-prod` | Name of the ClusterIssuer that should be specified on the Ingress resources to create your certificate. Required for most configurations even if not managing the certificate in this chart. |
+| `ingress.annotations` | `map(string\|int\|bool)` | `{}` | Map of additional annotations to add to the Ingress resources. |
+
+---
+
+### Panel
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `panel.image` | `string` | `quay.io/kubectyl/panel:develop` | The image for the Panel application container. |
+| `panel.storageClass` | `string` | `""` | The storage class to use for panel's persistent volume. To use default K8s storage class set this value to "". **This is mutually exclusive with `existingVolumeClaim` and should not be used with it.** |
+| `panel.existingVolumeClaim` | `string` | `""` | Name of existing volume claim resource to use for the pod volumes. **This is mutually exclusive with `storageClass` and should not be used with it.** |
+| `panel.email` | `string` | `[email protected]` | The email address for Letsencrypt. Used for panel only as a reference to enable cert-manager. |
+| `panel.serviceAnnotations` | `map(string\|int\|bool)` | `{}` | Map of additional annotations to add to the panel's Service resource. |
+| `panel.statefulSetAnnotations` | `map(string\|int\|bool)` | `{}` | Map of additional annotations to add to the panel's StatefulSet resource. |
+
+---
+
+### Kuber
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `kuber.image` | `string` | `quay.io/kubectyl/kuber:deveop` | The image for the Kuber application container. |
+| `kuber.replicaCount` | `int` | `0` | Set to 0. Will be automatically set to 1 by panel after installation. |
+| `kuber.serviceAnnotations` | `map(string\|int\|bool)` | `{}` | Map of additional annotations to add to kuber's Service resource. |
+| `kuber.deploymentAnnotations` | `map(string\|int\|bool)` | `{}` | Map of additional annotations to add to kuber's Deployment resource. |
+
+---
+
+### MariaDB
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `mariadb.create` | `bool` | `true` | Boolean to control creation of mariadb chart resources. Useful if you plan on using an external mariadb instance. |
+| `mariadb.global.storageClass` | `string` | `""` | The storage class to use for mariadb's persistent volume. To use default K8s storage class set this value to "". |
+| `mariadb.externalHost` | `string` | `""` | Hostname of external mariadb instance if you intend to use one. If using built-in mariadb chart, leave this blank or don't include it at all. |
+| `mariadb.volumePermissions.enabled` | `bool` | `true` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`. |
+| `mariadb.image.debug` | `bool` | `true` | Boolean to control if debug logs should be enabled. |
+| `mariadb.auth.database` | `string` | `panel` | Name of mariadb database to use for panel installation. |
+| `mariadb.auth.username` | `string` | `kubectyl` | User to authenticate to mariadb with. |
+| `mariadb.auth.password` | `string` | `SecretPassword` | Password for user `mariadb.auth.username`. |
+| `mariadb.auth.rootPassword` | `string` | `SuperSecretPassword` | If creating host with chart, password to use for `root` user upon creation. |
+| `mariadb.primary.persistence.size` | `(int)Gi` | `1Gi` | The size of the primary mariadb pod's persistent volume. |
+| `mariadb.secondary.replicaCount` | `int` | `0` | The number of mariadb replicas to create. |
+
+For more in-depth explanation of the configuration and additional options you can specify to the `mariadb` chart, please see [Bitnami's documentation](https://github.com/bitnami/charts/tree/main/bitnami/mariadb).
+
+---
+
+### Redis
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `redis.create` | `bool` | `true` | Boolean to control creation of redis chart resources. Useful if you plan on using an external redis instance. |
+| `redis.global.storageClass` | `string` | `""` | The storage class to use for the redis persistent volume. To use default K8s storage class set this value to "". |
+| `redis.externalHost` | `string` | `""` | Hostname of external redis instance if you intend to use one. If using built-in redis chart, leave this blank or don't include it at all. |
+| `redis.auth.enabled` | `bool` | `false` | Boolean to control whether we should try to authenticate when connecting to redis. |
+| `redis.auth.password` | `string` | `""` | Password to use for redis authentication. |
+| `redis.master.persistence.size` | `(int)Gi` | `1Gi` | The size of the master redis pod's persistent volume. |
+| `redis.secondary.replicaCount` | `int` | `0` | The number of redis replicas to create. |
+| `redis.sentinel.enabled` | `bool` | `false` | Boolean to enable redis sentinel for high availability. |
+
+For more in-depth explanation of the configuration and additional options you can specify to the `redis` chart, please see [Bitnami's documentation](https://github.com/bitnami/charts/tree/main/bitnami/redis).
+
+---
+
+### Service Account
+
+| Key  | Type | Default | Description |
+| :--: | :-----------------: | :-----: | ----------- |
+| `serviceAccount.create` | `bool` | `true` | Boolean to enable the creation of a service account for our services. |
+| `serviceAccount.name` | `string` | `""` | Name of service account to create. If not set, a name is generated. |
+
+

charts/kubectyl/templates/certificate.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.ingress.tls.create }}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -11,3 +12,4 @@ spec:
   dnsNames:
   - {{ .Values.ingress.panel }}
   - {{ .Values.ingress.kuber }}
+{{- end }}

charts/kubectyl/templates/configmap.yaml

@@ -3,19 +3,32 @@ kind: ConfigMap
 metadata:
   name: panel-config
   namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: panel
 data:
   DB_PASSWORD: {{ .Values.mariadb.auth.password }}
+  {{- if .Values.redis.auth.enabled }}
+  REDIS_PASSWORD: {{ .Values.redis.auth.password }}
+  {{- end }}
   APP_URL: https://{{ .Values.ingress.panel }}
   APP_ENV: production
   APP_ENVIRONMENT_ONLY: "false"
-  APP_TIMEZONE: UTC
+  APP_TIMEZONE: {{ .Values.global.timezone | default "UTC" }}
   CACHE_DRIVER: redis
   SESSION_DRIVER: redis
   QUEUE_DRIVER: redis
+  {{- if .Values.redis.externalHost }}
+  REDIS_HOST: {{ .Values.redis.externalHost }}
+  {{- else -}}
   REDIS_HOST: {{ .Release.Name }}-redis-headless
-  DB_HOST: {{ .Release.Name }}-mariadb
-  DB_USERNAME: kubectyl
+  {{- end }}
+  {{- if .Values.mariadb.externalHost }}
+  DB_HOST: {{ .Values.mariadb.externalHost }}
+  {{- else -}}
+  {{- end }}
+  DB_USERNAME: {{ .Values.mariadb.auth.username | default "kubectyl" }}
   DB_PORT: "3306"
+  DB_DATABASE: {{ .Values.mariadb.auth.database | default "panel" }}
   KUBER_FULLNAME: {{ include "kuber.fullname" . }}
   INGRESS_KUBER: {{ .Values.ingress.kuber }}
   INGRESS_PANEL: {{ .Values.ingress.panel }}

charts/kubectyl/templates/deployment.yaml

@@ -5,6 +5,12 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     app: kuber
+  {{- with .Values.kuber.deploymentAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
 spec:
   replicas: {{ .Values.kuber.replicaCount }}
   selector:
@@ -25,6 +31,18 @@ spec:
             mountPath: "/tmp/kubectyl"
           - name: tmp
             mountPath: "/etc/kubectyl"
+      - name: port
+        image: mikefarah/yq
+        command: ["sh", "-c", "yq --inplace '.api.port == \"80\"' /etc/kubectyl/config.yml"]
+        volumeMounts:
+          - name: tmp
+            mountPath: "/etc/kubectyl"
+      - name: disable
+        image: mikefarah/yq
+        command: ["sh", "-c", "yq --inplace '.api.ssl.enabled == \"false\"' /etc/kubectyl/config.yml"]
+        volumeMounts:
+          - name: tmp
+            mountPath: "/etc/kubectyl"
       containers:
       - name: kuber
         image: {{ .Values.kuber.image }}
@@ -34,6 +52,9 @@ spec:
             readOnly: true
           - name: tmp
             mountPath: "/etc/kubectyl"
+        ports:
+        - containerPort: 80
+          name: web
       volumes:
         - name: ssl-certs
           secret:

charts/kubectyl/templates/ingress.yaml

@@ -1,16 +1,17 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ include "panel.fullname" . }}
   namespace: {{ .Release.Namespace | quote }}
   annotations:
-    {{- if .Values.ingress.clusterIssuer }}
-    cert-manager.io/issuer: {{ .Values.ingress.clusterIssuer }}
+    {{- if .Values.ingress.tls.clusterIssuer }}
+    cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer }}
+    {{- end }}
+    {{- if .Values.ingress.annotations }}
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
     {{- end }}
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: 100m
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "120s"
-    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 spec:
   ingressClassName: {{ .Values.ingress.class }}
   rules:
@@ -23,7 +24,29 @@ spec:
           service:
             name: {{ include "panel.fullname" . }}
             port:
-              number: 443
+              number: 8081
+  tls:
+    - secretName: {{ include "panel.fullname" . }}-tls
+      hosts:
+      - {{ .Values.ingress.panel }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "kuber.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  annotations:
+    {{- if .Values.ingress.tls.clusterIssuer }}
+    cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer }}
+    {{- end }}
+    {{- if .Values.ingress.annotations }}
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.class }}
+  rules:
   - host: {{ .Values.ingress.kuber }}
     http:
       paths:
@@ -33,9 +56,8 @@ spec:
           service:
             name: {{ include "kuber.fullname" . }}
             port:
-              number: 443
+              number: 8080
   tls:
-    - secretName: {{ .Release.Name }}-tls
+    - secretName: {{ include "kuber.fullname" . }}-tls
       hosts:
-      - {{ .Values.ingress.panel }}
       - {{ .Values.ingress.kuber }}

charts/kubectyl/templates/statefulset.yaml

@@ -3,6 +3,14 @@ kind: StatefulSet
 metadata:
   name: {{ include "panel.fullname" . }}
   namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: panel
+  {{- with .Values.panel.statefulSetAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
 spec:
   selector:
     matchLabels:
@@ -43,6 +51,12 @@ spec:
         - name: ssl-certs
           secret:
             secretName: {{ .Release.Name }}-tls
+      {{- if and (.Values.panel.existingVolumeClaim) (not .Values.panel.storageClass) }}
+        - name: panel
+          persistentVolumeClaim:
+            claimName: {{ .Values.panel.existingVolumeClaim }}
+      {{- end }}
+  {{- if and (.Values.panel.storageClass) (not .Values.panel.existingVolumeClaim) }}
   volumeClaimTemplates:
   - metadata:
       name: panel
@@ -55,3 +69,4 @@ spec:
       resources:
         requests:
           storage: 1Gi
+  {{- end }}

charts/kubectyl/templates/svc.yaml

@@ -5,10 +5,18 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     app: panel
+  {{- with .Values.panel.serviceAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
 spec:
   ports:
   - name: web
-    port: 443
+    port: 8081
+    protocol: TCP
+    targetPort: 80
   selector:
     app: panel
 ---
@@ -18,9 +26,17 @@ metadata:
   name: {{ include "kuber.fullname" . }}
   labels:
     app: kuber
+  {{- with .Values.kuber.serviceAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
 spec:
   ports:
-  - name: http
-    port: 443
+  - name: web
+    port: 8080
+    protocol: TCP
+    targetPort: 80
   selector:
     app: kuber