diff --git a/zammad/Chart.yaml b/zammad/Chart.yaml index 960d5649..b9c61f5f 100644 --- a/zammad/Chart.yaml +++ b/zammad/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: zammad -version: 6.7.1 -appVersion: 5.2.1 +version: 7.0.0 +appVersion: 5.2.3-32 description: Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails. home: https://zammad.org icon: https://raw.githubusercontent.com/zammad/zammad-documentation/main/images/zammad_logo_600x520.png @@ -16,18 +16,18 @@ maintainers: email: enjoy@zammad.com dependencies: - name: elasticsearch - repository: https://helm.elastic.co - version: 7.17.3 + repository: https://charts.bitnami.com/bitnami + version: 19.5.0 condition: zammadConfig.elasticsearch.enabled - name: memcached - version: 6.0.16 + version: 6.3.0 repository: https://charts.bitnami.com/bitnami condition: zammadConfig.memcached.enabled - name: postgresql - version: 10.16.2 + version: 12.1.0 repository: https://charts.bitnami.com/bitnami condition: zammadConfig.postgresql.enabled - name: redis - version: 16.8.7 + version: 17.3.7 repository: https://charts.bitnami.com/bitnami condition: zammadConfig.redis.enabled diff --git a/zammad/README.md b/zammad/README.md index 260845db..5e2e4afa 100644 --- a/zammad/README.md +++ b/zammad/README.md @@ -26,95 +26,11 @@ helm upgrade --install zammad zammad/zammad --namespace zammad ## Configuration -The following table lists the configurable parameters of the zammad chart and their default values. - -| Parameter | Description | Default | -| ------------------------------------------- | ------------------------------------------------ | ------------------------------- | -| `image.repository` | Container image to use | `zammad/zammad-docker-compose` | -| `image.tag` | Container image tag to deploy | `5.2.1-6` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.imagePullSecrets` | An array of imagePullSecrets | `[]` | -| `service.type` | Service type | `ClusterIP` | -| `service.port` | Service port | `8080` | -| `ingress.enabled` | Enable Ingress | `false` | -| `ingress.annotations` | Additional ingress annotations | `""` | -| `ingress.className` | Use IngressClassName | `""` | -| `ingress.hosts` | Ingress hosts | `""` | -| `ingress.tls` | Ingress TLS | `[]` | -| `zammadConfig.elasticsearch.enabled` | Use Elasticsearch chart dependency | `true` | -| `zammadConfig.elasticsearch.schema` | Elasticsearch schema | `http` | -| `zammadConfig.elasticsearch.host` | Elasticsearch host | `zammad-master` | -| `zammadConfig.elasticsearch.initialisation` | Run zammad specific Elasticsearch initialisation | `true` | -| `zammadConfig.elasticsearch.port` | Elasticsearch port | `9200` | -| `zammadConfig.elasticsearch.user` | Elasticsearch user | `""` | -| `zammadConfig.elasticsearch.pass` | Elasticsearch pass | `""` | -| `zammadConfig.elasticsearch.reindex` | Elasticsearch reindex is run on start | `true` | -| `zammadConfig.memcached.enabled` | Use Memcached dependency | `true` | -| `zammadConfig.memcached.host` | Memcached host | `zammad-memcached` | -| `zammadConfig.memcached.port` | Memcached port | `11211` | -| `zammadConfig.nginx.websocketExtraHeaders` | Additional nginx headers for ws location | `[]` | -| `zammadConfig.nginx.extraHeaders` | Additional nginx headers for / location | `[]` | -| `zammadConfig.nginx.knowledgeBaseUrl` | Value of custom URL for knowledge base | `""` | -| `zammadConfig.nginx.resources` | Resource usage of Zammad's nginx container | `{}` | -| `zammadConfig.nginx.livenessProbe` | Liveness probe for the nginx container | see values.yaml | -| `zammadConfig.nginx.readinessProbe` | Readiness probe for the nginx container | see values.yaml | -| `zammadConfig.postgresql.enabled` | Use PostgreSQL dependency | `true` | -| `zammadConfig.postgresql.host` | PostgreSql host | `zammad-postgresql` | -| `zammadConfig.postgresql.port` | PostgreSql port | `5432` | -| `zammadConfig.postgresql.pass` | PostgreSql pass | `""` | -| `zammadConfig.postgresql.user` | PostgreSql user | `zammad` | -| `zammadConfig.postgresql.db` | PostgreSql database | `zammad_production` | -| `zammadConfig.railsserver.resources` | Resource usage of Zammad's railsserver container | `{}` | -| `zammadConfig.railsserver.livenessProbe` | Liveness probe for the railsserver container | see values.yaml | -| `zammadConfig.railsserver.readinessProbe` | Readiness probe for the railsserver container | see values.yaml | -| `zammadConfig.railsserver.trustedProxies` | Configure Rails trusted proxies | `"['127.0.0.1', '::1']"` | -| `zammadConfig.redis.enabled` | Use REdis chart dependency | `true` | -| `zammadConfig.redis.host` | Redis host | `zammad-redis` | -| `zammadConfig.redis.port` | Redis port | `6379` | -| `zammadConfig.scheduler.resources` | Resource usage of Zammad's scheduler container | `{}` | -| `zammadConfig.websocket.resources` | Resource usage of Zammad's websocket container | `{}` | -| `zammadConfig.websocket.livenessProbe` | Liveness probe for the websocket container | see values.yaml | -| `zammadConfig.websocket.readinessProbe` | Readiness probe for the websocket container | see values.yaml | -| `zammadConfig.initContainers` | Resources for the different init containers | see values.yaml | -| `autoWizard.enabled` | enable autowizard | `false` | -| `autoWizard.config` | autowizard json config | `""` | -| `podAnnotations` | Annotations for Pods | `{}` | -| `volumePermissions.enabled` | Enable data volume permissions correction | `false` | -| `volumePermissions.image.repository` | initContainer image to use | `alpine` | -| `volumePermissions.image.tag` | initContainer image tag to deploy | `3.14` | -| `volumePermissions.image.pullPolicy` | initContainer pull policy | `IfNotPresent` | -| `persistence.enabled` | Enable persistence | `true` | -| `persistence.accessModes` | Access modes | `["ReadWriteOnce"]` | -| `persistence.size` | Volume size | `15Gi` | -| `persistence.storageClass` | storage class | `""` | -| `persistence.annotations` | annotations | `{}` | -| `nodeSelector` | NodeSelector | `{}` | -| `tolerations` | Tolerations | `[]` | -| `affinity` | Affinity | `{}` | -| `initContainers` | Additional init containers | `[]` | -| `sidecars` | Sidecar containers | `[]` | -| `serviceAccount.create` | Create service accounnt | `false` | -| `serviceAccount.annotations` | Service account annotations | `{}` | -| `serviceAccount.name` | Service account name | `""` | -| `rbac.create` | Create RBAC | `false` | -| `podSecurityPolicy.enabled` | Enable podSecurityPolicy | `false` | -| `podSecurityPolicy.create` | Create podSecurityPolicy | `false` | -| `podSecurityPolicy.annotations` | PodSecurityPolicy annotations | `{}` | -| `podSecurityPolicy.name` | PodSecurityPolicy name | `""` | -| `elasticsearch.image` | Elasticsearch docker image | `zammad/zammad-docker-compose` | -| `elasticsearch.imageTag` | Elasticsearch docker image tag | `zammad-elasticsearch-5.2.1-6` | -| `elasticsearch.clusterName` | Elasticsearch cluster name | `zammad` | -| `elasticsearch.replicas` | Elasticsearch replicas | `1` | -| `elasticsearch.clusterHealthCheckParams` | Workaround to get ES test work in GitHubCI | `"timeout=1s"` | -| `memcached.replicaCount` | Memcached replicas | `1` | -| `postgresql.postgresqlUsername` | PostgreSQL user | `zammad` | -| `postgresql.postgresqlPassword` | PostgreSQL password | `zammad` | -| `postgresql.postgresqlDatabase` | PostgreSQL DB | `zammad_production` | -| `redis.architecture` | Redis architecture | `standalone` | -| `redis.auth.password` | Redis auth password | `zammad` | -| `redis.master.resources` | Set Redis resources | `{}` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +helm show values zammad/zammad +``` ### Important note for NFS filesystems @@ -137,6 +53,24 @@ Open your browser on ## Upgrading +### From chart version 6.x to 7.x + +- Bitnami Elasticsearch chart is used now as elastic does not support the old charts anymore in favour of ECK operator + - reindexing of all data is needed so get sure "zammadConfig.elasticsearch.reindex" is set to "true" +- Memchached was updated from 6.0.16 to 6.3.0 +- PostgreSql chart was updated from 10.16.2 to 12.1.0 + - this includes major version change of Postgres DB version too + - backup / restore is needed to update + - postgres password settings were changed + - see also upgrading [PostgreSql upgrading notes](https://github.com/bitnami/charts/tree/main/bitnami/postgresql#upgrading) +- Redis chart is updated from 16.8.7 to 17.3.7 + - see [Redis upgrading notes](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1700) +- Zammad + - Pod Security Policy settings were removed as thes are [deprecated in Kubernetes 1.25](https://kubernetes.io/docs/concepts/security/pod-security-policy/) + - Docker image tag is used from Chart.yaml "appVersion" by default + - Replicas can be configured (needs ReadWriteMany volume if replica > 1!) + - livenessProbes and readinessProbe have been adjusted to not be the same + ### From chart version 6.0.4 to 6.0.x - minimum helm version now is 3.2.0+ diff --git a/zammad/templates/configmap-init.yaml b/zammad/templates/configmap-init.yaml index f08087ee..cc0fe89d 100644 --- a/zammad/templates/configmap-init.yaml +++ b/zammad/templates/configmap-init.yaml @@ -9,7 +9,7 @@ data: elasticsearch-init: |- #!/bin/bash set -e - bundle exec rails r 'Setting.set("es_url", "{{ .Values.zammadConfig.elasticsearch.schema }}://{{ if .Values.zammadConfig.elasticsearch.enabled }}zammad-master{{ else }}{{ .Values.zammadConfig.elasticsearch.host }}{{ end }}:{{ .Values.zammadConfig.elasticsearch.port }}")' + bundle exec rails r 'Setting.set("es_url", "{{ .Values.zammadConfig.elasticsearch.schema }}://{{ if .Values.zammadConfig.elasticsearch.enabled }}zammad-elasticsearch{{ else }}{{ .Values.zammadConfig.elasticsearch.host }}{{ end }}:{{ .Values.zammadConfig.elasticsearch.port }}")' ELASTICSEARCH_USER=${ELASTICSEARCH_USER:-{{ .Values.zammadConfig.elasticsearch.user }}} if [ -n "${ELASTICSEARCH_USER}" ] && [ -n "${ELASTICSEARCH_PASSWORD}" ]; then bundle exec rails r "Setting.set(\"es_user\", \"${ELASTICSEARCH_USER}\")" diff --git a/zammad/templates/psp.yaml b/zammad/templates/psp.yaml deleted file mode 100644 index 9511cd2f..00000000 --- a/zammad/templates/psp.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion -}} -{{- if and .Values.podSecurityPolicy.enabled .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "zammad.fullname" . }} - labels: - app: {{ template "zammad.name" . }} - chart: {{ template "zammad.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/zammad/templates/statefulset.yaml b/zammad/templates/statefulset.yaml index fb0f528e..103f2f31 100644 --- a/zammad/templates/statefulset.yaml +++ b/zammad/templates/statefulset.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "zammad.labels" . | nindent 4 }} spec: - replicas: 1 + replicas: {{ .Values.replicas }} serviceName: {{ include "zammad.name" . }} selector: matchLabels: @@ -63,7 +63,7 @@ spec: mountPath: /opt/zammad {{- end }} - name: zammad-init - image: {{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- if or .Values.zammadConfig.redis.pass .Values.secrets.redis.useExisting }} @@ -102,7 +102,7 @@ spec: readOnly: true subPath: zammad-init - name: postgresql-init - image: {{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: runAsUser: 1000 @@ -140,7 +140,7 @@ spec: subPath: postgresql-init {{- if .Values.zammadConfig.elasticsearch.initialisation }} - name: elasticsearch-init - image: {{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: runAsUser: 1000 @@ -181,7 +181,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-nginx - image: {{ .Values.image.repository }}:{{ include "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /usr/sbin/nginx @@ -215,7 +215,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: {{ .Chart.Name }}-railsserver - image: {{ .Values.image.repository }}:{{ include "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: runAsUser: 1000 @@ -264,7 +264,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: {{ .Chart.Name }}-scheduler - image: {{ .Values.image.repository }}:{{ include "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: runAsUser: 1000 @@ -297,7 +297,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: {{ .Chart.Name }}-websocket - image: {{ .Values.image.repository }}:{{ include "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag }} + image: "{{ .Values.image.repository }}:{{ template "zammad.image.repositoryPrefix" . }}{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: runAsUser: 1000 diff --git a/zammad/values.yaml b/zammad/values.yaml index b4a7bbc9..913d4bbc 100644 --- a/zammad/values.yaml +++ b/zammad/values.yaml @@ -1,6 +1,7 @@ image: repository: zammad/zammad-docker-compose - tag: 5.2.1-6 + # if not set appVersion field from Chart.yaml is used as default + tag: "" pullPolicy: IfNotPresent imagePullSecrets: [] # - name: "image-pull-secret" @@ -48,19 +49,21 @@ zammadConfig: # enable/disable elasticsearch chart dependency enabled: true # host env var is only used when zammadConfig.elasticsearch.enabled is false - host: zammad-master + host: zammad-elasticsearch-master-0 initialisation: true pass: "" port: 9200 reindex: true schema: http user: "" + memcached: # enable/disable memcached chart dependency enabled: true # host env var is only used when zammadConfig.memcached.enabled is false host: zammad-memcached port: 11211 + nginx: extraHeaders: [] # - 'HeaderName "Header Value"' @@ -68,8 +71,7 @@ zammadConfig: # - 'HeaderName "Header Value"' knowledgeBaseUrl: "" livenessProbe: - httpGet: - path: / + tcpSocket: port: 8080 initialDelaySeconds: 30 successThreshold: 1 @@ -92,22 +94,23 @@ zammadConfig: # limits: # cpu: 100m # memory: 64Mi + postgresql: # enable/disable postgresql chart dependency enabled: true - # needs to be the same as the postgresql.postgresqlPassword + # needs to be the same as the postgresql.auth.database db: zammad_production # host env var is only used when postgresql.enabled is false host: zammad-postgresql + # needs to be the same as the postgresql.auth.password pass: "zammad" - # needs to be the same as the postgresql.postgresqlDatabase port: 5432 - # needs to be the same as the postgresql.postgresqlUsername + # needs to be the same as the postgresql.auth.username user: zammad + railsserver: livenessProbe: - httpGet: - path: / + tcpSocket: port: 3000 initialDelaySeconds: 30 successThreshold: 1 @@ -132,6 +135,7 @@ zammadConfig: # memory: 1024Mi trustedProxies: "['127.0.0.1', '::1']" webConcurrency: 0 + redis: # enable/disable redis chart dependency enabled: true @@ -139,6 +143,7 @@ zammadConfig: # needs to be the same as the redis.auth.password pass: zammad port: 6379 + scheduler: resources: {} # requests: @@ -147,6 +152,7 @@ zammadConfig: # limits: # cpu: 200m # memory: 512Mi + websocket: livenessProbe: tcpSocket: @@ -154,7 +160,7 @@ zammadConfig: initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - failureThreshold: 5 + failureThreshold: 10 timeoutSeconds: 5 readinessProbe: tcpSocket: @@ -171,6 +177,7 @@ zammadConfig: # limits: # cpu: 200m # memory: 512Mi + initContainers: volumePermissions: resources: {} @@ -272,6 +279,9 @@ persistence: size: 15Gi annotations: {} +# running zammad with more than 1 replica will need a [ReadWriteMany storage volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) +replicas: 1 + nodeSelector: {} tolerations: [] affinity: {} @@ -293,16 +303,6 @@ rbac: # Control whether RBAC resources are created create: false -# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -podSecurityPolicy: - enabled: false - # Create PSP - create: false - # Annotations to add to PSP. Only applicable if create is true - annotations: {} - # The name of the PSP to use. Only applicable if create is false - name: "" - # initContainers: # - name: s3-restore # image: some-aws-s3-restore:latest @@ -345,36 +345,16 @@ podSecurityPolicy: # Settings for the elasticsearch subchart elasticsearch: - image: "zammad/zammad-docker-compose" - imageTag: "zammad-elasticsearch-5.2.1-6" clusterName: zammad - replicas: 1 - # Workaround to get helm test to work in GitHub action CI - # the [ES chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch) - # default would be: "wait_for_status=green&timeout=1s" - # see: - clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" - resources: {} - # requests: - # cpu: "100m" - # memory: "2Gi" - # limits: - # cpu: "1000m" - # memory: "2Gi" - initResources: {} - # limits: - # cpu: "25m" - # # memory: "128Mi" - # requests: - # cpu: "25m" - # memory: "128Mi" - sidecarResources: {} - # limits: - # cpu: "25m" - # # memory: "128Mi" - # requests: - # cpu: "25m" - # memory: "128Mi" + coordinating: + replicaCount: 0 + data: + replicaCount: 0 + ingest: + replicaCount: 0 + master: + masterOnly: false + replicaCount: 1 # settings for the memcached subchart memcached: @@ -389,9 +369,13 @@ memcached: # settings for the postgres subchart postgresql: - postgresqlUsername: zammad - postgresqlPassword: zammad - postgresqlDatabase: zammad_production + auth: + postgresPassword: "zammad" + username: "zammad" + password: "zammad" + database: "zammad_production" + replicationUsername: repl_user + replicationPassword: "zammad" resources: {} # requests: # cpu: 250m