├── .github └── workflows │ ├── deploy.yaml │ └── lint.yml ├── .gitignore ├── README.md ├── build.sh └── charts └── codimd ├── .helmignore ├── Chart.yaml ├── README.md ├── requirements.lock ├── requirements.yaml ├── templates ├── NOTES.txt ├── _helpers.tpl ├── auth-secret.yaml ├── db-secret.yaml ├── deployment.yaml ├── image-upload-secret.yaml ├── ingress.yaml ├── pvc.yaml ├── service.yaml └── session-secret.yaml └── values.yaml /.github/workflows/deploy.yaml: -------------------------------------------------------------------------------- 1 | name: deploy-automation 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | release: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Checkout 13 | uses: actions/checkout@v1 14 | - name: Run chart-releaser 15 | uses: hackmdio/helm-gh-pages@43860e1 16 | with: 17 | token: ${{ secrets.PUSH_TOKEN }} 18 | helm_version: 2.16.5 19 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: Lint 4 | 5 | # Controls when the action will run. 6 | on: 7 | # Triggers the workflow on push or pull request events but only for the master branch 8 | push: 9 | pull_request: 10 | branches: [ master ] 11 | 12 | # Allows you to run this workflow manually from the Actions tab 13 | workflow_dispatch: 14 | 15 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 16 | jobs: 17 | # This workflow contains a single job called "build" 18 | lint: 19 | # The type of runner that the job will run on 20 | runs-on: ubuntu-latest 21 | 22 | # Steps represent a sequence of tasks that will be executed as part of the job 23 | steps: 24 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it 25 | - uses: actions/checkout@v2 26 | 27 | - name: Set up Helm 28 | uses: azure/setup-helm@v1 29 | with: 30 | version: v3.4.0 31 | 32 | - name: Run a helm lint for all charts 33 | run: for chart in $(ls charts/); do helm lint charts/${chart}; done 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | .vscode/ 3 | charts/**/charts/*.tgz 4 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CodiMD Helm chart 2 | 3 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/codimd)](https://artifacthub.io/packages/search?repo=codimd) 4 | 5 | This repository contains helm chart for CodiMD. 6 | 7 | ## Requirements 8 | 9 | - Kubernetes: >= 1.14 10 | - Helm 2 / 3 11 | 12 | ## Install 13 | 14 | ```bash 15 | helm repo add codimd https://helm.codimd.dev/ 16 | helm install my-release codimd/codimd 17 | ``` 18 | 19 | ## Documentation 20 | [charts/codimd/README.md](./charts/codimd/README.md) 21 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -xeuo pipefail 4 | 5 | if [[ ! -d "$PWD/build" ]]; then 6 | mkdir build 7 | fi 8 | 9 | rm -rf build/* 10 | 11 | pushd charts/codimd 12 | helm dependency update 13 | popd 14 | 15 | pushd build 16 | helm package ../charts/codimd 17 | git checkout gh-pages 18 | helm repo index --merge ../index.yaml . 19 | mv codimd*.tgz ../ 20 | mv index.yaml ../ 21 | popd 22 | -------------------------------------------------------------------------------- /charts/codimd/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/codimd/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: codimd 3 | description: A CodiMD Helm chart for Kubernetes 4 | icon: https://hackmd.io/favicon.png 5 | keywords: 6 | - codimd 7 | - markdown 8 | - collaboration 9 | maintainers: 10 | - name: HackMD Inc. Dev Team 11 | email: support@hackmd.io 12 | 13 | sources: 14 | - https://github.com/hackmdio/codimd 15 | - https://github.com/hackmdio/codimd-helm 16 | 17 | kubeVersion: ">=1.14.0 <1.22.0" 18 | 19 | # This is the chart version. This version number should be incremented each time you make changes 20 | # to the chart and its templates, including the app version. 21 | version: 0.1.11 22 | 23 | # This is the version number of the application being deployed. This version number should be 24 | # incremented each time you make changes to the application. 25 | appVersion: 2.5.1 26 | -------------------------------------------------------------------------------- /charts/codimd/README.md: -------------------------------------------------------------------------------- 1 | # CodiMD 2 | 3 | [CodiMD](https://github.com/hackmdio/codimd) is a realtime collaborative markdown notes on all platforms. 4 | 5 | Look at [CodiMD Documentation](https://hackmd.io/c/codimd-documentation) for detail setting. 6 | 7 | ## Prerequisites 8 | 9 | - Kubernetes 1.14+ 10 | - Helm 2.16+ or Helm 3.0+ 11 | - PV provisioner support in the underlying infrastructure 12 | 13 | ## How to use? 14 | 15 | ```bash 16 | $ helm repo add codimd https://helm.codimd.dev/ 17 | $ helm install my-release codimd/codimd 18 | ``` 19 | 20 | ## Parameters 21 | 22 | ### Common Helm parameters 23 | 24 | If you use AWS EKS, please setup global.storageClass as `gp2` 25 | 26 | | Parameter | Description | Default | 27 | | ---------------- |:--------------------------------------------------------------------------------------------------- | ------- | 28 | | storageClass | default storageClass for PersistenVolume | `nil` | 29 | | nameOverride | String to partially override codimd.fullname template with a string (will prepend the release name) | `nil` | 30 | | fullnameOverride | String to fully override codimd.fullname template with a string | `nil` | 31 | 32 | ### Docker image parameters 33 | 34 | | Parameter | Description | Default | 35 | | ----------------- |:-------------------------------- | ----------------- | 36 | | image.registry | CodiMD docker image registry | `nabo.codimd.dev` | 37 | | image.repository | CodiMD docker image repository | `hackmdio/hackmd` | 38 | | image.tag | CodiMD docker image version tag | `2.2.0` | 39 | | image.pullPolicy | CodiMD docker image pull policy | `IfNotPresent` | 40 | | image.pullSecrets | CodiMD docker image pull secrets | `[]` | 41 | 42 | ### Deploy an internal database parameters 43 | 44 | This Helm chart contains `postgreSQL` and `mariaDB`, you just select one database to deploy. if you want to use external database (maybe cloud provider service or self-hosted database), just set `postgresql.enabled` and `mariadb.enabled` to be `false` and manuall assign database connection parameters in `codimd.database`. 45 | 46 | | Parameter | Description | Default | 47 | | ---------------------------------- |:-------------------------------------- | ---------- | 48 | | postgresql.enabled | Deploy a PostgreSQL server as database | `true` | 49 | | postgresql.volumePermissions | Enable database persistence using PVC | `true` | 50 | | postgresql.postgresqlUsername | Database user to create | `codimd` | 51 | | postgresql.postgresqlPassword | Password for the database | `changeme` | 52 | | postgresql.postgresqlDatabase | Database name to create | `codimd` | 53 | | mariadb.enabled | Deploy a MariaDB server as database | `false` | 54 | | mariadb.volumePermissions.enabled | Enable database persistence using PVC | `true` | 55 | | mariadb.db.user | Database user to create | `codimd` | 56 | | mariadb.db.password | Password for the database | `changeme` | 57 | | mariadb.db.name | Database name to create | `codimd` | 58 | | mariadb.master.persistence.enabled | Enable database persistence using PVC | `true` | 59 | | mariadb.replication.enabled | MariaDB replication enabled | `false` | 60 | 61 | ### Networking conectivity parameters 62 | 63 | If you want use ingress, please set `service.type` to be `ClusterIP` 64 | 65 | | Parameter | Description | Default | 66 | | ----------------------------- |:------------------------------------- | -------------- | 67 | | service.type | Kubernetes Service type | `LoadBalancer` | 68 | | service.port | Service HTTP port | `80` | 69 | | service.externalTrafficPolicy | Service externalTrafficPolicy | `nil` | 70 | | service.loadBalancerIP | Service loadBalancerIP | `nil` | 71 | | ingress.enabled | If `true` Ingress will be created | `false` | 72 | | ingress.annotations | Ingress annotations | `nil` | 73 | | ingress.hosts | Ingress hostnames | `nil` | 74 | | ingress.tls | Ingress TLS configuration (YAML) | `nil` | 75 | 76 | 77 | ### CodiMD common parameters 78 | 79 | | Parameter | Description | Default | 80 | | ---------------------------------------------- |:--------------------------------------------------------------------------------------------------------- | ---------------------------- | 81 | | codimd.affinity | Affinity for pod assignment | `nil` | 82 | | codimd.tolerations | Tolerations for pod assignment | `nil` | 83 | | codimd.nodeSelector | Node labels for pod assignment | `nil` | 84 | | codimd.podAnnotations | Extra annotation for pod | `nil` | 85 | | codimd.securityContext.runAsGroup | Group ID for the CodiMD container | `1500` | 86 | | codimd.securityContext.runAsUser | User ID for the CodiMD container | `1500` | 87 | | codimd.securityContext.fsGroup | Group ID for the CodiMD filesystem | `1500` | 88 | | codimd.securityContext.runAsNonRoot | Run non root in CodiMD container | `trrue` | 89 | | codimd.connection.domain | The domain name your service will be hosted. | `nil` | 90 | | codimd.connection.urlAddPort | Set to assign port for URL. (You don’t need this for ports 80 or 443. This only works when domain is set) | `false` | 91 | | codimd.connection.protocolUseSSL | Use SSL protocol for resources path (applied only when domain is set). | `false` | 92 | | codimd.database.type | The external database type (only accept `postgres`, `mysql`) | `nil` | 93 | | codimd.database.host | The host of external database | `nil` | 94 | | codimd.database.port | The port of external database | `nil` | 95 | | codimd.database.username | The username that connects to external database | `nil` | 96 | | codimd.database.password | The password that connects to external database | `nil` | 97 | | codimd.database.databaseName | The external database name we used | `nil` | 98 | | codimd.imageUpload.storeType | The type of image storage | `filesystem` | 99 | | codimd.imageUpload.imgur.clientId | The Imgur OAuth ClientID | `nil` | 100 | | codimd.imageUpload.azure.connectionString | The Azure image store connection string | `nil` | 101 | | codimd.imageUpload.azure.container | The Azure image store container name | `nil` | 102 | | codimd.imageUpload.lutim.url | The lutim URL | `nil` | 103 | | codimd.imageUpload.minio.endpoint | The minio endpoint | `nil` | 104 | | codimd.imageUpload.minio.secure | The minio endpoint is secure or not | `nil` | 105 | | codimd.imageUpload.minio.port | The minio port | `nil` | 106 | | codimd.imageUpload.minio.accessKey | The minio access key | `nil` | 107 | | codimd.imageUpload.minio.secretKey | The minio secret key | `nil` | 108 | | codimd.imageUpload.s3.endpoint | The AWS s3 endpoint | `nil` | 109 | | codimd.imageUpload.s3.region | The AWS s3 region | `nil` | 110 | | codimd.imageUpload.s3.accessKeyId | The AWS s3 access key | `nil` | 111 | | codimd.imageUpload.s3.secretKey | The AWS s3 secret key | `nil` | 112 | | codimd.imageUpload.s3.bucket | The AWS s3 bucket name | `nil` | 113 | | codimd.imageStorePersistentVolume.enabled | Enable image persistence using PVC | `true` | 114 | | codimd.imageStorePersistentVolume.size | The size of persistence volume | `10Gi` | 115 | | codimd.imageStorePersistentVolume.storageClass | The storageClass of persistence volume | `-` | 116 | | codimd.imageStorePersistentVolume.accessModes | The accessModes of persistence volume | [`ReadWriteOnce`] | 117 | | codimd.imageStorePersistentVolume.volumeMode | The volumeMode of persistence volume | `Filesystem` | 118 | | codimd.versionCheck | Enable automatically version checker | `true` | 119 | | codimd.security.useCDN | Whether CodiMD would use static assets served on CDN | `false` | 120 | | codimd.security.sessionSecret | The secret string to sign session, please must change this value | `changeit` | 121 | | codimd.security.sessionLife | The time to expire for session | `1209600000` | 122 | | codimd.security.hstsEnabled | Whether HTST is enabled or not | `true` | 123 | | codimd.security.hstsMaxAge | | `31536000` | 124 | | codimd.security.hstsIncludeSubdomain | | `false` | 125 | | codimd.security.hstsPreload | | `true` | 126 | | codimd.security.cspEnabled | Whether CSP is enabled or not | `true` | 127 | | codimd.security.cspReportUri | | `nil` | 128 | | codimd.security.allowOrigin | | `nil` | 129 | | codimd.security.allowGravatar | | `true` | 130 | | codimd.allowPDFExport | | `false` | 131 | | codimd.responseMaxLag | | `70` | 132 | | codimd.noteCreation.freeUrlEnabled | Allow using free url to create note | `false` | 133 | | codimd.noteCreation.freeUrlForbiddenNoteIds | | `robots.txt,favicon.ico,api` | 134 | | codimd.noteCreation.defaultPermission | The default permission for note created | `editable` | 135 | | codimd.notePermission.allowAnonymousEdit | Enable anonymouse edit | `true` | 136 | | codimd.notePermission.allowAnonymousView | Enable anonymouse view | `true` | 137 | | codimd.markdown.plantUMLServer | | `nil` | 138 | | codimd.markdown.useHardBreak | | `true` | 139 | | codimd.markdown.linkifyHeaderStyle | | `keep-case` | 140 | | codimd.extraEnvironmentVariables | Extra environment variable for CodiMD container | `{}` | 141 | ### CodiMD Authentication Method parameters 142 | 143 | | Parameter | Description | Default | 144 | | ------------------------------------------------------- |:--------------------------------------------------------------------------------------------------------- | ----------------- | 145 | | codimd.authentication.local.enabled | Enable to use email for auth | `true` | 146 | | codimd.authentication.local.allowRegister | Allow register with email | `true` | 147 | | codimd.authentication.bitbucket.enabled | Enable to use BitBucket for auth | `false` | 148 | | codimd.authentication.bitbucket.key | OAuth key for BitBucket auth | `nil` | 149 | | codimd.authentication.bitbucket.secret | OAuth secret for BitBucket auth | `nil` | 150 | | codimd.authentication.dropbox.enabled | Enable to use Dropbox for auth | `false` | 151 | | codimd.authentication.dropbox.appKey | OAuth app key for Dropbox auth | `nil` | 152 | | codimd.authentication.dropbox.appSecret | OAuth app secret for Dropbox auth | `nil` | 153 | | codimd.authentication.facebook.enabled | Enable to use Facebook for auth | `false` | 154 | | codimd.authentication.facebook.clientId | OAuth client id for Facebook auth | `nil` | 155 | | codimd.authentication.facebook.secret | OAuth secret for Facebook auth | `nil` | 156 | | codimd.authentication.github.enabled | Enable to use GitHub for auth | `false` | 157 | | codimd.authentication.github.clientId | OAuth client id for GitHub auth | `nil` | 158 | | codimd.authentication.github.secret | OAuth secret for GitHub auth | `nil` | 159 | | codimd.authentication.github.enterpriseUrl | GitHub Enterprise OAuth endpoint url for GitHub auth | `nil` | 160 | | codimd.authentication.gitlab.enabled | Enable to use GitLab for auth | `false` | 161 | | codimd.authentication.gitlab.domain | GitLab instance domain for GitLab auth | `nil` | 162 | | codimd.authentication.gitlab.scope | OAuth scope for GitLab auth | `nil` | 163 | | codimd.authentication.gitlab.applicationId | OAuth application id for GitLab auth | `nil` | 164 | | codimd.authentication.gitlab.secret | OAuth secret for GitLab auth | `nil` | 165 | | codimd.authentication.google.enabled | Enable to use Google for auth | `false` | 166 | | codimd.authentication.google.clientId | OAuth client id for Google auth | `nil` | 167 | | codimd.authentication.google.secret | OAuth secret for Google auth | `nil` | 168 | | codimd.authentication.google.hostedDomain | Google hosted OAuth domain for Google auth | `nil` | 169 | | codimd.authentication.ldap.enabled | Enable to use LDAP for auth | `false` | 170 | | codimd.authentication.ldap.providerName | See the LDAP doc | `nil` | 171 | | codimd.authentication.ldap.url | | `nil` | 172 | | codimd.authentication.ldap.tlsCA | | `nil` | 173 | | codimd.authentication.ldap.bindDN | | `nil` | 174 | | codimd.authentication.ldap.bindCredentials | | `nil` | 175 | | codimd.authentication.ldap.searchBase | | `nil` | 176 | | codimd.authentication.ldap.searchFilter | | `nil` | 177 | | codimd.authentication.ldap.searchAttributes | | `nil` | 178 | | codimd.authentication.ldap.attributes.id | | `nil` | 179 | | codimd.authentication.ldap.attributes.username | | `nil` | 180 | | codimd.authentication.mattermost.enabled | Enable to use Mattermost for auth | `false` | 181 | | codimd.authentication.mattermost.domain | OAuth doamin for Mattermost auth | `nil` | 182 | | codimd.authentication.mattermost.clientId | OAuth client id for Mattermost auth | `nil` | 183 | | codimd.authentication.mattermost.secret | OAuth secret for Mattermost auth | `nil` | 184 | | codimd.authentication.oauth2.enabled | See the OAuth2 doc | `false` | 185 | | codimd.authentication.oauth2.providerName | | `nil` | 186 | | codimd.authentication.oauth2.domain | | `nil` | 187 | | codimd.authentication.oauth2.clientId | | `nil` | 188 | | codimd.authentication.oauth2.secret | | `nil` | 189 | | codimd.authentication.oauth2.authorizationUrl | | `nil` | 190 | | codimd.authentication.oauth2.tokenUrl | | `nil` | 191 | | codimd.authentication.oauth2.userProfileUrl | | `nil` | 192 | | codimd.authentication.oauth2.scope | | `nil` | 193 | | codimd.authentication.oauth2.attributes.username | | `nil` | 194 | | codimd.authentication.oauth2.attributes.displayName | | `nil` | 195 | | codimd.authentication.oauth2.attributes.email | | `nil` | 196 | | codimd.authentication.openID.enabled | See the OpenID doc | `false` | 197 | | codimd.authentication.saml.enabled | See the SAML doc | `false` | 198 | | codimd.authentication.saml.idpSSOUrl | | `nil` | 199 | | codimd.authentication.saml.idpCert | | `nil` | 200 | | codimd.authentication.saml.issuer | | `nil` | 201 | | codimd.authentication.saml.identifierFormat | | `nil` | 202 | | codimd.authentication.saml.disableRequestedAuthnContext | | `nil` | 203 | | codimd.authentication.saml.groupAttribute | | `nil` | 204 | | codimd.authentication.saml.externalGroups | | `nil` | 205 | | codimd.authentication.saml.requiredGroups | | `nil` | 206 | | codimd.authentication.saml.attributes.id | | `nil` | 207 | | codimd.authentication.saml.attributes.username | | `nil` | 208 | | codimd.authentication.saml.attributes.email | | `nil` | 209 | | codimd.authentication.twitter.enabled | Enable to use Twitter for auth | `false` | 210 | | codimd.authentication.twitter.consumerKey | OAuth consumer key for Twitter auth | `nil` | 211 | | codimd.authentication.twitter.comsumerSecret | OAuth consumer secret for Twitter auth | `nil` | 212 | -------------------------------------------------------------------------------- /charts/codimd/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://charts.bitnami.com/bitnami 4 | version: ~8.6.10 5 | - name: mariadb 6 | repository: https://charts.bitnami.com/bitnami 7 | version: ~7.3.16 8 | digest: sha256:fe33265de0d9cfca53db9536d7aa5f38b2e391e2c240b4039829484b81b741a5 9 | generated: "2020-04-05T00:57:10.506914+08:00" 10 | -------------------------------------------------------------------------------- /charts/codimd/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | version: ~8.6.10 4 | condition: postgresql.enabled 5 | repository: https://charts.bitnami.com/bitnami 6 | - name: mariadb 7 | version: ~7.3.16 8 | condition: mariadb.enabled 9 | repository: https://charts.bitnami.com/bitnami -------------------------------------------------------------------------------- /charts/codimd/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }} 2 | 3 | Your release is named {{ .Release.Name }}. 4 | 5 | Browse https://hackmd.io/c/codimd-documentation to get more information about CodiMD. 6 | 7 | {{ if contains "changeit" .Values.codimd.security.sessionSecret }} 8 | =============================================================================================== 9 | 10 | Important: 11 | 12 | For the security reason, please consider change codimd.security.sessionSecret to random secret. 13 | 14 | =============================================================================================== 15 | {{ end }} 16 | {{ if contains "LoadBalancer" .Values.service.type }} 17 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 18 | Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "codimd.fullname" . }} ' 19 | {{ else if .Values.ingress.enabled }} 20 | {{ if .Values.ingress.tlsSecret }} 21 | Your CodiMD is located in: https://{{ .Values.ingress.hostname }}/ 22 | {{ else }} 23 | Your CodiMD is located in: http://{{ .Values.ingress.hostname }}/ 24 | {{ end }} 25 | {{ end }} 26 | -------------------------------------------------------------------------------- /charts/codimd/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "codimd.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 6 | {{- end -}} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | */}} 12 | {{- define "codimd.fullname" -}} 13 | {{- if .Values.fullnameOverride -}} 14 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 15 | {{- else -}} 16 | {{- $name := default .Chart.Name .Values.nameOverride -}} 17 | {{- if contains $name .Release.Name -}} 18 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 19 | {{- else -}} 20 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 21 | {{- end -}} 22 | {{- end -}} 23 | {{- end -}} 24 | 25 | {{- define "codimd.shortName" -}} 26 | {{- $name := include "codimd.fullname" . }} 27 | {{- printf "%s" $name | trunc 50 | trimSuffix "-" -}} 28 | {{- end -}} 29 | 30 | {{/* 31 | Create chart name and version as used by the chart label. 32 | */}} 33 | {{- define "codimd.chart" -}} 34 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Common labels 39 | */}} 40 | {{- define "codimd.labels" -}} 41 | app.kubernetes.io/name: {{ include "codimd.name" . }} 42 | helm.sh/chart: {{ include "codimd.chart" . }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | app.kubernetes.io/instance: {{ .Release.Name }} 45 | app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.tag }} 46 | {{- end -}} 47 | 48 | 49 | {{/* 50 | Return the docker image 51 | */}} 52 | {{- define "codimd.image" -}} 53 | {{- $registryName := default "nabo.codimd.dev" .Values.image.registry -}} 54 | {{- $repositoryName := default "hackmdio/hackmd" .Values.image.repository -}} 55 | {{- $tag := default .Chart.AppVersion .Values.image.tag -}} 56 | {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 57 | {{- end -}} 58 | 59 | {{/* 60 | Return the CodiMD domain 61 | */}} 62 | {{- define "codimd.domain" -}} 63 | {{- $domain := default .Values.codimd.connection.domain .Values.ingress.hostname -}} 64 | {{- printf "%s" $domain -}} 65 | {{- end -}} 66 | 67 | {{/* 68 | Embedded PostgreSQL service name 69 | */}} 70 | {{- define "codimd.postgresql-svc" -}} 71 | {{- if .Values.postgresql.fullnameOverride -}} 72 | {{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}} 73 | {{- else -}} 74 | {{- $name := default "postgresql" .Values.postgresql.nameOverride -}} 75 | {{- if contains $name .Release.Name -}} 76 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 77 | {{- else -}} 78 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 79 | {{- end -}} 80 | {{- end -}} 81 | {{- end -}} 82 | 83 | 84 | {{/* 85 | Embedded MariaDB service name 86 | */}} 87 | {{- define "codimd.mariadb-svc" -}} 88 | {{- if .Values.mariadb.fullnameOverride -}} 89 | {{- .Values.mariadb.fullnameOverride | trunc 63 | trimSuffix "-" -}} 90 | {{- else -}} 91 | {{- $name := default "mariadb" .Values.mariadb.nameOverride -}} 92 | {{- if contains $name .Release.Name -}} 93 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 94 | {{- else -}} 95 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 96 | {{- end -}} 97 | {{- end -}} 98 | {{- end -}} 99 | 100 | {{/* 101 | Return the appropriate apiVersion for deployment. 102 | */}} 103 | {{- define "codimd.deployment.apiVersion" -}} 104 | {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} 105 | {{- print "extensions/v1beta1" -}} 106 | {{- else -}} 107 | {{- print "apps/v1" -}} 108 | {{- end -}} 109 | {{- end -}} 110 | 111 | {{/* 112 | Return the proper Storage Class 113 | */}} 114 | {{- define "codimd.storageClass" -}} 115 | {{/* 116 | Helm 2.11 supports the assignment of a value to a variable defined in a different scope, 117 | but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. 118 | */}} 119 | {{- if .Values.global -}} 120 | {{- if .Values.global.storageClass -}} 121 | {{- if (eq "-" .Values.global.storageClass) -}} 122 | {{- printf "storageClassName: \"\"" -}} 123 | {{- else }} 124 | {{- printf "storageClassName: %s" .Values.global.storageClass -}} 125 | {{- end -}} 126 | {{- end -}} 127 | {{- else if .Values.storageClass -}} 128 | {{- if (eq "-" .Values.storageClass) -}} 129 | {{- printf "storageClassName: \"\"" -}} 130 | {{- else }} 131 | {{- printf "storageClassName: %s" .Values.storageClass -}} 132 | {{- end -}} 133 | {{- else if .Values.codimd.imageStorePersistentVolume.storageClass -}} 134 | {{- if (eq "-" .Values.codimd.imageStorePersistentVolume.storageClass) -}} 135 | {{- printf "storageClassName: \"\"" -}} 136 | {{- else }} 137 | {{- printf "storageClassName: %s" .Values.codimd.imageStorePersistentVolume.storageClass -}} 138 | {{- end -}} 139 | {{- end -}} 140 | {{- end -}} 141 | 142 | {{/* 143 | Return need create image secret 144 | */}} 145 | {{- define "codimd.needImageSecret" -}} 146 | {{- $imgur := false -}} 147 | {{- $s3 := false -}} 148 | {{- $minio := false -}} 149 | {{- $azure := false -}} 150 | {{- if .Values.codimd.imageUpload.imgur -}} 151 | {{- if .Values.codimd.imageUpload.imgur.clientId -}} 152 | {{- $imgur = true -}} 153 | {{- end -}} 154 | {{- end -}} 155 | {{- if .Values.codimd.imageUpload.s3 -}} 156 | {{- if .Values.codimd.imageUpload.s3.accessKeyId -}} 157 | {{- $s3 = true -}} 158 | {{- end -}} 159 | {{- end -}} 160 | {{- if .Values.codimd.imageUpload.minio -}} 161 | {{- if .Values.codimd.imageUpload.minio.accessKey -}} 162 | {{- $minio = true -}} 163 | {{- end -}} 164 | {{- end -}} 165 | {{- if .Values.codimd.imageUpload.azure -}} 166 | {{- if .Values.codimd.imageUpload.azure.connectionString -}} 167 | {{- $azure = true -}} 168 | {{- end -}} 169 | {{- end -}} 170 | {{- $needImage := (or $imgur (or $s3 (or $minio $azure))) -}} 171 | {{- print $needImage -}} 172 | {{- end -}} -------------------------------------------------------------------------------- /charts/codimd/templates/auth-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "codimd.shortName" . }}-auth-env 5 | stringData: 6 | CMD_EMAIL: {{ .Values.codimd.authentication.local.enabled | toString | quote }} 7 | CMD_ALLOW_EMAIL_REGISTER: {{ .Values.codimd.authentication.local.allowRegister | toString | quote }} 8 | 9 | {{/* Authentication - Bitbucket */}} 10 | {{ if .Values.codimd.authentication.bitbucket.enabled }} 11 | CMD_BITBUCKET_CLIENTID: {{ .Values.codimd.authentication.bitbucket.key | toString | quote }} 12 | CMD_BITBUCKET_CLIENTSECRET: {{ .Values.codimd.authentication.bitbucket.secret | toString | quote }} 13 | {{ end }} 14 | 15 | {{/* Authentication - Dropbox */}} 16 | {{ if .Values.codimd.authentication.dropbox.enabled }} 17 | CMD_DROPBOX_CLIENTID: {{ .Values.codimd.authentication.dropbox.appKey | toString | quote }} 18 | CMD_DROPBOX_CLIENTSECRET: {{ .Values.codimd.authentication.dropbox.appSecret | toString | quote }} 19 | {{ end }} 20 | 21 | {{/* Authentication - Facebook */}} 22 | {{ if .Values.codimd.authentication.facebook.enabled }} 23 | CMD_FACEBOOK_CLIENTID: {{ .Values.codimd.authentication.facebook.clientId | toString | quote }} 24 | CMD_FACEBOOK_CLIENTSECRET: {{ .Values.codimd.authentication.facebook.secret | toString | quote }} 25 | {{ end }} 26 | 27 | {{/* Authentication - GitHub */}} 28 | {{ if .Values.codimd.authentication.github.enabled }} 29 | {{ if .Values.codimd.authentication.github.enterpriseUrl }} 30 | CMD_GITHUB_ENTERPRISE_URL: {{ .Values.codimd.authentication.github.enterpriseUrl | trim | toString | quote }} 31 | {{ end }} 32 | CMD_GITHUB_CLIENTID: {{ .Values.codimd.authentication.github.clientId | toString | quote }} 33 | CMD_GITHUB_CLIENTSECRET: {{ .Values.codimd.authentication.github.secret | toString | quote }} 34 | {{ end }} 35 | 36 | {{/* Authentication - GitLab */}} 37 | {{ if .Values.codimd.authentication.gitlab.enabled }} 38 | {{ if .Values.codimd.authentication.gitlab.domain}} 39 | CMD_GITLAB_BASEURL: {{ .Values.codimd.authentication.gitlab.domain | toString | quote }} 40 | {{ end }} 41 | {{ if .Values.codimd.authentication.gitlab.scope }} 42 | CMD_GITLAB_SCOPE: {{ .Values.codimd.authentication.gitlab.scope | toString | quote }} 43 | {{ end }} 44 | CMD_GITLAB_CLIENTID: {{ .Values.codimd.authentication.gitlab.applicationId | toString | quote }} 45 | CMD_GITLAB_CLIENTSECRET: {{ .Values.codimd.authentication.gitlab.secret | toString | quote }} 46 | {{ end }} 47 | 48 | {{/* Authentication - Google */}} 49 | {{ if .Values.codimd.authentication.google.enabled }} 50 | CMD_GOOGLE_CLIENTID: {{ .Values.codimd.authentication.google.clientId | toString | quote }} 51 | CMD_GOOGLE_CLIENTSECRET: {{ .Values.codimd.authentication.google.secret | toString | quote }} 52 | {{ if .Values.codimd.authentication.google.hostedDomain }} 53 | CMD_GOOGLE_HOSTEDDOMAIN: {{ .Values.codimd.authentication.google.hostedDomain | toString | quote }} 54 | {{ end }} 55 | {{ end }} 56 | 57 | {{/* Authentication - LDAP */}} 58 | {{ if .Values.codimd.authentication.ldap.enabled }} 59 | CMD_LDAP_PROVIDERNAME: {{ .Values.codimd.authentication.ldap.providerName | toString | quote }} 60 | CMD_LDAP_URL: {{ .Values.codimd.authentication.ldap.url | toString | quote }} 61 | {{ if .Values.codimd.authentication.ldap.tlsCA }} 62 | CMD_LDAP_TLS_CA: {{ .Values.codimd.authentication.ldap.providerName | toString | quote }} 63 | {{ end }} 64 | CMD_LDAP_BINDDN: {{ .Values.codimd.authentication.ldap.bindDN | toString | quote }} 65 | {{ if .Values.codimd.authentication.ldap.bindCredentials }} 66 | CMD_LDAP_BINDCREDENTIALS: {{ .Values.codimd.authentication.ldap.bindCredentials | toString | quote }} 67 | {{ end }} 68 | {{ if .Values.codimd.authentication.ldap.searchBase }} 69 | CMD_LDAP_SEARCHBASE: {{ .Values.codimd.authentication.ldap.searchBase | toString | quote }} 70 | {{ end }} 71 | {{ if .Values.codimd.authentication.ldap.searchFilter }} 72 | CMD_LDAP_SEARCHFILTER: {{ .Values.codimd.authentication.ldap.searchFilter | toString | quote }} 73 | {{ end }} 74 | {{ if .Values.codimd.authentication.ldap.searchAttributes }} 75 | CMD_LDAP_SEARCHATTRIBUTES: {{ .Values.codimd.authentication.ldap.searchAttributes | toString | quote }} 76 | {{ end }} 77 | {{ if .Values.codimd.authentication.ldap.attributes.id}} 78 | CMD_LDAP_USERIDFIELD: {{ .Values.codimd.authentication.ldap.attributes.id | toString | quote }} 79 | {{ end }} 80 | {{ if .Values.codimd.authentication.ldap.attributes.username }} 81 | CMD_LDAP_USERNAMEFIELD: {{ .Values.codimd.authentication.ldap.attributes.username | toString | quote }} 82 | {{ end }} 83 | {{ end }} 84 | 85 | {{/* Authentication - Mattermost */}} 86 | {{ if .Values.codimd.authentication.mattermost.enabled }} 87 | CMD_MATTERMOST_BASEURL: {{ .Values.codimd.authentication.mattermost.domain | toString | quote }} 88 | CMD_MATTERMOST_CLIENTID: {{ .Values.codimd.authentication.mattermost.clientId | toString | quote }} 89 | CMD_MATTERMOST_CLIENTSECRET: {{ .Values.codimd.authentication.mattermost.secret | toString | quote }} 90 | {{ end }} 91 | 92 | {{/* Authentication - OAuth2 */}} 93 | {{ if .Values.codimd.authentication.oauth2.enabled }} 94 | CMD_OAUTH2_PROVIDERNAME: {{ .Values.codimd.authentication.oauth2.providerName | toString | quote }} 95 | CMD_OAUTH2_BASEURL: {{ .Values.codimd.authentication.oauth2.domain | toString | quote }} 96 | CMD_OAUTH2_CLIENT_ID: {{ .Values.codimd.authentication.oauth2.clientId | toString | quote }} 97 | CMD_OAUTH2_CLIENT_SECRET: {{ .Values.codimd.authentication.oauth2.secret | toString | quote }} 98 | CMD_OAUTH2_AUTHORIZATION_URL: {{ .Values.codimd.authentication.oauth2.authorizationUrl | toString | quote }} 99 | CMD_OAUTH2_TOKEN_URL: {{ .Values.codimd.authentication.oauth2.tokenUrl | toString | quote }} 100 | CMD_OAUTH2_USER_PROFILE_URL: {{ .Values.codimd.authentication.oauth2.userProfileUrl | toString | quote }} 101 | CMD_OAUTH2_SCOPE: {{ .Values.codimd.authentication.oauth2.scope | toString | quote }} 102 | CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: {{ .Values.codimd.authentication.oauth2.attributes.username | toString | quote }} 103 | CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: {{ .Values.codimd.authentication.oauth2.attributes.displayName | toString | quote }} 104 | CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: {{ .Values.codimd.authentication.oauth2.attributes.email | toString | quote }} 105 | {{ end }} 106 | 107 | {{/* Authentication - OpenID */}} 108 | {{ if .Values.codimd.authentication.openID.enabled }} 109 | CMD_OPENID: {{ .Values.codimd.authentication.openID.enabled | toString | quote }} 110 | {{ end }} 111 | 112 | {{/* Authentication - OAuth2 */}} 113 | {{ if .Values.codimd.authentication.saml.enabled }} 114 | CMD_SAML_IDPSSOURL: {{ .Values.codimd.authentication.saml.idpSSOUrl | toString | quote }} 115 | {{ if .Values.codimd.authentication.saml.idpCert }} 116 | CMD_SAML_IDPCERT: {{ .Values.codimd.authentication.saml.idpCert | toString | quote }} 117 | {{ end }} 118 | CMD_SAML_ISSUER: {{ .Values.codimd.authentication.saml.issuer | toString | quote }} 119 | CMD_SAML_IDENTIFIERFORMAT: {{ .Values.codimd.authentication.saml.identifierFormat | toString | quote }} 120 | CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT: {{ .Values.codimd.authentication.saml.disableRequestedAuthnContext | toString | quote }} 121 | CMD_SAML_GROUPATTRIBUTE: {{ .Values.codimd.authentication.saml.groupAttribute | toString | quote }} 122 | CMD_SAML_EXTERNALGROUPS: {{ .Values.codimd.authentication.saml.externalGroups | toString | quote }} 123 | CMD_SAML_REQUIREDGROUPS: {{ .Values.codimd.authentication.saml.requiredGroups | toString | quote }} 124 | CMD_SAML_ATTRIBUTE_ID: {{ .Values.codimd.authentication.saml.attributes.id | toString | quote }} 125 | CMD_SAML_ATTRIBUTE_USERNAME: {{ .Values.codimd.authentication.saml.attributes.username | toString | quote }} 126 | CMD_SAML_ATTRIBUTE_EMAIL: {{ .Values.codimd.authentication.saml.attributes.email | toString | quote }} 127 | {{ end }} 128 | 129 | {{/* Authentication - Twitter */}} 130 | {{ if .Values.codimd.authentication.twitter.enabled }} 131 | CMD_TWITTER_CONSUMERKEY: {{ .Values.codimd.authentication.twitter.consumerKey | toString | quote }} 132 | CMD_TWITTER_CONSUMERSECRET: {{ .Values.codimd.authentication.twitter.comsumerSecret | toString | quote }} 133 | {{ end }} 134 | -------------------------------------------------------------------------------- /charts/codimd/templates/db-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "codimd.shortName" . }}-db-secret 5 | stringData: 6 | {{ if .Values.postgresql.enabled }} 7 | connection: "postgres://{{ .Values.postgresql.postgresqlUsername }}:{{ .Values.postgresql.postgresqlPassword }}@{{ template "codimd.postgresql-svc" . }}/{{ .Values.postgresql.postgresqlDatabase }}" 8 | {{ else if .Values.mariadb.enabled }} 9 | connection: "mysql://{{ .Values.mariadb.db.user }}:{{ .Values.mariadb.db.password }}@{{ template "codimd.mariadb-svc" . }}/{{ .Values.mariadb.db.name }}" 10 | {{ else if .Values.codimd.database }} 11 | connection: "{{ .Values.codimd.database.type }}://{{ .Values.codimd.database.username }}:{{ .Values.codimd.database.password }}@{{ .Values.codimd.database.host }}:{{ .Values.codimd.database.port }}/{{ .Values.codimd.database.databaseName }}" 12 | {{ else }} 13 | connection: "postgres://localhost/codimd" 14 | {{ end }} -------------------------------------------------------------------------------- /charts/codimd/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: {{ template "codimd.deployment.apiVersion" . }} 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "codimd.fullname" . }} 5 | labels: 6 | app.kubernetes.io/component: server 7 | {{- include "codimd.labels" . | nindent 4 }} 8 | spec: 9 | replicas: 1 10 | strategy: 11 | {{ if .Values.codimd.imageStorePersistentVolume.enabled }} 12 | type: Recreate 13 | {{ else }} 14 | {{/* Because of CodiMD using socket.io as realtime server, if their has many instances may breaking note contents */}} 15 | type: RollingUpdate 16 | rollingUpdate: 17 | maxSurge: 1 18 | maxUnavailable: 1 19 | {{ end }} 20 | selector: 21 | matchLabels: 22 | app.kubernetes.io/component: server 23 | app.kubernetes.io/name: {{ include "codimd.name" . }} 24 | app.kubernetes.io/instance: {{ .Release.Name }} 25 | template: 26 | metadata: 27 | name: {{ template "codimd.fullname" . }} 28 | labels: 29 | app.kubernetes.io/component: server 30 | {{- include "codimd.labels" . | nindent 8 }} 31 | annotations: 32 | checksum/db-secret: {{ include (print $.Template.BasePath "/db-secret.yaml") . | sha256sum | quote }} 33 | checksum/auth-secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum | quote }} 34 | {{ if .Values.codimd.security.sessionSecret }} 35 | checksum/session-secret: {{ include (print $.Template.BasePath "/session-secret.yaml") . | sha256sum | quote }} 36 | {{ end }} 37 | {{ if contains "true" (include "codimd.needImageSecret" .) }} 38 | checksum/session-secret: {{ include (print $.Template.BasePath "/image-upload-secret.yaml") . | sha256sum | quote }} 39 | {{ end }} 40 | {{ if .Values.codimd.podAnnotations }} 41 | {{ toYaml .Values.codimd.podAnnotations | nindent 8 }} 42 | {{ end }} 43 | spec: 44 | {{ if .Values.codimd.securityContext }} 45 | securityContext: 46 | {{ toYaml .Values.codimd.securityContext | nindent 8 }} 47 | {{ end }} 48 | {{ if .Values.codimd.affinity }} 49 | affinity: 50 | {{ toYaml .Values.codimd.affinity | nindent 8 }} 51 | {{ end }} 52 | {{ if .Values.codimd.tolerations }} 53 | tolerations: 54 | {{ toYaml .Values.codimd.tolerations | nindent 8 }} 55 | {{ end }} 56 | {{ if .Values.codimd.nodeSelector }} 57 | nodeSelector: 58 | {{ toYaml .Values.codimd.nodeSelector | nindent 8 }} 59 | {{ end }} 60 | {{ if .Values.image.pullSecrets }} 61 | imagePullSecrets: 62 | {{ toYaml .Values.image.pullSecrets | nindent 8 }} 63 | {{end }} 64 | containers: 65 | - name: codimd 66 | image: {{ template "codimd.image" . }} 67 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 68 | env: 69 | {{ if .Values.codimd.connection.domain }} 70 | - name: CMD_DOMAIN 71 | value: {{ .Values.codimd.connection.domain | quote }} 72 | {{ end }} 73 | - name: CMD_URL_ADDPORT 74 | value: {{ .Values.codimd.connection.urlAddPort | quote }} 75 | - name: CMD_PROTOCOL_USESSL 76 | value: {{ .Values.codimd.connection.protocolUseSSL | quote }} 77 | - name: CMD_USECDN 78 | value: {{ .Values.codimd.security.useCDN | quote }} 79 | - name: CMD_DB_URL 80 | valueFrom: 81 | secretKeyRef: 82 | name: {{ template "codimd.shortName" . }}-db-secret 83 | key: connection 84 | - name: CMD_SESSION_LIFE 85 | value: {{ .Values.codimd.security.sessionLife | quote }} 86 | - name: CMD_HSTS_ENABLE 87 | value: {{ .Values.codimd.security.hstsEnabled | quote }} 88 | - name: CMD_HSTS_MAX_AGE 89 | value: {{ .Values.codimd.security.hstsMaxAge | quote }} 90 | - name: CMD_HSTS_INCLUDE_SUBDOMAINS 91 | value: {{ .Values.codimd.security.hstsIncludeSubdomain | quote }} 92 | - name: CMD_HSTS_PRELOAD 93 | value: {{ .Values.codimd.security.hstsPreload | quote }} 94 | - name: CMD_CSP_ENABLE 95 | value: {{ .Values.codimd.security.cspEnabled | quote }} 96 | {{ if .Values.codimd.security.cspReportUri }} 97 | - name: CMD_CSP_REPORTURI 98 | value: {{ .Values.codimd.security.cspReportUri | quote }} 99 | {{ end }} 100 | {{ if .Values.codimd.security.allowOrigin }} 101 | - name: CMD_ALLOW_ORIGIN 102 | value: {{ .Values.codimd.security.allowOrigin | quote }} 103 | {{ end }} 104 | - name: CMD_ALLOW_GRAVATAR 105 | value: {{ .Values.codimd.security.allowGravatar | quote }} 106 | - name: CMD_RESPONSE_MAX_LAG 107 | value: {{ .Values.codimd.responseMaxLag | quote }} 108 | - name: CMD_IMAGE_UPLOAD_TYPE 109 | value: {{ .Values.codimd.imageUpload.storeType | quote }} 110 | - name: CMD_ALLOW_FREEURL 111 | value: {{ .Values.codimd.noteCreation.freeUrlEnabled | quote }} 112 | - name: CMD_FORBIDDEN_NOTE_IDS 113 | value: {{ .Values.codimd.noteCreation.freeUrlForbiddenNoteIds | quote }} 114 | - name: CMD_DEFAULT_PERMISSION 115 | value: {{ .Values.codimd.noteCreation.defaultPermission | quote }} 116 | - name: CMD_ALLOW_ANONYMOUS_EDITS 117 | value: {{ .Values.codimd.notePermission.allowAnonymousEdit | quote}} 118 | - name: CMD_ALLOW_ANONYMOUS_VIEWS 119 | value: {{ .Values.codimd.notePermission.allowAnonymousView | quote}} 120 | - name: CMD_ALLOW_PDF_EXPORT 121 | value: {{ .Values.codimd.allowPDFExport | quote }} 122 | {{ if .Values.codimd.markdown.plantUMLServer }} 123 | - name: CMD_PLANTUML_SERVER 124 | value: {{ .Values.codimd.markdown.plantUMLServer }} 125 | {{ end }} 126 | - name: CMD_DEFAULT_USE_HARD_BREAK 127 | value: {{ .Values.codimd.markdown.useHardBreak | quote }} 128 | - name: CMD_LINKIFY_HEADER_STYLE 129 | value: {{ .Values.codimd.markdown.linkifyHeaderStyle | quote }} 130 | - name: CMD_AUTO_VERSION_CHECK 131 | value: {{ .Values.codimd.versionCheck | quote }} 132 | {{ if .Values.codimd.extraEnvironmentVariables }} 133 | {{ range $key, $val := .Values.codimd.extraEnvironmentVariables }} 134 | - name: {{ $key | quote }} 135 | value: {{ $val | quote }} 136 | {{ end }} 137 | {{ end }} 138 | envFrom: 139 | - secretRef: 140 | name: {{ template "codimd.shortName" . }}-auth-env 141 | {{ if .Values.codimd.security.sessionSecret }} 142 | - secretRef: 143 | name: {{ template "codimd.shortName" . }}-session 144 | {{ end }} 145 | {{ if contains "true" (include "codimd.needImageSecret" .) }} 146 | - secretRef: 147 | name: {{ template "codimd.shortName" . }}-image-upload 148 | {{ end }} 149 | ports: 150 | - name: http 151 | containerPort: 3000 152 | {{ if .Values.codimd.imageStorePersistentVolume.enabled }} 153 | volumeMounts: 154 | - mountPath: /home/hackmd/app/public/uploads 155 | name: image-store 156 | {{ end }} 157 | readinessProbe: 158 | httpGet: 159 | port: 3000 160 | path: /status 161 | initialDelaySeconds: 3 162 | failureThreshold: 2 163 | successThreshold: 3 164 | timeoutSeconds: 2 165 | periodSeconds: 5 166 | livenessProbe: 167 | failureThreshold: 3 168 | httpGet: 169 | path: /status 170 | port: 3000 171 | scheme: HTTP 172 | initialDelaySeconds: 3 173 | periodSeconds: 5 174 | successThreshold: 1 175 | timeoutSeconds: 2 176 | restartPolicy: Always 177 | {{ if .Values.codimd.imageStorePersistentVolume.enabled }} 178 | volumes: 179 | - name: image-store 180 | persistentVolumeClaim: 181 | claimName: {{ template "codimd.fullname" . }} 182 | {{ end }} 183 | -------------------------------------------------------------------------------- /charts/codimd/templates/image-upload-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if contains "true" (include "codimd.needImageSecret" .) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "codimd.shortName" . }}-image-upload 6 | labels: 7 | app.kubernetes.io/component: image-upload-secret 8 | {{ include "codimd.labels" . | nindent 4 }} 9 | stringData: 10 | {{/* imgur */}} 11 | {{- if .Values.codimd.imageUpload.imgur -}} 12 | {{- if .Values.codimd.imageUpload.imgur.clientId -}} 13 | CMD_IMGUR_CLIENTID: {{ .Values.codimd.imageUpload.imgur.clientId | quote }} 14 | {{ end }} 15 | {{- end -}} 16 | 17 | {{/* s3 */}} 18 | {{- if .Values.codimd.imageUpload.s3 -}} 19 | {{- if .Values.codimd.imageUpload.s3.accessKeyId -}} 20 | CMD_S3_ACCESS_KEY_ID: {{ default "" .Values.codimd.imageUpload.s3.accessKeyId | quote }} 21 | CMD_S3_SECRET_ACCESS_KEY: {{ default "" .Values.codimd.imageUpload.s3.secretKey | quote }} 22 | CMD_S3_BUCKET: {{ default "" .Values.codimd.imageUpload.s3.bucket | quote }} 23 | {{ if .Values.codimd.imageUpload.s3.region }} 24 | CMD_S3_REGION: {{ .Values.codimd.imageUpload.s3.region }} 25 | {{ end }} 26 | {{ if .Values.codimd.imageUpload.s3.endpoint }} 27 | CMD_S3_ENDPOINT: {{ .Values.codimd.imageUpload.s3.endpoint }} 28 | {{ end }} 29 | {{ end }} 30 | {{- end -}} 31 | 32 | {{/* minio */}} 33 | {{- if .Values.codimd.imageUpload.minio -}} 34 | {{- if .Values.codimd.imageUpload.minio.accessKey -}} 35 | CMD_MINIO_ACCESS_KEY: {{ default "" .Values.codimd.imageUpload.minio.accessKey | quote }} 36 | CMD_MINIO_SECRET_KEY: {{ default "" .Values.codimd.imageUpload.minio.secretKey | quote }} 37 | CMD_MINIO_ENDPOINT: {{ default "" .Values.codimd.imageUpload.minio.endpoint | quote }} 38 | CMD_MINIO_SECURE: {{ default "true" .Values.codimd.imageUpload.minio.secure | quote }} 39 | CMD_MINIO_PORT: {{ default "" .Values.codimd.imageUpload.minio.port | quote }} 40 | {{ end }} 41 | {{ end }} 42 | 43 | {{/* azure */}} 44 | {{- if .Values.codimd.imageUpload.azure -}} 45 | {{- if .Values.codimd.imageUpload.azure.connectionString -}} 46 | CMD_AZURE_CONNECTION_STRING: {{ default "" .Values.codimd.imageUpload.azure.connectionString | quote }} 47 | CMD_AZURE_CONTAINER: {{ default "" .Values.codimd.imageUpload.azure.container | quote }} 48 | {{ end }} 49 | {{ end }} 50 | {{ end }} -------------------------------------------------------------------------------- /charts/codimd/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "codimd.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "codimd.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/codimd/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.codimd.imageStorePersistentVolume.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ template "codimd.fullname" . }} 6 | labels: 7 | app.kubernetes.io/component: pvc 8 | {{- include "codimd.labels" . | nindent 4}} 9 | spec: 10 | accessModes: 11 | {{ range .Values.codimd.imageStorePersistentVolume.accessModes }} 12 | - {{ . | quote }} 13 | {{ end }} 14 | volumeMode: {{ .Values.codimd.imageStorePersistentVolume.volumeMode }} 15 | resources: 16 | requests: 17 | storage: {{ default "10G" .Values.codimd.imageStorePersistentVolume.size | quote }} 18 | {{- include "codimd.storageClass" . | nindent 2 }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/codimd/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "codimd.fullname" . }} 5 | labels: 6 | app.kubernetes.io/component: Service 7 | {{ include "codimd.labels" . | nindent 4 }} 8 | {{ if .Values.service.annotations }} 9 | annotations: 10 | {{ toYaml .Values.service.annotations | nindent 4 }} 11 | {{ end }} 12 | spec: 13 | type: {{ .Values.service.type }} 14 | {{ if (and (eq .Values.service.type "LoadBalancer") .Values.service.externalTrafficPolicy) }} 15 | externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} 16 | {{ end }} 17 | {{ if (and (eq "LoadBalancer" .Values.service.type) .Values.service.loadBalancerIP) }} 18 | loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }} 19 | {{ end }} 20 | selector: 21 | app.kubernetes.io/component: server 22 | {{- include "codimd.labels" . | nindent 4 }} 23 | ports: 24 | - port: {{ .Values.service.port }} 25 | targetPort: 3000 -------------------------------------------------------------------------------- /charts/codimd/templates/session-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.codimd.security.sessionSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "codimd.shortName" . }}-session 6 | labels: 7 | app.kubernetes.io/component: sessionSecret 8 | {{ include "codimd.labels" . | nindent 4 }} 9 | stringData: 10 | CMD_SESSION_SECRET: {{ .Values.codimd.security.sessionSecret | quote }} 11 | {{ end }} -------------------------------------------------------------------------------- /charts/codimd/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for codimd. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # storageClass: 6 | # nameOverride: 7 | # fullnameOverride: 8 | 9 | image: 10 | registry: "nabo.codimd.dev" 11 | repository: "hackmdio/hackmd" 12 | tag: "2.5.1" 13 | pullPolicy: IfNotPresent 14 | pullSecrets: [] 15 | # - myRegistryKeySecretName 16 | 17 | ## 18 | ## PostgreSQL chart configuration 19 | ## 20 | ## Reference: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml 21 | ## 22 | ## If you want to use external database, just set postgresql.enabled to false 23 | ## 24 | postgresql: 25 | enabled: true 26 | volumePermissions: 27 | enabled: true 28 | postgresqlUsername: codimd 29 | postgresqlPassword: changeme 30 | postgresqlDatabase: codimd 31 | ## 32 | ## MariaDB chart configuration 33 | ## 34 | ## Reference: https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml 35 | ## 36 | ## If you prefer MariaDB, we also supported. 37 | ## 38 | mariadb: 39 | enabled: false 40 | volumePermissions: 41 | enabled: true 42 | db: 43 | user: codimd 44 | password: changeme 45 | name: codimd 46 | master: 47 | persistence: 48 | enabled: true 49 | replication: 50 | enabled: false 51 | 52 | 53 | ## 54 | ## Kubernetes service 55 | ## use NodePort for minikube 56 | ## other environment use LoadBalancer or ClusterIP 57 | ## 58 | service: 59 | annotations: {} 60 | type: "LoadBalancer" 61 | port: 80 62 | # externalTrafficPolicy: 63 | # loadBalancerIP: 64 | 65 | ## 66 | ## Ingress configuration 67 | ## 68 | ingress: 69 | enabled: false 70 | annotations: {} 71 | # kubernetes.io/ingress.class: nginx 72 | # kubernetes.io/tls-acme: "true" 73 | hosts: 74 | - host: chart-example.local 75 | paths: 76 | - / 77 | tls: [] 78 | # - secretName: chart-example-tls 79 | # hosts: 80 | # - chart-example.local 81 | 82 | 83 | ## 84 | ## CodiMD application configuration 85 | ## 86 | codimd: 87 | ## 88 | ## Affinity for pod assignment 89 | ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 90 | ## 91 | affinity: {} 92 | ## 93 | ## Tolerations for pod assignment. Evaluated as a template. 94 | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 95 | ## 96 | tolerations: {} 97 | ## 98 | ## Node labels for pod assignment. Evaluated as a template. 99 | ## ref: https://kubernetes.io/docs/user-guide/node-selection/ 100 | ## 101 | nodeSelector: {} 102 | ## 103 | ## Pod annotations 104 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 105 | ## 106 | podAnnotations: {} 107 | ## 108 | ## security context 109 | ## 110 | securityContext: 111 | runAsGroup: 1500 112 | runAsUser: 1500 113 | fsGroup: 1500 114 | runAsNonRoot: true 115 | 116 | ## 117 | ## connection setting 118 | ## 119 | connection: 120 | ## if you doesn't using ingress, you can setup domain for your CodiMD instances 121 | # domain: 122 | ## if you want to add port number on your url 123 | urlAddPort: false 124 | ## if you use load balancer or setup TLS on ingress 125 | protocolUseSSL: false 126 | 127 | ## 128 | ## External database configuration 129 | ## if you want to use external database 130 | ## database type only support mysql and postgres 131 | ## 132 | # database: 133 | # type: postgres 134 | # host: 135 | # port: 136 | # username: 137 | # password: 138 | # databaseName: 139 | 140 | ## 141 | ## Image upload store 142 | ## 143 | imageUpload: 144 | storeType: filesystem 145 | # imgur: 146 | # clientId: 147 | # azure: 148 | # connectionString: 149 | # container: 150 | # lutim: 151 | # url: 152 | # minio: 153 | # endpoint: 154 | # secure: 155 | # port: 156 | # accessKey: 157 | # secretKey: 158 | # s3: 159 | # endpoint: 160 | # region: 161 | # accessKeyId: 162 | # secretKey: 163 | # bucket: 164 | imageStorePersistentVolume: 165 | enabled: true 166 | size: '10Gi' 167 | storageClass: "-" 168 | accessModes: 169 | - ReadWriteOnce 170 | volumeMode: Filesystem 171 | 172 | ## for advanced used, manually setup environment for used 173 | extraEnvironmentVariables: {} 174 | # CMD_LOGLEVEL: info 175 | 176 | ## automatically check new version 177 | versionCheck: true 178 | 179 | ## 180 | ## about security setting 181 | ## 182 | security: 183 | useCDN: 'false' 184 | # session secret, please change this value 185 | sessionSecret: 'changeit' 186 | sessionLife: '1209600000' 187 | ## HSTS setting 188 | hstsEnabled: 'true' 189 | hstsMaxAge: '31536000' 190 | hstsIncludeSubdomain: 'false' 191 | hstsPreload: 'true' 192 | ## CSP setting 193 | cspEnabled: 'true' 194 | # cspReportUri: 195 | ## setup allow origin 196 | # allowOrigin: 197 | ## use gravatar.com as user gravatar 198 | allowGravatar: 'true' 199 | 200 | ## 201 | ## for tooBusy block user when server event loop lag more than ? ms 202 | ## 203 | responseMaxLag: '70' 204 | 205 | ## 206 | ## setting about note creation 207 | ## 208 | noteCreation: 209 | freeUrlEnabled: 'false' 210 | freeUrlForbiddenNoteIds: 'robots.txt,favicon.ico,api' 211 | defaultPermission: 'editable' 212 | ## 213 | ## setting about note permission 214 | ## 215 | notePermission: 216 | allowAnonymousEdit: true 217 | allowAnonymousView: true 218 | ## 219 | ## allow export note to pdf 220 | ## 221 | allowPDFExport: false 222 | ## 223 | ## setting about markdown 224 | ## 225 | markdown: 226 | # plantUMLServer: 227 | useHardBreak: true 228 | linkifyHeaderStyle: 'keep-case' 229 | 230 | ## 231 | ## User Authentication Methods 232 | ## 233 | authentication: 234 | ## 235 | ## authentication by Email and Password 236 | local: 237 | enabled: true 238 | allowRegister: true 239 | bitbucket: 240 | enabled: false 241 | key: 242 | secret: 243 | dropbox: 244 | enabled: false 245 | appKey: 246 | appSecret: 247 | facebook: 248 | enabled: false 249 | clientId: 250 | secret: 251 | github: 252 | enabled: false 253 | clientId: 254 | secret: 255 | ## provide enterprise url if you use GitHub Enterprise Version 256 | enterpriseUrl: 257 | gitlab: 258 | enabled: false 259 | domain: 260 | scope: 261 | applicationId: 262 | secret: 263 | google: 264 | enabled: false 265 | clientId: 266 | secret: 267 | hostedDomain: 268 | ldap: 269 | enabled: false 270 | providerName: 271 | url: 272 | tlsCA: 273 | bindDN: 274 | bindCredentials: 275 | searchBase: 276 | searchFilter: 277 | searchAttributes: 278 | attributes: 279 | id: 280 | username: 281 | mattermost: 282 | enabled: false 283 | domain: 284 | clientId: 285 | secret: 286 | oauth2: 287 | enabled: false 288 | providerName: 289 | domain: 290 | clientId: 291 | secret: 292 | authorizationUrl: 293 | tokenUrl: 294 | userProfileUrl: 295 | scope: 296 | attributes: 297 | username: 298 | displayName: 299 | email: 300 | openID: 301 | enabled: false 302 | saml: 303 | enabled: false 304 | idpSSOUrl: 305 | idpCert: 306 | issuer: 307 | identifierFormat: 308 | disableRequestedAuthnContext: 309 | groupAttribute: 310 | externalGroups: 311 | requiredGroups: 312 | attributes: 313 | id: 314 | username: 315 | email: 316 | twitter: 317 | enabled: 318 | consumerKey: 319 | comsumerSecret: 320 | --------------------------------------------------------------------------------