Merge pull request #496 from turbo124/master

Minor fixes for paths

.github/ct-install.yaml

@@ -3,4 +3,4 @@ chart-dirs:
 chart-repos:
   - bitnami=https://charts.bitnami.com/bitnami
 check-version-increment: true
-debug: true
+debug: false

.github/workflows/build-image-v4.yaml

@@ -0,0 +1,57 @@
+name: Build Container Image v4
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
+on:
+  pull_request:
+    paths:
+      - "alpine/4/**"
+  push:
+    paths:
+      - "alpine/4/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-4-${{ hashFiles('alpine/5/cache_buster') }}-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-4-${{ hashFiles('alpine/5/cache_buster') }}-
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./alpine/4/
+          build-args: INVOICENINJA_VERSION=4.5.42
+          target: prod
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/build-image-v5.yaml

@@ -0,0 +1,57 @@
+name: Build Container Image
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
+on:
+  pull_request:
+    paths:
+      - "alpine/5/**"
+  push:
+    paths:
+      - "alpine/5/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}-
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./alpine/5/
+          build-args: INVOICENINJA_VERSION=5-stable
+          target: prod
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/publish-image.yaml

@@ -1,4 +1,4 @@
-name: Publish Releases to Hub
+name: Publish Container Image
 
 # When its time to do a release do a full cross platform build for all supported
 # architectures and push all of them to Docker Hub.
@@ -48,9 +48,9 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          key: ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/cache_buster') }}-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-buildx-
+            ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/cache_buster') }}-
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
@@ -71,7 +71,12 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.prep.outputs.tags }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release-chart.yaml

@@ -12,21 +12,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Configure Git
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
-      - uses: azure/setup-helm@v1
+      - name: Set up Helm
-        id: install
+        uses: azure/setup-helm@v3
 
       - name: Add Helm repos
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@master
+        uses: helm/chart-releaser-action@v1.4.1
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test-charts.yaml

@@ -13,19 +13,19 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-
+        with:
-      - name: Fetch history
+          fetch-depth: 0
-        run: git fetch --prune --unshallow
 
       - name: Set up Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v3
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: "3.9"
+          check-latest: true
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.0.1
+        uses: helm/chart-testing-action@v2.3.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -41,7 +41,8 @@ jobs:
 
       - name: Run chart-testing (lint)
         run: ct lint --config .github/ct-lint.yaml
-  kubeval-chart:
+
+  kubeconform-chart:
     runs-on: ubuntu-latest
     needs:
       - lint-chart
@@ -49,50 +50,62 @@ jobs:
       matrix:
         chart: ${{ fromJson(needs.lint-chart.outputs.matrix) }}
         k8s:
-          - v1.17.11
+          - "1.25.5"
-          - v1.18.8
+          - "1.24.9"
-          - v1.19.4
+          - "1.23.15"
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Update Helm depdendencies
         env:
           CHART_DIR: ${{ matrix.chart }}
         run: |
           helm dependency update "${CHART_DIR}"
-          mkdir kubeval
+          mkdir tmp
-          helm template "${CHART_DIR}" > kubeval/combined.yaml
+          helm template "${CHART_DIR}" > tmp/combined.yaml
 
-      - name: Run kubeval
+      - uses: yokawasa/action-setup-kube-tools@v0.9.2
-        uses: instrumenta/kubeval-action@master
         with:
-          files: kubeval
+          setup-tools: |
-          version: ${{ matrix.k8s }}
+            kubeconform
+
+      - name: Run kubeconform
+        if: ${{ matrix.k8s }}
+        run: kubeconform -kubernetes-version ${{ matrix.k8s }} tmp/combined.yaml
 
   install-chart:
     name: install-chart
     runs-on: ubuntu-latest
     needs:
       - lint-chart
-      - kubeval-chart
+      - kubeconform-chart
     strategy:
       matrix:
         k8s:
-          - v1.17.11
+          - v1.25.3
-          - v1.18.8
+          - v1.24.7
-          - v1.19.4
+          - v1.23.13
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.1.0
+        uses: helm/kind-action@v1.4.0
         with:
           node_image: kindest/node:${{ matrix.k8s }}
 
-      - name: Run chart-testing (install)
+      - uses: actions/setup-python@v4
-        uses: helm/chart-testing-action@v2.0.1
         with:
-          command: install
+          python-version: "3.9"
-          config: .github/ct-install.yaml
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.3.1
+
+      - name: Run chart-testing (install)
+        run: ct install --config .github/ct-install.yaml

Makefile

@@ -17,15 +17,15 @@ VERSION=$(shell echo ${TAG} | sed "s/-.*//")
 
 # Building docker images based on alpine.
 # Assigned tags:
-#   - :alpine
+#   - :4
-#   - :alpine-<RELEASE VERSION>
+#   - :<RELEASE VERSION>
 .PHONY: build-alpine
 build-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Building "$(VERSION)" tagged images from alpine.)
-	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
+	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
-	# Tag as alpine-4
+	# Tag as 4
-	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 
@@ -33,8 +33,8 @@ endif
 push-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Pushing tagged images from alpine.)
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION}
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:${VERSION}
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 

README.md

@@ -1,6 +1,8 @@
 ![Docker images](https://github.com/invoiceninja/dockerfiles/workflows/Docker%20images/badge.svg)
 [![Docker image, latest](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/latest?label=latest)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Docker image, alpine](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/alpine?label=alpine)](https://hub.docker.com/r/invoiceninja/invoiceninja)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/invoiceninja)](https://artifacthub.io/packages/search?repo=invoiceninja)
+[![Pusblish Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml) [![Cache v5 Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
 
 # Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
@@ -8,14 +10,20 @@
 
 :lock: Automatic HTTPS (:heart: [Caddy](https://caddyserver.com/))  
 :fire: NGINX webserver support [NGINX](https://nginx.org/)  
-:hammer: Fully production-ready through docker-compose  
+:hammer: Fully production-ready through Helm Chart  
 :pencil: Adjustable to your needs via environment variable  
 
-## You want some Kubernetes + Helm with that?
+## Get some Kubernetes + Helm with that!
-[Helm Chat](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
-[Kubernetes](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk
 
-## Quickstart V5 Launch
+Introducing our very own [Helm Chart](https://github.com/invoiceninja/dockerfiles/tree/master/charts/invoiceninja) that helps you launch a simple standalone app to a production-ready, highly available Invoice Ninja setup. All you need to do is initialise Kubernetes (available with Docker Desktop), install [Helm](https://helm.sh/docs/intro/install/), and spin up Invoice Ninja using the steps provided [here](https://github.com/invoiceninja/dockerfiles/tree/master/charts/invoiceninja#installing-the-chart).
+
+Other resources:
+
+[Helm Chart](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
+[K8s Manifest](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk  
+[You Tube installation video by DBTech](https://www.youtube.com/watch?v=xo6a3KtLC2g&ab_channel=DBTech)
+
+## Alternatively get started with Docker Compose
 
 The dockerfile has been revamped to make it easier to get started, by default the base image selected is 5 which will pull in the latest v5 stable image.
 
@@ -24,21 +32,19 @@ git clone https://github.com/invoiceninja/dockerfiles.git
 cd dockerfiles
 ```
 
-Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL` and your `APP_KEY`
+Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
 
 ```
 APP_URL=http://in.localhost:8003/
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
+REQUIRE_HTTPS=false
-DB_HOST1=db
+IN_USER_EMAIL=
-DB_PORT1=3306
+IN_PASSWORD=
-DB_USERNAME1=ninja
-DB_PASSWORD1=ninja
-DB_DATABASE1=ninja
-PHANTOMJS_PDF_GENERATION=false
 ```
 
+If `IN_USER_EMAIL` and `IN_PASSWORD` is not set the default user email and password is "admin@example.com" and "changeme!" respectively. You will use this for the initial login, thereafter, you can delete this two environment variables.
+
 The `APP_KEY` can be generated by running
 
 ```bash
@@ -77,9 +83,9 @@ All that is left to do now is bring up the container
 
 ### Running on ARM64 (Raspberry Pi 4)
 
-When deploying on an ARM64 system, you need to comment out the `image: mysql:5` line and uncomment `image: mariadb:10.4` in the `docker-compose.yml` file.
+When deploying on an ARM64 system, you need to comment out the `image: mysql:8` line and uncomment `image: mariadb:10.4` in the `docker-compose.yml` file.
 
-## Updating the Image when using `docker-compose`
+### Updating the Image when using `docker-compose`
 
 As `docker-compose` does not support any form of version control, this git provide updates to `docker-compose.yml` directly.
 
@@ -89,8 +95,13 @@ To upgrade to a newer release image, please make sure to update the `docker-comp
 git pull
 ```
 
+It is recommended to perform a backup before.
 You may need to manually merge any changes that cannot be merged automatically by git.
 
+### Thanks
+Massive thank you to [lwj5](https://github.com/lwj5) for the tireless work to continually improve the dockerfile and its associated tooling.
+
+
 ## Support
 
 If you discover a bug, please create and issue, if you query is general in nature please visit us on our [Forum ](https://forum.invoiceninja.com/)

alpine/4/Dockerfile

@@ -1,4 +1,4 @@
-ARG PHP_VERSION=7.2
+ARG PHP_VERSION=7.3
 ARG BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
 ARG BAK_PUBLIC_PATH=/var/www/app/docker-backup-public/
 
@@ -70,4 +70,4 @@ ENV SELF_UPDATER_SOURCE ''
 VOLUME /var/www/app/public
 
 ENTRYPOINT ["docker-entrypoint"]
-CMD ["php-fpm"]
+CMD ["php-fpm"]

alpine/4/cache_buster

@@ -0,0 +1 @@
+Fri Jul  2 7:33:22 +00 2021

alpine/4/rootfs/usr/local/bin/docker-entrypoint

@@ -83,7 +83,7 @@ fi
 rm -rf "$BAK_PUBLIC_PATH"
 
 # Set permission for web server to create/update files (only <v4)
-chown -R "$INVOICENINJA_USER":www-data /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
+chown -R "$INVOICENINJA_USER":"$INVOICENINJA_USER" /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'

alpine/5/Dockerfile

@@ -1,16 +1,16 @@
-ARG PHP_VERSION=7.4
+ARG PHP_VERSION=8.1
 ARG BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
 ARG BAK_PUBLIC_PATH=/var/www/app/docker-backup-public/
 
 # Get Invoice Ninja and install nodejs packages
 FROM --platform=$BUILDPLATFORM node:lts-alpine as build
-ARG INVOICENINJA_VERSION
-ARG BAK_STORAGE_PATH
-ARG BAK_PUBLIC_PATH
 
 # Download Invoice Ninja
+ARG INVOICENINJA_VERSION
 ADD https://github.com/invoiceninja/invoiceninja/tarball/v$INVOICENINJA_VERSION /tmp/ninja.tar.gz
 
+RUN set -eux; apk add curl unzip
+
 # Extract Invoice Ninja
 RUN mkdir -p /var/www/app \
     && tar --strip-components=1 -xf /tmp/ninja.tar.gz -C /var/www/app/ \
@@ -18,23 +18,33 @@ RUN mkdir -p /var/www/app \
     && mv /var/www/app/.env.example /var/www/app/.env \
     && rm -rf /var/www/app/docs /var/www/app/tests
 
+# Download and extract the latest react application
+RUN curl -LGO $(curl https://api.github.com/repos/turbo124/ui-1/releases/latest | grep "browser_download_url" | awk '{ print $2 }' | sed 's/,$//' | sed 's/"//g');
+RUN cp invoiceninja-react.zip /tmp/invoiceninja-react.zip
+RUN unzip /tmp/invoiceninja-react.zip 
+RUN cp -r dist/react/* /var/www/app/public/react/
+# Download and extract the latest react application
+# 
 WORKDIR /var/www/app/
 
 # Install node packages
-RUN npm install --production \
+ARG BAK_STORAGE_PATH
+ARG BAK_PUBLIC_PATH
+RUN --mount=target=/var/www/app/node_modules,type=cache \
+    npm install --production \
     && npm run production \
-    && rm -rf node_modules \
     && mv /var/www/app/storage $BAK_STORAGE_PATH \
     && mv /var/www/app/public $BAK_PUBLIC_PATH  
 
 # Prepare php image
-FROM php:${PHP_VERSION}-fpm-alpine as prod
+FROM php:${PHP_VERSION}-fpm-alpine3.15 as prod
-ARG INVOICENINJA_VERSION
-ARG BAK_STORAGE_PATH
-ARG BAK_PUBLIC_PATH
 
 LABEL maintainer="David Bomba <turbo124@gmail.com>"
 
+# Adding caching_sha2_password.so
+# With this we get native support for caching_sha2_password
+RUN apk add --no-cache mariadb-connector-c
+
 RUN mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
 
 # Install PHP extensions
@@ -56,6 +66,7 @@ RUN install-php-extensions \
 # Install chromium
 RUN set -eux; \
     apk add --no-cache \
+    font-isas-misc \
     supervisor \
     mysql-client \
     git \
@@ -78,6 +89,9 @@ RUN addgroup --gid=$UID -S "$INVOICENINJA_USER" \
     "$INVOICENINJA_USER"
 
 # Set up app
+ARG INVOICENINJA_VERSION
+ARG BAK_STORAGE_PATH
+ARG BAK_PUBLIC_PATH
 ENV INVOICENINJA_VERSION $INVOICENINJA_VERSION
 ENV BAK_STORAGE_PATH $BAK_STORAGE_PATH
 ENV BAK_PUBLIC_PATH $BAK_PUBLIC_PATH

alpine/5/cache_buster

@@ -0,0 +1 @@
+Fri Jul  2 7:33:22 +00 2021

alpine/5/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+php artisan db:seed --force
+
+# Build up array of arguments...
+if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+    email="--email ${IN_USER_EMAIL}"
+fi
+
+if [[ ! -z "${IN_PASSWORD}" ]]; then
+    password="--password ${IN_PASSWORD}"
+fi
+
+php artisan ninja:create-account $email $password
+php artisan ninja:react

alpine/5/rootfs/usr/local/bin/docker-entrypoint

@@ -27,60 +27,66 @@ file_env() {
     local fileVar="${var}_FILE"
     local def="${2:-}"
 
-    if [ "$(ie_gv ${var})" != "" ] && [ "$(ie_gv ${fileVar})" != "" ]; then
-        in_error "Both $var and $fileVar are set (but are exclusive)"
-    fi
-
-    local val="$def"
     if [ "$(ie_gv ${var})" != "" ]; then
-        val=$(ie_gv ${var})
+        if [ "$(ie_gv ${fileVar})" != "" ]; then
-    elif [ "$(ie_gv ${fileVar})" != "" ]; then
+            in_error "Both $var and $fileVar are set (but are exclusive)"
-        val=$(cat $(ie_gv ${fileVar}))
+        fi
+        unset "$fileVar"
+        return
+    fi
+
+    if [ "$(ie_gv ${fileVar})" != "" ] && [ -f "$(ie_gv ${fileVar})" ]; then
+        export "$var"="$(cat $(ie_gv ${fileVar}))"
+    elif [ ! -z "$def" ]; then
+        export "$var"="$def"
     fi
 
-    export "$var"="$val"
     unset "$fileVar"
 }
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-    set -- php-fpm "$@"
+    set -- supervisord "$@"
 fi
 
 # create storage volume
-if [ ! -d /var/www/app/storage ] && [ -d "$BAK_STORAGE_PATH" ]; then
+if [ -d "$BAK_STORAGE_PATH" ]; then
-    mv "$BAK_STORAGE_PATH" /var/www/app/storage
+    if [ ! -d /var/www/app/storage ]; then
-elif [ -d "$BAK_STORAGE_PATH" ]; then
+        mv "$BAK_STORAGE_PATH" /var/www/app/storage
-    # copy missing folders in storage
+    else
-    IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
+        # copy missing folders in storage
-    for path in $IN_STORAGE_BACKUP; do
+        IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
-        if [ ! -e "/var/www/app/storage/$path" ]; then
+        for path in $IN_STORAGE_BACKUP; do
-            cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
+            if [ ! -e "/var/www/app/storage/$path" ]; then
-        fi
+                cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
-    done
+            fi
+        done
+    fi
+    rm -rf "$BAK_STORAGE_PATH"
 fi
-rm -rf "$BAK_STORAGE_PATH"
 
 # create public volume
-if [ ! -d /var/www/app/public ] && [ -d "$BAK_PUBLIC_PATH" ]; then
+if [ -d "$BAK_PUBLIC_PATH" ]; then
-    mv "$BAK_PUBLIC_PATH" /var/www/app/public
+    if [ ! -d /var/www/app/public ]; then
-elif [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
+        mv "$BAK_PUBLIC_PATH" /var/www/app/public
-    # version mismatch, update all
+    elif [ ! -f /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
-    cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
+        # version mismatch, update all
-    echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
+        cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
-elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
-    # missing logo folder only, copy folder
+    elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
+        # missing logo folder only, copy folder
-elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
-    # copy missing folders in logo
+    elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
+        # copy missing folders in logo
-    for path in $IN_LOGO_BACKUP; do
+        IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
-        if [ ! -e "/var/www/app/public/logo/$path" ]; then
+        for path in $IN_LOGO_BACKUP; do
-            cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
+            if [ ! -e "/var/www/app/public/logo/$path" ]; then
-        fi
+                cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
-    done
+            fi
+        done
+    fi
+    rm -rf "$BAK_PUBLIC_PATH"
 fi
-rm -rf "$BAK_PUBLIC_PATH"
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'
@@ -98,10 +104,10 @@ file_env 'MAILGUN_SECRET'
 file_env 'S3_KEY'
 file_env 'S3_SECRET'
 
-# Run Laravel stuff
+# Run IN/Laravel stuff
 if [[ "$1" == "supervisord" ]] || [[ "$1" == "php-fpm" ]]; then
-    echo "Initialising Laravel..."
+    in_log INFO "Initialising Invoice Ninja..."
-    . laravel-init.sh
+    . invoiceninja-init.sh
 fi
 
 exec docker-php-entrypoint "$@"

alpine/5/rootfs/usr/local/bin/invoiceninja-init.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+    echo
+    local f
+    for f; do
+        case "$f" in
+        *.sh)
+            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+            # https://github.com/docker-library/postgres/pull/452
+            if [ -x "$f" ]; then
+                in_log INFO "$0: running $f"
+                "$f"
+            else
+                in_log INFO "$0: sourcing $f"
+                . "$f"
+            fi
+            ;;
+        *) in_log INFO "$0: ignoring $f" ;;
+        esac
+        echo
+    done
+}
+
+php artisan config:cache
+php artisan optimize
+
+# Check if DB works, if not crash the app.
+DB_READY=$(php artisan tinker --execute='echo app()->call("App\Utils\SystemHealth@dbCheck")["success"];')
+if [ "$DB_READY" != "1" ]; then
+    php artisan migrate:status # Print verbose error
+    in_error "Error connecting to DB"
+fi
+
+php artisan migrate --force
+
+# If first IN run, it needs to be initialized
+IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
+if [ "$IN_INIT" == "1" ]; then
+    docker_process_init_files /docker-entrypoint-init.d/*
+fi

alpine/5/rootfs/usr/local/bin/laravel-init.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-php artisan config:cache
-php artisan optimize
-php artisan migrate --force

charts/invoiceninja/Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.4.2
+  version: 2.2.2
 - name: nginx
   repository: https://charts.bitnami.com/bitnami
-  version: 8.8.0
+  version: 13.2.20
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 9.3.6
+  version: 11.4.2
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 12.9.0
+  version: 16.13.2
-digest: sha256:008659600506cbc8dd5c9b8e96ce81430e4d8582368646469aa17a37441f5bbc
+digest: sha256:da0dca54f32ca0465f89744d6247421ad13c907f09cd40fb21985c81888aaef1
-generated: "2021-03-29T18:41:17.978475+08:00"
+generated: "2022-12-23T12:54:52.476889+08:00"

charts/invoiceninja/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: invoiceninja
-description: A Helm chart to install Invoiceninja
+description: A Helm chart to install Invoice Ninja
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -13,14 +13,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.10.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 5.1.35
+appVersion: 5.5.49
 keywords:
   - invoiceninja
-home: https://github.com/lwj5/invoiceninja-chart
+home: https://invoiceninja.github.io/dockerfiles
 sources:
   - https://github.com/invoiceninja/invoiceninja
   - https://github.com/invoiceninja/dockerfiles
@@ -29,18 +29,19 @@ dependencies:
     repository: https://charts.bitnami.com/bitnami
     tags:
       - bitnami-common
-    version: 1.x.x
+    version: 2.x.x
-  - name: nginx
+  - condition: nginx.enabled
+    name: nginx
     repository: https://charts.bitnami.com/bitnami
-    version: 8.8.x
+    version: 13.x.x
   - condition: mariadb.enabled
     name: mariadb
     repository: https://charts.bitnami.com/bitnami
-    version: 9.3.x
+    version: 11.4.x
   - condition: redis.enabled
     name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 12.9.x
+    version: 16.x.x
 maintainers:
   - email: lwj5@hotmail.com
     name: lwj5

charts/invoiceninja/README.md

@@ -1,9 +1,9 @@
-# Invoiceninja
+# Invoice Ninja Helm Chart
 
-This helm chart installs a Invoiceninja and its dependencies into a running
+This helm chart installs Invoice Ninja (IN) and its dependencies into a running
 Kubernetes cluster.
 
-The chart installs the [Invoiceninja](https://hub.docker.com/r/invoiceninja/invoiceninja) docker image.
+The chart installs the [Invoice Ninja](https://hub.docker.com/r/invoiceninja/invoiceninja) docker image.
 
 Please read [Upgrading](#upgrading) section before upgrading MAJOR versions.
 
@@ -12,7 +12,8 @@ Please read [Upgrading](#upgrading) section before upgrading MAJOR versions.
 - The Bitnami [common](https://github.com/bitnami/charts/tree/master/bitnami/common) helm chart
 - The Bitnami [mariadb](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) helm chart
 - The Bitnami [nginx](https://github.com/bitnami/charts/tree/master/bitnami/nginx) helm chart
-- Tested on Kubernetes 1.17+
+- The Bitnami [redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) helm chart
+- Tested on Kubernetes 1.19+
 
 ## Installing the Chart
 
@@ -20,10 +21,10 @@ To install the chart with the release name `invoiceninja`:
 
 ```bash
 helm repo add invoiceninja https://invoiceninja.github.io/dockerfiles
-helm install invoiceninja invoiceninja/invoiceninja
+helm install invoiceninja invoiceninja/invoiceninja --set appKey=changeit --set mariadb.auth.rootPassword=changeit --set mariadb.auth.password=changeit --set redis.auth.password=changeit
 ```
 
-The command deploys Invoiceninja on the Kubernetes cluster in the default namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+The command deploys Invoice Ninja on the Kubernetes cluster in the default namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
 
 > **Tip**: List all releases using `helm list`
 
@@ -39,11 +40,13 @@ The command removes all the Kubernetes components associated with the chart and
 
 ## Parameters
 
-The following table lists the configurable parameters of the Invoiceninja chart and their default values.
+The following table lists the configurable parameters of the Invoice Ninja chart and their default values.
+
+> NOTE: You MUST set any values that default to random or risk losing access after an upgrade. See how [here](#installing-with-arguments)
 
 ### Global Configuration
 
-The following table shows the configuration options for the Invoiceninja helm chart:
+The following table shows the configuration options for the Invoice Ninja helm chart:
 
 ### Global parameters
 
@@ -65,40 +68,68 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `kubeVersion`       | Force target Kubernetes version (using Helm capabilities if not set) | `nil`                          |
 | `extraDeploy`       | Array of extra objects to deploy with the release                    | `[]` (evaluated as a template) |
 
-### Invoiceninja parameters
+### Invoice Ninja container parameters
 
-| Parameter            | Description                                                     | Default                                                 |
+| Parameter                | Description                                                                   | Default                                                 |
-| -------------------- | --------------------------------------------------------------- | ------------------------------------------------------- |
+| ------------------------ | ----------------------------------------------------------------------------- | ------------------------------------------------------- |
-| `image.registry`     | Invoiceninja image registry                                     | `docker.io`                                             |
+| `image.registry`         | Invoice Ninja image registry                                                  | `docker.io`                                             |
-| `image.repository`   | Invoiceninja image name                                         | `invoiceninja/invoiceninja`                             |
+| `image.repository`       | Invoice Ninja image name                                                      | `invoiceninja/invoiceninja`                             |
-| `image.tag`          | Invoiceninja image tag                                          | Check `values.yaml` file                                |
+| `image.tag`              | Invoice Ninja image tag                                                       | Check `values.yaml` file                                |
-| `image.pullPolicy`   | Invoiceninja image pull policy                                  | `IfNotPresent`                                          |
+| `image.pullPolicy`       | Invoice Ninja image pull policy                                               | `IfNotPresent`                                          |
-| `image.pullSecrets`  | Specify docker-registry secret names as an array                | `[]` (does not add image pull secrets to deployed pods) |
+| `image.pullSecrets`      | Specify docker-registry secret names as an array                              | `[]` (does not add image pull secrets to deployed pods) |
-| `image.debug`        | Specify if debug logs should be enabled                         | `false`                                                 |
+| `image.debug`            | Specify if debug logs should be enabled                                       | `false`                                                 |
-| `serviceAccountName` | Name of a service account for the Invoiceninja pods             | `default`                                               |
+| `debug`                  | Turn on debug mode on Invoice Ninja                                           | `false`                                                 |
-| `debug`              | Turn on debug mode on Invoiceninja                              | `false`                                                 |
+| `appKey`                 | Laravel Application Key (ignored if existing secret is provided)              | _random 32 character alphanumeric string_               |
-| `appKey`             | Laravel Application Key                                         | _random 32 character alphanumeric string_               |
+| `appURL`                 | Override Laravel Application URL (automatically set if blank)                 | `""`                                                    |
-| `logChannel`         | Name of log channel to use                                      | `nil`                                                   |
+| `userEmail`              | Initial user email address                                                    | `admin@example.com`                                     |
-| `broadcastDriver`    | Name of broadcast driver to use                                 | `nil`                                                   |
+| `userPassword`           | Initial user password (ignored if existing secret is provided)                | `changeme!`                                             |
-| `cacheDriver`        | Name of cache driver to use                                     | `nil`                                                   |
+| `logChannel`             | Name of log channel to use                                                    | `nil`                                                   |
-| `sessionDriver`      | Name of session driver to use                                   | `nil`                                                   |
+| `broadcastDriver`        | Name of broadcast driver to use                                               | `nil`                                                   |
-| `queueConnection`    | Name of queue connection to use                                 | `nil`                                                   |
+| `cacheDriver`            | Name of cache driver to use                                                   | `nil`                                                   |
-| `snappdf`            | Use snappdf instead of Phantom JS PDF generation                | `true`                                                  |
+| `sessionDriver`          | Name of session driver to use                                                 | `nil`                                                   |
-| `extraEnvVars`       | Extra environment variables to be set on Invoiceninja container | `{}`                                                    |
+| `queueConnection`        | Name of queue connection to use                                               | `nil`                                                   |
-| `extraEnvVarsCM`     | Name of existing ConfigMap containing extra env vars            | `nil`                                                   |
+| `pdfGenerator`           | PDF generation method (Allowed values: `snappdf` or `phantom`)                | `snappdf`                                               |
-| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars               | `nil`                                                   |
+| `mailer`                 | Name of the mailer to use (log, smtp, etc.)                                   | `log`                                                   |
+| `requireHttps`           | Force HTTPS for internal connections to Invoice Ninja (see #349)              | `false`                                                 |
+| `existingSecret`         | Use existing secret that contain the keys `APP_KEY` and `IN_PASSWORD`         | `nil`                                                   |
+| `extraEnvVars`           | Extra environment variables to be set on Invoice Ninja container              | `{}`                                                    |
+| `extraEnvVarsCM`         | Name of existing ConfigMap containing extra env vars                          | `nil`                                                   |
+| `extraEnvVarsSecret`     | Name of existing Secret containing extra env vars                             | `nil`                                                   |
+| `trustedProxy`           | List of trusted proxies for Invoice Ninja to communicate with the nginx proxy | `'*'`                                                   |
+| `extraVolumeMounts`      | Additional volume mounts                                                      | `[]`                                                    |
+| `resources`              | The resources for the Invoice Ninja container                                 | `{}`                                                    |
+| `livenessProbe`          | Liveness probe configuration for Invoice Ninja                                | Check `values.yaml` file                                |
+| `readinessProbe`         | Readiness probe configuration for Invoice Ninja                               | Check `values.yaml` file                                |
+| `containerPorts.fastcgi` | FastCGI port to expose at container level                                     | `9000`                                                  |
 
-### Invoiceninja deployment parameters
+### Inline web server container parameters (only used when `nginx.enabled` is **not** set to true)
+
+| Parameter                | Description                                              | Default                                                 |
+| ------------------------ | -------------------------------------------------------- | ------------------------------------------------------- |
+| `http.image.registry`    | Nginx image registry                                     | `docker.io`                                             |
+| `http.image.repository`  | Nginx image name                                         | `invoiceninja/invoiceninja`                             |
+| `http.image.tag`         | Nginx image tag                                          | Check `values.yaml` file                                |
+| `http.image.pullPolicy`  | Nginx image pull policy                                  | `IfNotPresent`                                          |
+| `http.image.pullSecrets` | Specify docker-registry secret names as an array         | `[]` (does not add image pull secrets to deployed pods) |
+| `http.image.debug`       | Specify if debug logs should be enabled                  | `false`                                                 |
+| `extraEnvVars`           | Extra environment variables to be set on Nginx container | `{}`                                                    |
+| `extraEnvVarsCM`         | Name of existing ConfigMap containing extra env vars     | `nil`                                                   |
+| `extraEnvVarsSecret`     | Name of existing Secret containing extra env vars        | `nil`                                                   |
+| `extraVolumeMounts`      | Additional volume mounts                                 | `[]`                                                    |
+| `resources`              | The resources for the Nginx container                    | `{}`                                                    |
+| `livenessProbe`          | Liveness probe configuration for Nginx                   | Check `values.yaml` file                                |
+| `readinessProbe`         | Readiness probe configuration for Nginx                  | Check `values.yaml` file                                |
+| `containerPorts.http`    | HTTP port to expose at container level                   | `9000`                                                  |
+| `containerPorts.https`   | HTTPS port to expose at container level                  | `9000`                                                  |
+
+### Invoice Ninja deployment parameters
 
 | Parameter                   | Description                                                                               | Default                        |
 | --------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------ |
-| `replicaCount`              | Number of Invoiceninja Pods to run                                                        | `1`                            |
+| `replicaCount`              | Number of Invoice Ninja Pods to run                                                       | `1`                            |
-| `containerPorts.fastcgi`    | FastCGI port to expose at container level                                                 | `9000`                         |
+| `serviceAccountName`        | Name of a service account for the Invoice Ninja pods                                      | `default`                      |
-| `podSecurityContext`        | Invoiceninja pods' Security Context                                                       | Check `values.yaml` file       |
+| `containerSecurityContext`  | Invoice Ninja containers' Security Context                                                | Check `values.yaml` file       |
-| `containerSecurityContext`  | Invoiceninja containers' Security Context                                                 | Check `values.yaml` file       |
+| `podSecurityContext`        | Invoice Ninja pods' Security Context                                                      | Check `values.yaml` file       |
-| `resources`                 | The resources for the Invoiceninja container                                              | `{}`                           |
-| `livenessProbe`             | Liveness probe configuration for Invoiceninja                                             | Check `values.yaml` file       |
-| `readinessProbe`            | Readiness probe configuration for Invoiceninja                                            | Check `values.yaml` file       |
 | `updateStrategy`            | Set up update strategy                                                                    | `RollingUpdate`                |
 | `podAntiAffinityPreset`     | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`  | `soft`                         |
 | `nodeAffinityPreset.type`   | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""`                           |
@@ -107,70 +138,121 @@ The following table shows the configuration options for the Invoiceninja helm ch
 | `affinity`                  | Affinity for pod assignment                                                               | `{}` (evaluated as a template) |
 | `nodeSelector`              | Node labels for pod assignment                                                            | `{}` (evaluated as a template) |
 | `tolerations`               | Tolerations for pod assignment                                                            | `[]` (evaluated as a template) |
-| `podLabels`                 | Extra labels for Invoiceninja pods                                                        | `{}`                           |
+| `podLabels`                 | Extra labels for Invoice Ninja pods                                                       | `{}`                           |
-| `podAnnotations`            | Annotations for Invoiceninja pods                                                         | `{}`                           |
+| `podAnnotations`            | Annotations for Invoice Ninja pods                                                        | `{}`                           |
-| `extraVolumeMounts`         | Additional volume mounts                                                                  | `[]`                           |
 | `extraVolumes`              | Additional volumes                                                                        | `[]`                           |
 
+### Volume Permissions parameters
+
+| Parameter                             | Description                                                                                                          | Default                                                 |
+| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
+| `volumePermissions.enabled`           | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false`                                                 |
+| `volumePermissions.image.registry`    | Init container volume-permissions image registry                                                                     | `docker.io`                                             |
+| `volumePermissions.image.repository`  | Init container volume-permissions image name                                                                         | `bitnami/bitnami-shell`                                 |
+| `volumePermissions.image.tag`         | Init container volume-permissions image tag                                                                          | `"10"`                                                  |
+| `volumePermissions.image.pullPolicy`  | Init container volume-permissions image pull policy                                                                  | `Always`                                                |
+| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array                                                                     | `[]` (does not add image pull secrets to deployed pods) |
+| `volumePermissions.resources`         | Init container volume-permissions resource                                                                           | `{}`                                                    |
+
 ### Exposure parameters
 
+#### FastCGI
+
 | Parameter                          | Description                                                                | Default                        |
 | ---------------------------------- | -------------------------------------------------------------------------- | ------------------------------ |
 | `service.type`                     | Kubernetes Service type                                                    | `ClusterIP`                    |
 | `service.port`                     | Service FastCGI port                                                       | `9000`                         |
 | `service.nodePort`                 | Kubernetes FastCGI node port                                               | `""`                           |
-| `service.clusterIP`                | Invoiceninja service clusterIP IP                                          | `None`                         |
+| `service.clusterIP`                | Invoice Ninja service clusterIP IP                                         | `None`                         |
 | `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]`                           |
 | `service.loadBalancerIP`           | loadBalancerIP if service type is `LoadBalancer`                           | `nil`                          |
 | `service.externalTrafficPolicy`    | Enable client source IP preservation                                       | `Cluster`                      |
 | `service.annotations`              | Service annotations                                                        | `{}` (evaluated as a template) |
 
+#### Inline web server (only used when `nginx.enabled` is **not** set to true)
+
+| Parameter                               | Description                                                                | Default                        |
+| --------------------------------------- | -------------------------------------------------------------------------- | ------------------------------ |
+| `service.http.type`                     | Kubernetes Service type                                                    | `ClusterIP`                    |
+| `service.http.ports.http`               | Service HTTP port                                                          | `9000`                         |
+| `service.http.ports.https`              | Service HTTPS port                                                         | `9000`                         |
+| `service.http.nodePorts.http`           | Kubernetes HTTP node port                                                  | `""`                           |
+| `service.http.nodePorts.https`          | Kubernetes HTTPS node port                                                 | `""`                           |
+| `service.http.clusterIP`                | Invoice Ninja service clusterIP IP                                         | `None`                         |
+| `service.http.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]`                           |
+| `service.http.loadBalancerIP`           | loadBalancerIP if service type is `LoadBalancer`                           | `nil`                          |
+| `service.http.externalTrafficPolicy`    | Enable client source IP preservation                                       | `Cluster`                      |
+| `service.http.annotations`              | Service annotations                                                        | `{}` (evaluated as a template) |
+
+
 ### Ingress parameters 
 
-| Parameter                                               | Description                           | Default                  |
+#### Inline web server (only used when `nginx.enabled` is **not** set to true)
-| ------------------------------------------------------- | ------------------------------------- | ------------------------ |
+
-| `nginx.service.type`                                    | Kubernetes Service type               | `ClusterIP`              |
+| Parameter                  | Description                                                                                           | Default                  |
-| `nginx.ingress.enabled`                                 | Enable ingress controller resource    | `true`                   |
+| -------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
-| `nginx.ingress.hostname`                                | Default host for the ingress resource | `invoiceninja.local`     |
+| `ingress.enabled`          | Enable ingress                                                                                        | `true`                   |
-| `nginx.serverBlock`                                     | Custom NGINX server block             | `nil`                    |
+| `ingress.certManager`      | Add the corresponding annotations for cert-manager integration                                        | `false`                  |
-| `nginx.extraVolumes`                                    | Array to add extra volumes            | Check `values.yaml` file |
+| `ingress.pathType`         | Ingress path type                                                                                     | `ImplementationSpecific` |
-| `nginx.extraVolumes[0].persistentVolumeClaim.claimName` | Name of Invoiceninja public PVC       | `invoiceninja-public`    |
+| `ingress.apiVersion`       | Force Ingress API version (automatically detected if not set)                                         | `nil`                    |
-| `nginx.extraVolumeMounts`                               | Array to add extra mount              | Check `values.yaml` file |
+| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                         | `nil`                    |
+| `ingress.hostname`         | Default host for the ingress record                                                                   | `invoiceninja.local`     |
+| `ingress.path`             | Default path for the ingress record                                                                   | `/`                      |
+| `ingress.annotations`      | Additional custom annotations for the ingress record                                                  | `{}`                     |
+| `ingress.tls`              | Enable TLS configuration for the host defined at `ingress.hostname` parameter                         | `false`                  |
+| `ingress.extraHosts`       | An array with additional hostname(s) to be covered with the ingress record                            | `[]`                     |
+| `ingress.extraPaths`       | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]`                     |
+| `ingress.extraTls`         | TLS configuration for additional hostname(s) to be covered with this ingress record                   | `[]`                     |
+| `ingress.secrets`          | Custom TLS certificates as secrets                                                                    | `[]`                     |
+
+#### Nginx sub-chart
+
+| Parameter                            | Description                           | Default                                                |
+| ------------------------------------ | ------------------------------------- | ------------------------------------------------------ |
+| `nginx.enabled`                      | Deploy Nginx sub-chart                | `false`                                                |
+| `nginx.service.type`                 | Kubernetes Service type               | `ClusterIP`                                            |
+| `nginx.ingress.enabled`              | Enable ingress controller resource    | `true`                                                 |
+| `nginx.ingress.hostname`             | Default host for the ingress resource | `invoiceninja.local`                                   |
+| `nginx.existingServerBlockConfigmap` | Custom NGINX server block config map  | `{{ include "invoiceninja.nginx.serverBlockName" . }}` |
+| `nginx.staticSitePVC`                | Name of Invoice Ninja public PVC      | `{{ include "invoiceninja.public.storageName" . }}`    |
 
 > See [Dependencies](#dependencies) for more.
 
 ### Persistence parameters
 
-| Parameter                           | Description                              | Default           |
+| Parameter                           | Description                                         | Default           |
-| ----------------------------------- | ---------------------------------------- | ----------------- |
+| ----------------------------------- | --------------------------------------------------- | ----------------- |
-| `persistence.public.enabled`        | Enable persistence using PVC             | `true`            |
+| `persistence.public.enabled`        | Enable persistence using PVC                        | `true`            |
-| `persistence.public.existingClaim`  | Enable persistence using an existing PVC | `nil`             |
+| `persistence.public.existingClaim`  | Enable persistence using an existing PVC            | `nil`             |
-| `persistence.public.storageClass`   | PVC Storage Class                        | `nil`             |
+| `persistence.public.storageClass`   | PVC Storage Class                                   | `nil`             |
-| `persistence.public.accessModes`    | PVC Access Modes                         | `[ReadWriteMany]` |
+| `persistence.public.accessModes`    | PVC Access Modes                                    | `[ReadWriteOnce]` |
-| `persistence.public.size`           | PVC Storage Request                      | `1Gi`             |
+| `persistence.public.size`           | PVC Storage Request                                 | `1Gi`             |
-| `persistence.public.dataSource`     | PVC data source                          | `{}`              |
+| `persistence.public.dataSource`     | PVC data source                                     | `{}`              |
-| `persistence.storage.enabled`       | Enable persistence using PVC             | `true`            |
+| `persistence.storage.enabled`       | Enable persistence using PVC (only for FILE driver) | `false`           |
-| `persistence.storage.existingClaim` | Enable persistence using an existing PVC | `nil`             |
+| `persistence.storage.existingClaim` | Enable persistence using an existing PVC            | `nil`             |
-| `persistence.storage.storageClass`  | PVC Storage Class                        | `nil`             |
+| `persistence.storage.storageClass`  | PVC Storage Class                                   | `nil`             |
-| `persistence.storage.accessModes`   | PVC Access Modes                         | `[ReadWriteMany]` |
+| `persistence.storage.accessModes`   | PVC Access Modes                                    | `[ReadWriteMany]` |
-| `persistence.storage.size`          | PVC Storage Request                      | `5Gi`             |
+| `persistence.storage.size`          | PVC Storage Request                                 | `5Gi`             |
-| `persistence.storage.dataSource`    | PVC data source                          | `{}`              |
+| `persistence.storage.dataSource`    | PVC data source                                     | `{}`              |
+
+> See `values.yaml` for more details.
 
 ### Redis parameters
 
-| Parameter                         | Description                                  | Default |
+| Parameter                         | Description                                  | Default                                   |
-| --------------------------------- | -------------------------------------------- | ------- |
+| --------------------------------- | -------------------------------------------- | ----------------------------------------- |
-| `redis.enabled`                   | If external redis is used, set it to `false` | `true`  |
+| `redis.enabled`                   | If external redis is used, set it to `false` | `true`                                    |
-| `redis.password`                  | Redis password                               | `nil`   |
+| `redis.auth.password`             | Redis password                               | _random 10 character alphanumeric string_ |
-| `redis.usePassword`               | Use redis password                           | `false` |
+| `redis.auth.sentinel`             | Use password for sentinel containers         | `false`                                   |
-| `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`  |
+| `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`                                    |
-| `redis.sentinel.usePassword`      | Use password for sentinel containers         | `false` |
+| `redis.sentinel.quorum`           | Sentinel Quorum                              | `1`                                       |
-| `externalRedis.host`              | Host of the external redis                   | `nil`   |
+| `redis.replica.replicaCount`      | Number of Redis replicas to deploy           | `1`                                       |
-| `externalRedis.port`              | Port of the external redis                   | `6379`  |
+| `externalRedis.host`              | Host of the external redis                   | `nil`                                     |
-| `externalRedis.password`          | Password for the external redis              | `nil`   |
+| `externalRedis.port`              | Port of the external redis                   | `6379`                                    |
-| `externalRedis.sentinel`          | Using sentinels                              | `false` |
+| `externalRedis.password`          | Password for the external redis              | `nil`                                     |
-| `externalRedis.databases.default` | Database to use by default                   | `0`     |
+| `externalRedis.sentinel`          | Using sentinels                              | `false`                                   |
-| `externalRedis.databases.cache`   | Database to use by cache                     | `1`     |
+| `externalRedis.databases.default` | Database to use by default                   | `0`                                       |
+| `externalRedis.databases.cache`   | Database to use by cache                     | `1`                                       |
 
 > See [Dependencies](#dependencies) for more.
 
@@ -194,13 +276,13 @@ The following table shows the configuration options for the Invoiceninja helm ch
 
 ### Other parameters
 
-| Parameter                  | Description                             | Default |
+| Parameter                  | Description                              | Default |
-| -------------------------- | --------------------------------------- | ------- |
+| -------------------------- | ---------------------------------------- | ------- |
-| `autoscaling.enabled`      | Enable autoscaling for Invoiceninja     | `false` |
+| `autoscaling.enabled`      | Enable autoscaling for Invoice Ninja     | `false` |
-| `autoscaling.minReplicas`  | Minimum number of Invoiceninja replicas | `1`     |
+| `autoscaling.minReplicas`  | Minimum number of Invoice Ninja replicas | `1`     |
-| `autoscaling.maxReplicas`  | Maximum number of Invoiceninja replicas | `11`    |
+| `autoscaling.maxReplicas`  | Maximum number of Invoice Ninja replicas | `11`    |
-| `autoscaling.targetCPU`    | Target CPU utilization percentage       | `nil`   |
+| `autoscaling.targetCPU`    | Target CPU utilization percentage        | `nil`   |
-| `autoscaling.targetMemory` | Target Memory utilization percentage    | `nil`   |
+| `autoscaling.targetMemory` | Target Memory utilization percentage     | `nil`   |
 
 ## Installing with Arguments
 
@@ -208,18 +290,99 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 
 ```bash
 helm install invoiceninja \
---set replicaCount=3,livenessProbe.initialDelaySeconds=90 \
+  --set appKey=changeit \
+  --set replicaCount=3 \
+  --set persistence.public.accessModes[0]=ReadWriteMany
+  --set redis.auth.password=changeit \
+  --set redis.sentinel.quorum=2 \
+  --set redis.replica.replicaCount=3 \
+  --set mariadb.auth.rootPassword=changeit \
+  --set mariadb.auth.password=changeit \
   invoiceninja/invoiceninja
 ```
 
-The above command sets the number of replicas to 4, and the liveness probe delay to 90 seconds.
+The above command sets the number of replicas to 3 for a highly available (HA) setup and uses a `ReadWriteMany` volume. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup. For a production environment, it is recommended that you spin up the required databases in a separate Helm Chart to decouple the upgrading process.
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while [installing](https://helm.sh/docs/helm/helm_install/) the chart. For example,
 
+```yaml
+# values.yaml
+appKey: changeit
+persistence:
+  public:
+    accessModes:
+      - ReadWriteMany
+redis:
+  auth:
+    password: changeit
+mariadb:
+  auth:
+    rootPassword: changeit
+    password: changeit
+```
+
 ```bash
 helm install invoiceninja -f values.yaml invoiceninja/invoiceninja
 ```
 
+## Setting Environment Variables
+
+Should you need to inject any environment variables such as those in [here](https://github.com/invoiceninja/dockerfiles/blob/master/env) into the `invoiceninja` container, you can use the `extraEnvVars` option:
+
+```yaml
+# ... values.yaml file
+# In this example, we are setting the SMTP MAIL_HOST to be 'smtp.mailtrap.io'
+extraEnvVars:
+  - name: MAIL_HOST
+    value: 'smtp.mailtrap.io' # all values must be strings, so other types must be surrounded in quotes
+```
+
+Alternatively you can provide the name of an existing `configmap` or `secret` object:
+
+```bash
+kubectl create configmap examplemap --from-literal=MAIL_HOST='smtp.mailtrap.io'
+```
+
+```yaml
+# ... values.yaml file
+extraEnvVarsCM: examplemap
+```
+
+## Inline webserver vs Nginx sub-chart
+
+Since there are many people without access to a `ReadWriteMany` volume, the inline Nginx web server will allow you to use a `ReadWriteOnce` public volume limited to 1 IN replica.
+
+If you have the ability to use `ReadWriteMany` persistent volume, you can choose between the two by setting the `nginx.enabled` parameter. Setting `nginx.enabled` to true will enable the Nginx sub-chart and will provide you with some additional features, such as:
+
+- independent scaling of Nginx and IN pods
+- separate resource limits/requests
+- other features available from the sub-chart
+
 ## Upgrading
 
-Nothing yet.
+### To 0.10.0
+
+The following chart dependencies have been upgraded.
+- MariaDB 
+- Redis
+- Nginx
+- Bitnami common
+
+Please take note that this upgrade MariaDB from 10.5 to 10.6. Please backup your database before proceeding.
+
+### To 0.8.0
+
+To improve the accessibility of this chart to regular users. Some of the defaults have been changed. This include:
+
+- `persistence.public.accessModes` now defaults to `ReadWriteOnce`.
+- `nginx.enabled` now defaults to false.
+- `redis.replica.replicaCount` and `redis.sentinel.quorum` now defaults to `1`.
+
+Other changes:
+
+- `snappdf` parameter has been replaced by `pdfGenerator`.
+
+### To 0.7.0
+
+- Redis chart dependency has been upgraded and may not be backwards compatible with previous versions. See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis) for more info.
+- Storage persitence defaults to `false`. Set to `true` if not using Redis or using FILE driver

charts/invoiceninja/templates/NOTES.txt

@@ -16,18 +16,19 @@ Externally through the following DNS name:
 -- OR --
 {{ end }}
 
-{{- if contains "NodePort" .Values.service.type }}
+{{- if contains "NodePort" .Values.nginx.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "invoiceninja.nginx.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
+{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "invoiceninja.nginx.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "invoiceninja.nginx.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
+{{- else if contains "ClusterIP" .Values.nginx.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export SVC_NAME=$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name=nginx,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  export SVC_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} $SVC_NAME -o jsonpath="{.spec.ports[0].port}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
+  echo "Add the line '127.0.0.1 {{ .Values.nginx.ingress.hostname }}' to your hosts file"
-  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+  echo "Visit http://{{ .Values.nginx.ingress.hostname }} to use your application"
+  kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 80:$SVC_PORT
 {{- end }}

charts/invoiceninja/templates/_helpers.tpl

@@ -5,11 +5,25 @@ Return the proper image name
 {{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
 {{- end -}}
 
+{{/*
+Return the proper image name
+*/}}
+{{- define "invoiceninja.nginx.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.http.image "global" .Values.global) -}}
+{{- end -}}
+
 {{/*
 Return the proper Docker Image Registry Secret Names
 */}}
 {{- define "invoiceninja.imagePullSecrets" -}}
-{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.http.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "invoiceninja.volumePermissions.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
 {{- end -}}
 
 {{/*
@@ -36,7 +50,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-
 {{/*
 Create the name of the service account to use
 */}}
@@ -48,18 +61,25 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the Invoice Ninja Secret Name
+*/}}
+{{- define "invoiceninja.secretName" -}}
+{{- default (include "common.names.fullname" .) .Values.existingSecret }}
+{{- end -}}
+
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.public.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.public "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.storage.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.storage "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
@@ -76,6 +96,29 @@ Return the proper Storage Name
 {{- printf "%s-%s" .Release.Name "storage" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Return the proper app URL
+*/}}
+{{- define "invoiceninja.url" -}}
+    {{- if .Values.appURL }}
+        {{- printf "%s" .Values.appURL -}}
+    {{- else if .Values.nginx.ingress.enabled }}
+        {{- if .Values.nginx.ingress.tls }}
+            {{- printf "https://%s" .Values.nginx.ingress.hostname -}}
+        {{- else }}
+            {{- printf "http://%s" .Values.nginx.ingress.hostname -}}
+        {{- end }}
+    {{- else if .Values.ingress.enabled }}
+        {{- if .Values.ingress.tls }}
+            {{- printf "https://%s" .Values.ingress.hostname -}}
+        {{- else }}
+            {{- printf "http://%s" .Values.ingress.hostname -}}
+        {{- end }}
+    {{- else }}
+        {{- printf "http://%s" (include "common.names.fullname" .) -}}
+    {{- end }}
+{{- end -}}
+
 {{/*
 Return the MariaDB Hostname
 */}}
@@ -131,7 +174,11 @@ Return the MariaDB Secret Name
 {{- if .Values.externalDatabase.existingSecret -}}
     {{- printf "%s" .Values.externalDatabase.existingSecret -}}
 {{- else -}}
-    {{- printf "%s" (include "invoiceninja.mariadb.fullname" .) -}}
+    {{- if .Values.mariadb.auth.existingSecret -}}
+        {{- printf "%s" .Values.mariadb.auth.existingSecret -}}
+    {{- else -}}
+        {{- printf "%s" (include "invoiceninja.mariadb.fullname" .) -}}
+    {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -194,7 +241,11 @@ Return the Redis Secret Name
 {{- if .Values.externalRedis.existingSecret -}}
     {{- printf "%s" .Values.externalRedis.existingSecret -}}
 {{- else -}}
-    {{- printf "%s" (include "invoiceninja.redis.fullname" .) -}}
+    {{- if .Values.redis.auth.existingSecret -}}
+        {{- printf "%s" .Values.redis.auth.existingSecret -}}
+    {{- else -}}
+        {{- printf "%s" (include "invoiceninja.redis.fullname" .) -}}
+    {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -221,7 +272,7 @@ Return the Cache Connection Name
 {{- end -}}
 
 {{/*
-Return the Broadcast Driver Name
+Return the Queue Connection Name
 */}}
 {{- define "invoiceninja.redisQueueConnection" -}}
 {{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
@@ -230,3 +281,29 @@ Return the Broadcast Driver Name
     {{- printf "default" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Return the Session Connection Name
+*/}}
+{{- define "invoiceninja.redisSessionConnection" -}}
+{{- if or (and .Values.redis.enabled .Values.redis.sentinel.enabled) (and .Values.externalRedis.host .Values.externalRedis.sentinel) }}
+    {{- printf "sentinel-default" -}}
+{{- else -}}
+    {{- printf "default" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Server block configmap name for nignx.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "invoiceninja.nginx.serverBlockName" -}}
+{{- printf "%s-%s" .Release.Name "server-block" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Name of web service for inline web server.
+*/}}
+{{- define "invoiceninja.http.serviceName" -}}
+{{- printf "%s-%s" .Release.Name "web" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/invoiceninja/templates/configmap.yaml

@@ -12,21 +12,18 @@ metadata:
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}
 data:
-  {{- if .Values.nginx.ingress.enabled }}
+  APP_URL: {{ include "invoiceninja.url" . | quote }}
-  APP_URL: "http://{{ .Values.nginx.ingress.hostname }}/"
-  {{- else }}
-  APP_URL: "http://{{ include "common.names.fullname" . }}/"
-  {{- end }}
   APP_DEBUG: {{ .Values.debug | quote }}
-  DB_HOST1: {{ include "invoiceninja.databaseHost" . | quote }}
+  DB_HOST: {{ include "invoiceninja.databaseHost" . | quote }}
-  DB_PORT1: {{ include "invoiceninja.databasePort" . | quote }}
+  DB_PORT: {{ include "invoiceninja.databasePort" . | quote }}
-  DB_USERNAME1: {{ include "invoiceninja.databaseUser" . | quote }}
+  DB_USERNAME: {{ include "invoiceninja.databaseUser" . | quote }}
-  DB_DATABASE1: {{ include "invoiceninja.databaseName" . | quote }}
+  DB_DATABASE: {{ include "invoiceninja.databaseName" . | quote }}
   {{- if .Values.logChannel }}
   LOG_CHANNEL: {{ .Values.logChannel | quote }}
   {{- else }}
   LOG_CHANNEL: stderr
   {{- end }}
+  MAIL_MAILER: {{ .Values.mailer | quote }}
   {{- if .Values.broadcastDriver }}
   BROADCAST_DRIVER: {{ .Values.broadcastDriver | quote }}
   {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
@@ -47,7 +44,9 @@ data:
   {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
   QUEUE_CONNECTION: redis
   {{- end }}
-  PHANTOMJS_PDF_GENERATION: {{ not .Values.snappdf | quote}}
+  # PHANTOMJS_PDF_GENERATION is deprecated
+  PHANTOMJS_PDF_GENERATION: "false"
+  PDF_GENERATOR: {{ .Values.pdfGenerator | quote}}
   REDIS_HOST: {{ include "invoiceninja.redisHost" . | quote }}
   REDIS_PORT: {{ include "invoiceninja.redisPort" . | quote }}
   REDIS_DB: {{ include "invoiceninja.redisDatabase" . | quote }}
@@ -55,3 +54,6 @@ data:
   REDIS_BROADCAST_CONNECTION: {{ include "invoiceninja.redisBroadcastConnection" . | quote }}
   REDIS_CACHE_CONNECTION: {{ include "invoiceninja.redisCacheConnection" . | quote }}
   REDIS_QUEUE_CONNECTION: {{ include "invoiceninja.redisQueueConnection" . | quote }}
+  SESSION_CONNECTION: {{ include "invoiceninja.redisSessionConnection" . | quote }}
+  REQUIRE_HTTPS: {{ .Values.requireHttps | quote }}
+  TRUSTED_PROXIES: {{ .Values.trustedProxies | quote }}

charts/invoiceninja/templates/deployment.yaml

@@ -63,12 +63,14 @@ spec:
             - -cx
             - |
               COUNTER=0;
-              while [  $COUNTER -lt 120 ]; do
+              [[ -z "${DB_HOST1}" ]] || DB_HOST="${DB_HOST1}";
-                if mysqladmin ping -h "$DB_HOST1" -P $DB_PORT1 --silent; then
+              [[ -z "${DB_PORT1}" ]] || DB_PORT="${DB_PORT1}";
+              while [ $COUNTER -lt 120 ]; do
+                if mysqladmin ping -h "$DB_HOST" -P $DB_PORT --connect-timeout=15 --silent; then
                   exit 0;
                 fi;
                 let COUNTER=COUNTER+1;
-                echo "Waiting for DB ($DB_HOST1:$DB_PORT1)"
+                echo "Waiting for DB... Trying again in 2s";
                 sleep 2;
               done;
               echo "Did NOT see a database after 240 secs!";
@@ -81,6 +83,38 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "common.names.fullname" . }}
+            {{- if .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          env:
+            {{- if .Values.extraEnvVars }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+        {{- if and .Values.podSecurityContext .Values.volumePermissions.enabled (or .Values.persistence.public.enabled .Values.persistence.storage.enabled) }}
+        - name: volume-permissions
+          image: {{ include "invoiceninja.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - /bin/bash
+            - -ec
+            - |
+              chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /var/www/app/{public,storage}
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /var/www/app/public
+              name: public
+            - mountPath: /var/www/app/storage
+              name: storage
+        {{- end }}
         {{- if .Values.initContainers }}
           {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
         {{- end }}
@@ -101,8 +135,10 @@ spec:
             timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }}
             successThreshold: {{ $.Values.livenessProbe.successThreshold }}
             failureThreshold: {{ $.Values.livenessProbe.failureThreshold }}
-            tcpSocket:
+            exec:
-              port: {{ .Values.livenessProbe.port }}
+              command:
+              - pgrep
+              - php-fpm
           {{- end }}
           {{- if .Values.readinessProbe.enabled }}
           readinessProbe:
@@ -118,7 +154,7 @@ spec:
             - configMapRef:
                 name: {{ include "common.names.fullname" . }}
             - secretRef:
-                name: {{ include "common.names.fullname" . }}
+                name: {{ include "invoiceninja.secretName" . }}
             {{- if .Values.extraEnvVarsCM }}
             - configMapRef:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
@@ -128,18 +164,22 @@ spec:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
             {{- end }}
           env:
-            - name: DB_PASSWORD1
+            - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "invoiceninja.databaseSecretName" . }}
                   key: mariadb-password
-            {{- if not (and .Values.redis.enabled (not .Values.redis.usePassword)) }}
+            {{- if or (and .Values.redis.enabled .Values.redis.auth.enabled) (or .Values.externalRedis.password .Values.externalRedis.existingSecret) }}
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "invoiceninja.redisSecretName" . }}
                   key: redis-password
             {{- end }}
+            {{- if .Values.userEmail }}
+            - name: IN_USER_EMAIL
+              value: {{ .Values.userEmail | quote }}
+            {{- end }}
             {{- if .Values.extraEnvVars }}
               {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}
@@ -153,6 +193,61 @@ spec:
             {{- if .Values.extraVolumeMounts }}
               {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
             {{- end }}
+        {{- if not .Values.nginx.enabled }}
+        - name: nginx
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          image: {{ include "invoiceninja.nginx.image" . }}
+          imagePullPolicy: {{ .Values.http.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.http.containerPorts.http }}
+            - name: https
+              containerPort: {{ .Values.http.containerPorts.https }}
+          {{- if .Values.http.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.http.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.http.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ $.Values.http.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ $.Values.http.livenessProbe.successThreshold }}
+            failureThreshold: {{ $.Values.http.livenessProbe.failureThreshold }}
+            tcpSocket:
+              port: http
+          {{- end }}
+          {{- if .Values.http.readinessProbe.enabled }}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.http.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.http.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ $.Values.http.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ $.Values.http.readinessProbe.successThreshold }}
+            failureThreshold: {{ $.Values.http.readinessProbe.failureThreshold }}
+            tcpSocket:
+              port: http
+          {{- end }}
+          envFrom:
+            {{- if .Values.http.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.http.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          env:
+            {{- if .Values.http.extraEnvVars }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.http.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /opt/bitnami/nginx/conf/server_blocks
+              name: nginx-server-block
+            - mountPath: /app
+              name: public
+            {{- if .Values.http.extraVolumeMounts }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
+        {{- end }}
       volumes:
         - name: public
           {{- if .Values.persistence.public.enabled }}
@@ -168,6 +263,12 @@ spec:
           {{- else }}
           emptyDir: {}
           {{ end }}
+        {{- if not .Values.nginx.enabled }}
+        - name: nginx-server-block
+          configMap:
+            defaultMode: 420
+            name: {{ include "invoiceninja.nginx.serverBlockName" . }}
+        {{- end }}
         {{- if .Values.extraVolumes }}
           {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
         {{- end }}

charts/invoiceninja/templates/ingress.yaml

@@ -0,0 +1,63 @@
+{{- if and ( not .Values.nginx.enabled ) .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.ingress.certManager }}
+    kubernetes.io/tls-acme: "true"
+    {{- end }}
+    {{- if .Values.ingress.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingress.hostname }}
+    - host: {{ .Values.ingress.hostname | quote }}
+      http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" ( dict "serviceName" (include "invoiceninja.http.serviceName" .) "servicePort" "http" "context" $ )  | nindent 14 }}
+    {{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" ( dict "serviceName" (include "invoiceninja.http.serviceName" $) "servicePort" "http" "context" $ ) | nindent 14 }}
+    {{- end }}
+  {{- if or .Values.ingress.tls .Values.ingress.extraTls }}
+  tls:
+    {{- if .Values.ingress.tls }}
+    - hosts:
+        - {{ .Values.ingress.hostname | quote }}
+        {{- range .Values.ingress.extraHosts }}
+        - {{ .name | quote }}
+        {{- end }}
+      secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/invoiceninja/templates/pvc.yaml

@@ -14,7 +14,13 @@ metadata:
   {{- end }}
 spec:
   accessModes:
+  {{- if not (empty .Values.persistence.public.accessModes) }}
+  {{- range .Values.persistence.public.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  {{- else }}
     - {{ .Values.persistence.public.accessMode | quote }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.persistence.public.size | quote }}
@@ -41,7 +47,13 @@ metadata:
   {{- end }}
 spec:
   accessModes:
+  {{- if not (empty .Values.persistence.storage.accessModes) }}
+  {{- range .Values.persistence.storage.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  {{- else }}
     - {{ .Values.persistence.storage.accessMode | quote }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.persistence.storage.size | quote }}

charts/invoiceninja/templates/secret.yaml

@@ -38,6 +38,7 @@ data:
 {{- end }}
 
 ---
+{{- if not .Values.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -57,4 +58,8 @@ data:
   APP_KEY: {{ .Values.appKey | b64enc | quote }}
   {{- else }}
   APP_KEY: {{ randAlphaNum 32 | b64enc | quote }}
-  {{- end }}
+  {{- end }}
+  {{- if .Values.userPassword }}
+  IN_PASSWORD: {{ .Values.userPassword | b64enc | quote }}
+  {{- end }}
+{{- end }}

charts/invoiceninja/templates/serverblock.yaml

@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "invoiceninja.nginx.serverBlockName" . }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations:
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  server-block.conf: |-
+    server {
+        listen 8080 default_server;
+        listen [::]:8080 default_server;
+        server_name _;
+
+        root /app;
+        index index.php;
+
+        location / {
+            try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location = /robots.txt  { access_log off; log_not_found off; }
+
+        location ~ \.php$ {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass {{ include "common.names.fullname" . }}:9000;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME /var/www/app/public$fastcgi_script_name;
+            fastcgi_buffer_size 16k;
+            fastcgi_buffers 4 16k;
+        }
+    }

charts/invoiceninja/templates/webservice.yaml

@@ -0,0 +1,60 @@
+{{- if not .Values.nginx.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "invoiceninja.http.serviceName" . }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.service.http.annotations .Values.commonAnnotations }}
+  annotations:
+    {{- if .Values.service.http.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.service.http.annotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.http.type }}
+  {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.http.clusterIP }}
+  {{- end }}
+  {{- if (or (eq .Values.service.http.type "LoadBalancer") (eq .Values.service.http.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.http.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if (and (eq .Values.service.http.type "LoadBalancer") .Values.service.http.loadBalancerSourceRanges) }}
+  loadBalancerSourceRanges: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if (and (eq .Values.service.http.type "LoadBalancer") (not (empty .Values.service.http.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
+  {{- end }}
+  ports:
+    {{- if not (empty .Values.service.http.ports.http) }}
+    - name: http
+      port:  {{ .Values.service.http.ports.http }}
+      protocol: TCP
+      targetPort: http
+      {{- if (and (or (eq .Values.service.http.type "NodePort") (eq .Values.service.http.type "LoadBalancer")) (not (empty .Values.service.http.nodePorts.http))) }}
+      nodePort: {{ .Values.service.http.nodePorts.http }}
+      {{- else if eq .Values.service.http.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
+    {{- if not (empty .Values.service.http.ports.https) }}
+    - name: https
+      port:  {{ .Values.service.http.ports.https }}
+      protocol: TCP
+      targetPort: https
+      {{- if (and (or (eq .Values.service.http.type "NodePort") (eq .Values.service.http.type "LoadBalancer")) (not (empty .Values.service.http.nodePorts.https))) }}
+      nodePort: {{ .Values.service.http.nodePorts.https }}
+      {{- else if eq .Values.service.http.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
+  selector:
+    {{- include "common.labels.matchLabels" . | nindent 4 }}
+    app.kubernetes.io/component: server
+{{- end }}

charts/invoiceninja/values.yaml

@@ -12,13 +12,13 @@
 #     - myRegistryKeySecretName
 #   storageClass: myStorageClass
 
-## Invoiceninja image version
+## Invoice Ninja image version
 ## ref: https://github.com/invoiceninja/dockerfiles
 ##
 image:
   registry: docker.io
   repository: invoiceninja/invoiceninja
-  tag: 5.1.35
+  tag: 5.5.49
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
@@ -30,7 +30,7 @@ image:
   # pullSecrets:
   #   - myRegistryKeySecretName
 
-## String to turn on debug mode in Invoiceninja
+## String to turn on debug mode in Invoice Ninja
 ##
 debug: false
 
@@ -38,6 +38,20 @@ debug: false
 ##
 appKey: ""
 
+## Override app URL
+##
+appURL: ""
+
+## Email of user to create first run
+## If not specified, default user email will be "admin@example.com"
+##
+userEmail: ""
+
+## Password of user to create on first run
+## If not specified, default user password will be "changeme!"
+##
+userPassword: ""
+
 ## Name of log channel to use
 ##
 logChannel: ""
@@ -58,9 +72,30 @@ sessionDriver: ""
 ##
 queueConnection: ""
 
-## Use local or Phantom JS PDF generation
+## List of trusted proxies for Invoice Ninja to communicate with the nginx proxy
 ##
-snappdf: true
+trustedProxies: "*"
+
+## Use local or Phantom JS PDF generation
+## Options are `snappdf` or `phantom`
+##
+pdfGenerator: snappdf
+
+## Name of queue connection to use (use "log" for debug)
+## Please check the ref below for any other env you may need to define
+## ref: https://github.com/invoiceninja/invoiceninja/blob/v5-stable/config/mail.php
+##
+mailer: log
+
+## Force HTTPS for all connections to Invoice Ninja
+##
+requireHttps: false
+
+## Name of existing secret containing IN credentials
+## NOTE: Must contain key `APP_KEY` and `IN_PASSWORD`
+## NOTE: When it's set, the `appKey` and `userPassword` parameter is ignored
+##
+existingSecret:
 
 ## String to partially override fullname template (will maintain the release name)
 ##
@@ -165,11 +200,29 @@ containerSecurityContext:
   #   - ALL
   # readOnlyRootFilesystem: true
 
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    # pullSecrets:
+    #   - myRegistryKeySecretName
+  resources: {}
+
 ## Number of replicas (requires ReadWriteMany PVC support)
 ##
 replicaCount: 1
 
-## Set up update strategy for Invoiceninja installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first.
+## Set up update strategy for Invoice Ninja installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first.
 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
 ## Example:
 ## updateStrategy:
@@ -202,14 +255,123 @@ extraEnvVarsCM:
 ##
 extraEnvVarsSecret:
 
-## Extra volumes to add to the deployment
-##
-extraVolumes: []
-
 ## Extra volume mounts to add to the container
 ##
 extraVolumeMounts: []
 
+## Configure extra options for liveness and readiness probes
+## This applies to all the Invoice Ninja in the cluster
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+##
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 120
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 15
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+  port: fastcgi
+
+resources:
+  {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Inline http server (this is enabled only if nginx sub chart is disabled).
+##
+http:
+  image:
+    registry: docker.io
+    repository: bitnami/nginx
+    tag: 1.22.1-debian-11-r21
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    # pullSecrets:
+    #   - myRegistryKeySecretName
+
+  ## Container ports
+  ##
+  containerPorts:
+    http: 8080
+    https: 8443
+
+  ## An array to add extra env vars
+  ## Example:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+
+  ## ConfigMap with extra environment variables
+  ##
+  extraEnvVarsCM:
+
+  ## Secret with extra environment variables
+  ##
+  extraEnvVarsSecret:
+
+  ## Extra volume mounts to add to the container
+  ##
+  extraVolumeMounts: []
+
+  ## Configure extra options for liveness and readiness probes
+  ## This applies to all the web server in the cluster
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 15
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+
+  resources:
+    {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
 ## Kubernetes service type
 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
 ## Set this to NodePort, LoadBalancer or ClusterIP
@@ -245,40 +407,129 @@ service:
   ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
   ##
   annotations: {}
+  ## Service for http server
+  ##
+  http:
+    ## Service type
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+    ##
+    type: ClusterIP
+    ## Service ports
+    ##
+    ports:
+      http: 8080
+      https: 8443
+    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+    ##
+    nodePorts:
+      http: ""
+      https: ""
+    ## Service clusterIP.
+    ##
+    # clusterIP: None
+    ## Specify the loadBalancerIP value for LoadBalancer service types.
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+    ##
+    # loadBalancerIP:
+    ## Specify the loadBalancerSourceRanges value for LoadBalancer service types.
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ##
+    loadBalancerSourceRanges: []
+    ## Enable client source IP preservation
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## Additional service annotations (evaluate as a template)
+    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+    ##
+    annotations: {}
 
-## Configure extra options for liveness and readiness probes
+## Configure the ingress resource to access IN (this is enabled only if nginx sub chart is disabled).
-## This applies to all the Invoiceninja in the sharded cluster
+## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
 ##
-livenessProbe:
+ingress:
+  ## Enable ingress
+  ##
   enabled: true
-  initialDelaySeconds: 30
+  ## Add the corresponding annotations for cert-manager integration
-  periodSeconds: 10
+  ##
-  timeoutSeconds: 5
+  certManager: false
-  failureThreshold: 6
+  ## Ingress path type
-  successThreshold: 1
+  ##
-  port: fastcgi
+  pathType: ImplementationSpecific
-readinessProbe:
+  ## Force Ingress API version (automatically detected if not set)
-  enabled: true
+  ##
-  initialDelaySeconds: 15
+  apiVersion:
-  periodSeconds: 10
+  ## IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
-  timeoutSeconds: 5
+  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
-  failureThreshold: 6
+  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
-  successThreshold: 1
+  ##
-  port: fastcgi
+  ingressClassName:
-
+  ## Default host for the ingress record
-resources:
+  ##
-  {}
+  hostname: invoiceninja.local
-  # We usually recommend not to specify default resources and to leave this as a conscious
+  ## Default path for the ingress record
-  # choice for the user. This also increases chances charts run on environments with little
+  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  ##
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  path: /
-  # limits:
+  ## Additional custom annotations for the ingress record
-  #   cpu: 100m
+  ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
-  #   memory: 128Mi
+  ##
-  # requests:
+  annotations: {}
-  #   cpu: 100m
+  ## Enable TLS configuration for the host defined at `ingress.hostname` parameter
-  #   memory: 128Mi
+  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+  ## You can:
+  ##   - Use the `ingress.secrets` parameter to create this TLS secret
+  ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
+  ##   - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
+  ##
+  tls: false
+  ## An array with additional hostname(s) to be covered with the ingress record
+  ## e.g:
+  ## extraHosts:
+  ##   - name: invoiceninja.local
+  ##     path: /
+  ##
+  extraHosts: []
+  ## An array with additional arbitrary paths that may need to be added to the ingress under the main host
+  ## e.g:
+  ## extraPaths:
+  ## - path: /*
+  ##   backend:
+  ##     serviceName: ssl-redirect
+  ##     servicePort: use-annotation
+  ##
+  extraPaths: []
+  ## TLS configuration for additional hostname(s) to be covered with this ingress record
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  ## e.g:
+  ## extraTls:
+  ## - hosts:
+  ##     - invoiceninja.local
+  ##   secretName: invoiceninja.local-tls
+  ##
+  extraTls: []
+  ## Custom TLS certificates as secrets
+  ## NOTE: 'key' and 'certificate' are expected in PEM format
+  ## NOTE: 'name' should line up with a 'secretName' set further up
+  ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  ## e.g:
+  ## secrets:
+  ##   - name: invoiceninja.local-tls
+  ##     key: |-
+  ##       -----BEGIN RSA PRIVATE KEY-----
+  ##       ...
+  ##       -----END RSA PRIVATE KEY-----
+  ##     certificate: |-
+  ##       -----BEGIN CERTIFICATE-----
+  ##       ...
+  ##       -----END CERTIFICATE-----
+  ##
+  secrets: []
 
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
@@ -286,7 +537,7 @@ resources:
 persistence:
   public:
     enabled: true
-    ## Invoiceninja data Persistent Volume Storage Class
+    ## Invoice Ninja data Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
@@ -298,14 +549,15 @@ persistence:
     ## If you want to reuse an existing claim, you can pass the name of the PVC using
     ## the existingClaim variable
     # existingClaim: your-claim
-    accessMode: ReadWriteMany
+    accessMode: ReadWriteOnce
     size: 1Gi
     ## Custom dataSource
     ##
     dataSource: {}
   storage:
-    enabled: true
+    ## Only required when using FILE cache or session driver
-    ## Invoiceninja data Persistent Volume Storage Class
+    enabled: false
+    ## Invoice Ninja data Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
@@ -335,10 +587,13 @@ autoscaling:
 ##
 redis:
   enabled: true
-  usePassword: false
+  auth:
+    sentinel: false
   sentinel:
     enabled: true
-    usePassword: false
+    quorum: 1
+  replica:
+    replicaCount: 1
 
 ## External Redis Configuration
 ##
@@ -395,7 +650,7 @@ externalDatabase:
   ## Database host
   ##
   host: ""
-  ## non-root Username for Invoiceninja Database
+  ## non-root Username for Invoice Ninja Database
   ##
   user: invoiceninja
   ## Database password
@@ -417,54 +672,21 @@ externalDatabase:
 ## ref: https://github.com/bitnami/charts/blob/master/bitnami/nginx/values.yaml
 ##
 nginx:
+  enabled: false
   service:
     ## Service type
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
     ##
     type: ClusterIP
-  ## Configure the ingress resource that allows you to access the Invoiceninja
+  ## Configure the ingress resource that allows you to access the Invoice Ninja
   ## ref: http://kubernetes.io/docs/user-guide/ingress/
   ##
   ingress:
     enabled: true
     hostname: invoiceninja.local
-  ## Configure the serverblock for Invoiceninja
+  ## Use the serverblock config map from Invoice Ninja
-  ## Note: you may need to replace the fastcgi_pass value if the release name is different
   ##
-  serverBlock: |
+  existingServerBlockConfigmap: '{{ include "invoiceninja.nginx.serverBlockName" . }}'
-    server {
+  ## Use the public PVC created by Invoice Ninja
-        listen 8080 default_server;
-        server_name _;
-
-        root /var/www/app/public/;
-        index index.php;
-
-        location / {
-            try_files $uri $uri/ /index.php?$query_string;
-        }
-
-        location = /favicon.ico { access_log off; log_not_found off; }
-        location = /robots.txt  { access_log off; log_not_found off; }
-
-        location ~ \.php$ {
-            fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass invoiceninja:9000;
-            fastcgi_index index.php;
-            include fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_intercept_errors off;
-            fastcgi_buffer_size 16k;
-            fastcgi_buffers 4 16k;
-        }
-    }
-  ## Configure the extraVolumes and extraVolumeMounts for Invoiceninja
-  ## Note: you may need to replace the claimName if the release name is different
   ##
-  extraVolumes:
+  staticSitePVC: '{{ include "invoiceninja.public.storageName" . }}'
-    - name: public
-      persistentVolumeClaim:
-        claimName: invoiceninja-public
-  extraVolumeMounts:
-    - mountPath: /var/www/app/public
-      name: public
-      readOnly: true

config/mysql/Dockerfile

@@ -1,4 +1,4 @@
-FROM mysql:5
+FROM mysql:8
 # When running on ARM64 use MariaDB instead of MySQL
 #FROM mariadb:10.4
 ENV force_color_prompt yes

config/nginx/in-vhost.conf

@@ -1,6 +1,10 @@
 server {
     listen 80 default_server;
     server_name _;
+    
+    server_tokens off;
+    
+    client_max_body_size 100M;
 
     root /var/www/app/public/;
     index index.php;

docker-compose.yml

@@ -38,7 +38,7 @@ services:
       - "in5.localhost:192.168.0.124 " #host and ip
 
   db:
-    image: mysql:5
+    image: mysql:8
 #    When running on ARM64 use MariaDB instead of MySQL
 #    image: mariadb:10.4
 #    For auto DB backups comment out image and use the build block below

env

@@ -1,26 +1,45 @@
-APP_URL=http://in.localhost:8003/
+# IN application vars
+APP_URL=http://in.localhost:8003
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
+REQUIRE_HTTPS=false
-DB_HOST1=db
+PHANTOMJS_PDF_GENERATION=false
-DB_PORT1=3306
+PDF_GENERATOR=snappdf
-DB_USERNAME1=ninja
+TRUSTED_PROXIES='*'
-DB_PASSWORD1=ninja
+
-DB_DATABASE1=ninja
+
+QUEUE_CONNECTION=database
+
+# DB connection
+DB_HOST=db
+DB_PORT=3306
+DB_DATABASE=ninja
+DB_USERNAME=ninja
+DB_PASSWORD=ninja
+
+# Create initial user
+# Default to these values if empty
+# IN_USER_EMAIL=admin@example.com
+# IN_PASSWORD=changeme!
+IN_USER_EMAIL=
+IN_PASSWORD=
+
+# Mail options
+MAIL_MAILER=log
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS='user@example.com'
+MAIL_FROM_NAME='Self Hosted User'
+
+# MySQL
 MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
 MYSQL_USER=ninja
 MYSQL_PASSWORD=ninja
 MYSQL_DATABASE=ninja
 
-#this is a system variable please do not remove
+# V4 env vars
-IS_DOCKER=true
+# DB_STRICT=false
-
+# APP_CIPHER=AES-256-CBC
-PHANTOMJS_PDF_GENERATION=false
-
-#V4 env vars
-DB_STRICT=false
-DB_HOST=db
-DB_DATABASE=ninja
-DB_USERNAME=ninja
-DB_PASSWORD=ninja
-APP_CIPHER=AES-256-CBC