feat(snipe-it): Use official image (#2257)

* feat(snipe-it): Use official image

* lint

* lint

* try rootless

* add questions

* rofs

* more questions

* add upgrade contaienr

* set to init for test

* cleanup
This commit is contained in:
Stavros Kois 2022-03-23 21:10:15 +02:00 committed by GitHub
parent a02a1a6bcf
commit 340d22d0be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 613 additions and 31 deletions

View File

@ -8,6 +8,10 @@ dependencies:
name: mariadb
repository: https://truecharts.org/
version: 2.0.7
- condition: redis.enabled
name: redis
repository: https://truecharts.org
version: 2.0.6
description: "Open source asset management"
home: https://github.com/truecharts/apps/tree/master/charts/stable/snipe-it
icon: https://truecharts.org/_static/img/appicons/snipe-it.png
@ -25,7 +29,7 @@ name: snipe-it
sources:
- https://snipeitapp.com/
- https://hub.docker.com/r/linuxserver/
version: 1.0.8
version: 2.0.0
annotations:
truecharts.org/catagories: |
- management

View File

@ -75,7 +75,473 @@ questions:
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: APP_URL
label: "APP_URL"
description: "This is the url to your application, beginning with http:// or https:// (if you're running Snipe-IT over SSL). This should not have a trailing slash."
schema:
type: string
default: ""
required: true
- variable: APP_TRUSTED_PROXIES
label: "APP_TRUSTED_PROXIES"
description: "APP_TRUSTED_PROXIES"
schema:
type: string
default: "172.16.0.0/16"
required: true
- variable: APP_LOCALE
label: "APP_LOCALE"
description: "Set this to reflect the two-letter or 5-letter abbreviation for the language you'd like to use for Snipe-IT"
schema:
type: string
default: "en"
required: true
enum:
- value: "en"
description: "English (US)"
- value: "en-GB"
description: "English (UK)"
- value: "af"
description: "Afrikaans"
- value: "ar"
description: "Arabic"
- value: "bg"
description: "Bulgarian"
- value: "zh-CN"
description: "Chinese Simplified"
- value: "zh-TW"
description: "Chinese Traditional"
- value: "hr"
description: "Croatian"
- value: "cs"
description: "Czech"
- value: "da"
description: "Danish"
- value: "nl"
description: "Dutch"
- value: "et"
description: "Estonian"
- value: "fi"
description: "Finnish"
- value: "fr"
description: "French"
- value: "de"
description: "German"
- value: "el"
description: "Greek"
- value: "he"
description: "Hebrew"
- value: "hu"
description: "Hungarian"
- value: "id"
description: "Indonesian"
- value: "en-ID"
description: "English, Indonesia"
- value: "ga-IE"
description: "Irish"
- value: "it"
description: "Italian"
- value: "ja"
description: "Japanese"
- value: "ko"
description: "Korean"
- value: "lv"
description: "Latvian"
- value: "lt"
description: "Lithuanian"
- value: "ms"
description: "Malay"
- value: "mi"
description: "Maori"
- value: "mn"
description: "Mongolian"
- value: "no"
description: "Norwegian"
- value: "fa"
description: "Persian"
- value: "pl"
description: "Polish"
- value: "pt-PT"
description: "Portuguese"
- value: "pt-BR"
description: "Portuguese, Brazilian"
- value: "ro"
description: "Romanian"
- value: "ru"
description: "Russian"
- value: "es-ES"
description: "Spanish"
- value: "es-CO"
description: "Spanish, Colombia"
- value: "sv-SE"
description: "Swedish"
- value: "ta"
description: "Tamil"
- value: "tr"
description: "Turkish"
- value: "vi"
description: "Vietnamese"
- value: "zu"
description: "Zulu"
- variable: IMAGE_LIB
label: "IMAGE_LIB"
description: "GD Library or Imagemagick are required to generate barcodes for Snipe-IT"
schema:
type: string
default: "gd"
required: true
enum:
- value: "gd"
description: "GD Library"
- value: "imagick"
description: "ImageMagick"
- variable: sessionsettings
label: "Session Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: SESSION_LIFETIME
label: "SESSION_LIFETIME"
description: "Specify the time in minutes that the session should remain valid."
schema:
type: int
default: 30
required: true
- variable: EXPIRE_ON_CLOSE
label: "EXPIRE_ON_CLOSE"
description: "Specify whether or not the logged in session should be expired when the user closes their browser window."
schema:
type: boolean
default: false
- variable: ENCRYPT
label: "ENCRYPT"
description: "Specify whether you wish to use encrypted cookies for your Snipe-IT sessions."
schema:
type: boolean
default: false
- variable: COOKIE_NAME
label: "COOKIE_NAME"
description: "If you are running multiple Snipe-IT installs, you should probably set this to a unique name for each one so that your browser doesn't get sessions confused."
schema:
type: string
default: "snipeit_session"
required: true
- variable: COOKIE_DOMAIN
label: "COOKIE_DOMAIN"
description: "Specify what domain name Snipe-IT should honor cookies from.should be set to whatever the domain name is of your Snipe-IT installation if you choose to use it."
schema:
type: string
default: ""
- variable: SECURE_COOKIES
label: "SECURE_COOKIES"
description: "By setting this option to true, session cookies will only be sent back to the server if the browser has a HTTPS connection."
schema:
type: boolean
default: false
- variable: API_TOKEN_EXPIRATION_YEARS
label: "API_TOKEN_EXPIRATION_YEARS"
description: "This sets how long the API tokens should be valid for."
schema:
type: int
default: 40
required: true
- variable: loginsettings
label: "Login Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: LOGIN_MAX_ATTEMPTS
label: "LOGIN_MAX_ATTEMPTS"
description: "The maximum number of failed attempts allowed before the user is throttled."
schema:
type: int
default: 5
required: true
- variable: LOGIN_LOCKOUT_DURATION
label: "LOGIN_LOCKOUT_DURATION"
description: " The duration (in seconds) that the user should be blocked from attempting to authenticate again."
schema:
type: int
default: 60
required: true
- variable: miscsettings
label: "Misc Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: LOG
label: "LOG"
description: "Whether to use a single log file, or multiple date-based log files for your app error logs."
schema:
type: string
default: "daily"
required: true
enum:
- value: "single"
description: "Single File"
- value: "daily"
description: "Daily Files"
- variable: APP_LOG_MAX_FILES
label: "APP_LOG_MAX_FILES"
description: "Max number of daily app log files to retain."
schema:
type: int
default: 10
required: true
- variable: ALLOW_IFRAMING
label: "ALLOW_IFRAMING"
description: "Set this to true if you need to run Snipe-IT within an iframe."
schema:
type: boolean
default: false
- variable: APP_ALLOW_INSECURE_HOSTS
label: "APP_ALLOW_INSECURE_HOSTS"
description: "Set this to this to true ONLY if you if you cant make your APP_URL match the actual URL of your application, and your hosting environment is secure and not accessible to the outside world."
schema:
type: boolean
default: false
- variable: GOOGLE_MAPS_API
label: "GOOGLE_MAPS_API"
description: "Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages."
schema:
type: string
default: ""
- variable: LDAP_MEM_LIM
label: "LDAP_MEM_LIM"
description: "Memory limit for LDAP execution"
schema:
type: string
default: "500M"
required: true
- variable: LDAP_TIME_LIM
label: "LDAP_TIME_LIM"
description: "Time limit for LDAP execution"
schema:
type: int
default: 600
required: true
- variable: API_THROTTLE_PER_MINUTE
label: "API_THROTTLE_PER_MINUTE"
description: "Number of requests to allow per minute."
schema:
type: int
default: 120
required: true
- variable: ENABLE_HSTS
label: "ENABLE_HSTS"
description: "HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking."
schema:
type: boolean
default: false
- variable: ENABLE_CSP
label: "ENABLE_CSP"
description: "Disable the content security policy that restricts what scripts, images and styles can load."
schema:
type: boolean
default: false
- variable: CORS_ALLOWED_ORIGINS
label: "CORS_ALLOWED_ORIGINS"
schema:
type: string
default: "null"
- variable: REFERRER_POLICY
label: "REFERRER_POLICY"
description: "This is an additional security header that browsers use to determine whether they should report back URL referrer information."
schema:
type: string
default: "same-origin"
- variable: mailsettings
label: "Mail Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: MAIL_DRIVER
label: "MAIL_DRIVER"
description: "Specify the driver you would like to use."
schema:
type: string
default: "log"
enum:
- value: "log"
description: "log"
- value: "smtp"
description: "smtp"
- value: "mail"
description: "mail"
- value: "sendmail"
description: "sendmail"
- variable: MAIL_HOST
label: "MAIL_HOST"
description: "Specify the hostname for your outgoing mail server. Keep in mind that this server must be accessible from the server you're running Snipe-IT on."
schema:
type: string
default: ""
- variable: MAIL_PORT
label: "MAIL_PORT"
description: "Set the port number that your mail server expects to send from."
schema:
type: int
default: 587
- variable: MAIL_USERNAME
label: "MAIL_USERNAME"
description: "Set the username of the authenticated user you'll be sending email as."
schema:
type: string
default: ""
- variable: MAIL_PASSWORD
label: "MAIL_PASSWORD"
description: "Set the password for the authenticated user you'll be sending as."
schema:
type: string
default: ""
private: true
- variable: MAIL_ENCRYPTION
label: "MAIL_ENCRYPTION"
description: "Here you may specify the encryption protocol that should be used when the application sends e-mail messages."
schema:
type: string
default: "null"
enum:
- value: "null"
description: "null"
- value: "tls"
description: "tls"
- value: "ssl"
description: "ssl"
- variable: MAIL_FROM_ADDR
label: "MAIL_FROM_ADDR"
description: "Specify an email address that is used globally for all e-mails that are sent by your application."
schema:
type: string
default: ""
- variable: MAIL_FROM_NAME
label: "MAIL_FROM_NAME"
description: "Specify the name that should show up in the recipient's inbox when they receive email from your Snipe-IT instance."
schema:
type: string
default: ""
- variable: MAIL_REPLYTO_ADDR
label: "MAIL_REPLYTO_ADDR"
description: " Specify the address that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_ADDR, but it is required."
schema:
type: string
default: ""
- variable: MAIL_REPLYTO_NAME
label: "MAIL_REPLYTO_NAME"
description: "Specify the name that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_NAME , but it is required."
schema:
type: string
default: ""
- variable: MAIL_AUTO_EMBED
label: "MAIL_AUTO_EMBED"
description: "Whether or not to embed images in emails (via CID or base64) versus linking to them."
schema:
type: boolean
default: true
- variable: MAIL_AUTO_EMBED_METHOD
label: "MAIL_AUTO_EMBED_METHOD"
description: "Method that should be used for attaching inline images. Options are attachment (for CID) or base64."
schema:
type: string
default: "base64"
enum:
- value: "base64"
description: "base64"
- value: "attachment"
description: "attachment"
- variable: publicawssettings
label: "Public AWS S3 Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: PUBLIC_AWS_SECRET_ACCESS_KEY
label: "PUBLIC_AWS_SECRET_ACCESS_KEY"
schema:
type: string
default: ""
private: true
- variable: PUBLIC_AWS_ACCESS_KEY_ID
label: "PUBLIC_AWS_ACCESS_KEY_ID"
schema:
type: string
default: ""
private: true
- variable: PUBLIC_AWS_DEFAULT_REGION
label: "PUBLIC_AWS_DEFAULT_REGION"
schema:
type: string
default: ""
- variable: PUBLIC_AWS_BUCKET
label: "PUBLIC_AWS_BUCKET"
schema:
type: string
default: ""
- variable: PUBLIC_AWS_URL
label: "PUBLIC_AWS_URL"
schema:
type: string
default: ""
- variable: PUBLIC_AWS_BUCKET_ROOT
label: "PUBLIC_AWS_BUCKET_ROOT"
schema:
type: string
default: ""
- variable: privateawssettings
label: "Private AWS S3 Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: PRIVATE_AWS_SECRET_ACCESS_KEY
label: "PRIVATE_AWS_SECRET_ACCESS_KEY"
schema:
type: string
default: ""
private: true
- variable: PRIVATE_AWS_ACCESS_KEY_ID
label: "PRIVATE_AWS_ACCESS_KEY_ID"
schema:
type: string
default: ""
private: true
- variable: PRIVATE_AWS_DEFAULT_REGION
label: "PRIVATE_AWS_DEFAULT_REGION"
schema:
type: string
default: ""
- variable: PRIVATE_AWS_BUCKET
label: "PRIVATE_AWS_BUCKET"
schema:
type: string
default: ""
- variable: PRIVATE_AWS_URL
label: "PRIVATE_AWS_URL"
schema:
type: string
default: ""
- variable: PRIVATE_AWS_BUCKET_ROOT
label: "PRIVATE_AWS_BUCKET_ROOT"
schema:
type: string
default: ""
# Include{containerConfig}
- variable: service
@ -173,9 +639,9 @@ questions:
additional_attrs: true
type: dict
attrs:
- variable: config
label: "App Config Storage"
description: "Stores the Application Configuration."
- variable: logs
label: "App Logs Storage"
description: "Stores the Application Logs."
schema:
additional_attrs: true
type: dict

View File

@ -0,0 +1,20 @@
{{/* Define the secrets */}}
{{- define "snipeit.secrets" -}}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: snipeit-secrets
{{- $snipeitprevious := lookup "v1" "Secret" .Release.Namespace "snipeit-secrets" }}
{{- $app_key := "" }}
data:
{{- if $snipeitprevious}}
APP_KEY: {{ index $snipeitprevious.data "APP_KEY" }}
{{- else }}
{{- $app_key := randAlphaNum 32 }}
APP_KEY: {{ $app_key | b64enc }}
{{- end }}
{{- end -}}

View File

@ -1,2 +1,8 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{ include "common.all" . }}
{{/* Render secrets for snipeit */}}
{{- include "snipeit.secrets" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

View File

@ -1,17 +1,7 @@
image:
repository: tccr.io/truecharts/snipe-it
pullPolicy: IfNotPresent
tag: v5.4.1@sha256:8c4dd0e7cd888cf57958e76b56d03b94c6eb0f701f26bc63a618dcba1b55be82
secret: {}
# See more environment variables in the snipe documentation
# https://github.com/linuxserver/docker-snipe-it#parameters
env:
NGINX_APP_URL: '{{ include "common.names.fullname" . }}:8080'
MYSQL_USER: snipe-it
MYSQL_DATABASE: "snipe-it"
MYSQL_PORT_3306_TCP_PORT: "3306"
tag: v5.4.1@sha256:392cd5a87a094675702b2f81a84213624851d2c4adec2dbad207a91f7d39d3d4
securityContext:
runAsNonRoot: false
@ -21,6 +11,57 @@ podSecurityContext:
runAsUser: 0
runAsGroup: 0
env:
APP_ENV: "production"
APP_DEBUG: false
DB_CONNECTION: "mysql"
DB_USERNAME: "{{ .Values.mariadb.mariadbUsername }}"
DB_DATABASE: "{{ .Values.mariadb.mariadbDatabase }}"
DB_PORT: "3306"
REDIS_PORT: "6379"
SESSION_DRIVER: "redis"
CACHE_DRIVER: "redis"
QUEUE_DRIVER: "redis"
APP_TIMEZONE: "{{ .Values.TZ }}"
FILESYSTEM_DISK: "local"
# User Defined
APP_URL: "http://localhost:80"
APP_LOCALE: "en"
MAX_RESULTS: 500
IMAGE_LIB: "gd"
# Session
SESSION_LIFETIME: 30
EXPIRE_ON_CLOSE: false
ENCRYPT: false
COOKIE_NAME: "snipeit_session"
SECURE_COOKIES: false
API_TOKEN_EXPIRATION_YEARS: 40
# Login
LOGIN_MAX_ATTEMPTS: 5
LOGIN_LOCKOUT_DURATION: 60
envValueFrom:
DB_HOST:
secretKeyRef:
name: mariadbcreds
key: plainhost
DB_PASSWORD:
secretKeyRef:
name: mariadbcreds
key: mariadb-password
REDIS_HOST:
secretKeyRef:
name: rediscreds
key: plainhost
REDIS_PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
APP_KEY:
secretKeyRef:
name: snipeit-secrets
key: APP_KEY
service:
main:
ports:
@ -29,24 +70,69 @@ service:
targetPort: 80
persistence:
varrun:
logs:
enabled: true
config:
enabled: true
mountPath: "/config"
envValueFrom:
MYSQL_PORT_3306_TCP_ADDR:
secretKeyRef:
name: mariadbcreds
key: plainhost
MYSQL_PASSWORD:
secretKeyRef:
name: mariadbcreds
key: mariadb-password
mountPath: "/var/www/html/storage/logs"
mariadb:
enabled: true
mariadbUsername: snipe-it
mariadbDatabase: snipe-it
existingSecret: "mariadbcreds"
# Enabled redis
redis:
enabled: true
existingSecret: "rediscreds"
upgradeContainers:
migratedb:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: logs
mountPath: "/var/www/html/storage/logs"
env:
- name: APP_ENV
value: "production"
- name: REDIS_PORT
value: "6379"
- name: SESSION_DRIVER
value: "redis"
- name: QUEUE_DRIVER
value: "redis"
- name: APP_ENV
value: "redis"
- name: DB_CONNECTION
value: "mysql"
- name: DB_PORT
value: "3306"
- name: DB_USERNAME
value: "{{ .Values.mariadb.mariadbUsername }}"
- name: DB_DATABASE
value: "{{ .Values.mariadb.mariadbDatabase }}"
- name: DB_HOST
valueFrom:
secretKeyRef:
name: mariadbcreds
key: plainhost
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mariadbcreds
key: mariadb-password
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
- name: APP_KEY
valueFrom:
secretKeyRef:
name: snipeit-secrets
key: APP_KEY
command: ["php", "artisan", "migrate"]