Add caching to build (#369)

* Rename publish workflow

* Add caching to v5

* Updated cache buster

.github/workflows/build-image-v5.yml

@@ -0,0 +1,57 @@
+name: Build Container Image
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
+on:
+  pull_request:
+    paths:
+      - "alpine/5/**"
+  push:
+    paths:
+      - "alpine/5/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./alpine/5/
+          build-args: INVOICENINJA_VERSION=5-stable
+          target: prod
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/publish-image.yml

@@ -1,4 +1,4 @@
-name: Publish Releases to Hub
+name: Publish Container Image
 
 # When its time to do a release do a full cross platform build for all supported
 # architectures and push all of them to Docker Hub.
@@ -48,9 +48,9 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          key: ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/**') }}
           restore-keys: |
-            ${{ runner.os }}-buildx-
+            ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/**') }}
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'

.github/workflows/release.yaml

@@ -27,6 +27,6 @@ jobs:
           helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@master
+        uses: helm/chart-releaser-action@v1.2.1
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -8,4 +8,7 @@ ehthumbs.db
 Thumbs.db
 
 # Helm
-charts/**/charts/
+charts/**/charts/
+
+# Compose filesystem
+/docker

Makefile

@@ -17,15 +17,15 @@ VERSION=$(shell echo ${TAG} | sed "s/-.*//")
 
 # Building docker images based on alpine.
 # Assigned tags:
-#   - :alpine
-#   - :alpine-<RELEASE VERSION>
+#   - :4
+#   - :<RELEASE VERSION>
 .PHONY: build-alpine
 build-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Building "$(VERSION)" tagged images from alpine.)
-	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
-	# Tag as alpine-4
-	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
+	# Tag as 4
+	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 
@@ -33,8 +33,8 @@ endif
 push-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Pushing tagged images from alpine.)
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION}
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:${VERSION}
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 

README.md

@@ -1,70 +1,68 @@
 ![Docker images](https://github.com/invoiceninja/dockerfiles/workflows/Docker%20images/badge.svg)
 [![Docker image, latest](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/latest?label=latest)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Docker image, alpine](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/alpine?label=alpine)](https://hub.docker.com/r/invoiceninja/invoiceninja)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/invoiceninja)](https://artifacthub.io/packages/search?repo=invoiceninja)
+[![Pusblish Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml) [![Cache v5 Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
 
-# Docker for [Invoice Ninja](https://www.invoiceninja.com/) 
+
+
+# Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
 :crown: **Features**
 
 :lock: Automatic HTTPS (:heart: [Caddy](https://caddyserver.com/))  
 :fire: NGINX webserver support [NGINX](https://nginx.org/)  
-:hammer: Fully production-ready through docker-compose  
+:hammer: Fully production-ready through Helm Chart  
 :pencil: Adjustable to your needs via environment variable  
 
-## You want some Kubernetes + Helm with that?
-[Helm Chat](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
-[Kubernetes](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk 
+## Get some Kubernetes + Helm with that!
 
-## Quickstart V5 Launch
+Introducing our very own [Helm Chart](https://github.com/invoiceninja/dockerfiles/tree/master/charts/invoiceninja) that helps you launch a simple standalone app to a production-ready, highly available Invoice Ninja setup. All you need to do is initialise Kubernetes (available with Docker Desktop), install [Helm](https://helm.sh/docs/intro/install/), and spin up Invoice Ninja using the steps provided [here](https://github.com/invoiceninja/dockerfiles/tree/master/charts/invoiceninja#installing-the-chart).
 
-The dockerfile has been revamped to make is easier to get started, by default the base image selected in 5 which will pull in the latest v5 stable image.
+Other resources:
+
+[Helm Chart](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
+[K8s Manifest](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk
+
+## Alternatively get started with Docker Compose
+
+The dockerfile has been revamped to make it easier to get started, by default the base image selected is 5 which will pull in the latest v5 stable image.
 
 ```bash
 git clone https://github.com/invoiceninja/dockerfiles.git
 cd dockerfiles
 ```
 
-Instead of defining our environment variables inside our docker-compose.yml file we now define this in the ```env``` file, open this file up and insert your APP_URL and your APP_KEY
+Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
 
 ```
 APP_URL=http://in.localhost:8003/
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
-DB_HOST1=db
-DB_PORT1=3306
-DB_USERNAME1=ninja
-DB_PASSWORD1=ninja
-DB_DATABASE1=ninja
-PHANTOMJS_PDF_GENERATION=false
+REQUIRE_HTTPS=false
+IN_USER_EMAIL=
+IN_PASSWORD=
 ```
 
-The ```APP_KEY``` can be generated by running
+If `IN_USER_EMAIL` and `IN_PASSWORD` is not set the default user email and password is "admin@example.com" and "changeme!" respectively. You will use this for the initial login, thereafter, you can delete this two environment variables.
 
-```
+The `APP_KEY` can be generated by running
+
+```bash
 docker run --rm -it invoiceninja/invoiceninja php artisan key:generate --show
 ```
 
-Copy the entire string and insert in the env file at ```APP_KEY=base64....```
+Copy the entire string and insert in the env file at `APP_KEY=base64....`
 
-To ensure folder permissions are correct when the container comes up for the first time it is important that you set the correct folder permissions on the ```docker``` folder.
+To ensure folder permissions are correct when the container comes up for the first time it is important that you set the correct folder permissions on the `docker` folder.
 
 From the terminal run
 
-```sudo chown -R 1500:1500 docker/app```
-
-## Updating the image when using `docker-compose`
-
-As `docker-compose` does not support any form of version control, this git provide updates to `docker-compose.yml` directly. 
-
-To upgrade to a newer release image, please make sure to update the `docker-compose.yml` first by running
-
 ```bash
-git pull
+chmod 755 docker/app/public
+sudo chown -R 1500:1500 docker/app
 ```
 
-You may need to manually merge any changes that cannot be merged automatically by git.
-
 ### Note for people running the container locally on their PC ###
 
 If you are running the container locally, then the container will need to resolve the host, to support this you will want to insert your LAN IP address and the host name in the hosts file located in ```config/hosts```
@@ -74,7 +72,7 @@ For example, lets say your APP_URL is ```http://in5.test:8000``` and your LAN IP
 
 ```192.168.0.124 in5.test```
 
-**Please note that PDF generation using local host your domain name MUST end in .test for your PDFs to generate correctly, this is a DNS resolver issue with chromium.
+**Please note that for PDF generation using local host, your domain name MUST end in .test for your PDFs to generate correctly, this is a DNS resolver issue with chromium.
 
 All that is left to do now is bring up the container
 
@@ -84,6 +82,22 @@ All that is left to do now is bring up the container
 
 **Note: When performing the setup, the Database host is ```db```
 
+### Running on ARM64 (Raspberry Pi 4)
+
+When deploying on an ARM64 system, you need to comment out the `image: mysql:5` line and uncomment `image: mariadb:10.4` in the `docker-compose.yml` file.
+
+### Updating the Image when using `docker-compose`
+
+As `docker-compose` does not support any form of version control, this git provide updates to `docker-compose.yml` directly.
+
+To upgrade to a newer release image, please make sure to update the `docker-compose.yml` first by running
+
+```bash
+git pull
+```
+
+You may need to manually merge any changes that cannot be merged automatically by git.
+
 ## Support
 
 If you discover a bug, please create and issue, if you query is general in nature please visit us on our [Forum ](https://forum.invoiceninja.com/)

alpine/4/rootfs/usr/local/bin/docker-entrypoint

@@ -83,7 +83,7 @@ fi
 rm -rf "$BAK_PUBLIC_PATH"
 
 # Set permission for web server to create/update files (only <v4)
-chown -R "$INVOICENINJA_USER":www-data /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
+chown -R "$INVOICENINJA_USER":"$INVOICENINJA_USER" /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'

alpine/5/Dockerfile

@@ -28,7 +28,7 @@ RUN npm install --production \
     && mv /var/www/app/public $BAK_PUBLIC_PATH  
 
 # Prepare php image
-FROM php:${PHP_VERSION}-fpm-alpine as prod
+FROM php:${PHP_VERSION}-fpm-alpine3.13 as prod
 ARG INVOICENINJA_VERSION
 ARG BAK_STORAGE_PATH
 ARG BAK_PUBLIC_PATH

alpine/5/cache_buster

@@ -0,0 +1 @@
+Fri Jul  2 7:33:22 +00 2021

alpine/5/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+php artisan db:seed --force
+
+# Build up array of arguments...
+if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+    email="--email ${IN_USER_EMAIL}"
+fi
+
+if [[ ! -z "${IN_PASSWORD}" ]]; then
+    password="--password ${IN_PASSWORD}"
+fi
+
+php artisan ninja:create-account $email $password

alpine/5/rootfs/usr/local/bin/docker-entrypoint

@@ -27,60 +27,71 @@ file_env() {
     local fileVar="${var}_FILE"
     local def="${2:-}"
 
-    if [ "$(ie_gv ${var})" != "" ] && [ "$(ie_gv ${fileVar})" != "" ]; then
-        in_error "Both $var and $fileVar are set (but are exclusive)"
-    fi
-
-    local val="$def"
     if [ "$(ie_gv ${var})" != "" ]; then
-        val=$(ie_gv ${var})
-    elif [ "$(ie_gv ${fileVar})" != "" ]; then
-        val=$(cat $(ie_gv ${fileVar}))
+        if [ "$(ie_gv ${fileVar})" != "" ]; then
+            in_error "Both $var and $fileVar are set (but are exclusive)"
+        fi
+        unset "$fileVar"
+        return
+    fi
+
+    if [ "$(ie_gv ${fileVar})" != "" ] && [ -f "$(ie_gv ${fileVar})" ]; then
+        export "$var"="$(cat $(ie_gv ${fileVar}))"
+    elif [ ! -z "$def" ]; then
+        export "$var"="$def"
     fi
 
-    export "$var"="$val"
     unset "$fileVar"
 }
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-    set -- php-fpm "$@"
+    set -- supervisord "$@"
 fi
 
 # create storage volume
-if [ ! -d /var/www/app/storage ] && [ -d "$BAK_STORAGE_PATH" ]; then
-    mv "$BAK_STORAGE_PATH" /var/www/app/storage
-elif [ -d "$BAK_STORAGE_PATH" ]; then
-    # copy missing folders in storage
-    IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
-    for path in $IN_STORAGE_BACKUP; do
-        if [ ! -e "/var/www/app/storage/$path" ]; then
-            cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
-        fi
-    done
+if [ -d "$BAK_STORAGE_PATH" ]; then
+    if [ ! -d /var/www/app/storage ]; then
+        mv "$BAK_STORAGE_PATH" /var/www/app/storage
+    else
+        # copy missing folders in storage
+        IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
+        for path in $IN_STORAGE_BACKUP; do
+            if [ ! -e "/var/www/app/storage/$path" ]; then
+                cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
+            fi
+        done
+    fi
+    rm -rf "$BAK_STORAGE_PATH"
+fi
+
+# prevent init scripts from running when upgrading from IN <= 5.1.62
+if [ -f /var/www/app/public/version ] && [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
+    touch /var/www/app/storage/.initialized
 fi
-rm -rf "$BAK_STORAGE_PATH"
 
 # create public volume
-if [ ! -d /var/www/app/public ] && [ -d "$BAK_PUBLIC_PATH" ]; then
-    mv "$BAK_PUBLIC_PATH" /var/www/app/public
-elif [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
-    # version mismatch, update all
-    cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
-    echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
-elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    # missing logo folder only, copy folder
-    cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
-elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    # copy missing folders in logo
-    IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
-    for path in $IN_LOGO_BACKUP; do
-        if [ ! -e "/var/www/app/public/logo/$path" ]; then
-            cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
-        fi
-    done
+if [ -d "$BAK_PUBLIC_PATH" ]; then
+    if [ ! -d /var/www/app/public ]; then
+        mv "$BAK_PUBLIC_PATH" /var/www/app/public
+    elif [ ! -f /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
+        # version mismatch, update all
+        cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
+        echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
+    elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        # missing logo folder only, copy folder
+        cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
+    elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        # copy missing folders in logo
+        IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
+        for path in $IN_LOGO_BACKUP; do
+            if [ ! -e "/var/www/app/public/logo/$path" ]; then
+                cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
+            fi
+        done
+    fi
+    rm -rf "$BAK_PUBLIC_PATH"
 fi
-rm -rf "$BAK_PUBLIC_PATH"
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'
@@ -98,10 +109,10 @@ file_env 'MAILGUN_SECRET'
 file_env 'S3_KEY'
 file_env 'S3_SECRET'
 
-# Run Laravel stuff
+# Run IN/Laravel stuff
 if [[ "$1" == "supervisord" ]] || [[ "$1" == "php-fpm" ]]; then
-    echo "Initialising Laravel..."
-    . laravel-init.sh
+    in_log INFO "Initialising Invoice Ninja..."
+    . invoiceninja-init.sh
 fi
 
 exec docker-php-entrypoint "$@"

alpine/5/rootfs/usr/local/bin/invoiceninja-init.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+    echo
+    local f
+    for f; do
+        case "$f" in
+        *.sh)
+            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+            # https://github.com/docker-library/postgres/pull/452
+            if [ -x "$f" ]; then
+                in_log INFO "$0: running $f"
+                "$f"
+            else
+                in_log INFO "$0: sourcing $f"
+                . "$f"
+            fi
+            ;;
+        *) in_log INFO "$0: ignoring $f" ;;
+        esac
+        echo
+    done
+}
+
+php artisan config:cache
+php artisan optimize
+
+# Check if DB works, if not crash the app.
+DB_READY=$(php artisan tinker --execute='echo app()->call("App\Utils\SystemHealth@dbCheck")["success"];')
+if [ "$DB_READY" != "1" ]; then
+    php artisan migrate:status # Print verbose error
+    in_error "Error connecting to DB"
+fi
+
+php artisan migrate --force
+
+# If first IN run, it needs to be initialized
+if [ ! -f /var/www/app/storage/.initialized ]; then
+    docker_process_init_files /docker-entrypoint-init.d/*
+    touch /var/www/app/storage/.initialized
+fi

alpine/5/rootfs/usr/local/bin/laravel-init.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-php artisan config:cache
-php artisan optimize
-php artisan migrate --force

charts/invoiceninja/Chart.lock

@@ -1,12 +1,15 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.4.1
+  version: 1.4.3
 - name: nginx
   repository: https://charts.bitnami.com/bitnami
-  version: 8.8.0
+  version: 8.8.5
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 9.3.5
-digest: sha256:d809702ee601a8a0019defb9ee3fc5a5b5332968e1038cca8b44d5332b14a275
-generated: "2021-03-23T00:33:02.690189+08:00"
+  version: 9.3.11
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.9.2
+digest: sha256:4255a558312b033e820635f491b0960bd4ec8e716164025212af06adafbd4cb9
+generated: "2021-05-11T09:31:45.433+08:00"

charts/invoiceninja/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: invoiceninja
-description: A Helm chart to install Invoiceninja
+description: A Helm chart to install Invoice Ninja
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -13,14 +13,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.5.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 5.1.30
+appVersion: 5.1.64
 keywords:
   - invoiceninja
-home: https://github.com/lwj5/invoiceninja-chart
+home: https://invoiceninja.github.io/dockerfiles
 sources:
   - https://github.com/invoiceninja/invoiceninja
   - https://github.com/invoiceninja/dockerfiles
@@ -37,6 +37,10 @@ dependencies:
     name: mariadb
     repository: https://charts.bitnami.com/bitnami
     version: 9.3.x
+  - condition: redis.enabled
+    name: redis
+    repository: https://charts.bitnami.com/bitnami
+    version: 12.9.x
 maintainers:
   - email: lwj5@hotmail.com
     name: lwj5

charts/invoiceninja/README.md

@@ -1,9 +1,9 @@
-# Invoiceninja
+# Invoice Ninja Helm Chart
 
-This helm chart installs a Invoiceninja and its dependencies into a running
+This helm chart installs Invoice Ninja (IN) and its dependencies into a running
 Kubernetes cluster.
 
-The chart installs the [Invoiceninja](https://hub.docker.com/r/invoiceninja/invoiceninja) docker image.
+The chart installs the [Invoice Ninja](https://hub.docker.com/r/invoiceninja/invoiceninja) docker image.
 
 Please read [Upgrading](#upgrading) section before upgrading MAJOR versions.
 
@@ -12,6 +12,7 @@ Please read [Upgrading](#upgrading) section before upgrading MAJOR versions.
 - The Bitnami [common](https://github.com/bitnami/charts/tree/master/bitnami/common) helm chart
 - The Bitnami [mariadb](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) helm chart
 - The Bitnami [nginx](https://github.com/bitnami/charts/tree/master/bitnami/nginx) helm chart
+- The Bitnami [redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) helm chart
 - Tested on Kubernetes 1.17+
 
 ## Installing the Chart
@@ -23,7 +24,7 @@ helm repo add invoiceninja https://invoiceninja.github.io/dockerfiles
 helm install invoiceninja invoiceninja/invoiceninja
 ```
 
-The command deploys Invoiceninja on the Kubernetes cluster in the default namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+The command deploys Invoice Ninja on the Kubernetes cluster in the default namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
 
 > **Tip**: List all releases using `helm list`
 
@@ -39,11 +40,13 @@ The command removes all the Kubernetes components associated with the chart and
 
 ## Parameters
 
-The following table lists the configurable parameters of the Invoiceninja chart and their default values.
+The following table lists the configurable parameters of the Invoice Ninja chart and their default values.
+
+> NOTE: You MUST set any values that default to random or risk losing access after an upgrade. See how [here](#installing-with-arguments)
 
 ### Global Configuration
 
-The following table shows the configuration options for the Invoiceninja helm chart:
+The following table shows the configuration options for the Invoice Ninja helm chart:
 
 ### Global parameters
 
@@ -65,34 +68,45 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `kubeVersion`       | Force target Kubernetes version (using Helm capabilities if not set) | `nil`                          |
 | `extraDeploy`       | Array of extra objects to deploy with the release                    | `[]` (evaluated as a template) |
 
-### Invoiceninja parameters
+### Invoice Ninja parameters
 
-| Parameter            | Description                                                     | Default                                                 |
-| -------------------- | --------------------------------------------------------------- | ------------------------------------------------------- |
-| `image.registry`     | Invoiceninja image registry                                     | `docker.io`                                             |
-| `image.repository`   | Invoiceninja image name                                         | `invoiceninja/invoiceninja`                             |
-| `image.tag`          | Invoiceninja image tag                                          | Check `values.yaml` file                                |
-| `image.pullPolicy`   | Invoiceninja image pull policy                                  | `IfNotPresent`                                          |
-| `image.pullSecrets`  | Specify docker-registry secret names as an array                | `[]` (does not add image pull secrets to deployed pods) |
-| `image.debug`        | Specify if debug logs should be enabled                         | `false`                                                 |
-| `serviceAccountName` | Name of a service account for the Invoiceninja pods             | `default`                                               |
-| `debug`              | Turn on debug mode on Invoiceninja                              | `false`                                                 |
-| `appKey`             | Laravel Application Key                                         | _random 32 character alphanumeric string_               |
-| `extraEnvVars`       | Extra environment variables to be set on Invoiceninja container | `{}`                                                    |
-| `extraEnvVarsCM`     | Name of existing ConfigMap containing extra env vars            | `nil`                                                   |
-| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars               | `nil`                                                   |
+| Parameter            | Description                                                      | Default                                                 |
+| -------------------- | ---------------------------------------------------------------- | ------------------------------------------------------- |
+| `image.registry`     | Invoice Ninja image registry                                     | `docker.io`                                             |
+| `image.repository`   | Invoice Ninja image name                                         | `invoiceninja/invoiceninja`                             |
+| `image.tag`          | Invoice Ninja image tag                                          | Check `values.yaml` file                                |
+| `image.pullPolicy`   | Invoice Ninja image pull policy                                  | `IfNotPresent`                                          |
+| `image.pullSecrets`  | Specify docker-registry secret names as an array                 | `[]` (does not add image pull secrets to deployed pods) |
+| `image.debug`        | Specify if debug logs should be enabled                          | `false`                                                 |
+| `serviceAccountName` | Name of a service account for the Invoice Ninja pods             | `default`                                               |
+| `debug`              | Turn on debug mode on Invoice Ninja                              | `false`                                                 |
+| `appKey`             | Laravel Application Key                                          | _random 32 character alphanumeric string_               |
+| `userEmail`          | Initial user email address                                       | `admin@example.com`                                     |
+| `userPassword`       | Initial user password                                            | `changeme!`                                             |
+| `logChannel`         | Name of log channel to use                                       | `nil`                                                   |
+| `broadcastDriver`    | Name of broadcast driver to use                                  | `nil`                                                   |
+| `cacheDriver`        | Name of cache driver to use                                      | `nil`                                                   |
+| `sessionDriver`      | Name of session driver to use                                    | `nil`                                                   |
+| `queueConnection`    | Name of queue connection to use                                  | `nil`                                                   |
+| `snappdf`            | Use snappdf instead of Phantom JS PDF generation                 | `true`                                                  |
+| `mailer`             | Name of the mailer to use (log, smtp, etc.)                      | `log`                                                   |
+| `requireHttps`       | Force HTTPS for internal connections to Invoice Ninja (see #349) | `false`                                                 |
+| `extraEnvVars`       | Extra environment variables to be set on Invoice Ninja container | `{}`                                                    |
+| `extraEnvVarsCM`     | Name of existing ConfigMap containing extra env vars             | `nil`                                                   |
+| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars                | `nil`                                                   |
+| `trustedProxy`       | List of trusted proxies for Invoice Ninja to communicate with the nginx proxy | `'*'`                                                   |
 
-### Invoiceninja deployment parameters
+### Invoice Ninja deployment parameters
 
 | Parameter                   | Description                                                                               | Default                        |
 | --------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------ |
-| `replicaCount`              | Number of Invoiceninja Pods to run                                                        | `1`                            |
+| `replicaCount`              | Number of Invoice Ninja Pods to run                                                       | `1`                            |
 | `containerPorts.fastcgi`    | FastCGI port to expose at container level                                                 | `9000`                         |
-| `podSecurityContext`        | Invoiceninja pods' Security Context                                                       | Check `values.yaml` file       |
-| `containerSecurityContext`  | Invoiceninja containers' Security Context                                                 | Check `values.yaml` file       |
-| `resources`                 | The resources for the Invoiceninja container                                              | `{}`                           |
-| `livenessProbe`             | Liveness probe configuration for Invoiceninja                                             | Check `values.yaml` file       |
-| `readinessProbe`            | Readiness probe configuration for Invoiceninja                                            | Check `values.yaml` file       |
+| `podSecurityContext`        | Invoice Ninja pods' Security Context                                                      | Check `values.yaml` file       |
+| `containerSecurityContext`  | Invoice Ninja containers' Security Context                                                | Check `values.yaml` file       |
+| `resources`                 | The resources for the Invoice Ninja container                                             | `{}`                           |
+| `livenessProbe`             | Liveness probe configuration for Invoice Ninja                                            | Check `values.yaml` file       |
+| `readinessProbe`            | Readiness probe configuration for Invoice Ninja                                           | Check `values.yaml` file       |
 | `updateStrategy`            | Set up update strategy                                                                    | `RollingUpdate`                |
 | `podAntiAffinityPreset`     | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`  | `soft`                         |
 | `nodeAffinityPreset.type`   | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""`                           |
@@ -101,11 +115,23 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `affinity`                  | Affinity for pod assignment                                                               | `{}` (evaluated as a template) |
 | `nodeSelector`              | Node labels for pod assignment                                                            | `{}` (evaluated as a template) |
 | `tolerations`               | Tolerations for pod assignment                                                            | `[]` (evaluated as a template) |
-| `podLabels`                 | Extra labels for Invoiceninja pods                                                        | `{}`                           |
-| `podAnnotations`            | Annotations for Invoiceninja pods                                                         | `{}`                           |
+| `podLabels`                 | Extra labels for Invoice Ninja pods                                                       | `{}`                           |
+| `podAnnotations`            | Annotations for Invoice Ninja pods                                                        | `{}`                           |
 | `extraVolumeMounts`         | Additional volume mounts                                                                  | `[]`                           |
 | `extraVolumes`              | Additional volumes                                                                        | `[]`                           |
 
+### Volume Permissions parameters
+
+| Parameter                             | Description                                                                                                          | Default                                                 |
+| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
+| `volumePermissions.enabled`           | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false`                                                 |
+| `volumePermissions.image.registry`    | Init container volume-permissions image registry                                                                     | `docker.io`                                             |
+| `volumePermissions.image.repository`  | Init container volume-permissions image name                                                                         | `bitnami/bitnami-shell`                                 |
+| `volumePermissions.image.tag`         | Init container volume-permissions image tag                                                                          | `"10"`                                                  |
+| `volumePermissions.image.pullPolicy`  | Init container volume-permissions image pull policy                                                                  | `Always`                                                |
+| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array                                                                     | `[]` (does not add image pull secrets to deployed pods) |
+| `volumePermissions.resources`         | Init container volume-permissions resource                                                                           | `{}`                                                    |
+
 ### Exposure parameters
 
 | Parameter                          | Description                                                                | Default                        |
@@ -113,7 +139,7 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `service.type`                     | Kubernetes Service type                                                    | `ClusterIP`                    |
 | `service.port`                     | Service FastCGI port                                                       | `9000`                         |
 | `service.nodePort`                 | Kubernetes FastCGI node port                                               | `""`                           |
-| `service.clusterIP`                | Invoiceninja service clusterIP IP                                          | `None`                         |
+| `service.clusterIP`                | Invoice Ninja service clusterIP IP                                         | `None`                         |
 | `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]`                           |
 | `service.loadBalancerIP`           | loadBalancerIP if service type is `LoadBalancer`                           | `nil`                          |
 | `service.externalTrafficPolicy`    | Enable client source IP preservation                                       | `Cluster`                      |
@@ -128,7 +154,7 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `nginx.ingress.hostname`                                | Default host for the ingress resource | `invoiceninja.local`     |
 | `nginx.serverBlock`                                     | Custom NGINX server block             | `nil`                    |
 | `nginx.extraVolumes`                                    | Array to add extra volumes            | Check `values.yaml` file |
-| `nginx.extraVolumes[0].persistentVolumeClaim.claimName` | Name of Invoiceninja public PVC       | `invoiceninja-public`    |
+| `nginx.extraVolumes[0].persistentVolumeClaim.claimName` | Name of Invoice Ninja public PVC      | `invoiceninja-public`    |
 | `nginx.extraVolumeMounts`                               | Array to add extra mount              | Check `values.yaml` file |
 
 > See [Dependencies](#dependencies) for more.
@@ -150,27 +176,50 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `persistence.storage.size`          | PVC Storage Request                      | `5Gi`             |
 | `persistence.storage.dataSource`    | PVC data source                          | `{}`              |
 
+### Redis parameters
+
+| Parameter                         | Description                                  | Default                                   |
+| --------------------------------- | -------------------------------------------- | ----------------------------------------- |
+| `redis.enabled`                   | If external redis is used, set it to `false` | `true`                                    |
+| `redis.password`                  | Redis password                               | _random 10 character alphanumeric string_ |
+| `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`                                    |
+| `redis.sentinel.usePassword`      | Use password for sentinel containers         | `false`                                   |
+| `externalRedis.host`              | Host of the external redis                   | `nil`                                     |
+| `externalRedis.port`              | Port of the external redis                   | `6379`                                    |
+| `externalRedis.password`          | Password for the external redis              | `nil`                                     |
+| `externalRedis.sentinel`          | Using sentinels                              | `false`                                   |
+| `externalRedis.databases.default` | Database to use by default                   | `0`                                       |
+| `externalRedis.databases.cache`   | Database to use by cache                     | `1`                                       |
+
+> See [Dependencies](#dependencies) for more.
+
 ### Database parameters 
 
-| Parameter                   | Description                          | Default                                   |
-| --------------------------- | ------------------------------------ | ----------------------------------------- |
-| `mariadb.enabled`           | Deploy MariaDB container(s)          | `true`                                    |
-| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | _random 10 character alphanumeric string_ |
-| `mariadb.auth.database`     | Database name to create              | `invoiceninja`                            |
-| `mariadb.auth.username`     | Database user to create              | `invoiceninja`                            |
-| `mariadb.auth.password`     | Password for the database            | _random 10 character alphanumeric string_ |
+| Parameter                         | Description                                 | Default                                   |
+| --------------------------------- | ------------------------------------------- | ----------------------------------------- |
+| `mariadb.enabled`                 | Deploy MariaDB container(s)                 | `true`                                    |
+| `mariadb.auth.rootPassword`       | Password for the MariaDB `root` user        | _random 10 character alphanumeric string_ |
+| `mariadb.auth.database`           | Database name to create                     | `invoiceninja`                            |
+| `mariadb.auth.username`           | Database user to create                     | `invoiceninja`                            |
+| `mariadb.auth.password`           | Password for the database                   | _random 10 character alphanumeric string_ |
+| `externalDatabase.host`           | Host of the external database               | `nil`                                     |
+| `externalDatabase.user`           | Existing username in the external db        | `invoiceninja`                            |
+| `externalDatabase.password`       | Password for the above username             | `nil`                                     |
+| `externalDatabase.database`       | Name of the existing database               | `invoiceninja`                            |
+| `externalDatabase.port`           | Database port number                        | `3306`                                    |
+| `externalDatabase.existingSecret` | Name of the database existing Secret Object | `nil`                                     |
 
 > See [Dependencies](#dependencies) for more.
 
 ### Other parameters
 
-| Parameter                  | Description                             | Default |
-| -------------------------- | --------------------------------------- | ------- |
-| `autoscaling.enabled`      | Enable autoscaling for Invoiceninja     | `false` |
-| `autoscaling.minReplicas`  | Minimum number of Invoiceninja replicas | `1`     |
-| `autoscaling.maxReplicas`  | Maximum number of Invoiceninja replicas | `11`    |
-| `autoscaling.targetCPU`    | Target CPU utilization percentage       | `nil`   |
-| `autoscaling.targetMemory` | Target Memory utilization percentage    | `nil`   |
+| Parameter                  | Description                              | Default |
+| -------------------------- | ---------------------------------------- | ------- |
+| `autoscaling.enabled`      | Enable autoscaling for Invoice Ninja     | `false` |
+| `autoscaling.minReplicas`  | Minimum number of Invoice Ninja replicas | `1`     |
+| `autoscaling.maxReplicas`  | Maximum number of Invoice Ninja replicas | `11`    |
+| `autoscaling.targetCPU`    | Target CPU utilization percentage        | `nil`   |
+| `autoscaling.targetMemory` | Target Memory utilization percentage     | `nil`   |
 
 ## Installing with Arguments
 
@@ -178,18 +227,63 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 
 ```bash
 helm install invoiceninja \
---set replicaCount=3,livenessProbe.initialDelaySeconds=90 \
+  --set appKey=changeit \
+  --set replicaCount=3 \
+  --set nginx.replicaCount=3 \
+  --set redis.cluster.slaveCount=3 \
+  --set redis.password=changeit \
+  --set mariadb.auth.rootPassword=changeit \
+  --set mariadb.auth.password=changeit \
   invoiceninja/invoiceninja
 ```
 
-The above command sets the number of replicas to 4, and the liveness probe delay to 90 seconds.
+The above command sets the number of replicas to 3 for a highly available (HA) setup. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup.
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while [installing](https://helm.sh/docs/helm/helm_install/) the chart. For example,
 
+```yaml
+# values.yaml
+appKey: changeit
+replicaCount: 3
+nginx:
+  replicaCount: 3
+redis:
+  cluster:
+    slaveCount: 3
+  password: changeit
+mariadb:
+  auth:
+    rootPassword: changeit
+    password: changeit
+```
+
 ```bash
 helm install invoiceninja -f values.yaml invoiceninja/invoiceninja
 ```
 
+## Setting Environment Variables
+
+Should you need to inject any environment variables such as those in [here](https://github.com/invoiceninja/dockerfiles/blob/master/env) into the `invoiceninja` container, you can use the `extraEnvVars` option:
+
+```yaml
+# ... values.yaml file
+# In this example, we are setting the SMTP MAIL_HOST to be 'smtp.mailtrap.io'
+extraEnvVars:
+  - name: MAIL_HOST
+    value: 'smtp.mailtrap.io' # all values must be strings, so other types must be surrounded in quotes
+```
+
+Alternatively you can provide the name of an existing `configmap` or `secret` object:
+
+```bash
+kubectl create configmap examplemap --from-literal=MAIL_HOST='smtp.mailtrap.io'
+```
+
+```yaml
+# ... values.yaml file
+extraEnvVarsCM: examplemap
+```
+
 ## Upgrading
 
 Nothing yet.

charts/invoiceninja/templates/NOTES.txt

@@ -16,18 +16,19 @@ Externally through the following DNS name:
 -- OR --
 {{ end }}
 
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+{{- if contains "NodePort" .Values.nginx.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "invoiceninja.nginx.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
+{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "invoiceninja.nginx.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "invoiceninja.nginx.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- else if contains "ClusterIP" .Values.nginx.service.type }}
+  export SVC_NAME=$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name=nginx,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export SVC_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} $SVC_NAME -o jsonpath="{.spec.ports[0].port}")
+  echo "Add the line '127.0.0.1 {{ .Values.nginx.ingress.hostname }}' to your hosts file"
+  echo "Visit http://{{ .Values.nginx.ingress.hostname }} to use your application"
+  kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 80:$SVC_PORT
 {{- end }}

charts/invoiceninja/templates/_helpers.tpl

@@ -9,7 +9,14 @@ Return the proper image name
 Return the proper Docker Image Registry Secret Names
 */}}
 {{- define "invoiceninja.imagePullSecrets" -}}
-{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "invoiceninja.volumePermissions.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
 {{- end -}}
 
 {{/*
@@ -28,6 +35,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- printf "%s-%s" .Release.Name "nginx" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "invoiceninja.redis.fullname" -}}
+{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
 {{/*
 Create the name of the service account to use
 */}}
@@ -43,14 +59,14 @@ Create the name of the service account to use
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.public.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.public "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.storage.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.storage "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
@@ -125,3 +141,110 @@ Return the MariaDB Secret Name
     {{- printf "%s" (include "invoiceninja.mariadb.fullname" .) -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Return the Redis Hostname
+*/}}
+{{- define "invoiceninja.redisHost" -}}
+{{- if .Values.redis.enabled }}
+    {{- if .Values.redis.sentinel.enabled }}
+    {{- printf "%s-%s" (include "invoiceninja.redis.fullname" .) "headless" | trunc 63 | trimSuffix "-" -}}
+    {{- else }}
+    {{- printf "%s-%s" (include "invoiceninja.redis.fullname" .) "master" | trunc 63 | trimSuffix "-" -}}
+    {{- end -}}
+{{- else -}}
+    {{- printf "%s" .Values.externalRedis.host -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Redis Port
+*/}}
+{{- define "invoiceninja.redisPort" -}}
+{{- if .Values.redis.enabled }}
+    {{- if .Values.redis.sentinel.enabled }}
+    {{- printf "26379" -}}
+    {{- else }}
+    {{- printf "6379" -}}
+    {{- end -}}
+{{- else -}}
+    {{- printf "%d" (.Values.externalRedis.port | int ) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Redis Database
+*/}}
+{{- define "invoiceninja.redisDatabase" -}}
+{{- if .Values.redis.enabled }}
+    {{- printf "0" -}}
+{{- else -}}
+    {{- printf "%s" .Values.externalRedis.databases.default -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Redis Database
+*/}}
+{{- define "invoiceninja.redisCacheDatabase" -}}
+{{- if .Values.redis.enabled }}
+    {{- printf "1" -}}
+{{- else -}}
+    {{- printf "%s" .Values.externalRedis.databases.cache -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Redis Secret Name
+*/}}
+{{- define "invoiceninja.redisSecretName" -}}
+{{- if .Values.externalRedis.existingSecret -}}
+    {{- printf "%s" .Values.externalRedis.existingSecret -}}
+{{- else -}}
+    {{- printf "%s" (include "invoiceninja.redis.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Broadcast Connection Name
+*/}}
+{{- define "invoiceninja.redisBroadcastConnection" -}}
+{{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
+    {{- printf "sentinel-default" -}}
+{{- else -}}
+    {{- printf "default" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Cache Connection Name
+*/}}
+{{- define "invoiceninja.redisCacheConnection" -}}
+{{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
+    {{- printf "sentinel-cache" -}}
+{{- else -}}
+    {{- printf "cache" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Queue Connection Name
+*/}}
+{{- define "invoiceninja.redisQueueConnection" -}}
+{{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
+    {{- printf "sentinel-default" -}}
+{{- else -}}
+    {{- printf "default" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Session Connection Name
+*/}}
+{{- define "invoiceninja.redisSessionConnection" -}}
+{{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
+    {{- printf "sentinel-default" -}}
+{{- else -}}
+    {{- printf "default" -}}
+{{- end -}}
+{{- end -}}

charts/invoiceninja/templates/configmap.yaml

@@ -12,10 +12,54 @@ metadata:
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}
 data:
-  APP_URL: "http://{{ include "common.names.fullname" . }}/"
+  {{- if .Values.nginx.ingress.enabled }}
+  {{- if .Values.nginx.ingress.tls }}
+  APP_URL: "https://{{ .Values.nginx.ingress.hostname }}"
+  {{- else }}
+  APP_URL: "http://{{ .Values.nginx.ingress.hostname }}"
+  {{- end }}
+  {{- else }}
+  APP_URL: "http://{{ include "common.names.fullname" . }}"
+  {{- end }}
   APP_DEBUG: {{ .Values.debug | quote }}
-  MULTI_DB_ENABLED: "false"
-  DB_HOST1: {{ include "invoiceninja.databaseHost" . | quote }}
-  DB_PORT1: {{ include "invoiceninja.databasePort" . | quote }}
-  DB_USERNAME1: {{ include "invoiceninja.databaseUser" . | quote }}
-  DB_DATABASE1: {{ include "invoiceninja.databaseName" . | quote }}
+  DB_HOST: {{ include "invoiceninja.databaseHost" . | quote }}
+  DB_PORT: {{ include "invoiceninja.databasePort" . | quote }}
+  DB_USERNAME: {{ include "invoiceninja.databaseUser" . | quote }}
+  DB_DATABASE: {{ include "invoiceninja.databaseName" . | quote }}
+  {{- if .Values.logChannel }}
+  LOG_CHANNEL: {{ .Values.logChannel | quote }}
+  {{- else }}
+  LOG_CHANNEL: stderr
+  {{- end }}
+  MAIL_MAILER: {{ .Values.mailer | quote }}
+  {{- if .Values.broadcastDriver }}
+  BROADCAST_DRIVER: {{ .Values.broadcastDriver | quote }}
+  {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
+  BROADCAST_DRIVER: redis
+  {{- end }}
+  {{- if .Values.cacheDriver }}
+  CACHE_DRIVER: {{ .Values.cacheDriver | quote }}
+  {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
+  CACHE_DRIVER: redis
+  {{- end }}
+  {{- if .Values.sessionDriver }}
+  SESSION_DRIVER: {{ .Values.sessionDriver | quote }}
+  {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
+  SESSION_DRIVER: redis
+  {{- end }}
+  {{- if .Values.queueConnection }}
+  QUEUE_CONNECTION: {{ .Values.queueConnection | quote }}
+  {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
+  QUEUE_CONNECTION: redis
+  {{- end }}
+  PHANTOMJS_PDF_GENERATION: {{ not .Values.snappdf | quote}}
+  REDIS_HOST: {{ include "invoiceninja.redisHost" . | quote }}
+  REDIS_PORT: {{ include "invoiceninja.redisPort" . | quote }}
+  REDIS_DB: {{ include "invoiceninja.redisDatabase" . | quote }}
+  REDIS_CACHE_DB: {{ include "invoiceninja.redisCacheDatabase" . | quote }}
+  REDIS_BROADCAST_CONNECTION: {{ include "invoiceninja.redisBroadcastConnection" . | quote }}
+  REDIS_CACHE_CONNECTION: {{ include "invoiceninja.redisCacheConnection" . | quote }}
+  REDIS_QUEUE_CONNECTION: {{ include "invoiceninja.redisQueueConnection" . | quote }}
+  SESSION_CONNECTION: {{ include "invoiceninja.redisSessionConnection" . | quote }}
+  REQUIRE_HTTPS: {{ .Values.requireHttps | quote }}
+  TRUSTED_PROXIES: {{ .Values.trustedProxies | quote }}

charts/invoiceninja/templates/deployment.yaml

@@ -54,6 +54,70 @@ spec:
       {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: wait-db
+          image: {{ include "invoiceninja.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -cx
+            - |
+              COUNTER=0;
+              [[ -z "${DB_HOST1}" ]] || DB_HOST="${DB_HOST1}";
+              [[ -z "${DB_PORT1}" ]] || DB_PORT="${DB_PORT1}";
+              while [ $COUNTER -lt 120 ]; do
+                if mysqladmin ping -h "$DB_HOST" -P $DB_PORT --silent; then
+                  exit 0;
+                fi;
+                let COUNTER=COUNTER+1;
+                echo "Waiting for DB... Trying again in 2s";
+                sleep 2;
+              done;
+              echo "Did NOT see a database after 240 secs!";
+              exit 1;
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "common.names.fullname" . }}
+            {{- if .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          env:
+            {{- if .Values.extraEnvVars }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+        {{- if and .Values.podSecurityContext .Values.volumePermissions.enabled (or .Values.persistence.public.enabled .Values.persistence.storage.enabled) }}
+        - name: volume-permissions
+          image: {{ include "invoiceninja.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - /bin/bash
+            - -ec
+            - |
+              chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /var/www/app/{public,storage}
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /var/www/app/public
+              name: public
+            - mountPath: /var/www/app/storage
+              name: storage
+        {{- end }}
+        {{- if .Values.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -98,13 +162,22 @@ spec:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
             {{- end }}
           env:
-            - name: IS_DOCKER
-              value: "true"
-            - name: DB_PASSWORD1
+            - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "invoiceninja.databaseSecretName" . }}
                   key: mariadb-password
+            {{- if or (and .Values.redis.enabled .Values.redis.usePassword) (or .Values.externalRedis.password .Values.externalRedis.existingSecret) }}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "invoiceninja.redisSecretName" . }}
+                  key: redis-password
+            {{- end }}
+            {{- if .Values.userEmail }}
+            - name: IN_USER_EMAIL
+              value: {{ .Values.userEmail | quote }}
+            {{- end }}
             {{- if .Values.extraEnvVars }}
               {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}

charts/invoiceninja/templates/secret.yaml

@@ -16,6 +16,27 @@ type: Opaque
 data:
   mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }}
 {{- end }}
+
+---
+{{- if not (or .Values.redis.enabled .Values.externalDatabase.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "invoiceninja.redis.fullname" . }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: 
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  redis-password: {{ .Values.externalRedis.password | b64enc | quote }}
+{{- end }}
+
 ---
 apiVersion: v1
 kind: Secret
@@ -36,4 +57,7 @@ data:
   APP_KEY: {{ .Values.appKey | b64enc | quote }}
   {{- else }}
   APP_KEY: {{ randAlphaNum 32 | b64enc | quote }}
-  {{- end }}
+  {{- end }}
+  {{- if .Values.userPassword }}
+  IN_PASSWORD: {{ .Values.userPassword | b64enc | quote }}
+  {{- end }}

charts/invoiceninja/values.yaml

@@ -12,13 +12,13 @@
 #     - myRegistryKeySecretName
 #   storageClass: myStorageClass
 
-## Invoiceninja image version
+## Invoice Ninja image version
 ## ref: https://github.com/invoiceninja/dockerfiles
 ##
 image:
   registry: docker.io
   repository: invoiceninja/invoiceninja
-  tag: 5.1.31
+  tag: 5.1.64
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
@@ -30,7 +30,7 @@ image:
   # pullSecrets:
   #   - myRegistryKeySecretName
 
-## String to turn on debug mode in Invoiceninja
+## String to turn on debug mode in Invoice Ninja
 ##
 debug: false
 
@@ -38,6 +38,54 @@ debug: false
 ##
 appKey: ""
 
+## Email of user to create first run
+## If not specified, default user email will be "admin@example.com"
+##
+userEmail: ""
+
+## Password of user to create on first run
+## If not specified, default user password will be "changeme!"
+##
+userPassword: ""
+
+## Name of log channel to use
+##
+logChannel: ""
+
+## Name of broadcast driver to use
+##
+broadcastDriver: ""
+
+## Name of cache driver to use
+##
+cacheDriver: ""
+
+## Name of session driver to use
+##
+sessionDriver: ""
+
+## Name of queue connection to use
+##
+queueConnection: ""
+
+## List of trusted proxies for Invoice Ninja to communicate with the nginx proxy
+##
+trustedProxies: "*"
+
+## Use local or Phantom JS PDF generation
+##
+snappdf: true
+
+## Name of queue connection to use (use "log" for debug)
+## Please check the ref below for any other env you may need to define
+## ref: https://github.com/invoiceninja/invoiceninja/blob/v5-stable/config/mail.php
+##
+mailer: log
+
+## Force HTTPS for all connections to Invoice Ninja
+##
+requireHttps: false
+
 ## String to partially override fullname template (will maintain the release name)
 ##
 # nameOverride:
@@ -141,11 +189,29 @@ containerSecurityContext:
   #   - ALL
   # readOnlyRootFilesystem: true
 
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    # pullSecrets:
+    #   - myRegistryKeySecretName
+  resources: {}
+
 ## Number of replicas (requires ReadWriteMany PVC support)
 ##
 replicaCount: 1
 
-## Set up update strategy for Invoiceninja installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first.
+## Set up update strategy for Invoice Ninja installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first.
 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
 ## Example:
 ## updateStrategy:
@@ -223,7 +289,7 @@ service:
   annotations: {}
 
 ## Configure extra options for liveness and readiness probes
-## This applies to all the Invoiceninja in the sharded cluster
+## This applies to all the Invoice Ninja in the sharded cluster
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
 ##
 livenessProbe:
@@ -262,7 +328,7 @@ resources:
 persistence:
   public:
     enabled: true
-    ## Invoiceninja data Persistent Volume Storage Class
+    ## Invoice Ninja data Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
@@ -281,7 +347,7 @@ persistence:
     dataSource: {}
   storage:
     enabled: true
-    ## Invoiceninja data Persistent Volume Storage Class
+    ## Invoice Ninja data Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
@@ -306,6 +372,42 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
 
+## Redis chart configuration
+## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
+##
+redis:
+  enabled: true
+  sentinel:
+    enabled: true
+    usePassword: false
+
+## External Redis Configuration
+##
+## All of these values are only used when redis.enabled is set to false
+##
+externalRedis:
+  ## Redis/Sentinel host
+  ##
+  host: ""
+  ## Redis/Sentinel port number
+  ##
+  port: 6379
+  ## Redis password
+  ##
+  password: ""
+  ## Use existing secret (ignores previous password)
+  ## must contain key `redis-password`
+  ## NOTE: When it's set, the `externalRedis.password` parameter is ignored
+  ##
+  # existingSecret:
+  ## Whether Redis Sentinel are used
+  sentinel: false
+  ## Redis databases
+  ##
+  databases:
+    default: "0"
+    cache: "1"
+
 ## MariaDB chart configuration
 ## ref: https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml
 ##
@@ -333,8 +435,8 @@ mariadb:
 externalDatabase:
   ## Database host
   ##
-  host: localhost
-  ## non-root Username for Invoiceninja Database
+  host: ""
+  ## non-root Username for Invoice Ninja Database
   ##
   user: invoiceninja
   ## Database password
@@ -361,13 +463,13 @@ nginx:
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
     ##
     type: ClusterIP
-  ## Configure the ingress resource that allows you to access the Invoiceninja
+  ## Configure the ingress resource that allows you to access the Invoice Ninja
   ## ref: http://kubernetes.io/docs/user-guide/ingress/
   ##
   ingress:
     enabled: true
     hostname: invoiceninja.local
-  ## Configure the serverblock for Invoiceninja
+  ## Configure the serverblock for Invoice Ninja
   ## Note: you may need to replace the fastcgi_pass value if the release name is different
   ##
   serverBlock: |
@@ -396,7 +498,7 @@ nginx:
             fastcgi_buffers 4 16k;
         }
     }
-  ## Configure the extraVolumes and extraVolumeMounts for Invoiceninja
+  ## Configure the extraVolumes and extraVolumeMounts for Invoice Ninja
   ## Note: you may need to replace the claimName if the release name is different
   ##
   extraVolumes:

config/mysql/Dockerfile

@@ -1,4 +1,6 @@
 FROM mysql:5
+# When running on ARM64 use MariaDB instead of MySQL
+#FROM mariadb:10.4
 ENV force_color_prompt yes
 
 RUN apt-get update;
@@ -7,4 +9,4 @@ RUN apt-get install -y cron;
 ENTRYPOINT \
   service cron start; \
   printenv | grep -v "no_proxy" >> /etc/environment; \
-  docker-entrypoint.sh mysqld
+  docker-entrypoint.sh mysqld

config/nginx/in-vhost.conf

@@ -2,6 +2,8 @@ server {
     listen 80 default_server;
     server_name _;
 
+    client_max_body_size 100M;
+
     root /var/www/app/public/;
     index index.php;
 

docker-compose.yml

@@ -14,7 +14,7 @@ services:
       - app
     # Run webserver nginx on port 80
     # Feel free to modify depending what port is already occupied
-    ports: 
+    ports:
       - "80:80"
       #- "443:443"
     networks:
@@ -32,24 +32,22 @@ services:
       - ./docker/app/storage:/var/www/app/storage:rw,delegated
     depends_on:
       - db
-    networks: 
-      - invoiceninja  
+    networks:
+      - invoiceninja
     extra_hosts:
       - "in5.localhost:192.168.0.124 " #host and ip
 
   db:
     image: mysql:5
+#    When running on ARM64 use MariaDB instead of MySQL
+#    image: mariadb:10.4
 #    For auto DB backups comment out image and use the build block below
 #    build:
 #      context: ./config/mysql
     ports:
       - "3305:3306"
     restart: always
-    environment: 
-      - MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
-      - MYSQL_USER=ninja
-      - MYSQL_PASSWORD=ninja
-      - MYSQL_DATABASE=ninja
+    env_file: env
     volumes:
       - ./docker/mysql/data:/var/lib/mysql:rw,delegated
 
@@ -82,7 +80,7 @@ services:
   #     EOF'
   #   networks:
   #     - invoiceninja
-  #     
+  #
 
 networks:
-  invoiceninja:
+  invoiceninja:

env

@@ -1,22 +1,41 @@
-APP_URL=http://in.localhost:8003/
+# IN application vars
+APP_URL=http://in.localhost:8003
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
-DB_HOST1=db
-DB_PORT1=3306
-DB_USERNAME1=ninja
-DB_PASSWORD1=ninja
-DB_DATABASE1=ninja
-
-#this is a system variable please do not remove
-IS_DOCKER=true
-
+REQUIRE_HTTPS=false
 PHANTOMJS_PDF_GENERATION=false
+QUEUE_CONNECTION=database
 
-#V4 env vars
-DB_STRICT=false
+# DB connection
 DB_HOST=db
+DB_PORT=3306
 DB_DATABASE=ninja
 DB_USERNAME=ninja
 DB_PASSWORD=ninja
-APP_CIPHER=AES-256-CBC
+
+# Create initial user
+# Default to these values if empty
+# IN_USER_EMAIL=admin@example.com
+# IN_PASSWORD=changeme!
+IN_USER_EMAIL=
+IN_PASSWORD=
+
+# Mail options
+MAIL_MAILER=log
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS='user@example.com'
+MAIL_FROM_NAME='Self Hosted User'
+
+# MySQL
+MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
+MYSQL_USER=ninja
+MYSQL_PASSWORD=ninja
+MYSQL_DATABASE=ninja
+
+# V4 env vars
+# DB_STRICT=false
+# APP_CIPHER=AES-256-CBC