Fix Redis password in Chart (#320)

* Fix NOTES.txt

* Added Redis password

* Updated README.md

README.md

@@ -1,6 +1,8 @@
 ![Docker images](https://github.com/invoiceninja/dockerfiles/workflows/Docker%20images/badge.svg)
 [![Docker image, latest](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/latest?label=latest)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Docker image, alpine](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/alpine?label=alpine)](https://hub.docker.com/r/invoiceninja/invoiceninja)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/invoiceninja)](https://artifacthub.io/packages/search?repo=invoiceninja)
+
 
 # Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
@@ -8,14 +10,19 @@
 
 :lock: Automatic HTTPS (:heart: [Caddy](https://caddyserver.com/))  
 :fire: NGINX webserver support [NGINX](https://nginx.org/)  
-:hammer: Fully production-ready through docker-compose  
+:hammer: Fully production-ready through Helm Chart  
 :pencil: Adjustable to your needs via environment variable  
 
-## You want some Kubernetes + Helm with that?
-[Helm Chat](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
-[Kubernetes](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk
+## Get some Kubernetes + Helm with that!
 
-## Quickstart V5 Launch
+Introducing our very own [Helm Chart](https://github.com/invoiceninja/dockerfiles/tree/master/charts/invoiceninja) that helps you launch a simple standalone app to a production-ready, highly available Invoice Ninja setup. All you need to do is initialise Kubernetes (available with Docker Desktop), install [Helm](https://helm.sh/docs/intro/install/), and spin up Invoice Ninja using the steps provided [here](https://github.com/invoiceninja/dockerfiles/tree/master/charts/invoiceninja#installing-the-chart).
+
+Other resources:
+
+[Helm Chart](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
+[K8s Manifest](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk
+
+## Alternatively get started with Docker Compose
 
 The dockerfile has been revamped to make it easier to get started, by default the base image selected is 5 which will pull in the latest v5 stable image.
 
@@ -79,7 +86,7 @@ All that is left to do now is bring up the container
 
 When deploying on an ARM64 system, you need to comment out the `image: mysql:5` line and uncomment `image: mariadb:10.4` in the `docker-compose.yml` file.
 
-## Updating the Image when using `docker-compose`
+### Updating the Image when using `docker-compose`
 
 As `docker-compose` does not support any form of version control, this git provide updates to `docker-compose.yml` directly.
 

charts/invoiceninja/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 1.4.2
 - name: nginx
   repository: https://charts.bitnami.com/bitnami
-  version: 8.8.0
+  version: 8.8.1
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
   version: 9.3.6
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 12.9.0
-digest: sha256:008659600506cbc8dd5c9b8e96ce81430e4d8582368646469aa17a37441f5bbc
-generated: "2021-03-29T18:41:17.978475+08:00"
+  version: 12.9.2
+digest: sha256:fd3577637e412f553b3300f0c174ea7282073e0971da621d2f5c0e43b8f2fdfc
+generated: "2021-04-07T20:59:19.568334+08:00"

charts/invoiceninja/Chart.yaml

@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.3.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

charts/invoiceninja/README.md

@@ -12,6 +12,7 @@ Please read [Upgrading](#upgrading) section before upgrading MAJOR versions.
 - The Bitnami [common](https://github.com/bitnami/charts/tree/master/bitnami/common) helm chart
 - The Bitnami [mariadb](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) helm chart
 - The Bitnami [nginx](https://github.com/bitnami/charts/tree/master/bitnami/nginx) helm chart
+- The Bitnami [redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) helm chart
 - Tested on Kubernetes 1.17+
 
 ## Installing the Chart
@@ -41,6 +42,8 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following table lists the configurable parameters of the Invoiceninja chart and their default values.
 
+> NOTE: You MUST set any values that default to random or risk losing access after an upgrade. See how [here](https://github.com/lwj5/dockerfiles/tree/redis-pw/charts/invoiceninja#installing-with-arguments)
+
 ### Global Configuration
 
 The following table shows the configuration options for the Invoiceninja helm chart:
@@ -158,19 +161,18 @@ The following table shows the configuration options for the Invoiceninja helm ch
 
 ### Redis parameters
 
-| Parameter                         | Description                                  | Default |
-| --------------------------------- | -------------------------------------------- | ------- |
-| `redis.enabled`                   | If external redis is used, set it to `false` | `true`  |
-| `redis.password`                  | Redis password                               | `nil`   |
-| `redis.usePassword`               | Use redis password                           | `false` |
-| `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`  |
-| `redis.sentinel.usePassword`      | Use password for sentinel containers         | `false` |
-| `externalRedis.host`              | Host of the external redis                   | `nil`   |
-| `externalRedis.port`              | Port of the external redis                   | `6379`  |
-| `externalRedis.password`          | Password for the external redis              | `nil`   |
-| `externalRedis.sentinel`          | Using sentinels                              | `false` |
-| `externalRedis.databases.default` | Database to use by default                   | `0`     |
-| `externalRedis.databases.cache`   | Database to use by cache                     | `1`     |
+| Parameter                         | Description                                  | Default                                   |
+| --------------------------------- | -------------------------------------------- | ----------------------------------------- |
+| `redis.enabled`                   | If external redis is used, set it to `false` | `true`                                    |
+| `redis.password`                  | Redis password                               | _random 10 character alphanumeric string_ |
+| `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`                                    |
+| `redis.sentinel.usePassword`      | Use password for sentinel containers         | `false`                                   |
+| `externalRedis.host`              | Host of the external redis                   | `nil`                                     |
+| `externalRedis.port`              | Port of the external redis                   | `6379`                                    |
+| `externalRedis.password`          | Password for the external redis              | `nil`                                     |
+| `externalRedis.sentinel`          | Using sentinels                              | `false`                                   |
+| `externalRedis.databases.default` | Database to use by default                   | `0`                                       |
+| `externalRedis.databases.cache`   | Database to use by cache                     | `1`                                       |
 
 > See [Dependencies](#dependencies) for more.
 
@@ -208,11 +210,17 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 
 ```bash
 helm install invoiceninja \
---set replicaCount=3,livenessProbe.initialDelaySeconds=90 \
+  --set appKey=changeit \
+  --set replicaCount=3 \
+  --set nginx.replicaCount=3 \
+  --set redis.cluster.slaveCount=3 \
+  --set redis.password=changeit \
+  --set mariadb.auth.rootPassword=changeit \
+  --set mariadb.auth.password=changeit \
   invoiceninja/invoiceninja
 ```
 
-The above command sets the number of replicas to 4, and the liveness probe delay to 90 seconds.
+The above command sets the number of replicas to 3 for a highly available (HA) setup. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup.
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while [installing](https://helm.sh/docs/helm/helm_install/) the chart. For example,
 

charts/invoiceninja/templates/NOTES.txt

@@ -16,18 +16,18 @@ Externally through the following DNS name:
 -- OR --
 {{ end }}
 
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+{{- if contains "NodePort" .Values.nginx.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "invoiceninja.nginx.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
+{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "invoiceninja.nginx.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "invoiceninja.nginx.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+{{- else if contains "ClusterIP" .Values.nginx.service.type }}
+  export SVC_NAME=$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name=nginx,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export SVC_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} $SVC_NAME -o jsonpath="{.spec.ports[0].port}")
   echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+  kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 8080:$SVC_PORT
 {{- end }}

charts/invoiceninja/templates/_helpers.tpl

@@ -221,7 +221,7 @@ Return the Cache Connection Name
 {{- end -}}
 
 {{/*
-Return the Broadcast Driver Name
+Return the Queue Connection Name
 */}}
 {{- define "invoiceninja.redisQueueConnection" -}}
 {{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
@@ -230,3 +230,14 @@ Return the Broadcast Driver Name
     {{- printf "default" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Return the Session Connection Name
+*/}}
+{{- define "invoiceninja.redisSessionConnection" -}}
+{{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
+    {{- printf "sentinel-default" -}}
+{{- else -}}
+    {{- printf "default" -}}
+{{- end -}}
+{{- end -}}

charts/invoiceninja/templates/configmap.yaml

@@ -55,3 +55,4 @@ data:
   REDIS_BROADCAST_CONNECTION: {{ include "invoiceninja.redisBroadcastConnection" . | quote }}
   REDIS_CACHE_CONNECTION: {{ include "invoiceninja.redisCacheConnection" . | quote }}
   REDIS_QUEUE_CONNECTION: {{ include "invoiceninja.redisQueueConnection" . | quote }}
+  SESSION_CONNECTION: {{ include "invoiceninja.redisSessionConnection" . | quote }}

charts/invoiceninja/templates/deployment.yaml

@@ -133,7 +133,7 @@ spec:
                 secretKeyRef:
                   name: {{ include "invoiceninja.databaseSecretName" . }}
                   key: mariadb-password
-            {{- if not (and .Values.redis.enabled (not .Values.redis.usePassword)) }}
+            {{- if or (and .Values.redis.enabled .Values.redis.usePassword) (or .Values.externalRedis.password .Values.externalRedis.existingSecret) }}
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:

charts/invoiceninja/values.yaml

@@ -335,7 +335,6 @@ autoscaling:
 ##
 redis:
   enabled: true
-  usePassword: false
   sentinel:
     enabled: true
     usePassword: false