diff --git a/phpmyadmin/kustomization.yaml b/phpmyadmin/kustomization.yaml new file mode 100644 index 0000000..4ae436c --- /dev/null +++ b/phpmyadmin/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - main.yaml \ No newline at end of file diff --git a/phpmyadmin/main.yaml b/phpmyadmin/main.yaml new file mode 100644 index 0000000..6e6dd8f --- /dev/null +++ b/phpmyadmin/main.yaml @@ -0,0 +1,284 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: phpmyadmin + app.kubernetes.io/version: 5.2.2 + helm.sh/chart: phpmyadmin-18.1.8 + name: phpmyadmin + namespace: phpmyadmin +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: phpmyadmin + app.kubernetes.io/version: 5.2.2 + helm.sh/chart: phpmyadmin-18.1.8 + name: phpmyadmin + namespace: phpmyadmin +spec: + ports: + - name: http + nodePort: null + port: 80 + protocol: TCP + targetPort: http + - name: https + nodePort: null + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/name: phpmyadmin + sessionAffinity: None + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: phpmyadmin + app.kubernetes.io/version: 5.2.2 + helm.sh/chart: phpmyadmin-18.1.8 + name: phpmyadmin + namespace: phpmyadmin +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/name: phpmyadmin + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: phpmyadmin + app.kubernetes.io/version: 5.2.2 + helm.sh/chart: phpmyadmin-18.1.8 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/name: phpmyadmin + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: false + containers: + - env: + - name: BITNAMI_DEBUG + value: "false" + - name: DATABASE_PORT_NUMBER + value: "3306" + - name: DATABASE_HOST + value: "" + - name: PHPMYADMIN_ALLOW_NO_PASSWORD + value: "true" + - name: PHPMYADMIN_ALLOW_ARBITRARY_SERVER + value: "true" + - name: DATABASE_ENABLE_SSL + value: "no" + image: docker.io/bitnami/phpmyadmin:5.2.2-debian-12-r11 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: http + timeoutSeconds: 30 + name: phpmyadmin + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + resources: + limits: + cpu: 375m + ephemeral-storage: 2Gi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/bitnami/apache/conf + name: empty-dir + subPath: apache-conf-dir + - mountPath: /opt/bitnami/apache/logs + name: empty-dir + subPath: apache-logs-dir + - mountPath: /opt/bitnami/apache/var/run + name: empty-dir + subPath: apache-tmp-dir + - mountPath: /opt/bitnami/php/etc + name: empty-dir + subPath: php-conf-dir + - mountPath: /opt/bitnami/php/tmp + name: empty-dir + subPath: php-tmp-dir + - mountPath: /opt/bitnami/php/var + name: empty-dir + subPath: php-var-dir + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + - mountPath: /opt/bitnami/phpmyadmin + name: empty-dir + subPath: app-base-dir + hostAliases: + - hostnames: + - status.localhost + ip: 127.0.0.1 + initContainers: + - args: + - -ec + - | + #!/bin/bash + + . /opt/bitnami/scripts/liblog.sh + . /opt/bitnami/scripts/libfs.sh + + info "Copying base dir to empty dir" + # In order to not break the application functionality (such as upgrades or plugins) we need + # to make the base directory writable, so we need to copy it to an empty dir volume + cp -r --preserve=mode /opt/bitnami/phpmyadmin /emptydir/app-base-dir + + info "Copying symlinks to stdout/stderr" + # We copy the logs folder because it has symlinks to stdout and stderr + if ! is_dir_empty /opt/bitnami/apache/logs; then + cp -r /opt/bitnami/apache/logs /emptydir/apache-logs-dir + fi + info "Copying php var directory" + # PhpMyAdmin will fail to start if the php var folder is not populated + if ! is_dir_empty /opt/bitnami/php/var; then + cp -r /opt/bitnami/php/var /emptydir/php-var-dir + fi + info "Copy operation completed" + command: + - /bin/bash + image: docker.io/bitnami/phpmyadmin:5.2.2-debian-12-r11 + imagePullPolicy: IfNotPresent + name: prepare-base-dir + resources: + limits: + cpu: 375m + ephemeral-storage: 2Gi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /emptydir + name: empty-dir + priorityClassName: "" + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: phpmyadmin + volumes: + - emptyDir: {} + name: empty-dir +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: phpmyadmin + app.kubernetes.io/version: 5.2.2 + helm.sh/chart: phpmyadmin-18.1.8 + name: phpmyadmin + namespace: phpmyadmin +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/name: phpmyadmin +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: phpmyadmin + app.kubernetes.io/version: 5.2.2 + helm.sh/chart: phpmyadmin-18.1.8 + name: phpmyadmin + namespace: phpmyadmin +spec: + egress: + - {} + ingress: + - ports: + - port: 8080 + - port: 8443 + podSelector: + matchLabels: + app.kubernetes.io/instance: phpmyadmin + app.kubernetes.io/name: phpmyadmin + policyTypes: + - Ingress + - Egress diff --git a/phpmyadmin/src/kustomization.yaml b/phpmyadmin/src/kustomization.yaml new file mode 100644 index 0000000..ae6b669 --- /dev/null +++ b/phpmyadmin/src/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: phpmyadmin + repo: https://charts.bitnami.com/bitnami + version: 18.1.8 + releaseName: phpmyadmin + includeCRDs: true + namespace: phpmyadmin + valuesFile: values.yaml diff --git a/phpmyadmin/src/values.yaml b/phpmyadmin/src/values.yaml new file mode 100644 index 0000000..7e92d1b --- /dev/null +++ b/phpmyadmin/src/values.yaml @@ -0,0 +1,808 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @section phpMyAdmin parameters + +## Bitnami PhpMyAdmin image version +## ref: https://hub.docker.com/r/bitnami/phpmyadmin/tags/ +## @param image.registry [default: REGISTRY_NAME] phpMyAdmin image registry +## @param image.repository [default: REPOSITORY_NAME/phpmyadmin] phpMyAdmin image repository +## @skip image.tag phpMyAdmin image tag (immutable tags are recommended) +## @param image.digest phpMyAdmin image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Enable phpmyadmin image debug mode +## +image: + registry: docker.io + repository: bitnami/phpmyadmin + tag: 5.2.2-debian-12-r11 + digest: "" + ## Specify a imagePullPolicy + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param lifecycleHooks for the phpmyadmin container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraEnvVars Extra environment variables to be set on PhpMyAdmin container +## For example: +## extraEnvVars: +## - name: PHP_UPLOAD_MAX_FILESIZE +## value: "80M" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of a existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of a existing Secret containing extra env vars +## +extraEnvVarsSecret: "" +## @section phpMyAdmin deployment parameters + +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases [array] Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: + ## Necessary for apache-exporter to work + ## + - ip: "127.0.0.1" + hostnames: + - "status.localhost" +## phpMyAdmin container ports to open +## @param containerPorts.http HTTP port to expose at container level +## @param containerPorts.https HTTPS port to expose at container level +## +containerPorts: + http: 8080 + https: 8443 +## @param extraContainerPorts Optionally specify extra list of additional ports for phpMyAdmin container(s) +## e.g: +## extraContainerPorts: +## - name: myservice +## containerPort: 9090 +## +extraContainerPorts: [] +## @param updateStrategy.type Strategy to use to update Pods +## +updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate +## phpMyAdmin pods' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable phpMyAdmin pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup User ID for the container +## +podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 +## phpMyAdmin containers' Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## phpMyAdmin number of pod replicas +## @param replicas Number of replicas +replicas: 1 +## phpMyAdmin containers' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "micro" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## phpMyAdmin containers' startup probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.httpGet.path Request path for startupProbe +## @param startupProbe.httpGet.port Port for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + httpGet: + path: / + port: http +## phpMyAdmin containers' liveness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.tcpSocket.port Port for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + tcpSocket: + port: http +## phpMyAdmin containers' readiness probes. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.httpGet.path Request path for readinessProbe +## @param readinessProbe.httpGet.port Port for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + httpGet: + path: / + port: http +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param podLabels Extra labels for PhpMyAdmin pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for PhpMyAdmin pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param priorityClassName phpmyadmin pods' priorityClassName +## +priorityClassName: "" +## @param schedulerName Name of the k8s scheduler (other than default) +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## @param extraVolumes Optionally specify extra list of additional volumes for PhpMyAdmin pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for PhpMyAdmin container(s) +## +extraVolumeMounts: [] +## @param initContainers Add init containers to the PhpMyAdmin pods +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb +## @param pdb.create Enable/disable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. +## +pdb: + create: true + minAvailable: "" + maxUnavailable: "" +## @param sidecars Add sidecar containers to the PhpMyAdmin pods +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @section Traffic Exposure parameters + +## Service configuration +## +service: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.ports.http Service HTTP port + ## @param service.ports.https Service HTTPS port + ## + ports: + http: 80 + https: 443 + ## Specify the nodePort values for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## @param service.nodePorts.http Kubernetes http node port + ## @param service.nodePorts.https Kubernetes https node port + ## + nodePorts: + http: "" + https: "" + ## @param service.clusterIP PhpMyAdmin service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP Load balancer IP for the phpMyAdmin Service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Provide any additional annotations that may be required for the PhpMyAdmin service + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +## Ingress configuration +## +ingress: + ## @param ingress.enabled Set to true to enable ingress record generation + ## + enabled: false + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## DEPRECATED: Use ingress.annotations instead of ingress.certManager + ## certManager: false + ## + + ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created + ## + hostname: phpmyadmin.local + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or + ## let the chart create self-signed certificates for you + ## + tls: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## Example: + ## extraHosts: + ## - name: phpmyadmin.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## Example: + ## extraTls: + ## - hosts: + ## - phpmyadmin.local + ## secretName: phpmyadmin.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates and want to manage the secret via helm, + ## please use this to add the certificates as secrets key and certificate should start with + ## -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: phpmyadmin.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param ingress.existingSecretName If you're providing your own certificate and want to manage the secret yourself, + ## please provide the name of the secret with this parameter. This secret will then be used for tls termination. + ## It has higher priority than the cert-manager or the generation of the certificate from the chart. + ## + ## Example: + ## existingSecretName: "byo-phpmyadmin-tls" + ## + existingSecretName: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: phpmyadmin.local + ## http: + ## path: / + ## backend: + ## service: + ## name: phpmyadmin-svc + ## port: + ## name: http + ## + extraRules: [] +## @section Database parameters + +## Database configuration +## +db: + ## @param db.allowArbitraryServer Enable connection to arbitrary MySQL server + ## If you do not want the user to be able to specify an arbitrary MySQL server at login time, set this to false + ## + allowArbitraryServer: true + ## @param db.port Database port to use to connect + ## + port: 3306 + ## @param db.chartName Database suffix if included in the same release + ## If you are deploying phpMyAdmin as part of a release and the database is part + ## of the release, you can pass a suffix that will be used to find the database + ## in releasename-dbSuffix. Please note that this setting precedes db.host + ## e.g: + ## chartName: mariadb + ## + chartName: "" + ## @param db.host Database Hostname. Ignored when `db.chartName` is set. + ## e.g: + ## host: foo + ## + host: "" + ## @param db.bundleTestDB Deploy a MariaDB instance for testing purposes + ## + bundleTestDB: false + ## @param db.enableSsl Enable SSL for the connection between phpMyAdmin and the database + ## + enableSsl: false + ssl: + ## @param db.ssl.clientKey Client key file when using SSL + ## + clientKey: "" + ## @param db.ssl.clientCertificate Client certificate file when using SSL + ## + clientCertificate: "" + ## @param db.ssl.caCertificate CA file when using SSL + ## + caCertificate: "" + ## @param db.ssl.ciphers List of allowable ciphers for connections when using SSL + ## + ciphers: [] + ## @param db.ssl.verify Enable SSL certificate validation + ## + verify: true +## @param mariadb MariaDB chart configuration +## https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml +## +mariadb: {} +## @section Other Parameters + +## Service account for PhpMyAdmin to use. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for PhpMyAdmin pod + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## @section Metrics parameters + +## Prometheus Exporter / Metrics +## +metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## + enabled: false + ## @param metrics.image.registry [default: REGISTRY_NAME] Apache exporter image registry + ## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache exporter image repository + ## @skip metrics.image.tag Apache exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy Image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/apache-exporter + tag: 1.0.10-debian-12-r5 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## + resources: {} + ## Prometheus Exporter service configuration + ## + service: + ## @param metrics.service.type Prometheus metrics service type + ## + type: ClusterIP + ## @param metrics.service.port Prometheus metrics service port + ## + port: 9117 + ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + ## @param metrics.service.clusterIP phpmyadmin service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param metrics.service.loadBalancerIP Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` + ## Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank + ## + loadBalancerIP: "" + ## @param metrics.service.loadBalancerSourceRanges phpmyadmin service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param metrics.service.externalTrafficPolicy phpmyadmin service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created + ## + namespace: "" + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + ## selector: + ## prometheus: my-prometheus + ## + selector: {} +## @section NetworkPolicy parameters + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {}