From fc5daec35b60da4b873873724a35814566c4b48c Mon Sep 17 00:00:00 2001
From: groundhog2k <10630407+groundhog2k@users.noreply.github.com>
Date: Sun, 18 Oct 2020 12:22:44 +0200
Subject: [PATCH] Added helm chart for commento (#4)
* Added helm chart for commento
* Added dependency to config
* Added empty new line
* Fixed new line chars
---
.../{test-config.yaml => verify-config.yaml} | 2 +
.github/workflows/verify.yml | 2 +-
charts/commento/.helmignore | 23 ++
charts/commento/Chart.lock | 6 +
charts/commento/Chart.yaml | 20 ++
charts/commento/README.md | 130 +++++++++++
charts/commento/charts/postgres-0.1.0.tgz | Bin 0 -> 4918 bytes
charts/commento/templates/_helpers.tpl | 75 +++++++
charts/commento/templates/deployment.yaml | 98 +++++++++
charts/commento/templates/ingress.yaml | 33 +++
charts/commento/templates/secrets.yaml | 45 ++++
charts/commento/templates/service.yaml | 15 ++
charts/commento/templates/serviceaccount.yaml | 12 ++
.../templates/tests/test-connection.yaml | 15 ++
charts/commento/values.yaml | 202 ++++++++++++++++++
15 files changed, 677 insertions(+), 1 deletion(-)
rename .github/{test-config.yaml => verify-config.yaml} (50%)
create mode 100644 charts/commento/.helmignore
create mode 100644 charts/commento/Chart.lock
create mode 100644 charts/commento/Chart.yaml
create mode 100644 charts/commento/README.md
create mode 100644 charts/commento/charts/postgres-0.1.0.tgz
create mode 100644 charts/commento/templates/_helpers.tpl
create mode 100644 charts/commento/templates/deployment.yaml
create mode 100644 charts/commento/templates/ingress.yaml
create mode 100644 charts/commento/templates/secrets.yaml
create mode 100644 charts/commento/templates/service.yaml
create mode 100644 charts/commento/templates/serviceaccount.yaml
create mode 100644 charts/commento/templates/tests/test-connection.yaml
create mode 100644 charts/commento/values.yaml
diff --git a/.github/test-config.yaml b/.github/verify-config.yaml
similarity index 50%
rename from .github/test-config.yaml
rename to .github/verify-config.yaml
index 4f94c805..f59805fd 100644
--- a/.github/test-config.yaml
+++ b/.github/verify-config.yaml
@@ -1,3 +1,5 @@
helm-extra-args: --timeout 600
check-version-increment: true
debug: true
+chart-repos:
+ - groundhog2k=https://groundhog2k.github.io/helm-charts
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index 8f50e634..151dfcb0 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -16,4 +16,4 @@ jobs:
uses: helm/chart-testing-action@master
with:
command: lint
- config: .github/test-config.yaml
+ config: .github/verify-config.yaml
diff --git a/charts/commento/.helmignore b/charts/commento/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/charts/commento/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/commento/Chart.lock b/charts/commento/Chart.lock
new file mode 100644
index 00000000..24a819ba
--- /dev/null
+++ b/charts/commento/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgres
+ repository: https://groundhog2k.github.io/helm-charts
+ version: 0.1.0
+digest: sha256:43ffa1dc2bae1e939fe7fb5fa26105a92ab1c8334b589c2f599df62e00af27d5
+generated: "2020-10-18T11:43:15.8527909+02:00"
diff --git a/charts/commento/Chart.yaml b/charts/commento/Chart.yaml
new file mode 100644
index 00000000..79d9502b
--- /dev/null
+++ b/charts/commento/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: commento
+description: A Helm chart for Commento on Kubernetes
+
+type: application
+
+maintainers:
+ - name: groundhog2k
+
+# This is the chart version
+version: 0.1.0
+
+# This is the version number of the application being deployed.
+appVersion: v1.8.0
+
+dependencies:
+ - name: postgres
+ version: 0.1.0
+ repository: "https://groundhog2k.github.io/helm-charts"
+ condition: postgres.enabled
diff --git a/charts/commento/README.md b/charts/commento/README.md
new file mode 100644
index 00000000..c1d1f598
--- /dev/null
+++ b/charts/commento/README.md
@@ -0,0 +1,130 @@
+# Commento
+
+  
+
+A Helm chart for Commento on Kubernetes
+
+## TL;DR
+
+```bash
+$ helm repo add groundhog2k https://groundhog2k.github.io/helm-charts/
+$ helm install my-release groundhog2k/commento
+```
+
+## Introduction
+
+This chart uses the original [Commmento from Gitlab](https://gitlab.com/commento/commento/container_registry) to deploy Commento in Kubernetes.
+
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.x
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install my-release groundhog2k/commento
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm uninstall my-release
+```
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| @groundhog2k | postgres | 0.1.0 |
+
+## Common parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fullnameOverride | string | `""` | Fully override the deployment name |
+| nameOverride | string | `""` | Partially override the deployment name |
+
+## Deployment parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"registry.gitlab.com/commento/commento"` | Image name |
+| image.tag | string | `""` | Image tag |
+| imagePullSecrets | list | `[]` | Image pull secrets |
+| livenessProbe | object | `see values.yaml` | Liveness probe configuration |
+| readinessProbe | object | `see values.yaml` | Readiness probe configuration |
+| resources | object | `{}` | Resource limits and requests |
+| nodeSelector."kubernetes.io/arch" | string | `"amd64"` | Deployment node selector |
+| podAnnotations | object | `{}` | Additional pod annotations |
+| podSecurityContext | object | `see values.yaml` | Pod security context |
+| securityContext | object | `see values.yaml` | Container security context |
+| env | list | `[]` | Additional container environmment variables |
+| serviceAccount.create | bool | `false` | Enable service account creation |
+| serviceAccount.name | string | `""` | Optional name of the service account |
+| serviceAccount.annotations | object | `{}` | Additional service account annotations |
+| affinity | object | `{}` | Affinity for pod assignment |
+| tolerations | list | `[]` | Tolerations for pod assignment |
+| containerPort | int | `8080` | Internal http container port |
+| replicaCount | int | `1` | Number of replicas |
+
+## Service paramters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| service.port | int | `80` | Commento HTTP service port |
+| service.type | string | `"ClusterIP"` | Service type |
+
+## Ingress parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| ingress.enabled | bool | `false` | Enable ingress for Commento service |
+| ingress.annotations | string | `nil` | Additional annotations for ingress |
+| ingress.host | string | `nil` | Hostname for the ingress endpoint |
+| ingress.tls | object | `{}` | Ingress TLS parameters |
+
+## Commento parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| postgres.enabled | bool | `false` | Enables PostgreSQL deployment (and switches off externalDatabase section) |
+| postgres.settings.superuserPassword | string | `nil` | PostgreSQL superuser password |
+| postgres.userDatabase.name | string | `nil` | Name of the Commento database |
+| postgres.userDatabase.password | string | `nil` | User name of the commento database |
+| postgres.userDatabase.user | string | `nil` | Password of the commento database user |
+| postgres.storage | string | `nil` | PostegreSQL storage parameter (see storage parameters) |
+| externalDatabase.host | string | `nil` | External PostgreSQL database host |
+| externalDatabase.port | int | `5432` | External PostgreSQL database port |
+| externalDatabase.name | string | `"commento"` | External PostgreSQL database name |
+| externalDatabase.user | string | `nil` | External database user |
+| externalDatabase.password | string | `nil` | External database password |
+| settings.akismetKey | string | `nil` | Optional Akismet key |
+| settings.forbidNewOwners | bool | `false` | Forbid new user self registrations |
+| settings.gzipStaticContent | bool | `false` | Enable serve static content GZIP compressed to client |
+| settings.protocol | string | `"https"` | Protocol for external access (through ingress) |
+| settings.oauth.github.enabled | bool | `false` | Enable Github OAuth |
+| settings.oauth.github.key | string | `nil` | Github OAuth key |
+| settings.oauth.github.secret | string | `nil` | Github OAuth secret |
+| settings.oauth.gitlab.enabled | bool | `false` | Enable Gitlab OAuth |
+| settings.oauth.gitlab.key | string | `nil` | Gitlab OAuth key |
+| settings.oauth.gitlab.secret | string | `nil` | Gitlab OAuth secret |
+| settings.oauth.google.enabled | bool | `false` | Enable Google OAuth |
+| settings.oauth.google.key | string | `nil` | Google OAuth key |
+| settings.oauth.google.secret | string | `nil` | Google OAuth secret |
+| settings.oauth.twitter.enabled | bool | `false` | Enable Twitter OAuth |
+| settings.oauth.twitter.key | string | `nil` | Twitter OAuth key |
+| settings.oauth.twitter.secret | string | `nil` | Twitter OAuth secret |
+| settings.smtp.enabled | bool | `false` | Enable SMTP |
+| settings.smtp.from | string | `nil` | SMTP from address |
+| settings.smtp.host | string | `nil` | SMTP host |
+| settings.smtp.port | int | `465` | SMTP port |
+| settings.smtp.name | string | `nil` | SMTP user name |
+| settings.smtp.password | string | `nil` | SMTP password |
diff --git a/charts/commento/charts/postgres-0.1.0.tgz b/charts/commento/charts/postgres-0.1.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c87b78583abea47e8e142fefdd62d485e889c113
GIT binary patch
literal 4918
zcmV-66Upo!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+}bK5qu{hOa+EBEH&Tt&&hlB=$HZ&ce&JeSxy%T4D^rsF^)
zB%%QU1^|`l;=IrP1^_{VKV;dh>)hQl|FA_6*j+4k7r<h%8JB7yupAsFNT_gyQu@_h
zKf~d0_+)?I{2va7&HuyQgWa!o_MYzVKG}P^zqk9<aA$9Lu=5oR@0^m3CzlF|uZF)H
zSF>~fCJ)NUYb+$;Yy`{Q0A*SE+S}O;_j^H%Wh6+ZOxYM-V46atg$3qZz{JYW^dB#Q
zGx&Qx!-8RjWsoAm6e0`@ISTr~P>M&e5Ikpb!WX;m0$bwbFHoxtj{s#EB@xodf~6y5
z8196_;7fDrKl3T|e~D<0<sV`IHt7Gs)4jc>{_pJ$AN2n|o~<o7!gG{U1y%x@S{>tz
z@>PnN3WBYz+7}+Z!vaW(7Fd7EB?ctYC;Q944xCsSXez-VQHpI<Z70U(uXMG*6pR7@
zfio_N;$r2Q1b{53biyf#RwFo>pK>)3SZY!Lw%}}ug&;AO27!gG&;mXrTw;ieUJ?7*
zTCB>vg#qZwBk1*Pzj8`J;z(d60kPN^EZ_wS;Ku$*OR%mxwN*#(<`-kh95DvqJg2l(
zsIi<GFi2w(OA=u~QN(kmg5rH_Uq_~Y(+o#sPOyXz304UffST<<COoGx%rHa(BZcDt
zieDp`BPy|hG-iw|V^k$54k(WGKQk;1Isi~rcLbk4oAwt8F8DF;YNdhY5{IVl$s8D0
zAh9xRw8WTE5IO!9kOf2}EHJ}DlMJ~eY+(R9#(~0VMv>Cw+j*j3;5d#+!NQEkKCwZ@
z<8gy_E3mO1*IW>_f`~JPKPpYFggK!Y<Vq@>nu#fc@4ovE9y#&b))1#f%R}2x56oOX
z*Of=Qw!z@^r^HeSi)M?+nXfWP0^_VNI9C-SO^w+876e8ya7HbeX6l3wL?t{|kO{IR
z6fZDf86j#XNZBS1QOZ9|T;=1kZY2#Rq_`^6n9mqpopY{!BotewjLeYf&p8{*Q_l3~
zdZEXOqU0xuMa3E|IAu4T)I^-k$s!kqFnDxSDe583rNZK5V)_jk7YYvc_jb3Pe&{ah
z(vc|+0)ZvZMT9F+r6eUvS_J}#vU~(P!(m#yr#LkxW@q=WuZSrV_<fG$O<VZG&3KGK
zuUbkQ*JTOIk1fk+YilS|OmU>R&@{X&S5P7010<qk1SpN4><5A36bmQaZ+-~^G@lbj
z)T)$qM_PgrRS851j@|{7EHT4UP6VGB24aS0R1beKk{Sj<^axY5n&ODFSZWq%14&ZM
zb5#}|Xz@pc<^o?N0?UNccm#U^fXt%^OX-#F=%K=b7#%8M`c!JEBbqYEG-*NkemhDJ
z{xCv4V}sd}2+s602umc0rb`BxE$v9?%3_i0&()MyX)$I>tTIlRR%EX62gp?)S)L$;
zW=J-aBam1r!WLFKtvbm(!$MmO$dHsDxQO9VG1rX%!OqZ3bs->{p@iir79>Ix1Y$8y
zt2Q49rFz;Zt?;&CP62yTR2u~r@x%#j?C3<fN-$H!S{+iX67Exy#s?aruJ+1&Gerfs
zavIbF>cMn8DTexJHWrJ5L1h!u^|Hx_ghYup9mVtqaW3>^GABYR&`Ud&XV#jShI&eJ
zJP34&W4tpUTX5=4bTwqgBAD5z=tencrkX*bConxNYN-}vk(j<1gCI&?x*;fV#5E{)
zHkMoE_XY!_Tq>S6tniHT=pCp8sS;YMr*<6cIm^tHguwu-s5D^jsrNI~-~tQ!&_Eu+
zRo@_<DlYWWEJFgNSYaUpX^RS}hACEB10|6PGxeHNEd_@Zk<^TZo<{K;3(WMAg8}|X
zq}B?UygsxYZL}?$j^KO#f%UUx)Ys$oU&RQFsltLGMV8pCQ;InN$5Zl8gD%E%!mwU$
z=>o0K2;vn>k!HW1p9^7g1k?bG;QOT^qpw>#oMzcna3Z2eN+U_8wRt`D<*G1{g&d`N
zqIq<VQT($Y3ZJnE8`UyjU-1|l^8nC?TAiD1n9Kd2TXD(3WrC?@X{fTh*$Qsh|LyG$
zhmHN;!T$d4!~X9+o==|!kAvfnnKq27vCKDnrZ9Ls`20Ee^r`REqUU5L)RlYCuRa^G
z4XrED=x+Ghx)uE05M1f`oJH_t&-^6mG@sAON9gr?P{6`0);|M7-l5$?pb~?&vMYF>
zBdYgDvEJ4h!o%QaY+;-FN@LKSkTAm$(yKDbQ|x)EY<K4b(^vu$*e)M&u{|OZ9?e#U
z6-TF2T~}Kjnc-+V3{K`CFvZ$%8z9AOFN>X~-Q`r)G?&(tB0EJ`YS(ktZG<ZBl6lF@
z=JwJtZSD7)Fr3N~&Nqhm(X*S6Xhmbm1`8xSw>+|K9i6qpTN0NE!qgmkf0F$_$zB7N
zMS64j>i$`iI&V0&jucKwJ(Olh3;D3MD4Jn<-LRT!)tEN>;<MTQF1!_R1p;RjMHqU2
z=|S(ZcY7t`Y08-;QC>r$tzc<PFik_53=G*L`1A<~i)bEqbSbn*J1WRxck{9U9D34H
z^m1IfW%M_cWnq0ARC<Cxed=g(1@CjNaHH34C@ErSf#d#cWdS+KnHKxfF0Q$)*=D{q
zyV>ug!8$WK`DE2S?53SCsSt~BopN8Px@5O$(7XLM*LKQxOP#JWNcC!A;qz%s3y<1e
zuB=?Ry$%@j`{>yL2ew!I=-miFOV_{j{QIS!j`g43dc`xlKe&_gfDP-voxP_!jrHG?
z{euVp|GhkgCUXIgoc{Q`xb3Rg-z{%z)p<u)JOW$q70QCzQQ}UJVukeHc2xRsJI$VF
z12j-5EUn$r80uP0XgQNy0V6ENOu@cxY|%B0liwYS!Ip#(o10ClL*yE`4SBs~169MC
zn9Y9|rz}RTQhi<Ak7uDwO0-*F4`zf7W=JOHUGGNw*!;}odkXy}oSj}CpP!$dUrsO1
zCeL=DZ{QfC*8661HobU$emuSWX?lF#)7ABlqaRMkua2MfzOgTt`px^O|5hIxEhppY
z^yjnlqi4N8yBe<O&pr75`~LCS^dBz`g#d@=$K#7*(-KA%aQOM;;sv;7?u&c>TfOno
z_+tFSczW!rX<}WK=jY?o3mCtA36t}a*C#KJpC3=*?6k8DT%7qdSP+)jPRswL74Ki<
z>9GIiSOMRk{U1K<u>VgV?Ek$y4Wn&sx;@<d5*A!4LD=G`wBt3q>b&6=OKJO@VX<rD
zmJb`QswJpEEFRM=L8o~NJHzb;ByBiG6`4K%+l#a5#pU>?ix-!#jxS!E71%2O_U$Ky
zhIzFBvl~<G*>Bs__>cWh+AP{n9c$oX{5$pEte@{L6l9bBAM7{dKMwXE;=k_aS)>0(
z0=|d=$Z(_^M(!wh1gD(g;@r3NblXE<E!y=>Uue#Z4H5cLNG!0Ln95#QiCJF>u6V@h
z2rdpMMOh;xO|QqQli77$Y5O-CUHZ~PeC@Md{|hI<9hiZQ`af*Oe?A@VKIs3wJU8;>
zSYOt9Ls3+}slDj(D*b-TVH-3S47J{P(L%O?AL~@2RQ!KXO4q^vPxByk>Ayk>&vPpA
z9mRuRum3wcPxo8v|Gk4J5Bh%}kFVA!%jBTa?LrKuUuY*#ECd8L5#iDX>J%D%dJ7ur
zb9jnWl)UuF`YqG?6ARg?Oaa;BQHL$6hbLA`l$H&;#t!|}HS^4mZ9r>1`YnAbVLQfm
z_M#d8T2au7jJ<JZI=a)IA#OjFSU9Z+$u>>Z05zgLyNNBsy1Xv-E3NPk@ya&W(z1pg
zxt5rn-8y6&MGZY~Ic$o;DykYje;&0yE41*onO$dby(X547m(e8S4C^r>GM|ZO@=iV
z<?bnYJgI^`>ovNT@A|=P*^O!P{AheJZa^_1?;{v2kr+@i^JAN|Di5+nYm{n>CF_p}
zt6;Ty$35)Mjc{^$a&h#-<@o&hw40XNo@OKbmgYd0)?&8oYS^KaP0{LvkJ<7^!P6$6
zZS?#(o{t(myWO0zhS{|+*06{St+!}Jx_Tsktc;p_BA%v*#cgW)P`Kmkh5e|bFk4&_
zDKLsx&`*H!2+@Q~b=_#x$ZU>FXNaqoiH;A=w#_J5-K<{LY|)O9)oq%k%~tIgTI+bL
zmo{59Vr-4G%P)e@pPTI6B#3JZJ-Mkz6?Y3xJMy@C{*@%BPUnN@+_mUb*9kUF&SlLF
zw$l^DGP=253yDPsI)T^%Z)&QgNb};xlR~S|2CBZ&Yp2!(ZQ_3?NF~MmD00@2Vr$i#
z<@J^-%{p5(%iH)m=HpICu1>#IW8*>aI`kXDoa<D`d}f<nU(FKh$5w0}vsM?{hY0Js
zU@zzOtD6UXi#m)4jl<}5-MPNnZM)O5W&XvNs#^0pOx5_7JBSuOcUi{UdAaK|cZ$cm
zrQ`Xby{kLF2b<N`j*UlM32~aK)e#ZJrG|Rdy5@CO{T)FeO>Ao<Byv$Bb*uAR)`{SD
zFt2!wM=(4%I0!n#u<aZyqVY@D-Z$3UIax+9dS-$>9~thL$)@{)!8U~T%L64aVy{7Z
zFguvjZMvM!uf^KfU3FEfvo)$NL=<!9X25>D-3`R06w`XUWrg6vIT+m;PTgSw*BW%+
zDd8)fcL~BLv~@S4YS*>t8MZoJx5REl%9|Sg$3l({%Uc|V$DLI>KzA-V{7Z?|<8I9u
z_-n-O*6!)j{~IQlrewjmz<2Fq+<5-8chJ25zx(9j{>QyMTQEUNVPUT;+wq4F31%?M
z35^L`K!&1sXn|!IY{5lBB*;87E*+2wrW6*G&#YgSu*J6^Ftt~!GNcl(9I-gq0)`jG
zz28jWIr)fVtI1z)hj7N|3OF+@HA&jE0VNEFL3lL1oGLDGumwdV`|HCg#6-v-To5%d
ze=YezIQyp<n7^(dSq$_a_bQicPyw2u=v|(fOKviF9Lf(_@Hm{IcfsRO&y|luF32Ky
z{J+5#yheiXT*ArGu?)gY@LzGHf{?@*4QzG6e+|N=jChO({|-k(rT(8EkB?p*hiQEG
zI5wRB40ngk_>bNF;Y0k_y*z$Kk0AK^&FfmyonIa$N@a317?5-k%EVlh3JD*~P`to{
zqH^EV?GrZVB1QI^>3>VLqWIaIBGs4gb0qLKeEsI4ndD~!0$soFRlf<2v6sSVXE)s6
zfTF72*R?ld2!fmEKr$&1UjFUqJP6*teQTn8zX3hZntUfF4~Lf#2^^hXnYL<4KGWpt
zc720X4jdSBEre1?SABOG&1+n4Ts3w>%n4J1$9ZHfmj}j}+isYI7%IV_Z5?5V!W*ww
zHn+-L@Dz@0(w7(ctm3OC(C#<Gh^K?g67OK!-lokcUjYJlu<SF;U2Flu0QoobiU6Q6
z2u_quYaxq!f93RJZcmr#Y1}23H$`$8mu+V5p<7F{82I@aEa_ZRWPpL*-ozc$!LPYg
zFk1os7$t};TppA1it^j$LCjn0=MMv$oJ3%~kRy^9aq0UgcEX+AzXW|NY<uCypbwMR
zkO{sdT3WGijL@tzm(^K}1zl;hgv|w#O5~Bs1ull(h>D}o9QFjk1utc&y2fTEWc^yZ
z;P|!@vbUp_K;Kppe_~`ELAm=hh%v>*H6|asH|T9b%GMq!CDvlb_pYJ`SMYbdf-BIb
z2CmAx*ZNnP_YAIrtG<5hU-z%}%e)0w&~f?F2DQQ!yzTYg!WH~z#JJ2Y)DUBPg)z8-
z4NxXXD1vSP$>!WBOaI8ux6T1;WcwMMOczd!hU)5&74=IX-q~dhNQwkO@yu&qGR!~K
zY;x<QOb=Do^pCNxfD)-Y{`So;4a!_nDBZ4pbaMrKrWb&^nZy{p6lxmA%c8PPZ_-G(
zprJL~`5VBU*VCnR!mFIp6{t_2ZEO3jNRVUP8*ZCvrOorag}rtfnqHl$CMS*ItS4F~
zC5{U+Fi;y&4{f^ECv<Y{+lTVkvZ*uQlLpm3Prnw<VVS+96B=gAme6>8@pHe}%rW)U
zF$G0y!_%&1RP!2VlWE;Sd{;2zoN9n3?UROiY!1U(@Js_IR9&|z+v;_C%`H<6rS!hG
zJ7&K7UehL93lrw9=^Fd>$C$5L5b+fdW~eyW-`lm4rB?=e(c*e&>#fUja`)s}9KO@*
z&G47{Xw*`Gn4xi$`PoE#XzRU!9dpj>Lu+o0hoD^LI9ICm_IXL^%oTYbS>0{bMlf{=
zR~Y`Fv3+YXF<#610z|e!S01+xu&vB1#jtrR(LZwJsslWqHb#u4xn1Tc)91#`#AbKz
zA=gh~8;SrG?;1>fvW^dWPIYdQKdJ`Qi+btc+NK;*by!`uf?6Q`%uH39tw-lJ-IAFf
zoL^rSxf$bagQs>b*EVq_t)95m^H?>3+{DgqfM7niA^fC^tqwO6R@rm_70edMtc!VW
oHCpk`rAN9U`@Xab<l%XE9-fEi|K;<40RRC1|7I24I{;t+0Bz!y#{d8T
literal 0
HcmV?d00001
diff --git a/charts/commento/templates/_helpers.tpl b/charts/commento/templates/_helpers.tpl
new file mode 100644
index 00000000..4f67e5b7
--- /dev/null
+++ b/charts/commento/templates/_helpers.tpl
@@ -0,0 +1,75 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "commento.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "commento.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "postgres.servicename" -}}
+{{- if .Values.postgres.fullnameOverride }}
+{{- .Values.postgres.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default "postgres" .Values.postgres.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "commento.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "commento.labels" -}}
+helm.sh/chart: {{ include "commento.chart" . }}
+{{ include "commento.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "commento.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "commento.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "commento.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "commento.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/commento/templates/deployment.yaml b/charts/commento/templates/deployment.yaml
new file mode 100644
index 00000000..e18ff597
--- /dev/null
+++ b/charts/commento/templates/deployment.yaml
@@ -0,0 +1,98 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "commento.fullname" . }}
+ labels:
+ {{- include "commento.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "commento.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "commento.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "commento.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.containerPort }}
+ protocol: TCP
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ httpHeaders:
+ - name: Host
+ value: localhost:{{ .Values.containerPort }}
+ {{- with .Values.livenessProbe }}
+ initialDelaySeconds: {{ .initialDelaySeconds }}
+ timeoutSeconds: {{ .timeoutSeconds }}
+ failureThreshold: {{ .failureThreshold }}
+ successThreshold: {{ .successThreshold }}
+ periodSeconds: {{ .periodSeconds }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ httpHeaders:
+ - name: Host
+ value: localhost:{{ .Values.containerPort }}
+ {{- with .Values.readinessProbe }}
+ initialDelaySeconds: {{ .initialDelaySeconds }}
+ timeoutSeconds: {{ .timeoutSeconds }}
+ failureThreshold: {{ .failureThreshold }}
+ successThreshold: {{ .successThreshold }}
+ periodSeconds: {{ .periodSeconds }}
+ {{- end }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ envFrom:
+ - secretRef:
+ name: {{ include "commento.fullname" . }}
+ env:
+ - name: COMMENTO_FORBID_NEW_OWNERS
+ value: {{ .Values.settings.forbidNewOwners | quote }}
+ - name: COMMENTO_GZIP_STATIC
+ value: {{ .Values.settings.gzipStaticContent |quote }}
+ - name: COMMENTO_PORT
+ value: {{ .Values.containerPort | quote }}
+ - name: COMMENTO_ORIGIN
+ value: {{ .Values.settings.protocol }}://{{ .Values.ingress.host }}
+ {{- with .Values.env }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/commento/templates/ingress.yaml b/charts/commento/templates/ingress.yaml
new file mode 100644
index 00000000..073c02f7
--- /dev/null
+++ b/charts/commento/templates/ingress.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "commento.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "commento.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.tls }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.host }}
+ secretName: {{ .Values.ingress.tls.secretName }}
+ {{- end }}
+ rules:
+ - host: {{ .Values.ingress.host | quote }}
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
diff --git a/charts/commento/templates/secrets.yaml b/charts/commento/templates/secrets.yaml
new file mode 100644
index 00000000..94ba6d04
--- /dev/null
+++ b/charts/commento/templates/secrets.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "commento.fullname" . }}
+ labels:
+ {{- include "commento.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+{{- if .Values.postgres.enabled }}
+ COMMENTO_POSTGRES: postgres://{{ .Values.postgres.userDatabase.user }}:{{ .Values.postgres.userDatabase.password }}@{{ include "postgres.servicename" . }}:{{ .Values.postgres.service.port }}/{{ .Values.postgres.userDatabase.name }}?sslmode=disable
+{{- else }}
+{{- with .Values.externalDatabase }}
+ COMMENTO_POSTGRES: postgres://{{ .user }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .name }}?sslmode=disable
+{{- end }}
+{{- end }}
+{{- with .Values.settings.smtp }}
+ {{- if .enabled }}
+ COMMENTO_SMTP_HOST: {{ .host }}
+ COMMENTO_SMTP_PORT: {{ .port | quote }}
+ COMMENTO_SMTP_USERNAME: {{ .name }}
+ COMMENTO_SMTP_PASSWORD: {{ .password | quote }}
+ COMMENTO_SMTP_FROM_ADDRESS: {{ .from }}
+ {{- end }}
+{{- end }}
+{{- if .Values.settings.akismetKey }}
+ COMMENTO_AKISMET_KEY: {{ .Values.settings.akismetKey | quote }}
+{{- end }}
+{{- with .Values.settings.oauth }}
+ {{- if .google.enabled }}
+ COMMENTO_GOOGLE_KEY: {{ .google.key | quote }}
+ COMMENTO_GOOGLE_SECRET: {{ .google.secret | quote }}
+ {{- end }}
+ {{- if .github.enabled }}
+ COMMENTO_GITHUB_KEY: {{ .github.key | quote }}
+ COMMENTO_GITHUB_SECRET: {{ .github.secret | quote }}
+ {{- end }}
+ {{- if .gitlab.enabled }}
+ COMMENTO_GITLAB_KEY: {{ .gitlab.key | quote }}
+ COMMENTO_GITLAB_SECRET: {{ .gitlab.secret | quote }}
+ {{- end }}
+ {{- if .twitter.enabled }}
+ COMMENTO_TWITTER_KEY: {{ .twitter.key | quote }}
+ COMMENTO_TWITTER_SECRET: {{ .twitter.secret | quote }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/commento/templates/service.yaml b/charts/commento/templates/service.yaml
new file mode 100644
index 00000000..cf2d3f36
--- /dev/null
+++ b/charts/commento/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "commento.fullname" . }}
+ labels:
+ {{- include "commento.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "commento.selectorLabels" . | nindent 4 }}
diff --git a/charts/commento/templates/serviceaccount.yaml b/charts/commento/templates/serviceaccount.yaml
new file mode 100644
index 00000000..dd716fc5
--- /dev/null
+++ b/charts/commento/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "commento.serviceAccountName" . }}
+ labels:
+ {{- include "commento.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/commento/templates/tests/test-connection.yaml b/charts/commento/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..81f1a13f
--- /dev/null
+++ b/charts/commento/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "commento.fullname" . }}-test-connection"
+ labels:
+ {{- include "commento.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test-success
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "commento.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/charts/commento/values.yaml b/charts/commento/values.yaml
new file mode 100644
index 00000000..29ff9aa7
--- /dev/null
+++ b/charts/commento/values.yaml
@@ -0,0 +1,202 @@
+## Default values for Commento deployment
+
+## Commento image
+image:
+ repository: registry.gitlab.com/commento/commento
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+## Pull secrets and name override options
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+## Optional service account
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+## Additional pod annotations
+podAnnotations: {}
+
+## Pod security options (Run as nobody)
+podSecurityContext:
+ fsGroup: 65534
+ runAsUser: 65534
+ runAsNonRoot: true
+
+## Default security options to run Commento as non-root, read only container without privilege escalation
+securityContext:
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ privileged: false
+
+## Number of replicas
+replicaCount: 1
+
+## Default service port
+service:
+ type: ClusterIP
+ port: 80
+
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ host:
+ tls: {}
+ # secretName: chart-example-tls
+
+## Resource limits and requests
+resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Default node type for the image
+nodeSelector:
+ kubernetes.io/arch: amd64
+
+tolerations: []
+
+affinity: {}
+
+containerPort: 8080
+
+## Default liveness probe
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ periodSeconds: 10
+
+## Default readiness probe
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ periodSeconds: 30
+
+## Additional environment variables
+env: []
+
+## External database settings (is used when postgres.enabled is false)
+externalDatabase:
+ ## Name of the database (default: commento)
+ name: commento
+
+ ## Database user
+ user:
+
+ ## Database password
+ password:
+
+ ## Database host
+ host:
+
+ ## Database port (default: 5432)
+ port: 5432
+
+settings:
+ ## Protocol for generated links (default: https)
+ protocol: https
+
+ ## Forbid new owners
+ forbidNewOwners: false
+
+ ## Serve static content GZIP compressed to client
+ gzipStaticContent: false
+
+ ## SMTP configuration
+ smtp:
+ ## Enable SMTP (default: false)
+ enabled: false
+
+ ## SMTP host
+ host:
+
+ ## SMTP port (default: 465)
+ port: 465
+
+ ## SMTP user name
+ name:
+
+ ## SMTP password
+ password:
+
+ ## SMTP from address
+ from:
+
+ ## Optional Akismet key
+ akismetKey:
+
+ ## Support for OAuth authentification for different providers
+ oauth:
+ ## Google OAuth
+ google:
+ enabled: false
+ key:
+ secret:
+
+ ## Github OAuth
+ github:
+ enabled: false
+ key:
+ secret:
+
+ ## Gitlab OAuth
+ gitlab:
+ enabled: false
+ key:
+ secret:
+
+ # Twitter OAuth
+ twitter:
+ enabled: false
+ key:
+ secret:
+
+## PostgreSQL configuration
+postgres:
+ ## Enable PostgreSQL helm chart for deployment (default: false)
+ enabled: false
+
+ ## Database configuration
+ settings:
+
+ ## The superuser password (default: a 10 char. alpahnumerical random password will be generated)
+ superuserPassword:
+
+ ## User database which is created during first startup with user and password
+ userDatabase:
+ ## Database name
+ name:
+ ## Database user
+ user:
+ ## Database password (default: 10 alphanum. random characters)
+ password:
+
+ # Storage parameters
+ storage:
+ ## Set persistentVolumenClaimName to reference an existing PVC
+ # persistentVolumeClaimName: <own-pvc-name>
+
+ ## Alternative set requestedSize to define a size for a dynmaically created PVC
+ # requestedSize: <volume-size>
+
+ ## the storage class name
+ # className:
--
GitLab