feat(inventree): add inventree (#2576)

* feat(inventree): add inventree

* update gui

* app nginx

* fix path

* fix(templates): expect of cidr must be string instead of int

* fix worker vols

* root

* no root

* use container's uesr

* root group

* rofs

* try without nginx

* try without nginx

* remove

* start server as additionalcont to start first

* init db

* check

* migrate

* init account

* add secret on ui
This commit is contained in:
Stavros Kois
2022-04-28 23:00:02 +03:00
committed by GitHub
parent f0a4260346
commit 968cb8b22d
9 changed files with 699 additions and 2 deletions
+31
View File
@@ -0,0 +1,31 @@
apiVersion: v2
appVersion: "10.6.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 9.3.2
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 7.0.50
description: InvenTree is an open-source Inventory Management System which provides powerful low-level stock control and part tracking.
home: https://github.com/truecharts/apps/tree/master/charts/stable/inventree
icon: https://truecharts.org/_static/img/appicons/inventree.png
keywords:
- inventory
- inventree
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: inventree
sources:
- https://inventree.readthedocs.io
- https://github.com/inventree/InvenTree
version: 0.0.1
annotations:
truecharts.org/catagories: |
- utilities
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+381
View File
@@ -0,0 +1,381 @@
# Include{groups}
portals:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: secret
group: "Container Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: INVENTREE_ADMIN_EMAIL
label: "INVENTREE_ADMIN_EMAIL (Initial install only)"
schema:
type: string
required: true
default: ""
- variable: INVENTREE_ADMIN_USER
label: "INVENTREE_ADMIN_USER (Initial install only)"
schema:
type: string
required: true
default: ""
- variable: INVENTREE_ADMIN_PASSWORD
label: "INVENTREE_ADMIN_PASSWORD (Initial install only)"
schema:
type: string
required: true
private: true
default: ""
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: INVENTREE_LOGIN_CONFIRM_DAYS
label: 'INVENTREE_LOGIN_CONFIRM_DAYS'
description: "Duration for which confirmation links are valid"
schema:
type: int
default: 3
- variable: INVENTREE_LOGIN_ATTEMPTS
label: 'INVENTREE_LOGIN_ATTEMPTS'
description: "Count of allowed login attempts before blocking user"
schema:
type: int
default: 5
- variable: INVENTREE_PLUGINS_ENABLED
label: 'INVENTREE_PLUGINS_ENABLED'
description: "Enable plugin support"
schema:
type: boolean
default: false
- variable: INVENTREE_DEBUG
label: 'INVENTREE_DEBUG'
description: "Enable debug mode"
schema:
type: boolean
default: false
- variable: INVENTREE_LOG_LEVEL
label: 'INVENTREE_LOG_LEVEL'
description: "Set level of logging to terminal"
schema:
type: string
default: "INFO"
enum:
- value: "INFO"
description: "INFO"
- value: "DEBUG"
description: "DEBUG"
- value: "WARNING"
description: "WARNING"
- value: "ERROR"
description: "ERROR"
- value: "CRITICAL"
description: "CRITICAL"
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10231
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 8000
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: persistence
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
additional_attrs: true
type: dict
attrs:
- variable: data
label: "App Data Storage"
description: "Stores the Application Data."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: false
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}
@@ -0,0 +1,20 @@
{{/* Define the secrets */}}
{{- define "inventree.secrets" -}}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: inventree-secrets
{{- $inventreeprevious := lookup "v1" "Secret" .Release.Namespace "inventree-secrets" }}
{{- $secret_key := "" }}
data:
{{- if $inventreeprevious}}
INVENTREE_SECRET_KEY: {{ index $inventreeprevious.data "INVENTREE_SECRET_KEY" }}
{{- else }}
{{- $secret_key := randAlphaNum 32 }}
INVENTREE_SECRET_KEY: {{ $secret_key | b64enc }}
{{- end }}
{{- end -}}
@@ -0,0 +1,8 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{/* Render secrets for inventree */}}
{{- include "inventree.secrets" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}
@@ -0,0 +1,70 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-config
labels:
{{- include "common.labels" . | nindent 4 }}
data:
nginx-config: |-
server {
# Listen for connection on (internal) port 80
listen 10231;
real_ip_header proxy_protocol;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header CLIENT_IP $remote_addr;
proxy_pass_request_headers on;
proxy_redirect off;
client_max_body_size 100M;
proxy_buffering off;
proxy_request_buffering off;
# Change 'inventree-server' to the name of the inventree server container,
# and '8000' to the INVENTREE_WEB_PORT (if not default)
proxy_pass http://localhost:8000;
}
# Redirect any requests for static files
location /static/ {
alias /var/www/static/;
autoindex on;
# Caching settings
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
# Redirect any requests for media files
location /media/ {
alias /var/www/media/;
# Media files require user authentication
auth_request /auth;
}
# Use the 'user' API endpoint for auth
location /auth {
internal;
proxy_pass http://localhost:8000/auth/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
+181
View File
@@ -0,0 +1,181 @@
image:
repository: inventree/inventree
tag: 0.6.3@sha256:dc583301371686a30c919a25dd68e5101ea9ecb8cb63dde617fa8b2c44c27ff6
pullPolicy: IfNotPresent
# nginxImage:
# repository: tccr.io/truecharts/nginx
# tag: v1.21.6@sha256:79875e354f6669f0fe8a31026a092734fd914ab041de0f3d8462e0117be37fd3
securityContext:
readOnlyRootFilesystem: false
# runAsNonRoot: false
podSecurityContext:
runAsUser: 100
# runAsGroup: 0
secret:
INVENTREE_ADMIN_EMAIL: "test@example.com"
INVENTREE_ADMIN_USER: "super"
INVENTREE_ADMIN_PASSWORD: "secret"
env:
INVENTREE_DB_ENGINE: "postgresql"
INVENTREE_DB_NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
INVENTREE_DB_USER: "{{ .Values.postgresql.postgresqlUsername }}"
INVENTREE_DB_PORT: "5432"
INVENTREE_TIMEZONE: "{{ .Values.TZ }}"
# User Defined
INVENTREE_DEBUG: false
INVENTREE_LOG_LEVEL: "INFO"
INVENTREE_PLUGINS_ENABLED: false
INVENTREE_LOGIN_CONFIRM_DAYS: 3
INVENTREE_LOGIN_ATTEMPTS: 5
envValueFrom:
INVENTREE_DB_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
INVENTREE_DB_HOST:
secretKeyRef:
name: dbcreds
key: plainhost
INVENTREE_SECRET_KEY:
secretKeyRef:
name: inventree-secrets
key: INVENTREE_SECRET_KEY
service:
main:
ports:
main:
port: 10231
targetPort: 8000
persistence:
data:
enabled: true
mountPath: "/home/inventree/data"
initContainers:
init-migrate:
name: init-migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: data
mountPath: "/home/inventree/data"
env:
- name: INVENTREE_TIMEZONE
value: "{{ .Values.TZ }}"
- name: INVENTREE_DB_ENGINE
value: "postgresql"
- name: INVENTREE_DB_NAME
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: INVENTREE_DB_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: INVENTREE_DB_PORT
value: "5432"
- name: INVENTREE_DB_HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: INVENTREE_DB_PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: INVENTREE_SECRET_KEY
valueFrom:
secretKeyRef:
name: inventree-secrets
key: INVENTREE_SECRET_KEY
- name: INVENTREE_LOG_LEVEL
value: "{{ .Values.env.INVENTREE_LOG_LEVEL }}"
- name: INVENTREE_DEBUG
value: "{{ .Values.env.INVENTREE_DEBUG }}"
- name: INVENTREE_LOGIN_CONFIRM_DAYS
value: "{{ .Values.env.INVENTREE_LOGIN_CONFIRM_DAYS }}"
- name: INVENTREE_LOGIN_ATTEMPTS
value: "{{ .Values.env.INVENTREE_LOGIN_ATTEMPTS }}"
- name: INVENTREE_PLUGINS_ENABLED
value: "{{ .Values.env.INVENTREE_PLUGINS_ENABLED }}"
command: ["sh", "-c"]
args:
- >
cd /home/inventree;
invoke update;
additionalContainers:
# nginx:
# name: nginx
# image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
# ports:
# - containerPort: 10231
# name: main
# volumeMounts:
# - name: inventree-config
# mountPath: "/etc/nginx/conf.d/default.conf"
# subPath: nginx-config
# readOnly: true
# - name: data
# mountPath: "/var/www"
worker:
name: worker
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["invoke", "worker"]
volumeMounts:
- name: data
mountPath: "/home/inventree/data"
env:
- name: INVENTREE_ADMIN_EMAIL
value: "{{ .Values.secret.INVENTREE_ADMIN_EMAIL }}"
- name: INVENTREE_ADMIN_USER
value: "{{ .Values.secret.INVENTREE_ADMIN_USER }}"
- name: INVENTREE_ADMIN_PASSWORD
value: "{{ .Values.secret.INVENTREE_ADMIN_PASSWORD }}"
- name: INVENTREE_TIMEZONE
value: "{{ .Values.TZ }}"
- name: INVENTREE_DB_ENGINE
value: "postgresql"
- name: INVENTREE_DB_NAME
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: INVENTREE_DB_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: INVENTREE_DB_PORT
value: "5432"
- name: INVENTREE_DB_HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: INVENTREE_DB_PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: INVENTREE_SECRET_KEY
valueFrom:
secretKeyRef:
name: inventree-secrets
key: INVENTREE_SECRET_KEY
- name: INVENTREE_LOG_LEVEL
value: "{{ .Values.env.INVENTREE_LOG_LEVEL }}"
- name: INVENTREE_DEBUG
value: "{{ .Values.env.INVENTREE_DEBUG }}"
- name: INVENTREE_LOGIN_CONFIRM_DAYS
value: "{{ .Values.env.INVENTREE_LOGIN_CONFIRM_DAYS }}"
- name: INVENTREE_LOGIN_ATTEMPTS
value: "{{ .Values.env.INVENTREE_LOGIN_ATTEMPTS }}"
- name: INVENTREE_PLUGINS_ENABLED
value: "{{ .Values.env.INVENTREE_PLUGINS_ENABLED }}"
# Enabled postgres
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: inventree
postgresqlDatabase: inventree
+1 -1
View File
@@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: paperless-ng
version: 2.0.20
version: 2.0.21
appVersion: "1.6.0"
description: Paperless-ngx is an application by Daniel Quinn and contributors that indexes your scanned documents.
type: application
@@ -107,6 +107,12 @@ questions:
additional_attrs: true
type: dict
attrs:
- variable: PAPERLESS_URL
label: "PAPERLESS_URL"
description: "This is required if you will be exposing Paperless-ngx on a public domain."
schema:
type: string
default: ""
- variable: PAPERLESS_WEBSERVER_WORKERS
label: "PAPERLESS_WEBSERVER_WORKERS"
description: "The number of worker processes the webserver should spawn."
+1 -1
View File
@@ -110,7 +110,7 @@
- variable: exceptint
label: ""
schema:
type: int
type: string
- variable: namespaceSelector
label: "namespaceSelector"
schema: