diff --git a/charts/codimd/.helmignore b/charts/codimd/.helmignore
new file mode 100644
index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778
--- /dev/null
+++ b/charts/codimd/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/codimd/Chart.yaml b/charts/codimd/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ba989203adca350ba31a8cd5ff67834f10f7e1cc
--- /dev/null
+++ b/charts/codimd/Chart.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+name: codimd
+description: A CodiMD Helm chart for Kubernetes
+icon: https://hackmd.io/favicon.png
+keywords:
+ - codimd
+ - markdown
+ - collaboration
+maintainers:
+ - name: HackMD Inc. Dev Team
+ email: support@hackmd.io
+
+sources:
+ - https://github.com/hackmdio/codimd
+ - https://github.com/hackmdio/codimd-helm
+
+kubeVersion: ">=1.14.0-0"
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.10
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 2.3.2
diff --git a/charts/codimd/README.md b/charts/codimd/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..27157ac3b6b04e1d29c6b4a68aa81afd1a6418a1
--- /dev/null
+++ b/charts/codimd/README.md
@@ -0,0 +1,211 @@
+# CodiMD
+
+[CodiMD](https://github.com/hackmdio/codimd) is a realtime collaborative markdown notes on all platforms.
+
+Look at [CodiMD Documentation](https://hackmd.io/c/codimd-documentation) for detail setting.
+
+## Prerequisites
+
+- Kubernetes 1.14+
+- Helm 2.16+ or Helm 3.0+
+- PV provisioner support in the underlying infrastructure
+
+## How to use?
+
+```bash
+$ helm repo add codimd https://helm.codimd.dev/
+$ helm install my-release codimd/codimd
+```
+
+## Parameters
+
+### Common Helm parameters
+
+If you use AWS EKS, please setup global.storageClass as `gp2`
+
+| Parameter | Description | Default |
+| ---------------- |:--------------------------------------------------------------------------------------------------- | ------- |
+| storageClass | default storageClass for PersistenVolume | `nil` |
+| nameOverride | String to partially override codimd.fullname template with a string (will prepend the release name) | `nil` |
+| fullnameOverride | String to fully override codimd.fullname template with a string | `nil` |
+
+### Docker image parameters
+
+| Parameter | Description | Default |
+| ----------------- |:-------------------------------- | ----------------- |
+| image.registry | CodiMD docker image registry | `nabo.codimd.dev` |
+| image.repository | CodiMD docker image repository | `hackmdio/hackmd` |
+| image.tag | CodiMD docker image version tag | `2.2.0` |
+| image.pullPolicy | CodiMD docker image pull policy | `IfNotPresent` |
+| image.pullSecrets | CodiMD docker image pull secrets | `[]` |
+
+### Deploy an internal database parameters
+
+This Helm chart contains `postgreSQL` and `mariaDB`, you just select one database to deploy. if you want to use external database (maybe cloud provider service or self-hosted database), just set `postgresql.enabled` and `mariadb.enabled` to be `false` and manuall assign database connection parameters in `codimd.database`.
+
+| Parameter | Description | Default |
+| ---------------------------------- |:-------------------------------------- | ---------- |
+| postgresql.enabled | Deploy a PostgreSQL server as database | `true` |
+| postgresql.volumePermissions | Enable database persistence using PVC | `true` |
+| postgresql.postgresqlUsername | Database user to create | `codimd` |
+| postgresql.postgresqlPassword | Password for the database | `changeme` |
+| postgresql.postgresqlDatabase | Database name to create | `codimd` |
+| mariadb.enabled | Deploy a MariaDB server as database | `false` |
+| mariadb.volumePermissions.enabled | Enable database persistence using PVC | `true` |
+| mariadb.db.user | Database user to create | `codimd` |
+| mariadb.db.password | Password for the database | `changeme` |
+| mariadb.db.name | Database name to create | `codimd` |
+| mariadb.master.persistence.enabled | Enable database persistence using PVC | `true` |
+| mariadb.replication.enabled | MariaDB replication enabled | `false` |
+
+### Networking conectivity parameters
+
+If you want use ingress, please set `service.type` to be `ClusterIP`
+
+| Parameter | Description | Default |
+| ----------------------------- |:------------------------------------- | -------------- |
+| service.type | Kubernetes Service type | `LoadBalancer` |
+| service.port | Service HTTP port | `80` |
+| service.externalTrafficPolicy | Service externalTrafficPolicy | `nil` |
+| service.loadBalancerIP | Service loadBalancerIP | `nil` |
+| ingress.enabled | If `true` Ingress will be created | `false` |
+| ingress.annotations | Ingress annotations | `nil` |
+| ingress.hosts | Ingress hostnames | `nil` |
+| ingress.tls | Ingress TLS configuration (YAML) | `nil` |
+
+
+### CodiMD common parameters
+
+| Parameter | Description | Default |
+| ---------------------------------------------- |:--------------------------------------------------------------------------------------------------------- | ---------------------------- |
+| codimd.affinity | Affinity for pod assignment | `nil` |
+| codimd.tolerations | Tolerations for pod assignment | `nil` |
+| codimd.nodeSelector | Node labels for pod assignment | `nil` |
+| codimd.podAnnotations | Extra annotation for pod | `nil` |
+| codimd.securityContext.runAsGroup | Group ID for the CodiMD container | `1500` |
+| codimd.securityContext.runAsUser | User ID for the CodiMD container | `1500` |
+| codimd.securityContext.fsGroup | Group ID for the CodiMD filesystem | `1500` |
+| codimd.securityContext.runAsNonRoot | Run non root in CodiMD container | `trrue` |
+| codimd.connection.domain | The domain name your service will be hosted. | `nil` |
+| codimd.connection.urlAddPort | Set to assign port for URL. (You don’t need this for ports 80 or 443. This only works when domain is set) | `false` |
+| codimd.connection.protocolUseSSL | Use SSL protocol for resources path (applied only when domain is set). | `false` |
+| codimd.database.type | The external database type (only accept `postgres`, `mysql`) | `nil` |
+| codimd.database.host | The host of external database | `nil` |
+| codimd.database.port | The port of external database | `nil` |
+| codimd.database.username | The username that connects to external database | `nil` |
+| codimd.database.password | The password that connects to external database | `nil` |
+| codimd.database.databaseName | The external database name we used | `nil` |
+| codimd.imageUpload.storeType | The type of image storage | `filesystem` |
+| codimd.imageUpload.imgur.clientId | The Imgur OAuth ClientID | `nil` |
+| codimd.imageUpload.azure.connectionString | The Azure image store connection string | `nil` |
+| codimd.imageUpload.azure.container | The Azure image store container name | `nil` |
+| codimd.imageUpload.lutim.url | The lutim URL | `nil` |
+| codimd.imageUpload.minio.endpoint | The minio endpoint | `nil` |
+| codimd.imageUpload.minio.secure | The minio endpoint is secure or not | `nil` |
+| codimd.imageUpload.minio.port | The minio port | `nil` |
+| codimd.imageUpload.minio.accessKey | The minio access key | `nil` |
+| codimd.imageUpload.minio.secretKey | The minio secret key | `nil` |
+| codimd.imageUpload.s3.endpoint | The AWS s3 endpoint | `nil` |
+| codimd.imageUpload.s3.region | The AWS s3 region | `nil` |
+| codimd.imageUpload.s3.accessKeyId | The AWS s3 access key | `nil` |
+| codimd.imageUpload.s3.secretKey | The AWS s3 secret key | `nil` |
+| codimd.imageUpload.s3.bucket | The AWS s3 bucket name | `nil` |
+| codimd.imageStorePersistentVolume.enabled | Enable image persistence using PVC | `true` |
+| codimd.imageStorePersistentVolume.size | The size of persistence volume | `10Gi` |
+| codimd.imageStorePersistentVolume.storageClass | The storageClass of persistence volume | `-` |
+| codimd.imageStorePersistentVolume.accessModes | The accessModes of persistence volume | [`ReadWriteOnce`] |
+| codimd.imageStorePersistentVolume.volumeMode | The volumeMode of persistence volume | `Filesystem` |
+| codimd.versionCheck | Enable automatically version checker | `true` |
+| codimd.security.useCDN | Whether CodiMD would use static assets served on CDN | `false` |
+| codimd.security.sessionSecret | The secret string to sign session, please must change this value | `changeit` |
+| codimd.security.sessionLife | The time to expire for session | `1209600000` |
+| codimd.security.hstsEnabled | Whether HTST is enabled or not | `true` |
+| codimd.security.hstsMaxAge | | `31536000` |
+| codimd.security.hstsIncludeSubdomain | | `false` |
+| codimd.security.hstsPreload | | `true` |
+| codimd.security.cspEnabled | Whether CSP is enabled or not | `true` |
+| codimd.security.cspReportUri | | `nil` |
+| codimd.security.allowOrigin | | `nil` |
+| codimd.security.allowGravatar | | `true` |
+| codimd.allowPDFExport | | `false` |
+| codimd.responseMaxLag | | `70` |
+| codimd.noteCreation.freeUrlEnabled | Allow using free url to create note | `false` |
+| codimd.noteCreation.freeUrlForbiddenNoteIds | | `robots.txt,favicon.ico,api` |
+| codimd.noteCreation.defaultPermission | The default permission for note created | `editable` |
+| codimd.notePermission.allowAnonymousEdit | Enable anonymouse edit | `true` |
+| codimd.notePermission.allowAnonymousView | Enable anonymouse view | `true` |
+| codimd.markdown.plantUMLServer | | `nil` |
+| codimd.markdown.useHardBreak | | `true` |
+| codimd.markdown.linkifyHeaderStyle | | `keep-case` |
+| codimd.extraEnvironmentVariables | Extra environment variable for CodiMD container | `{}` |
+### CodiMD Authentication Method parameters
+
+| Parameter | Description | Default |
+| ------------------------------------------------------- |:--------------------------------------------------------------------------------------------------------- | ----------------- |
+| codimd.authentication.local.enabled | Enable to use email for auth | `true` |
+| codimd.authentication.local.allowRegister | Allow register with email | `true` |
+| codimd.authentication.bitbucket.enabled | Enable to use BitBucket for auth | `false` |
+| codimd.authentication.bitbucket.key | OAuth key for BitBucket auth | `nil` |
+| codimd.authentication.bitbucket.secret | OAuth secret for BitBucket auth | `nil` |
+| codimd.authentication.dropbox.enabled | Enable to use Dropbox for auth | `false` |
+| codimd.authentication.dropbox.appKey | OAuth app key for Dropbox auth | `nil` |
+| codimd.authentication.dropbox.appSecret | OAuth app secret for Dropbox auth | `nil` |
+| codimd.authentication.facebook.enabled | Enable to use Facebook for auth | `false` |
+| codimd.authentication.facebook.clientId | OAuth client id for Facebook auth | `nil` |
+| codimd.authentication.facebook.secret | OAuth secret for Facebook auth | `nil` |
+| codimd.authentication.github.enabled | Enable to use GitHub for auth | `false` |
+| codimd.authentication.github.clientId | OAuth client id for GitHub auth | `nil` |
+| codimd.authentication.github.secret | OAuth secret for GitHub auth | `nil` |
+| codimd.authentication.github.enterpriseUrl | GitHub Enterprise OAuth endpoint url for GitHub auth | `nil` |
+| codimd.authentication.gitlab.enabled | Enable to use GitLab for auth | `false` |
+| codimd.authentication.gitlab.domain | GitLab instance domain for GitLab auth | `nil` |
+| codimd.authentication.gitlab.scope | OAuth scope for GitLab auth | `nil` |
+| codimd.authentication.gitlab.applicationId | OAuth application id for GitLab auth | `nil` |
+| codimd.authentication.gitlab.secret | OAuth secret for GitLab auth | `nil` |
+| codimd.authentication.google.enabled | Enable to use Google for auth | `false` |
+| codimd.authentication.google.clientId | OAuth client id for Google auth | `nil` |
+| codimd.authentication.google.secret | OAuth secret for Google auth | `nil` |
+| codimd.authentication.google.hostedDomain | Google hosted OAuth domain for Google auth | `nil` |
+| codimd.authentication.ldap.enabled | Enable to use LDAP for auth | `false` |
+| codimd.authentication.ldap.providerName | See the LDAP doc | `nil` |
+| codimd.authentication.ldap.url | | `nil` |
+| codimd.authentication.ldap.tlsCA | | `nil` |
+| codimd.authentication.ldap.bindDN | | `nil` |
+| codimd.authentication.ldap.bindCredentials | | `nil` |
+| codimd.authentication.ldap.searchBase | | `nil` |
+| codimd.authentication.ldap.searchFilter | | `nil` |
+| codimd.authentication.ldap.searchAttributes | | `nil` |
+| codimd.authentication.ldap.attributes.id | | `nil` |
+| codimd.authentication.ldap.attributes.username | | `nil` |
+| codimd.authentication.mattermost.enabled | Enable to use Mattermost for auth | `false` |
+| codimd.authentication.mattermost.domain | OAuth doamin for Mattermost auth | `nil` |
+| codimd.authentication.mattermost.clientId | OAuth client id for Mattermost auth | `nil` |
+| codimd.authentication.mattermost.secret | OAuth secret for Mattermost auth | `nil` |
+| codimd.authentication.oauth2.enabled | See the OAuth2 doc | `false` |
+| codimd.authentication.oauth2.providerName | | `nil` |
+| codimd.authentication.oauth2.domain | | `nil` |
+| codimd.authentication.oauth2.clientId | | `nil` |
+| codimd.authentication.oauth2.secret | | `nil` |
+| codimd.authentication.oauth2.authorizationUrl | | `nil` |
+| codimd.authentication.oauth2.tokenUrl | | `nil` |
+| codimd.authentication.oauth2.userProfileUrl | | `nil` |
+| codimd.authentication.oauth2.scope | | `nil` |
+| codimd.authentication.oauth2.attributes.username | | `nil` |
+| codimd.authentication.oauth2.attributes.displayName | | `nil` |
+| codimd.authentication.oauth2.attributes.email | | `nil` |
+| codimd.authentication.openID.enabled | See the OpenID doc | `false` |
+| codimd.authentication.saml.enabled | See the SAML doc | `false` |
+| codimd.authentication.saml.idpSSOUrl | | `nil` |
+| codimd.authentication.saml.idpCert | | `nil` |
+| codimd.authentication.saml.issuer | | `nil` |
+| codimd.authentication.saml.identifierFormat | | `nil` |
+| codimd.authentication.saml.disableRequestedAuthnContext | | `nil` |
+| codimd.authentication.saml.groupAttribute | | `nil` |
+| codimd.authentication.saml.externalGroups | | `nil` |
+| codimd.authentication.saml.requiredGroups | | `nil` |
+| codimd.authentication.saml.attributes.id | | `nil` |
+| codimd.authentication.saml.attributes.username | | `nil` |
+| codimd.authentication.saml.attributes.email | | `nil` |
+| codimd.authentication.twitter.enabled | Enable to use Twitter for auth | `false` |
+| codimd.authentication.twitter.consumerKey | OAuth consumer key for Twitter auth | `nil` |
+| codimd.authentication.twitter.comsumerSecret | OAuth consumer secret for Twitter auth | `nil` |
diff --git a/charts/codimd/RELEASENOTES.md b/charts/codimd/RELEASENOTES.md
new file mode 100644
index 0000000000000000000000000000000000000000..d837b4a67b918d8ef195c18c0d3c121f7207838b
--- /dev/null
+++ b/charts/codimd/RELEASENOTES.md
@@ -0,0 +1,6 @@
+# Changelog
+
+| Chart version | App version | Change description |
+| :------------ | :---------- | :----------------- |
+| 0.1.0 | 2.4.0 | ... |
+| | | |
diff --git a/charts/codimd/templates/NOTES.txt b/charts/codimd/templates/NOTES.txt
new file mode 100644
index 0000000000000000000000000000000000000000..a91895f4744c96efcafaf940774f0a12b8badd47
--- /dev/null
+++ b/charts/codimd/templates/NOTES.txt
@@ -0,0 +1,25 @@
+Thank you for installing {{ .Chart.Name }}
+
+Your release is named {{ .Release.Name }}.
+
+Browse https://hackmd.io/c/codimd-documentation to get more information about CodiMD.
+
+{{ if contains "changeit" .Values.codimd.security.sessionSecret }}
+===============================================================================================
+
+Important:
+
+For the security reason, please consider change codimd.security.sessionSecret to random secret.
+
+===============================================================================================
+{{ end }}
+{{ if contains "LoadBalancer" .Values.service.type }}
+NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "codimd.fullname" . }} '
+{{ else if .Values.ingress.enabled }}
+ {{ if .Values.ingress.tlsSecret }}
+ Your CodiMD is located in: https://{{ .Values.ingress.hostname }}/
+ {{ else }}
+ Your CodiMD is located in: http://{{ .Values.ingress.hostname }}/
+ {{ end }}
+{{ end }}
diff --git a/charts/codimd/templates/_helpers.tpl b/charts/codimd/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..8f2a3857d22b337fc47f756a3c3a56e8497062f0
--- /dev/null
+++ b/charts/codimd/templates/_helpers.tpl
@@ -0,0 +1,172 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "codimd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "codimd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "codimd.shortName" -}}
+{{- $name := include "codimd.fullname" . }}
+{{- printf "%s" $name | trunc 50 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "codimd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "codimd.labels" -}}
+app.kubernetes.io/name: {{ include "codimd.name" . }}
+helm.sh/chart: {{ include "codimd.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+
+
+{{/*
+Return the docker image
+*/}}
+{{- define "codimd.image" -}}
+{{- $registryName := default "nabo.codimd.dev" .Values.image.registry -}}
+{{- $repositoryName := default "hackmdio/hackmd" .Values.image.repository -}}
+{{- $tag := default .Chart.AppVersion .Values.image.tag -}}
+{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+
+{{/*
+Return the CodiMD domain
+*/}}
+{{- define "codimd.domain" -}}
+{{- $domain := default .Values.codimd.connection.domain .Values.ingress.hostname -}}
+{{- printf "%s" $domain -}}
+{{- end -}}
+
+{{/*
+Embedded PostgreSQL service name
+*/}}
+{{- define "codimd.postgresql-svc" -}}
+{{- if .Values.postgresql.fullnameOverride -}}
+ {{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+ {{- $name := default "postgresql" .Values.postgresql.nameOverride -}}
+ {{- if contains $name .Release.Name -}}
+ {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+ {{- else -}}
+ {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Embedded MariaDB service name
+*/}}
+{{- define "codimd.mariadb-svc" -}}
+{{- if .Values.mariadb.fullnameOverride -}}
+ {{- .Values.mariadb.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+ {{- $name := default "mariadb" .Values.mariadb.nameOverride -}}
+ {{- if contains $name .Release.Name -}}
+ {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+ {{- else -}}
+ {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "codimd.deployment.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Storage Class
+*/}}
+{{- define "codimd.storageClass" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+*/}}
+{{- if .Values.global -}}
+ {{- if .Values.global.storageClass -}}
+ {{- if (eq "-" .Values.global.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+{{- else if .Values.storageClass -}}
+ {{- if (eq "-" .Values.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.storageClass -}}
+ {{- end -}}
+{{- else if .Values.codimd.imageStorePersistentVolume.storageClass -}}
+ {{- if (eq "-" .Values.codimd.imageStorePersistentVolume.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.codimd.imageStorePersistentVolume.storageClass -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return need create image secret
+*/}}
+{{- define "codimd.needImageSecret" -}}
+{{- $imgur := false -}}
+{{- $s3 := false -}}
+{{- $minio := false -}}
+{{- $azure := false -}}
+{{- if .Values.codimd.imageUpload.imgur -}}
+ {{- if .Values.codimd.imageUpload.imgur.clientId -}}
+ {{- $imgur = true -}}
+ {{- end -}}
+{{- end -}}
+{{- if .Values.codimd.imageUpload.s3 -}}
+ {{- if .Values.codimd.imageUpload.s3.accessKeyId -}}
+ {{- $s3 = true -}}
+ {{- end -}}
+{{- end -}}
+{{- if .Values.codimd.imageUpload.minio -}}
+ {{- if .Values.codimd.imageUpload.minio.accessKey -}}
+ {{- $minio = true -}}
+ {{- end -}}
+{{- end -}}
+{{- if .Values.codimd.imageUpload.azure -}}
+ {{- if .Values.codimd.imageUpload.azure.connectionString -}}
+ {{- $azure = true -}}
+ {{- end -}}
+{{- end -}}
+{{- $needImage := (or $imgur (or $s3 (or $minio $azure))) -}}
+{{- print $needImage -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/codimd/templates/auth-secret.yaml b/charts/codimd/templates/auth-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..93f4ea752c3448c9ff6277a71ad5250f6640c2df
--- /dev/null
+++ b/charts/codimd/templates/auth-secret.yaml
@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "codimd.shortName" . }}-auth-env
+stringData:
+ CMD_EMAIL: {{ .Values.codimd.authentication.local.enabled | toString | quote }}
+ CMD_ALLOW_EMAIL_REGISTER: {{ .Values.codimd.authentication.local.allowRegister | toString | quote }}
+
+ {{/* Authentication - Bitbucket */}}
+ {{ if .Values.codimd.authentication.bitbucket.enabled }}
+ CMD_BITBUCKET_CLIENTID: {{ .Values.codimd.authentication.bitbucket.key | toString | quote }}
+ CMD_BITBUCKET_CLIENTSECRET: {{ .Values.codimd.authentication.bitbucket.secret | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - Dropbox */}}
+ {{ if .Values.codimd.authentication.dropbox.enabled }}
+ CMD_DROPBOX_CLIENTID: {{ .Values.codimd.authentication.dropbox.appKey | toString | quote }}
+ CMD_DROPBOX_CLIENTSECRET: {{ .Values.codimd.authentication.dropbox.appSecret | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - Facebook */}}
+ {{ if .Values.codimd.authentication.facebook.enabled }}
+ CMD_FACEBOOK_CLIENTID: {{ .Values.codimd.authentication.facebook.clientId | toString | quote }}
+ CMD_FACEBOOK_CLIENTSECRET: {{ .Values.codimd.authentication.facebook.secret | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - GitHub */}}
+ {{ if .Values.codimd.authentication.github.enabled }}
+ {{ if .Values.codimd.authentication.github.enterpriseUrl }}
+ CMD_GITHUB_ENTERPRISE_URL: {{ .Values.codimd.authentication.github.enterpriseUrl | trim | toString | quote }}
+ {{ end }}
+ CMD_GITHUB_CLIENTID: {{ .Values.codimd.authentication.github.clientId | toString | quote }}
+ CMD_GITHUB_CLIENTSECRET: {{ .Values.codimd.authentication.github.secret | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - GitLab */}}
+ {{ if .Values.codimd.authentication.gitlab.enabled }}
+ {{ if .Values.codimd.authentication.gitlab.domain}}
+ CMD_GITLAB_BASEURL: {{ .Values.codimd.authentication.gitlab.domain | toString | quote }}
+ {{ end }}
+ {{ if .Values.codimd.authentication.gitlab.scope }}
+ CMD_GITLAB_SCOPE: {{ .Values.codimd.authentication.gitlab.scope | toString | quote }}
+ {{ end }}
+ CMD_GITLAB_CLIENTID: {{ .Values.codimd.authentication.gitlab.applicationId | toString | quote }}
+ CMD_GITLAB_CLIENTSECRET: {{ .Values.codimd.authentication.gitlab.secret | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - Google */}}
+ {{ if .Values.codimd.authentication.google.enabled }}
+ CMD_GOOGLE_CLIENTID: {{ .Values.codimd.authentication.google.clientId | toString | quote }}
+ CMD_GOOGLE_CLIENTSECRET: {{ .Values.codimd.authentication.google.secret | toString | quote }}
+ {{ if .Values.codimd.authentication.google.hostedDomain }}
+ CMD_GOOGLE_HOSTEDDOMAIN: {{ .Values.codimd.authentication.google.hostedDomain | toString | quote }}
+ {{ end }}
+ {{ end }}
+
+ {{/* Authentication - LDAP */}}
+ {{ if .Values.codimd.authentication.ldap.enabled }}
+ CMD_LDAP_PROVIDERNAME: {{ .Values.codimd.authentication.ldap.providerName | toString | quote }}
+ CMD_LDAP_URL: {{ .Values.codimd.authentication.ldap.url | toString | quote }}
+ {{ if .Values.codimd.authentication.ldap.tlsCA }}
+ CMD_LDAP_TLS_CA: {{ .Values.codimd.authentication.ldap.providerName | toString | quote }}
+ {{ end }}
+ CMD_LDAP_BINDDN: {{ .Values.codimd.authentication.ldap.bindDN | toString | quote }}
+ {{ if .Values.codimd.authentication.ldap.bindCredentials }}
+ CMD_LDAP_BINDCREDENTIALS: {{ .Values.codimd.authentication.ldap.bindCredentials | toString | quote }}
+ {{ end }}
+ {{ if .Values.codimd.authentication.ldap.searchBase }}
+ CMD_LDAP_SEARCHBASE: {{ .Values.codimd.authentication.ldap.searchBase | toString | quote }}
+ {{ end }}
+ {{ if .Values.codimd.authentication.ldap.searchFilter }}
+ CMD_LDAP_SEARCHFILTER: {{ .Values.codimd.authentication.ldap.searchFilter | toString | quote }}
+ {{ end }}
+ {{ if .Values.codimd.authentication.ldap.searchAttributes }}
+ CMD_LDAP_SEARCHATTRIBUTES: {{ .Values.codimd.authentication.ldap.searchAttributes | toString | quote }}
+ {{ end }}
+ {{ if .Values.codimd.authentication.ldap.attributes.id}}
+ CMD_LDAP_USERIDFIELD: {{ .Values.codimd.authentication.ldap.attributes.id | toString | quote }}
+ {{ end }}
+ {{ if .Values.codimd.authentication.ldap.attributes.username }}
+ CMD_LDAP_USERNAMEFIELD: {{ .Values.codimd.authentication.ldap.attributes.username | toString | quote }}
+ {{ end }}
+ {{ end }}
+
+ {{/* Authentication - Mattermost */}}
+ {{ if .Values.codimd.authentication.mattermost.enabled }}
+ CMD_MATTERMOST_BASEURL: {{ .Values.codimd.authentication.mattermost.domain | toString | quote }}
+ CMD_MATTERMOST_CLIENTID: {{ .Values.codimd.authentication.mattermost.clientId | toString | quote }}
+ CMD_MATTERMOST_CLIENTSECRET: {{ .Values.codimd.authentication.mattermost.secret | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - OAuth2 */}}
+ {{ if .Values.codimd.authentication.oauth2.enabled }}
+ CMD_OAUTH2_PROVIDERNAME: {{ .Values.codimd.authentication.oauth2.providerName | toString | quote }}
+ CMD_OAUTH2_BASEURL: {{ .Values.codimd.authentication.oauth2.domain | toString | quote }}
+ CMD_OAUTH2_CLIENT_ID: {{ .Values.codimd.authentication.oauth2.clientId | toString | quote }}
+ CMD_OAUTH2_CLIENT_SECRET: {{ .Values.codimd.authentication.oauth2.secret | toString | quote }}
+ CMD_OAUTH2_AUTHORIZATION_URL: {{ .Values.codimd.authentication.oauth2.authorizationUrl | toString | quote }}
+ CMD_OAUTH2_TOKEN_URL: {{ .Values.codimd.authentication.oauth2.tokenUrl | toString | quote }}
+ CMD_OAUTH2_USER_PROFILE_URL: {{ .Values.codimd.authentication.oauth2.userProfileUrl | toString | quote }}
+ CMD_OAUTH2_SCOPE: {{ .Values.codimd.authentication.oauth2.scope | toString | quote }}
+ CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: {{ .Values.codimd.authentication.oauth2.attributes.username | toString | quote }}
+ CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: {{ .Values.codimd.authentication.oauth2.attributes.displayName | toString | quote }}
+ CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: {{ .Values.codimd.authentication.oauth2.attributes.email | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - OpenID */}}
+ {{ if .Values.codimd.authentication.openID.enabled }}
+ CMD_OPENID: {{ .Values.codimd.authentication.openID.enabled | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - OAuth2 */}}
+ {{ if .Values.codimd.authentication.saml.enabled }}
+ CMD_SAML_IDPSSOURL: {{ .Values.codimd.authentication.saml.idpSSOUrl | toString | quote }}
+ {{ if .Values.codimd.authentication.saml.idpCert }}
+ CMD_SAML_IDPCERT: {{ .Values.codimd.authentication.saml.idpCert | toString | quote }}
+ {{ end }}
+ CMD_SAML_ISSUER: {{ .Values.codimd.authentication.saml.issuer | toString | quote }}
+ CMD_SAML_IDENTIFIERFORMAT: {{ .Values.codimd.authentication.saml.identifierFormat | toString | quote }}
+ CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT: {{ .Values.codimd.authentication.saml.disableRequestedAuthnContext | toString | quote }}
+ CMD_SAML_GROUPATTRIBUTE: {{ .Values.codimd.authentication.saml.groupAttribute | toString | quote }}
+ CMD_SAML_EXTERNALGROUPS: {{ .Values.codimd.authentication.saml.externalGroups | toString | quote }}
+ CMD_SAML_REQUIREDGROUPS: {{ .Values.codimd.authentication.saml.requiredGroups | toString | quote }}
+ CMD_SAML_ATTRIBUTE_ID: {{ .Values.codimd.authentication.saml.attributes.id | toString | quote }}
+ CMD_SAML_ATTRIBUTE_USERNAME: {{ .Values.codimd.authentication.saml.attributes.username | toString | quote }}
+ CMD_SAML_ATTRIBUTE_EMAIL: {{ .Values.codimd.authentication.saml.attributes.email | toString | quote }}
+ {{ end }}
+
+ {{/* Authentication - Twitter */}}
+ {{ if .Values.codimd.authentication.twitter.enabled }}
+ CMD_TWITTER_CONSUMERKEY: {{ .Values.codimd.authentication.twitter.consumerKey | toString | quote }}
+ CMD_TWITTER_CONSUMERSECRET: {{ .Values.codimd.authentication.twitter.comsumerSecret | toString | quote }}
+ {{ end }}
diff --git a/charts/codimd/templates/db-secret.yaml b/charts/codimd/templates/db-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..aee25b129caf72335fddb1e62c70bb13d4e3ed57
--- /dev/null
+++ b/charts/codimd/templates/db-secret.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "codimd.shortName" . }}-db-secret
+stringData:
+ {{ if .Values.postgresql.enabled }}
+ connection: "postgres://{{ .Values.postgresql.postgresqlUsername }}:{{ .Values.postgresql.postgresqlPassword }}@{{ template "codimd.postgresql-svc" . }}/{{ .Values.postgresql.postgresqlDatabase }}"
+ {{ else if .Values.mariadb.enabled }}
+ connection: "mysql://{{ .Values.mariadb.db.user }}:{{ .Values.mariadb.db.password }}@{{ template "codimd.mariadb-svc" . }}/{{ .Values.mariadb.db.name }}"
+ {{ else if .Values.codimd.database }}
+ connection: "{{ .Values.codimd.database.type }}://{{ .Values.codimd.database.username }}:{{ .Values.codimd.database.password }}@{{ .Values.codimd.database.host }}:{{ .Values.codimd.database.port }}/{{ .Values.codimd.database.databaseName }}"
+ {{ else }}
+ connection: "postgres://localhost/codimd"
+ {{ end }}
\ No newline at end of file
diff --git a/charts/codimd/templates/deployment.yaml b/charts/codimd/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5e0fe693aa3de3d3038e4fda5a4b95d492a55b2a
--- /dev/null
+++ b/charts/codimd/templates/deployment.yaml
@@ -0,0 +1,182 @@
+apiVersion: {{ template "codimd.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "codimd.fullname" . }}
+ labels:
+ app.kubernetes.io/component: server
+ {{- include "codimd.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ strategy:
+ {{ if .Values.codimd.imageStorePersistentVolume.enabled }}
+ type: Recreate
+ {{ else }}
+ {{/* Because of CodiMD using socket.io as realtime server, if their has many instances may breaking note contents */}}
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ {{ end }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: server
+ app.kubernetes.io/name: {{ include "codimd.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ template:
+ metadata:
+ name: {{ template "codimd.fullname" . }}
+ labels:
+ app.kubernetes.io/component: server
+ {{- include "codimd.labels" . | nindent 8 }}
+ annotations:
+ checksum/db-secret: {{ include (print $.Template.BasePath "/db-secret.yaml") . | sha256sum | quote }}
+ checksum/auth-secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum | quote }}
+ {{ if .Values.codimd.security.sessionSecret }}
+ checksum/session-secret: {{ include (print $.Template.BasePath "/session-secret.yaml") . | sha256sum | quote }}
+ {{ end }}
+ {{ if contains "true" (include "codimd.needImageSecret" .) }}
+ checksum/session-secret: {{ include (print $.Template.BasePath "/image-upload-secret.yaml") . | sha256sum | quote }}
+ {{ end }}
+ {{ if .Values.codimd.podAnnotations }}
+ {{ toYaml .Values.codimd.podAnnotations | nindent 8 }}
+ {{ end }}
+ spec:
+ {{ if .Values.codimd.securityContext }}
+ securityContext:
+ {{ toYaml .Values.codimd.securityContext | nindent 8 }}
+ {{ end }}
+ {{ if .Values.codimd.affinity }}
+ affinity:
+ {{ toYaml .Values.codimd.affinity | nindent 8 }}
+ {{ end }}
+ {{ if .Values.codimd.tolerations }}
+ tolerations:
+ {{ toYaml .Values.codimd.tolerations | nindent 8 }}
+ {{ end }}
+ {{ if .Values.codimd.nodeSelector }}
+ nodeSelector:
+ {{ toYaml .Values.codimd.nodeSelector | nindent 8 }}
+ {{ end }}
+ {{ if .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.image.pullSecrets | nindent 8 }}
+ {{end }}
+ containers:
+ - name: codimd
+ image: {{ template "codimd.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ {{ if .Values.codimd.connection.domain }}
+ - name: CMD_DOMAIN
+ value: {{ .Values.codimd.connection.domain | quote }}
+ {{ end }}
+ - name: CMD_URL_ADDPORT
+ value: {{ .Values.codimd.connection.urlAddPort | quote }}
+ - name: CMD_PROTOCOL_USESSL
+ value: {{ .Values.codimd.connection.protocolUseSSL | quote }}
+ - name: CMD_USECDN
+ value: {{ .Values.codimd.security.useCDN | quote }}
+ - name: CMD_DB_URL
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "codimd.shortName" . }}-db-secret
+ key: connection
+ - name: CMD_SESSION_LIFE
+ value: {{ .Values.codimd.security.sessionLife | quote }}
+ - name: CMD_HSTS_ENABLE
+ value: {{ .Values.codimd.security.hstsEnabled | quote }}
+ - name: CMD_HSTS_MAX_AGE
+ value: {{ .Values.codimd.security.hstsMaxAge | quote }}
+ - name: CMD_HSTS_INCLUDE_SUBDOMAINS
+ value: {{ .Values.codimd.security.hstsIncludeSubdomain | quote }}
+ - name: CMD_HSTS_PRELOAD
+ value: {{ .Values.codimd.security.hstsPreload | quote }}
+ - name: CMD_CSP_ENABLE
+ value: {{ .Values.codimd.security.cspEnabled | quote }}
+ {{ if .Values.codimd.security.cspReportUri }}
+ - name: CMD_CSP_REPORTURI
+ value: {{ .Values.codimd.security.cspReportUri | quote }}
+ {{ end }}
+ {{ if .Values.codimd.security.allowOrigin }}
+ - name: CMD_ALLOW_ORIGIN
+ value: {{ .Values.codimd.security.allowOrigin | quote }}
+ {{ end }}
+ - name: CMD_ALLOW_GRAVATAR
+ value: {{ .Values.codimd.security.allowGravatar | quote }}
+ - name: CMD_RESPONSE_MAX_LAG
+ value: {{ .Values.codimd.responseMaxLag | quote }}
+ - name: CMD_IMAGE_UPLOAD_TYPE
+ value: {{ .Values.codimd.imageUpload.storeType | quote }}
+ - name: CMD_ALLOW_FREEURL
+ value: {{ .Values.codimd.noteCreation.freeUrlEnabled | quote }}
+ - name: CMD_FORBIDDEN_NOTE_IDS
+ value: {{ .Values.codimd.noteCreation.freeUrlForbiddenNoteIds | quote }}
+ - name: CMD_DEFAULT_PERMISSION
+ value: {{ .Values.codimd.noteCreation.defaultPermission | quote }}
+ - name: CMD_ALLOW_ANONYMOUS_EDITS
+ value: {{ .Values.codimd.notePermission.allowAnonymousEdit | quote}}
+ - name: CMD_ALLOW_ANONYMOUS_VIEWS
+ value: {{ .Values.codimd.notePermission.allowAnonymousView | quote}}
+ - name: CMD_ALLOW_PDF_EXPORT
+ value: {{ .Values.codimd.allowPDFExport | quote }}
+ {{ if .Values.codimd.markdown.plantUMLServer }}
+ - name: CMD_PLANTUML_SERVER
+ value: {{ .Values.codimd.markdown.plantUMLServer }}
+ {{ end }}
+ - name: CMD_DEFAULT_USE_HARD_BREAK
+ value: {{ .Values.codimd.markdown.useHardBreak | quote }}
+ - name: CMD_LINKIFY_HEADER_STYLE
+ value: {{ .Values.codimd.markdown.linkifyHeaderStyle | quote }}
+ - name: CMD_AUTO_VERSION_CHECK
+ value: {{ .Values.codimd.versionCheck | quote }}
+ {{ if .Values.codimd.extraEnvironmentVariables }}
+ {{ range $key, $val := .Values.codimd.extraEnvironmentVariables }}
+ - name: {{ $key | quote }}
+ value: {{ $val | quote }}
+ {{ end }}
+ {{ end }}
+ envFrom:
+ - secretRef:
+ name: {{ template "codimd.shortName" . }}-auth-env
+ {{ if .Values.codimd.security.sessionSecret }}
+ - secretRef:
+ name: {{ template "codimd.shortName" . }}-session
+ {{ end }}
+ {{ if contains "true" (include "codimd.needImageSecret" .) }}
+ - secretRef:
+ name: {{ template "codimd.shortName" . }}-image-upload
+ {{ end }}
+ ports:
+ - name: http
+ containerPort: 3000
+ {{ if .Values.codimd.imageStorePersistentVolume.enabled }}
+ volumeMounts:
+ - mountPath: /home/hackmd/app/public/uploads
+ name: image-store
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ port: 3000
+ path: /status
+ initialDelaySeconds: 3
+ failureThreshold: 2
+ successThreshold: 3
+ timeoutSeconds: 2
+ periodSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: 3000
+ scheme: HTTP
+ initialDelaySeconds: 3
+ periodSeconds: 5
+ successThreshold: 1
+ timeoutSeconds: 2
+ restartPolicy: Always
+ {{ if .Values.codimd.imageStorePersistentVolume.enabled }}
+ volumes:
+ - name: image-store
+ persistentVolumeClaim:
+ claimName: {{ template "codimd.fullname" . }}
+ {{ end }}
diff --git a/charts/codimd/templates/image-upload-secret.yaml b/charts/codimd/templates/image-upload-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7a822d11d089d376728c6f400d8e41aa3a42952a
--- /dev/null
+++ b/charts/codimd/templates/image-upload-secret.yaml
@@ -0,0 +1,50 @@
+{{ if contains "true" (include "codimd.needImageSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "codimd.shortName" . }}-image-upload
+ labels:
+ app.kubernetes.io/component: image-upload-secret
+ {{ include "codimd.labels" . | nindent 4 }}
+stringData:
+ {{/* imgur */}}
+ {{- if .Values.codimd.imageUpload.imgur -}}
+ {{- if .Values.codimd.imageUpload.imgur.clientId -}}
+ CMD_IMGUR_CLIENTID: {{ .Values.codimd.imageUpload.imgur.clientId | quote }}
+ {{ end }}
+ {{- end -}}
+
+ {{/* s3 */}}
+ {{- if .Values.codimd.imageUpload.s3 -}}
+ {{- if .Values.codimd.imageUpload.s3.accessKeyId -}}
+ CMD_S3_ACCESS_KEY_ID: {{ default "" .Values.codimd.imageUpload.s3.accessKeyId | quote }}
+ CMD_S3_SECRET_ACCESS_KEY: {{ default "" .Values.codimd.imageUpload.s3.secretKey | quote }}
+ CMD_S3_BUCKET: {{ default "" .Values.codimd.imageUpload.s3.bucket | quote }}
+ {{ if .Values.codimd.imageUpload.s3.region }}
+ CMD_S3_REGION: {{ .Values.codimd.imageUpload.s3.region }}
+ {{ end }}
+ {{ if .Values.codimd.imageUpload.s3.endpoint }}
+ CMD_S3_ENDPOINT: {{ .Values.codimd.imageUpload.s3.endpoint }}
+ {{ end }}
+ {{ end }}
+ {{- end -}}
+
+ {{/* minio */}}
+ {{- if .Values.codimd.imageUpload.minio -}}
+ {{- if .Values.codimd.imageUpload.minio.accessKey -}}
+ CMD_MINIO_ACCESS_KEY: {{ default "" .Values.codimd.imageUpload.minio.accessKey | quote }}
+ CMD_MINIO_SECRET_KEY: {{ default "" .Values.codimd.imageUpload.minio.secretKey | quote }}
+ CMD_MINIO_ENDPOINT: {{ default "" .Values.codimd.imageUpload.minio.endpoint | quote }}
+ CMD_MINIO_SECURE: {{ default "true" .Values.codimd.imageUpload.minio.secure | quote }}
+ CMD_MINIO_PORT: {{ default "" .Values.codimd.imageUpload.minio.port | quote }}
+ {{ end }}
+ {{ end }}
+
+ {{/* azure */}}
+ {{- if .Values.codimd.imageUpload.azure -}}
+ {{- if .Values.codimd.imageUpload.azure.connectionString -}}
+ CMD_AZURE_CONNECTION_STRING: {{ default "" .Values.codimd.imageUpload.azure.connectionString | quote }}
+ CMD_AZURE_CONTAINER: {{ default "" .Values.codimd.imageUpload.azure.container | quote }}
+ {{ end }}
+ {{ end }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/codimd/templates/ingress.yaml b/charts/codimd/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0da448ced641d63a7b9e8eb437014498d99f2688
--- /dev/null
+++ b/charts/codimd/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "codimd.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "codimd.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ . }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/codimd/templates/pvc.yaml b/charts/codimd/templates/pvc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..17d184a68b972e6b5d98d53a1561281c6d961b3c
--- /dev/null
+++ b/charts/codimd/templates/pvc.yaml
@@ -0,0 +1,19 @@
+{{ if .Values.codimd.imageStorePersistentVolume.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ template "codimd.fullname" . }}
+ labels:
+ app.kubernetes.io/component: pvc
+ {{- include "codimd.labels" . | nindent 4}}
+spec:
+ accessModes:
+ {{ range .Values.codimd.imageStorePersistentVolume.accessModes }}
+ - {{ . | quote }}
+ {{ end }}
+ volumeMode: {{ .Values.codimd.imageStorePersistentVolume.volumeMode }}
+ resources:
+ requests:
+ storage: {{ default "10G" .Values.codimd.imageStorePersistentVolume.size | quote }}
+ {{- include "codimd.storageClass" . | nindent 2 }}
+ {{ end }}
diff --git a/charts/codimd/templates/service.yaml b/charts/codimd/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..49c33fb8692874b621de01f0a5f4cf277f99cb20
--- /dev/null
+++ b/charts/codimd/templates/service.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "codimd.fullname" . }}
+ labels:
+ app.kubernetes.io/component: Service
+ {{ include "codimd.labels" . | nindent 4 }}
+ {{ if .Values.service.annotations }}
+ annotations:
+ {{ toYaml .Values.service.annotations | nindent 4 }}
+ {{ end }}
+spec:
+ type: {{ .Values.service.type }}
+ {{ if (and (eq .Values.service.type "LoadBalancer") .Values.service.externalTrafficPolicy) }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+ {{ end }}
+ {{ if (and (eq "LoadBalancer" .Values.service.type) .Values.service.loadBalancerIP) }}
+ loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }}
+ {{ end }}
+ selector:
+ app.kubernetes.io/component: server
+ {{- include "codimd.labels" . | nindent 4 }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: 3000
\ No newline at end of file
diff --git a/charts/codimd/templates/session-secret.yaml b/charts/codimd/templates/session-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..310ec3528952a45339dac589f2a5da13a6a877dd
--- /dev/null
+++ b/charts/codimd/templates/session-secret.yaml
@@ -0,0 +1,11 @@
+{{ if .Values.codimd.security.sessionSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "codimd.shortName" . }}-session
+ labels:
+ app.kubernetes.io/component: sessionSecret
+ {{ include "codimd.labels" . | nindent 4 }}
+stringData:
+ CMD_SESSION_SECRET: {{ .Values.codimd.security.sessionSecret | quote }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/codimd/values.yaml b/charts/codimd/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c2a3d908bca60efc5612d84015211b326961d4ba
--- /dev/null
+++ b/charts/codimd/values.yaml
@@ -0,0 +1,321 @@
+# Default values for codimd.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# storageClass:
+# nameOverride:
+# fullnameOverride:
+
+image:
+ registry: "nabo.codimd.dev"
+ repository: "hackmdio/hackmd"
+ # When you use export pdf with CJK character, please change the tag with postfix `-cjk`.
+ # for example 2.2.0-cjk
+ tag: "2.3.2"
+ pullPolicy: IfNotPresent
+ pullSecrets: []
+# - myRegistryKeySecretName
+
+##
+## PostgreSQL chart configuration
+##
+## Reference: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
+##
+## If you want to use external database, just set postgresql.enabled to false
+##
+postgresql:
+ enabled: true
+ volumePermissions:
+ enabled: true
+ postgresqlUsername: codimd
+ postgresqlPassword: changeme
+ postgresqlDatabase: codimd
+##
+## MariaDB chart configuration
+##
+## Reference: https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml
+##
+## If you prefer MariaDB, we also supported.
+##
+mariadb:
+ enabled: false
+ volumePermissions:
+ enabled: true
+ db:
+ user: codimd
+ password: changeme
+ name: codimd
+ master:
+ persistence:
+ enabled: true
+ replication:
+ enabled: false
+
+
+##
+## Kubernetes service
+## use NodePort for minikube
+## other environment use LoadBalancer or ClusterIP
+##
+service:
+ annotations: {}
+ type: "LoadBalancer"
+ port: 80
+ # externalTrafficPolicy:
+ # loadBalancerIP:
+
+##
+## Ingress configuration
+##
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: chart-example.local
+ paths:
+ - /
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+
+##
+## CodiMD application configuration
+##
+codimd:
+ ##
+ ## Affinity for pod assignment
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ##
+ affinity: {}
+ ##
+ ## Tolerations for pod assignment. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: {}
+ ##
+ ## Node labels for pod assignment. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ##
+ ## Pod annotations
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ##
+ ## security context
+ ##
+ securityContext:
+ runAsGroup: 1500
+ runAsUser: 1500
+ fsGroup: 1500
+ runAsNonRoot: true
+
+ ##
+ ## connection setting
+ ##
+ connection:
+ ## if you doesn't using ingress, you can setup domain for your CodiMD instances
+ # domain:
+ ## if you want to add port number on your url
+ urlAddPort: false
+ ## if you use load balancer or setup TLS on ingress
+ protocolUseSSL: false
+
+ ##
+ ## External database configuration
+ ## if you want to use external database
+ ## database type only support mysql and postgres
+ ##
+ # database:
+ # type: postgres
+ # host:
+ # port:
+ # username:
+ # password:
+ # databaseName:
+
+ ##
+ ## Image upload store
+ ##
+ imageUpload:
+ storeType: filesystem
+ # imgur:
+ # clientId:
+ # azure:
+ # connectionString:
+ # container:
+ # lutim:
+ # url:
+ # minio:
+ # endpoint:
+ # secure:
+ # port:
+ # accessKey:
+ # secretKey:
+ # s3:
+ # endpoint:
+ # region:
+ # accessKeyId:
+ # secretKey:
+ # bucket:
+ imageStorePersistentVolume:
+ enabled: true
+ size: '10Gi'
+ storageClass: "-"
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Filesystem
+
+ ## for advanced used, manually setup environment for used
+ extraEnvironmentVariables: {}
+ # CMD_LOGLEVEL: info
+
+ ## automatically check new version
+ versionCheck: true
+
+ ##
+ ## about security setting
+ ##
+ security:
+ useCDN: 'false'
+ # session secret, please change this value
+ sessionSecret: 'changeit'
+ sessionLife: '1209600000'
+ ## HSTS setting
+ hstsEnabled: 'true'
+ hstsMaxAge: '31536000'
+ hstsIncludeSubdomain: 'false'
+ hstsPreload: 'true'
+ ## CSP setting
+ cspEnabled: 'true'
+ # cspReportUri:
+ ## setup allow origin
+ # allowOrigin:
+ ## use gravatar.com as user gravatar
+ allowGravatar: 'true'
+
+ ##
+ ## for tooBusy block user when server event loop lag more than ? ms
+ ##
+ responseMaxLag: '70'
+
+ ##
+ ## setting about note creation
+ ##
+ noteCreation:
+ freeUrlEnabled: 'false'
+ freeUrlForbiddenNoteIds: 'robots.txt,favicon.ico,api'
+ defaultPermission: 'editable'
+ ##
+ ## setting about note permission
+ ##
+ notePermission:
+ allowAnonymousEdit: true
+ allowAnonymousView: true
+ ##
+ ## allow export note to pdf
+ ##
+ allowPDFExport: false
+ ##
+ ## setting about markdown
+ ##
+ markdown:
+ # plantUMLServer:
+ useHardBreak: true
+ linkifyHeaderStyle: 'keep-case'
+
+ ##
+ ## User Authentication Methods
+ ##
+ authentication:
+ ##
+ ## authentication by Email and Password
+ local:
+ enabled: true
+ allowRegister: true
+ bitbucket:
+ enabled: false
+ key:
+ secret:
+ dropbox:
+ enabled: false
+ appKey:
+ appSecret:
+ facebook:
+ enabled: false
+ clientId:
+ secret:
+ github:
+ enabled: false
+ clientId:
+ secret:
+ ## provide enterprise url if you use GitHub Enterprise Version
+ enterpriseUrl:
+ gitlab:
+ enabled: false
+ domain:
+ scope:
+ applicationId:
+ secret:
+ google:
+ enabled: false
+ clientId:
+ secret:
+ hostedDomain:
+ ldap:
+ enabled: false
+ providerName:
+ url:
+ tlsCA:
+ bindDN:
+ bindCredentials:
+ searchBase:
+ searchFilter:
+ searchAttributes:
+ attributes:
+ id:
+ username:
+ mattermost:
+ enabled: false
+ domain:
+ clientId:
+ secret:
+ oauth2:
+ enabled: false
+ providerName:
+ domain:
+ clientId:
+ secret:
+ authorizationUrl:
+ tokenUrl:
+ userProfileUrl:
+ scope:
+ attributes:
+ username:
+ displayName:
+ email:
+ openID:
+ enabled: false
+ saml:
+ enabled: false
+ idpSSOUrl:
+ idpCert:
+ issuer:
+ identifierFormat:
+ disableRequestedAuthnContext:
+ groupAttribute:
+ externalGroups:
+ requiredGroups:
+ attributes:
+ id:
+ username:
+ email:
+ twitter:
+ enabled:
+ consumerKey:
+ comsumerSecret: