Update docker-compose.yml

[BUGFIX] Error building the mysql backup build

.github/ct-install.yaml

@@ -3,4 +3,4 @@ chart-dirs:
 chart-repos:
   - bitnami=https://charts.bitnami.com/bitnami
 check-version-increment: true
-debug: true
+debug: false

.github/workflows/build-image-v4.yaml

@@ -0,0 +1,57 @@
+name: Build Container Image v4
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
+on:
+  pull_request:
+    paths:
+      - "alpine/4/**"
+  push:
+    paths:
+      - "alpine/4/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-4-${{ hashFiles('alpine/5/cache_buster') }}-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-4-${{ hashFiles('alpine/5/cache_buster') }}-
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./alpine/4/
+          build-args: INVOICENINJA_VERSION=4.5.42
+          target: prod
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/build-image-v5.yaml

@@ -0,0 +1,57 @@
+name: Build Container Image
+
+# When its time to do a release do a full cross platform build for all supported
+# architectures and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
+on:
+  pull_request:
+    paths:
+      - "alpine/5/**"
+  push:
+    paths:
+      - "alpine/5/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-5-${{ hashFiles('alpine/5/cache_buster') }}-
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./alpine/5/
+          build-args: INVOICENINJA_VERSION=5-stable
+          target: prod
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/publish-image.yaml

@@ -1,4 +1,4 @@
-name: Publish Releases to Hub
+name: Publish Container Image
 
 # When its time to do a release do a full cross platform build for all supported
 # architectures and push all of them to Docker Hub.
@@ -44,13 +44,13 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v1
 
-      # - name: Cache Docker layers
+      - name: Cache Docker layers
-      #   uses: actions/cache@v2
+        uses: actions/cache@v2
-      #   with:
+        with:
-      #     path: /tmp/.buildx-cache
+          path: /tmp/.buildx-cache
-      #     key: ${{ runner.os }}-buildx-${{ github.sha }}
+          key: ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/cache_buster') }}-${{ github.sha }}
-      #     restore-keys: |
+          restore-keys: |
-      #       ${{ runner.os }}-buildx-
+            ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/cache_buster') }}-
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
@@ -70,8 +70,13 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.prep.outputs.tags }}
-          cache-from: invoiceninja/invoiceninja:${{ steps.prep.outputs.major }}
+          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=inline
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release-chart.yaml

@@ -27,6 +27,6 @@ jobs:
           helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@master
+        uses: helm/chart-releaser-action@v1.2.1
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test-charts.yaml

@@ -13,9 +13,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-
+        with:
-      - name: Fetch history
+          fetch-depth: 0
-        run: git fetch --prune --unshallow
 
       - name: Set up Helm
         uses: azure/setup-helm@v1
@@ -41,6 +40,7 @@ jobs:
 
       - name: Run chart-testing (lint)
         run: ct lint --config .github/ct-lint.yaml
+
   kubeval-chart:
     runs-on: ubuntu-latest
     needs:
@@ -49,9 +49,9 @@ jobs:
       matrix:
         chart: ${{ fromJson(needs.lint-chart.outputs.matrix) }}
         k8s:
-          - v1.17.11
+          - v1.19.11
-          - v1.18.8
+          - v1.20.7
-          - v1.19.4
+          - v1.21.2
     steps:
       - name: Checkout
         uses: actions/checkout@v1
@@ -79,20 +79,26 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - v1.17.11
+          - v1.19.11
-          - v1.18.8
+          - v1.20.7
-          - v1.19.4
+          - v1.21.2
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.1.0
+        uses: helm/kind-action@v1.2.0
         with:
           node_image: kindest/node:${{ matrix.k8s }}
 
-      - name: Run chart-testing (install)
+      - uses: actions/setup-python@v2
-        uses: helm/chart-testing-action@v2.0.1
         with:
-          command: install
+          python-version: 3.7
-          config: .github/ct-install.yaml
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.0.1
+
+      - name: Run chart-testing (install)
+        run: ct install --config .github/ct-install.yaml

Makefile

@@ -17,15 +17,15 @@ VERSION=$(shell echo ${TAG} | sed "s/-.*//")
 
 # Building docker images based on alpine.
 # Assigned tags:
-#   - :alpine
+#   - :4
-#   - :alpine-<RELEASE VERSION>
+#   - :<RELEASE VERSION>
 .PHONY: build-alpine
 build-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Building "$(VERSION)" tagged images from alpine.)
-	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
+	@docker build -t ${HUB_NAMESPACE}/${IMAGE}:${VERSION} --build-arg INVOICENINJA_VERSION=${VERSION} ./alpine/4/
-	# Tag as alpine-4
+	# Tag as 4
-	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker tag ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION} ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 
@@ -33,8 +33,8 @@ endif
 push-alpine:
 ifeq ($(IS_V5),)
 	$(info Make: Pushing tagged images from alpine.)
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-${VERSION}
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:${VERSION}
-	@docker push ${HUB_NAMESPACE}/${IMAGE}:alpine-4
+	@docker push ${HUB_NAMESPACE}/${IMAGE}:4
 	$(info Make: Done.)
 endif
 

README.md

@@ -2,6 +2,8 @@
 [![Docker image, latest](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/latest?label=latest)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Docker image, alpine](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja/alpine?label=alpine)](https://hub.docker.com/r/invoiceninja/invoiceninja)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/invoiceninja)](https://artifacthub.io/packages/search?repo=invoiceninja)
+[![Pusblish Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml) [![Cache v5 Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
+
 
 
 # Docker for [Invoice Ninja](https://www.invoiceninja.com/)
@@ -31,21 +33,19 @@ git clone https://github.com/invoiceninja/dockerfiles.git
 cd dockerfiles
 ```
 
-Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL` and your `APP_KEY`
+Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
 
 ```
 APP_URL=http://in.localhost:8003/
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
+REQUIRE_HTTPS=false
-DB_HOST1=db
+IN_USER_EMAIL=
-DB_PORT1=3306
+IN_PASSWORD=
-DB_USERNAME1=ninja
-DB_PASSWORD1=ninja
-DB_DATABASE1=ninja
-PHANTOMJS_PDF_GENERATION=false
 ```
 
+If `IN_USER_EMAIL` and `IN_PASSWORD` is not set the default user email and password is "admin@example.com" and "changeme!" respectively. You will use this for the initial login, thereafter, you can delete this two environment variables.
+
 The `APP_KEY` can be generated by running
 
 ```bash
@@ -98,6 +98,10 @@ git pull
 
 You may need to manually merge any changes that cannot be merged automatically by git.
 
+### Thanks
+Massive thank you to [lwj5](https://github.com/lwj5) for the tireless work to continually improve the dockerfile and its associated tooling.
+
+
 ## Support
 
 If you discover a bug, please create and issue, if you query is general in nature please visit us on our [Forum ](https://forum.invoiceninja.com/)

alpine/4/Dockerfile

@@ -1,4 +1,4 @@
-ARG PHP_VERSION=7.2
+ARG PHP_VERSION=7.3
 ARG BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
 ARG BAK_PUBLIC_PATH=/var/www/app/docker-backup-public/
 
@@ -70,4 +70,4 @@ ENV SELF_UPDATER_SOURCE ''
 VOLUME /var/www/app/public
 
 ENTRYPOINT ["docker-entrypoint"]
-CMD ["php-fpm"]
+CMD ["php-fpm"]

alpine/4/cache_buster

@@ -0,0 +1 @@
+Fri Jul  2 7:33:22 +00 2021

alpine/4/rootfs/usr/local/bin/docker-entrypoint

@@ -83,7 +83,7 @@ fi
 rm -rf "$BAK_PUBLIC_PATH"
 
 # Set permission for web server to create/update files (only <v4)
-chown -R "$INVOICENINJA_USER":www-data /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
+chown -R "$INVOICENINJA_USER":"$INVOICENINJA_USER" /var/www/app/storage /var/www/app/public /var/www/app/bootstrap
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'

alpine/5/Dockerfile

@@ -1,14 +1,12 @@
-ARG PHP_VERSION=7.4
+ARG PHP_VERSION=8.1
 ARG BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
 ARG BAK_PUBLIC_PATH=/var/www/app/docker-backup-public/
 
 # Get Invoice Ninja and install nodejs packages
 FROM --platform=$BUILDPLATFORM node:lts-alpine as build
-ARG INVOICENINJA_VERSION
-ARG BAK_STORAGE_PATH
-ARG BAK_PUBLIC_PATH
 
 # Download Invoice Ninja
+ARG INVOICENINJA_VERSION
 ADD https://github.com/invoiceninja/invoiceninja/tarball/v$INVOICENINJA_VERSION /tmp/ninja.tar.gz
 
 # Extract Invoice Ninja
@@ -21,17 +19,16 @@ RUN mkdir -p /var/www/app \
 WORKDIR /var/www/app/
 
 # Install node packages
-RUN npm install --production \
+ARG BAK_STORAGE_PATH
+ARG BAK_PUBLIC_PATH
+RUN --mount=target=/var/www/app/node_modules,type=cache \
+    npm install --production \
     && npm run production \
-    && rm -rf node_modules \
     && mv /var/www/app/storage $BAK_STORAGE_PATH \
     && mv /var/www/app/public $BAK_PUBLIC_PATH  
 
 # Prepare php image
-FROM php:${PHP_VERSION}-fpm-alpine as prod
+FROM php:${PHP_VERSION}-fpm-alpine3.15 as prod
-ARG INVOICENINJA_VERSION
-ARG BAK_STORAGE_PATH
-ARG BAK_PUBLIC_PATH
 
 LABEL maintainer="David Bomba <turbo124@gmail.com>"
 
@@ -78,6 +75,9 @@ RUN addgroup --gid=$UID -S "$INVOICENINJA_USER" \
     "$INVOICENINJA_USER"
 
 # Set up app
+ARG INVOICENINJA_VERSION
+ARG BAK_STORAGE_PATH
+ARG BAK_PUBLIC_PATH
 ENV INVOICENINJA_VERSION $INVOICENINJA_VERSION
 ENV BAK_STORAGE_PATH $BAK_STORAGE_PATH
 ENV BAK_PUBLIC_PATH $BAK_PUBLIC_PATH

alpine/5/cache_buster

@@ -0,0 +1 @@
+Fri Jul  2 7:33:22 +00 2021

alpine/5/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+php artisan db:seed --force
+
+# Build up array of arguments...
+if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+    email="--email ${IN_USER_EMAIL}"
+fi
+
+if [[ ! -z "${IN_PASSWORD}" ]]; then
+    password="--password ${IN_PASSWORD}"
+fi
+
+php artisan ninja:create-account $email $password

alpine/5/rootfs/usr/local/bin/docker-entrypoint

@@ -27,60 +27,66 @@ file_env() {
     local fileVar="${var}_FILE"
     local def="${2:-}"
 
-    if [ "$(ie_gv ${var})" != "" ] && [ "$(ie_gv ${fileVar})" != "" ]; then
-        in_error "Both $var and $fileVar are set (but are exclusive)"
-    fi
-
-    local val="$def"
     if [ "$(ie_gv ${var})" != "" ]; then
-        val=$(ie_gv ${var})
+        if [ "$(ie_gv ${fileVar})" != "" ]; then
-    elif [ "$(ie_gv ${fileVar})" != "" ]; then
+            in_error "Both $var and $fileVar are set (but are exclusive)"
-        val=$(cat $(ie_gv ${fileVar}))
+        fi
+        unset "$fileVar"
+        return
+    fi
+
+    if [ "$(ie_gv ${fileVar})" != "" ] && [ -f "$(ie_gv ${fileVar})" ]; then
+        export "$var"="$(cat $(ie_gv ${fileVar}))"
+    elif [ ! -z "$def" ]; then
+        export "$var"="$def"
     fi
 
-    export "$var"="$val"
     unset "$fileVar"
 }
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-    set -- php-fpm "$@"
+    set -- supervisord "$@"
 fi
 
 # create storage volume
-if [ ! -d /var/www/app/storage ] && [ -d "$BAK_STORAGE_PATH" ]; then
+if [ -d "$BAK_STORAGE_PATH" ]; then
-    mv "$BAK_STORAGE_PATH" /var/www/app/storage
+    if [ ! -d /var/www/app/storage ]; then
-elif [ -d "$BAK_STORAGE_PATH" ]; then
+        mv "$BAK_STORAGE_PATH" /var/www/app/storage
-    # copy missing folders in storage
+    else
-    IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
+        # copy missing folders in storage
-    for path in $IN_STORAGE_BACKUP; do
+        IN_STORAGE_BACKUP="$(ls "$BAK_STORAGE_PATH")"
-        if [ ! -e "/var/www/app/storage/$path" ]; then
+        for path in $IN_STORAGE_BACKUP; do
-            cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
+            if [ ! -e "/var/www/app/storage/$path" ]; then
-        fi
+                cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
-    done
+            fi
+        done
+    fi
+    rm -rf "$BAK_STORAGE_PATH"
 fi
-rm -rf "$BAK_STORAGE_PATH"
 
 # create public volume
-if [ ! -d /var/www/app/public ] && [ -d "$BAK_PUBLIC_PATH" ]; then
+if [ -d "$BAK_PUBLIC_PATH" ]; then
-    mv "$BAK_PUBLIC_PATH" /var/www/app/public
+    if [ ! -d /var/www/app/public ]; then
-elif [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
+        mv "$BAK_PUBLIC_PATH" /var/www/app/public
-    # version mismatch, update all
+    elif [ ! -f /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
-    cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
+        # version mismatch, update all
-    echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
+        cp -au "$BAK_PUBLIC_PATH/"* /var/www/app/public
-elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        echo "$INVOICENINJA_VERSION" >/var/www/app/public/version
-    # missing logo folder only, copy folder
+    elif [ ! -d /var/www/app/public/logo ] && [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
+        # missing logo folder only, copy folder
-elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
+        cp -a "$BAK_PUBLIC_PATH/logo" /var/www/app/public/logo
-    # copy missing folders in logo
+    elif [ -d "$BAK_PUBLIC_PATH/logo" ]; then
-    IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
+        # copy missing folders in logo
-    for path in $IN_LOGO_BACKUP; do
+        IN_LOGO_BACKUP="$(ls "$BAK_PUBLIC_PATH/logo")"
-        if [ ! -e "/var/www/app/public/logo/$path" ]; then
+        for path in $IN_LOGO_BACKUP; do
-            cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
+            if [ ! -e "/var/www/app/public/logo/$path" ]; then
-        fi
+                cp -a "$BAK_PUBLIC_PATH/logo/$path" "/var/www/app/public/logo/"
-    done
+            fi
+        done
+    fi
+    rm -rf "$BAK_PUBLIC_PATH"
 fi
-rm -rf "$BAK_PUBLIC_PATH"
 
 # Initialize values that might be stored in a file
 file_env 'APP_KEY'
@@ -98,10 +104,10 @@ file_env 'MAILGUN_SECRET'
 file_env 'S3_KEY'
 file_env 'S3_SECRET'
 
-# Run Laravel stuff
+# Run IN/Laravel stuff
 if [[ "$1" == "supervisord" ]] || [[ "$1" == "php-fpm" ]]; then
-    echo "Initialising Laravel..."
+    in_log INFO "Initialising Invoice Ninja..."
-    . laravel-init.sh
+    . invoiceninja-init.sh
 fi
 
 exec docker-php-entrypoint "$@"

alpine/5/rootfs/usr/local/bin/invoiceninja-init.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+    echo
+    local f
+    for f; do
+        case "$f" in
+        *.sh)
+            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+            # https://github.com/docker-library/postgres/pull/452
+            if [ -x "$f" ]; then
+                in_log INFO "$0: running $f"
+                "$f"
+            else
+                in_log INFO "$0: sourcing $f"
+                . "$f"
+            fi
+            ;;
+        *) in_log INFO "$0: ignoring $f" ;;
+        esac
+        echo
+    done
+}
+
+php artisan config:cache
+php artisan optimize
+
+# Check if DB works, if not crash the app.
+DB_READY=$(php artisan tinker --execute='echo app()->call("App\Utils\SystemHealth@dbCheck")["success"];')
+if [ "$DB_READY" != "1" ]; then
+    php artisan migrate:status # Print verbose error
+    in_error "Error connecting to DB"
+fi
+
+php artisan migrate --force
+
+# If first IN run, it needs to be initialized
+IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
+if [ "$IN_INIT" == "1" ]; then
+    docker_process_init_files /docker-entrypoint-init.d/*
+fi

alpine/5/rootfs/usr/local/bin/laravel-init.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-php artisan config:cache
-php artisan optimize
-php artisan migrate --force

charts/invoiceninja/Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.4.2
+  version: 1.7.0
 - name: nginx
   repository: https://charts.bitnami.com/bitnami
-  version: 8.8.1
+  version: 9.3.7
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 9.3.6
+  version: 9.3.17
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 12.9.2
+  version: 14.7.1
-digest: sha256:fd3577637e412f553b3300f0c174ea7282073e0971da621d2f5c0e43b8f2fdfc
+digest: sha256:495d7cedf5284501249705101853f33d1bb479b35ce11a518631682cdb38c15f
-generated: "2021-04-07T20:59:19.568334+08:00"
+generated: "2021-07-16T00:53:22.586326+08:00"

charts/invoiceninja/Chart.yaml

@@ -13,11 +13,11 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.2
+version: 0.9.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 5.1.41
+appVersion: 5.3.80
 keywords:
   - invoiceninja
 home: https://invoiceninja.github.io/dockerfiles
@@ -30,9 +30,10 @@ dependencies:
     tags:
       - bitnami-common
     version: 1.x.x
-  - name: nginx
+  - condition: nginx.enabled
+    name: nginx
     repository: https://charts.bitnami.com/bitnami
-    version: 8.8.x
+    version: 9.x.x
   - condition: mariadb.enabled
     name: mariadb
     repository: https://charts.bitnami.com/bitnami
@@ -40,7 +41,7 @@ dependencies:
   - condition: redis.enabled
     name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 12.9.x
+    version: 14.x.x
 maintainers:
   - email: lwj5@hotmail.com
     name: lwj5

charts/invoiceninja/README.md

@@ -1,6 +1,6 @@
 # Invoice Ninja Helm Chart
 
-This helm chart installs a Invoice Ninja and its dependencies into a running
+This helm chart installs Invoice Ninja (IN) and its dependencies into a running
 Kubernetes cluster.
 
 The chart installs the [Invoice Ninja](https://hub.docker.com/r/invoiceninja/invoiceninja) docker image.
@@ -13,7 +13,7 @@ Please read [Upgrading](#upgrading) section before upgrading MAJOR versions.
 - The Bitnami [mariadb](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) helm chart
 - The Bitnami [nginx](https://github.com/bitnami/charts/tree/master/bitnami/nginx) helm chart
 - The Bitnami [redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) helm chart
-- Tested on Kubernetes 1.17+
+- Tested on Kubernetes 1.19+
 
 ## Installing the Chart
 
@@ -21,7 +21,7 @@ To install the chart with the release name `invoiceninja`:
 
 ```bash
 helm repo add invoiceninja https://invoiceninja.github.io/dockerfiles
-helm install invoiceninja invoiceninja/invoiceninja
+helm install invoiceninja invoiceninja/invoiceninja --set appKey=changeit --set mariadb.auth.rootPassword=changeit --set mariadb.auth.password=changeit --set redis.auth.password=changeit
 ```
 
 The command deploys Invoice Ninja on the Kubernetes cluster in the default namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@@ -68,40 +68,68 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `kubeVersion`       | Force target Kubernetes version (using Helm capabilities if not set) | `nil`                          |
 | `extraDeploy`       | Array of extra objects to deploy with the release                    | `[]` (evaluated as a template) |
 
-### Invoice Ninja parameters
+### Invoice Ninja container parameters
 
-| Parameter            | Description                                                      | Default                                                 |
+| Parameter                | Description                                                                   | Default                                                 |
-| -------------------- | ---------------------------------------------------------------- | ------------------------------------------------------- |
+| ------------------------ | ----------------------------------------------------------------------------- | ------------------------------------------------------- |
-| `image.registry`     | Invoice Ninja image registry                                     | `docker.io`                                             |
+| `image.registry`         | Invoice Ninja image registry                                                  | `docker.io`                                             |
-| `image.repository`   | Invoice Ninja image name                                         | `invoiceninja/invoiceninja`                             |
+| `image.repository`       | Invoice Ninja image name                                                      | `invoiceninja/invoiceninja`                             |
-| `image.tag`          | Invoice Ninja image tag                                          | Check `values.yaml` file                                |
+| `image.tag`              | Invoice Ninja image tag                                                       | Check `values.yaml` file                                |
-| `image.pullPolicy`   | Invoice Ninja image pull policy                                  | `IfNotPresent`                                          |
+| `image.pullPolicy`       | Invoice Ninja image pull policy                                               | `IfNotPresent`                                          |
-| `image.pullSecrets`  | Specify docker-registry secret names as an array                 | `[]` (does not add image pull secrets to deployed pods) |
+| `image.pullSecrets`      | Specify docker-registry secret names as an array                              | `[]` (does not add image pull secrets to deployed pods) |
-| `image.debug`        | Specify if debug logs should be enabled                          | `false`                                                 |
+| `image.debug`            | Specify if debug logs should be enabled                                       | `false`                                                 |
-| `serviceAccountName` | Name of a service account for the Invoice Ninja pods             | `default`                                               |
+| `debug`                  | Turn on debug mode on Invoice Ninja                                           | `false`                                                 |
-| `debug`              | Turn on debug mode on Invoice Ninja                              | `false`                                                 |
+| `appKey`                 | Laravel Application Key (ignored if existing secret is provided)              | _random 32 character alphanumeric string_               |
-| `appKey`             | Laravel Application Key                                          | _random 32 character alphanumeric string_               |
+| `appURL`                 | Override Laravel Application URL (automatically set if blank)                 | `""`                                                    |
-| `logChannel`         | Name of log channel to use                                       | `nil`                                                   |
+| `userEmail`              | Initial user email address                                                    | `admin@example.com`                                     |
-| `broadcastDriver`    | Name of broadcast driver to use                                  | `nil`                                                   |
+| `userPassword`           | Initial user password (ignored if existing secret is provided)                | `changeme!`                                             |
-| `cacheDriver`        | Name of cache driver to use                                      | `nil`                                                   |
+| `logChannel`             | Name of log channel to use                                                    | `nil`                                                   |
-| `sessionDriver`      | Name of session driver to use                                    | `nil`                                                   |
+| `broadcastDriver`        | Name of broadcast driver to use                                               | `nil`                                                   |
-| `queueConnection`    | Name of queue connection to use                                  | `nil`                                                   |
+| `cacheDriver`            | Name of cache driver to use                                                   | `nil`                                                   |
-| `snappdf`            | Use snappdf instead of Phantom JS PDF generation                 | `true`                                                  |
+| `sessionDriver`          | Name of session driver to use                                                 | `nil`                                                   |
-| `extraEnvVars`       | Extra environment variables to be set on Invoice Ninja container | `{}`                                                    |
+| `queueConnection`        | Name of queue connection to use                                               | `nil`                                                   |
-| `extraEnvVarsCM`     | Name of existing ConfigMap containing extra env vars             | `nil`                                                   |
+| `pdfGenerator`           | PDF generation method (Allowed values: `snappdf` or `phantom`)                | `snappdf`                                               |
-| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars                | `nil`                                                   |
+| `mailer`                 | Name of the mailer to use (log, smtp, etc.)                                   | `log`                                                   |
+| `requireHttps`           | Force HTTPS for internal connections to Invoice Ninja (see #349)              | `false`                                                 |
+| `existingSecret`         | Use existing secret that contain the keys `APP_KEY` and `IN_PASSWORD`         | `nil`                                                   |
+| `extraEnvVars`           | Extra environment variables to be set on Invoice Ninja container              | `{}`                                                    |
+| `extraEnvVarsCM`         | Name of existing ConfigMap containing extra env vars                          | `nil`                                                   |
+| `extraEnvVarsSecret`     | Name of existing Secret containing extra env vars                             | `nil`                                                   |
+| `trustedProxy`           | List of trusted proxies for Invoice Ninja to communicate with the nginx proxy | `'*'`                                                   |
+| `extraVolumeMounts`      | Additional volume mounts                                                      | `[]`                                                    |
+| `resources`              | The resources for the Invoice Ninja container                                 | `{}`                                                    |
+| `livenessProbe`          | Liveness probe configuration for Invoice Ninja                                | Check `values.yaml` file                                |
+| `readinessProbe`         | Readiness probe configuration for Invoice Ninja                               | Check `values.yaml` file                                |
+| `containerPorts.fastcgi` | FastCGI port to expose at container level                                     | `9000`                                                  |
+
+### Inline web server container parameters (only used when `nginx.enabled` is **not** set to true)
+
+| Parameter                | Description                                              | Default                                                 |
+| ------------------------ | -------------------------------------------------------- | ------------------------------------------------------- |
+| `http.image.registry`    | Nginx image registry                                     | `docker.io`                                             |
+| `http.image.repository`  | Nginx image name                                         | `invoiceninja/invoiceninja`                             |
+| `http.image.tag`         | Nginx image tag                                          | Check `values.yaml` file                                |
+| `http.image.pullPolicy`  | Nginx image pull policy                                  | `IfNotPresent`                                          |
+| `http.image.pullSecrets` | Specify docker-registry secret names as an array         | `[]` (does not add image pull secrets to deployed pods) |
+| `http.image.debug`       | Specify if debug logs should be enabled                  | `false`                                                 |
+| `extraEnvVars`           | Extra environment variables to be set on Nginx container | `{}`                                                    |
+| `extraEnvVarsCM`         | Name of existing ConfigMap containing extra env vars     | `nil`                                                   |
+| `extraEnvVarsSecret`     | Name of existing Secret containing extra env vars        | `nil`                                                   |
+| `extraVolumeMounts`      | Additional volume mounts                                 | `[]`                                                    |
+| `resources`              | The resources for the Nginx container                    | `{}`                                                    |
+| `livenessProbe`          | Liveness probe configuration for Nginx                   | Check `values.yaml` file                                |
+| `readinessProbe`         | Readiness probe configuration for Nginx                  | Check `values.yaml` file                                |
+| `containerPorts.http`    | HTTP port to expose at container level                   | `9000`                                                  |
+| `containerPorts.https`   | HTTPS port to expose at container level                  | `9000`                                                  |
 
 ### Invoice Ninja deployment parameters
 
 | Parameter                   | Description                                                                               | Default                        |
 | --------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------ |
 | `replicaCount`              | Number of Invoice Ninja Pods to run                                                       | `1`                            |
-| `containerPorts.fastcgi`    | FastCGI port to expose at container level                                                 | `9000`                         |
+| `serviceAccountName`        | Name of a service account for the Invoice Ninja pods                                      | `default`                      |
-| `podSecurityContext`        | Invoice Ninja pods' Security Context                                                      | Check `values.yaml` file       |
 | `containerSecurityContext`  | Invoice Ninja containers' Security Context                                                | Check `values.yaml` file       |
-| `resources`                 | The resources for the Invoice Ninja container                                             | `{}`                           |
+| `podSecurityContext`        | Invoice Ninja pods' Security Context                                                      | Check `values.yaml` file       |
-| `livenessProbe`             | Liveness probe configuration for Invoice Ninja                                            | Check `values.yaml` file       |
-| `readinessProbe`            | Readiness probe configuration for Invoice Ninja                                           | Check `values.yaml` file       |
 | `updateStrategy`            | Set up update strategy                                                                    | `RollingUpdate`                |
 | `podAntiAffinityPreset`     | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`  | `soft`                         |
 | `nodeAffinityPreset.type`   | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""`                           |
@@ -112,11 +140,24 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `tolerations`               | Tolerations for pod assignment                                                            | `[]` (evaluated as a template) |
 | `podLabels`                 | Extra labels for Invoice Ninja pods                                                       | `{}`                           |
 | `podAnnotations`            | Annotations for Invoice Ninja pods                                                        | `{}`                           |
-| `extraVolumeMounts`         | Additional volume mounts                                                                  | `[]`                           |
 | `extraVolumes`              | Additional volumes                                                                        | `[]`                           |
 
+### Volume Permissions parameters
+
+| Parameter                             | Description                                                                                                          | Default                                                 |
+| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |
+| `volumePermissions.enabled`           | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false`                                                 |
+| `volumePermissions.image.registry`    | Init container volume-permissions image registry                                                                     | `docker.io`                                             |
+| `volumePermissions.image.repository`  | Init container volume-permissions image name                                                                         | `bitnami/bitnami-shell`                                 |
+| `volumePermissions.image.tag`         | Init container volume-permissions image tag                                                                          | `"10"`                                                  |
+| `volumePermissions.image.pullPolicy`  | Init container volume-permissions image pull policy                                                                  | `Always`                                                |
+| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array                                                                     | `[]` (does not add image pull secrets to deployed pods) |
+| `volumePermissions.resources`         | Init container volume-permissions resource                                                                           | `{}`                                                    |
+
 ### Exposure parameters
 
+#### FastCGI
+
 | Parameter                          | Description                                                                | Default                        |
 | ---------------------------------- | -------------------------------------------------------------------------- | ------------------------------ |
 | `service.type`                     | Kubernetes Service type                                                    | `ClusterIP`                    |
@@ -128,45 +169,84 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `service.externalTrafficPolicy`    | Enable client source IP preservation                                       | `Cluster`                      |
 | `service.annotations`              | Service annotations                                                        | `{}` (evaluated as a template) |
 
+#### Inline web server (only used when `nginx.enabled` is **not** set to true)
+
+| Parameter                               | Description                                                                | Default                        |
+| --------------------------------------- | -------------------------------------------------------------------------- | ------------------------------ |
+| `service.http.type`                     | Kubernetes Service type                                                    | `ClusterIP`                    |
+| `service.http.ports.http`               | Service HTTP port                                                          | `9000`                         |
+| `service.http.ports.https`              | Service HTTPS port                                                         | `9000`                         |
+| `service.http.nodePorts.http`           | Kubernetes HTTP node port                                                  | `""`                           |
+| `service.http.nodePorts.https`          | Kubernetes HTTPS node port                                                 | `""`                           |
+| `service.http.clusterIP`                | Invoice Ninja service clusterIP IP                                         | `None`                         |
+| `service.http.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]`                           |
+| `service.http.loadBalancerIP`           | loadBalancerIP if service type is `LoadBalancer`                           | `nil`                          |
+| `service.http.externalTrafficPolicy`    | Enable client source IP preservation                                       | `Cluster`                      |
+| `service.http.annotations`              | Service annotations                                                        | `{}` (evaluated as a template) |
+
+
 ### Ingress parameters 
 
-| Parameter                                               | Description                           | Default                  |
+#### Inline web server (only used when `nginx.enabled` is **not** set to true)
-| ------------------------------------------------------- | ------------------------------------- | ------------------------ |
+
-| `nginx.service.type`                                    | Kubernetes Service type               | `ClusterIP`              |
+| Parameter                  | Description                                                                                           | Default                  |
-| `nginx.ingress.enabled`                                 | Enable ingress controller resource    | `true`                   |
+| -------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
-| `nginx.ingress.hostname`                                | Default host for the ingress resource | `invoiceninja.local`     |
+| `ingress.enabled`          | Enable ingress                                                                                        | `true`                   |
-| `nginx.serverBlock`                                     | Custom NGINX server block             | `nil`                    |
+| `ingress.certManager`      | Add the corresponding annotations for cert-manager integration                                        | `false`                  |
-| `nginx.extraVolumes`                                    | Array to add extra volumes            | Check `values.yaml` file |
+| `ingress.pathType`         | Ingress path type                                                                                     | `ImplementationSpecific` |
-| `nginx.extraVolumes[0].persistentVolumeClaim.claimName` | Name of Invoice Ninja public PVC      | `invoiceninja-public`    |
+| `ingress.apiVersion`       | Force Ingress API version (automatically detected if not set)                                         | `nil`                    |
-| `nginx.extraVolumeMounts`                               | Array to add extra mount              | Check `values.yaml` file |
+| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                         | `nil`                    |
+| `ingress.hostname`         | Default host for the ingress record                                                                   | `invoiceninja.local`     |
+| `ingress.path`             | Default path for the ingress record                                                                   | `/`                      |
+| `ingress.annotations`      | Additional custom annotations for the ingress record                                                  | `{}`                     |
+| `ingress.tls`              | Enable TLS configuration for the host defined at `ingress.hostname` parameter                         | `false`                  |
+| `ingress.extraHosts`       | An array with additional hostname(s) to be covered with the ingress record                            | `[]`                     |
+| `ingress.extraPaths`       | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]`                     |
+| `ingress.extraTls`         | TLS configuration for additional hostname(s) to be covered with this ingress record                   | `[]`                     |
+| `ingress.secrets`          | Custom TLS certificates as secrets                                                                    | `[]`                     |
+
+#### Nginx sub-chart
+
+| Parameter                            | Description                           | Default                                                |
+| ------------------------------------ | ------------------------------------- | ------------------------------------------------------ |
+| `nginx.enabled`                      | Deploy Nginx sub-chart                | `false`                                                |
+| `nginx.service.type`                 | Kubernetes Service type               | `ClusterIP`                                            |
+| `nginx.ingress.enabled`              | Enable ingress controller resource    | `true`                                                 |
+| `nginx.ingress.hostname`             | Default host for the ingress resource | `invoiceninja.local`                                   |
+| `nginx.existingServerBlockConfigmap` | Custom NGINX server block config map  | `{{ include "invoiceninja.nginx.serverBlockName" . }}` |
+| `nginx.staticSitePVC`                | Name of Invoice Ninja public PVC      | `{{ include "invoiceninja.public.storageName" . }}`    |
 
 > See [Dependencies](#dependencies) for more.
 
 ### Persistence parameters
 
-| Parameter                           | Description                              | Default           |
+| Parameter                           | Description                                         | Default           |
-| ----------------------------------- | ---------------------------------------- | ----------------- |
+| ----------------------------------- | --------------------------------------------------- | ----------------- |
-| `persistence.public.enabled`        | Enable persistence using PVC             | `true`            |
+| `persistence.public.enabled`        | Enable persistence using PVC                        | `true`            |
-| `persistence.public.existingClaim`  | Enable persistence using an existing PVC | `nil`             |
+| `persistence.public.existingClaim`  | Enable persistence using an existing PVC            | `nil`             |
-| `persistence.public.storageClass`   | PVC Storage Class                        | `nil`             |
+| `persistence.public.storageClass`   | PVC Storage Class                                   | `nil`             |
-| `persistence.public.accessModes`    | PVC Access Modes                         | `[ReadWriteMany]` |
+| `persistence.public.accessModes`    | PVC Access Modes                                    | `[ReadWriteOnce]` |
-| `persistence.public.size`           | PVC Storage Request                      | `1Gi`             |
+| `persistence.public.size`           | PVC Storage Request                                 | `1Gi`             |
-| `persistence.public.dataSource`     | PVC data source                          | `{}`              |
+| `persistence.public.dataSource`     | PVC data source                                     | `{}`              |
-| `persistence.storage.enabled`       | Enable persistence using PVC             | `true`            |
+| `persistence.storage.enabled`       | Enable persistence using PVC (only for FILE driver) | `false`           |
-| `persistence.storage.existingClaim` | Enable persistence using an existing PVC | `nil`             |
+| `persistence.storage.existingClaim` | Enable persistence using an existing PVC            | `nil`             |
-| `persistence.storage.storageClass`  | PVC Storage Class                        | `nil`             |
+| `persistence.storage.storageClass`  | PVC Storage Class                                   | `nil`             |
-| `persistence.storage.accessModes`   | PVC Access Modes                         | `[ReadWriteMany]` |
+| `persistence.storage.accessModes`   | PVC Access Modes                                    | `[ReadWriteMany]` |
-| `persistence.storage.size`          | PVC Storage Request                      | `5Gi`             |
+| `persistence.storage.size`          | PVC Storage Request                                 | `5Gi`             |
-| `persistence.storage.dataSource`    | PVC data source                          | `{}`              |
+| `persistence.storage.dataSource`    | PVC data source                                     | `{}`              |
+
+> See `values.yaml` for more details.
 
 ### Redis parameters
 
 | Parameter                         | Description                                  | Default                                   |
 | --------------------------------- | -------------------------------------------- | ----------------------------------------- |
 | `redis.enabled`                   | If external redis is used, set it to `false` | `true`                                    |
-| `redis.password`                  | Redis password                               | _random 10 character alphanumeric string_ |
+| `redis.auth.password`             | Redis password                               | _random 10 character alphanumeric string_ |
+| `redis.auth.sentinel`             | Use password for sentinel containers         | `false`                                   |
 | `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`                                    |
-| `redis.sentinel.usePassword`      | Use password for sentinel containers         | `false`                                   |
+| `redis.sentinel.quorum`           | Sentinel Quorum                              | `1`                                       |
+| `redis.replica.replicaCount`      | Number of Redis replicas to deploy           | `1`                                       |
 | `externalRedis.host`              | Host of the external redis                   | `nil`                                     |
 | `externalRedis.port`              | Port of the external redis                   | `6379`                                    |
 | `externalRedis.password`          | Password for the external redis              | `nil`                                     |
@@ -212,22 +292,87 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 helm install invoiceninja \
   --set appKey=changeit \
   --set replicaCount=3 \
-  --set nginx.replicaCount=3 \
+  --set persistence.public.accessModes[0]=ReadWriteMany
-  --set redis.cluster.slaveCount=3 \
+  --set redis.auth.password=changeit \
-  --set redis.password=changeit \
+  --set redis.sentinel.quorum=2 \
+  --set redis.replica.replicaCount=3 \
   --set mariadb.auth.rootPassword=changeit \
   --set mariadb.auth.password=changeit \
   invoiceninja/invoiceninja
 ```
 
-The above command sets the number of replicas to 3 for a highly available (HA) setup. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup.
+The above command sets the number of replicas to 3 for a highly available (HA) setup and uses a `ReadWriteMany` volume. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup. For a production environment, it is recommended that you spin up the required databases in a separate Helm Chart to decouple the upgrading process.
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while [installing](https://helm.sh/docs/helm/helm_install/) the chart. For example,
 
+```yaml
+# values.yaml
+appKey: changeit
+persistence:
+  public:
+    accessModes:
+      - ReadWriteMany
+redis:
+  auth:
+    password: changeit
+mariadb:
+  auth:
+    rootPassword: changeit
+    password: changeit
+```
+
 ```bash
 helm install invoiceninja -f values.yaml invoiceninja/invoiceninja
 ```
 
+## Setting Environment Variables
+
+Should you need to inject any environment variables such as those in [here](https://github.com/invoiceninja/dockerfiles/blob/master/env) into the `invoiceninja` container, you can use the `extraEnvVars` option:
+
+```yaml
+# ... values.yaml file
+# In this example, we are setting the SMTP MAIL_HOST to be 'smtp.mailtrap.io'
+extraEnvVars:
+  - name: MAIL_HOST
+    value: 'smtp.mailtrap.io' # all values must be strings, so other types must be surrounded in quotes
+```
+
+Alternatively you can provide the name of an existing `configmap` or `secret` object:
+
+```bash
+kubectl create configmap examplemap --from-literal=MAIL_HOST='smtp.mailtrap.io'
+```
+
+```yaml
+# ... values.yaml file
+extraEnvVarsCM: examplemap
+```
+
+## Inline webserver vs Nginx sub-chart
+
+Since there are many people without access to a `ReadWriteMany` volume, the inline Nginx web server will allow you to use a `ReadWriteOnce` public volume limited to 1 IN replica.
+
+If you have the ability to use `ReadWriteMany` persistent volume, you can choose between the two by setting the `nginx.enabled` parameter. Setting `nginx.enabled` to true will enable the Nginx sub-chart and will provide you with some additional features, such as:
+
+- independent scaling of Nginx and IN pods
+- separate resource limits/requests
+- other features available from the sub-chart
+
 ## Upgrading
 
-Nothing yet.
+### To 0.8.0
+
+To improve the accessibility of this chart to regular users. Some of the defaults have been changed. This include:
+
+- `persistence.public.accessModes` now defaults to `ReadWriteOnce`.
+- `nginx.enabled` now defaults to false.
+- `redis.replica.replicaCount` and `redis.sentinel.quorum` now defaults to `1`.
+
+Other changes:
+
+- `snappdf` parameter has been replaced by `pdfGenerator`.
+
+### To 0.7.0
+
+- Redis chart dependency has been upgraded and may not be backwards compatible with previous versions. See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis) for more info.
+- Storage persitence defaults to `false`. Set to `true` if not using Redis or using FILE driver

charts/invoiceninja/templates/_helpers.tpl

@@ -5,11 +5,25 @@ Return the proper image name
 {{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
 {{- end -}}
 
+{{/*
+Return the proper image name
+*/}}
+{{- define "invoiceninja.nginx.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.http.image "global" .Values.global) -}}
+{{- end -}}
+
 {{/*
 Return the proper Docker Image Registry Secret Names
 */}}
 {{- define "invoiceninja.imagePullSecrets" -}}
-{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.http.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "invoiceninja.volumePermissions.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
 {{- end -}}
 
 {{/*
@@ -36,7 +50,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-
 {{/*
 Create the name of the service account to use
 */}}
@@ -48,18 +61,25 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the Invoice Ninja Secret Name
+*/}}
+{{- define "invoiceninja.secretName" -}}
+{{- default (include "common.names.fullname" .) .Values.existingSecret }}
+{{- end -}}
+
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.public.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.public "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "invoiceninja.storage.storageClass" -}}
-{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence.storage "global" .Values.global) -}}
 {{- end -}}
 
 {{/*
@@ -76,6 +96,29 @@ Return the proper Storage Name
 {{- printf "%s-%s" .Release.Name "storage" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Return the proper app URL
+*/}}
+{{- define "invoiceninja.url" -}}
+    {{- if .Values.appURL }}
+        {{- printf "%s" .Values.appURL -}}
+    {{- else if .Values.nginx.ingress.enabled }}
+        {{- if .Values.nginx.ingress.tls }}
+            {{- printf "https://%s" .Values.nginx.ingress.hostname -}}
+        {{- else }}
+            {{- printf "http://%s" .Values.nginx.ingress.hostname -}}
+        {{- end }}
+    {{- else if .Values.ingress.enabled }}
+        {{- if .Values.ingress.tls }}
+            {{- printf "https://%s" .Values.ingress.hostname -}}
+        {{- else }}
+            {{- printf "http://%s" .Values.ingress.hostname -}}
+        {{- end }}
+    {{- else }}
+        {{- printf "http://%s" (include "common.names.fullname" .) -}}
+    {{- end }}
+{{- end -}}
+
 {{/*
 Return the MariaDB Hostname
 */}}
@@ -131,7 +174,11 @@ Return the MariaDB Secret Name
 {{- if .Values.externalDatabase.existingSecret -}}
     {{- printf "%s" .Values.externalDatabase.existingSecret -}}
 {{- else -}}
-    {{- printf "%s" (include "invoiceninja.mariadb.fullname" .) -}}
+    {{- if .Values.mariadb.auth.existingSecret -}}
+        {{- printf "%s" .Values.mariadb.auth.existingSecret -}}
+    {{- else -}}
+        {{- printf "%s" (include "invoiceninja.mariadb.fullname" .) -}}
+    {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -194,7 +241,11 @@ Return the Redis Secret Name
 {{- if .Values.externalRedis.existingSecret -}}
     {{- printf "%s" .Values.externalRedis.existingSecret -}}
 {{- else -}}
-    {{- printf "%s" (include "invoiceninja.redis.fullname" .) -}}
+    {{- if .Values.redis.auth.existingSecret -}}
+        {{- printf "%s" .Values.redis.auth.existingSecret -}}
+    {{- else -}}
+        {{- printf "%s" (include "invoiceninja.redis.fullname" .) -}}
+    {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -241,3 +292,18 @@ Return the Session Connection Name
     {{- printf "default" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Server block configmap name for nignx.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "invoiceninja.nginx.serverBlockName" -}}
+{{- printf "%s-%s" .Release.Name "server-block" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Name of web service for inline web server.
+*/}}
+{{- define "invoiceninja.http.serviceName" -}}
+{{- printf "%s-%s" .Release.Name "web" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/invoiceninja/templates/configmap.yaml

@@ -12,21 +12,18 @@ metadata:
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}
 data:
-  {{- if .Values.nginx.ingress.enabled }}
+  APP_URL: {{ include "invoiceninja.url" . | quote }}
-  APP_URL: "http://{{ .Values.nginx.ingress.hostname }}"
-  {{- else }}
-  APP_URL: "http://{{ include "common.names.fullname" . }}"
-  {{- end }}
   APP_DEBUG: {{ .Values.debug | quote }}
-  DB_HOST1: {{ include "invoiceninja.databaseHost" . | quote }}
+  DB_HOST: {{ include "invoiceninja.databaseHost" . | quote }}
-  DB_PORT1: {{ include "invoiceninja.databasePort" . | quote }}
+  DB_PORT: {{ include "invoiceninja.databasePort" . | quote }}
-  DB_USERNAME1: {{ include "invoiceninja.databaseUser" . | quote }}
+  DB_USERNAME: {{ include "invoiceninja.databaseUser" . | quote }}
-  DB_DATABASE1: {{ include "invoiceninja.databaseName" . | quote }}
+  DB_DATABASE: {{ include "invoiceninja.databaseName" . | quote }}
   {{- if .Values.logChannel }}
   LOG_CHANNEL: {{ .Values.logChannel | quote }}
   {{- else }}
   LOG_CHANNEL: stderr
   {{- end }}
+  MAIL_MAILER: {{ .Values.mailer | quote }}
   {{- if .Values.broadcastDriver }}
   BROADCAST_DRIVER: {{ .Values.broadcastDriver | quote }}
   {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
@@ -47,7 +44,9 @@ data:
   {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
   QUEUE_CONNECTION: redis
   {{- end }}
-  PHANTOMJS_PDF_GENERATION: {{ not .Values.snappdf | quote}}
+  # PHANTOMJS_PDF_GENERATION is deprecated
+  PHANTOMJS_PDF_GENERATION: "false"
+  PDF_GENERATOR: {{ .Values.pdfGenerator | quote}}
   REDIS_HOST: {{ include "invoiceninja.redisHost" . | quote }}
   REDIS_PORT: {{ include "invoiceninja.redisPort" . | quote }}
   REDIS_DB: {{ include "invoiceninja.redisDatabase" . | quote }}
@@ -56,3 +55,5 @@ data:
   REDIS_CACHE_CONNECTION: {{ include "invoiceninja.redisCacheConnection" . | quote }}
   REDIS_QUEUE_CONNECTION: {{ include "invoiceninja.redisQueueConnection" . | quote }}
   SESSION_CONNECTION: {{ include "invoiceninja.redisSessionConnection" . | quote }}
+  REQUIRE_HTTPS: {{ .Values.requireHttps | quote }}
+  TRUSTED_PROXIES: {{ .Values.trustedProxies | quote }}

charts/invoiceninja/templates/deployment.yaml

@@ -63,12 +63,14 @@ spec:
             - -cx
             - |
               COUNTER=0;
-              while [  $COUNTER -lt 120 ]; do
+              [[ -z "${DB_HOST1}" ]] || DB_HOST="${DB_HOST1}";
-                if mysqladmin ping -h "$DB_HOST1" -P $DB_PORT1 --silent; then
+              [[ -z "${DB_PORT1}" ]] || DB_PORT="${DB_PORT1}";
+              while [ $COUNTER -lt 120 ]; do
+                if mysqladmin ping -h "$DB_HOST" -P $DB_PORT --connect-timeout=15 --silent; then
                   exit 0;
                 fi;
                 let COUNTER=COUNTER+1;
-                echo "Waiting for DB ($DB_HOST1:$DB_PORT1)"
+                echo "Waiting for DB... Trying again in 2s";
                 sleep 2;
               done;
               echo "Did NOT see a database after 240 secs!";
@@ -81,6 +83,38 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "common.names.fullname" . }}
+            {{- if .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          env:
+            {{- if .Values.extraEnvVars }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+        {{- if and .Values.podSecurityContext .Values.volumePermissions.enabled (or .Values.persistence.public.enabled .Values.persistence.storage.enabled) }}
+        - name: volume-permissions
+          image: {{ include "invoiceninja.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - /bin/bash
+            - -ec
+            - |
+              chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /var/www/app/{public,storage}
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /var/www/app/public
+              name: public
+            - mountPath: /var/www/app/storage
+              name: storage
+        {{- end }}
         {{- if .Values.initContainers }}
           {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
         {{- end }}
@@ -101,8 +135,10 @@ spec:
             timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }}
             successThreshold: {{ $.Values.livenessProbe.successThreshold }}
             failureThreshold: {{ $.Values.livenessProbe.failureThreshold }}
-            tcpSocket:
+            exec:
-              port: {{ .Values.livenessProbe.port }}
+              command:
+              - pgrep
+              - php-fpm
           {{- end }}
           {{- if .Values.readinessProbe.enabled }}
           readinessProbe:
@@ -118,7 +154,7 @@ spec:
             - configMapRef:
                 name: {{ include "common.names.fullname" . }}
             - secretRef:
-                name: {{ include "common.names.fullname" . }}
+                name: {{ include "invoiceninja.secretName" . }}
             {{- if .Values.extraEnvVarsCM }}
             - configMapRef:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
@@ -128,18 +164,22 @@ spec:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
             {{- end }}
           env:
-            - name: DB_PASSWORD1
+            - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "invoiceninja.databaseSecretName" . }}
                   key: mariadb-password
-            {{- if or (and .Values.redis.enabled .Values.redis.usePassword) (or .Values.externalRedis.password .Values.externalRedis.existingSecret) }}
+            {{- if or (and .Values.redis.enabled .Values.redis.auth.enabled) (or .Values.externalRedis.password .Values.externalRedis.existingSecret) }}
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "invoiceninja.redisSecretName" . }}
                   key: redis-password
             {{- end }}
+            {{- if .Values.userEmail }}
+            - name: IN_USER_EMAIL
+              value: {{ .Values.userEmail | quote }}
+            {{- end }}
             {{- if .Values.extraEnvVars }}
               {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}
@@ -153,6 +193,61 @@ spec:
             {{- if .Values.extraVolumeMounts }}
               {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
             {{- end }}
+        {{- if not .Values.nginx.enabled }}
+        - name: nginx
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          image: {{ include "invoiceninja.nginx.image" . }}
+          imagePullPolicy: {{ .Values.http.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.http.containerPorts.http }}
+            - name: https
+              containerPort: {{ .Values.http.containerPorts.https }}
+          {{- if .Values.http.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.http.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.http.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ $.Values.http.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ $.Values.http.livenessProbe.successThreshold }}
+            failureThreshold: {{ $.Values.http.livenessProbe.failureThreshold }}
+            tcpSocket:
+              port: http
+          {{- end }}
+          {{- if .Values.http.readinessProbe.enabled }}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.http.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.http.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ $.Values.http.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ $.Values.http.readinessProbe.successThreshold }}
+            failureThreshold: {{ $.Values.http.readinessProbe.failureThreshold }}
+            tcpSocket:
+              port: http
+          {{- end }}
+          envFrom:
+            {{- if .Values.http.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.http.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          env:
+            {{- if .Values.http.extraEnvVars }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.http.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /opt/bitnami/nginx/conf/server_blocks
+              name: nginx-server-block
+            - mountPath: /app
+              name: public
+            {{- if .Values.http.extraVolumeMounts }}
+              {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
+        {{- end }}
       volumes:
         - name: public
           {{- if .Values.persistence.public.enabled }}
@@ -168,6 +263,12 @@ spec:
           {{- else }}
           emptyDir: {}
           {{ end }}
+        {{- if not .Values.nginx.enabled }}
+        - name: nginx-server-block
+          configMap:
+            defaultMode: 420
+            name: {{ include "invoiceninja.nginx.serverBlockName" . }}
+        {{- end }}
         {{- if .Values.extraVolumes }}
           {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
         {{- end }}

charts/invoiceninja/templates/ingress.yaml

@@ -0,0 +1,63 @@
+{{- if and ( not .Values.nginx.enabled ) .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.ingress.certManager }}
+    kubernetes.io/tls-acme: "true"
+    {{- end }}
+    {{- if .Values.ingress.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingress.hostname }}
+    - host: {{ .Values.ingress.hostname | quote }}
+      http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" ( dict "serviceName" (include "invoiceninja.http.serviceName" .) "servicePort" "http" "context" $ )  | nindent 14 }}
+    {{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" ( dict "serviceName" (include "invoiceninja.http.serviceName" $) "servicePort" "http" "context" $ ) | nindent 14 }}
+    {{- end }}
+  {{- if or .Values.ingress.tls .Values.ingress.extraTls }}
+  tls:
+    {{- if .Values.ingress.tls }}
+    - hosts:
+        - {{ .Values.ingress.hostname | quote }}
+        {{- range .Values.ingress.extraHosts }}
+        - {{ .name | quote }}
+        {{- end }}
+      secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/invoiceninja/templates/pvc.yaml

@@ -14,7 +14,13 @@ metadata:
   {{- end }}
 spec:
   accessModes:
+  {{- if not (empty .Values.persistence.public.accessModes) }}
+  {{- range .Values.persistence.public.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  {{- else }}
     - {{ .Values.persistence.public.accessMode | quote }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.persistence.public.size | quote }}
@@ -41,7 +47,13 @@ metadata:
   {{- end }}
 spec:
   accessModes:
+  {{- if not (empty .Values.persistence.storage.accessModes) }}
+  {{- range .Values.persistence.storage.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  {{- else }}
     - {{ .Values.persistence.storage.accessMode | quote }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.persistence.storage.size | quote }}

charts/invoiceninja/templates/secret.yaml

@@ -38,6 +38,7 @@ data:
 {{- end }}
 
 ---
+{{- if not .Values.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -57,4 +58,8 @@ data:
   APP_KEY: {{ .Values.appKey | b64enc | quote }}
   {{- else }}
   APP_KEY: {{ randAlphaNum 32 | b64enc | quote }}
-  {{- end }}
+  {{- end }}
+  {{- if .Values.userPassword }}
+  IN_PASSWORD: {{ .Values.userPassword | b64enc | quote }}
+  {{- end }}
+{{- end }}

charts/invoiceninja/templates/serverblock.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "invoiceninja.nginx.serverBlockName" . }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations:
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  server-block.conf: |-
+    server {
+        listen 8080 default_server;
+        server_name _;
+
+        root /app;
+        index index.php;
+
+        location / {
+            try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location = /robots.txt  { access_log off; log_not_found off; }
+
+        location ~ \.php$ {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass {{ include "common.names.fullname" . }}:9000;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME /var/www/app/public$fastcgi_script_name;
+            fastcgi_buffer_size 16k;
+            fastcgi_buffers 4 16k;
+        }
+    }

charts/invoiceninja/templates/webservice.yaml

@@ -0,0 +1,60 @@
+{{- if not .Values.nginx.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "invoiceninja.http.serviceName" . }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.service.http.annotations .Values.commonAnnotations }}
+  annotations:
+    {{- if .Values.service.http.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.service.http.annotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.http.type }}
+  {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.http.clusterIP }}
+  {{- end }}
+  {{- if (or (eq .Values.service.http.type "LoadBalancer") (eq .Values.service.http.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.http.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if (and (eq .Values.service.http.type "LoadBalancer") .Values.service.http.loadBalancerSourceRanges) }}
+  loadBalancerSourceRanges: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if (and (eq .Values.service.http.type "LoadBalancer") (not (empty .Values.service.http.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
+  {{- end }}
+  ports:
+    {{- if not (empty .Values.service.http.ports.http) }}
+    - name: http
+      port:  {{ .Values.service.http.ports.http }}
+      protocol: TCP
+      targetPort: http
+      {{- if (and (or (eq .Values.service.http.type "NodePort") (eq .Values.service.http.type "LoadBalancer")) (not (empty .Values.service.http.nodePorts.http))) }}
+      nodePort: {{ .Values.service.http.nodePorts.http }}
+      {{- else if eq .Values.service.http.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
+    {{- if not (empty .Values.service.http.ports.https) }}
+    - name: https
+      port:  {{ .Values.service.http.ports.https }}
+      protocol: TCP
+      targetPort: https
+      {{- if (and (or (eq .Values.service.http.type "NodePort") (eq .Values.service.http.type "LoadBalancer")) (not (empty .Values.service.http.nodePorts.https))) }}
+      nodePort: {{ .Values.service.http.nodePorts.https }}
+      {{- else if eq .Values.service.http.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
+  selector:
+    {{- include "common.labels.matchLabels" . | nindent 4 }}
+    app.kubernetes.io/component: server
+{{- end }}

charts/invoiceninja/values.yaml

@@ -18,7 +18,7 @@
 image:
   registry: docker.io
   repository: invoiceninja/invoiceninja
-  tag: 5.1.42
+  tag: 5.3.80
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
@@ -38,6 +38,20 @@ debug: false
 ##
 appKey: ""
 
+## Override app URL
+##
+appURL: ""
+
+## Email of user to create first run
+## If not specified, default user email will be "admin@example.com"
+##
+userEmail: ""
+
+## Password of user to create on first run
+## If not specified, default user password will be "changeme!"
+##
+userPassword: ""
+
 ## Name of log channel to use
 ##
 logChannel: ""
@@ -58,9 +72,30 @@ sessionDriver: ""
 ##
 queueConnection: ""
 
-## Use local or Phantom JS PDF generation
+## List of trusted proxies for Invoice Ninja to communicate with the nginx proxy
 ##
-snappdf: true
+trustedProxies: "*"
+
+## Use local or Phantom JS PDF generation
+## Options are `snappdf` or `phantom`
+##
+pdfGenerator: snappdf
+
+## Name of queue connection to use (use "log" for debug)
+## Please check the ref below for any other env you may need to define
+## ref: https://github.com/invoiceninja/invoiceninja/blob/v5-stable/config/mail.php
+##
+mailer: log
+
+## Force HTTPS for all connections to Invoice Ninja
+##
+requireHttps: false
+
+## Name of existing secret containing IN credentials
+## NOTE: Must contain key `APP_KEY` and `IN_PASSWORD`
+## NOTE: When it's set, the `appKey` and `userPassword` parameter is ignored
+##
+existingSecret:
 
 ## String to partially override fullname template (will maintain the release name)
 ##
@@ -165,6 +200,24 @@ containerSecurityContext:
   #   - ALL
   # readOnlyRootFilesystem: true
 
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    # pullSecrets:
+    #   - myRegistryKeySecretName
+  resources: {}
+
 ## Number of replicas (requires ReadWriteMany PVC support)
 ##
 replicaCount: 1
@@ -202,14 +255,123 @@ extraEnvVarsCM:
 ##
 extraEnvVarsSecret:
 
-## Extra volumes to add to the deployment
-##
-extraVolumes: []
-
 ## Extra volume mounts to add to the container
 ##
 extraVolumeMounts: []
 
+## Configure extra options for liveness and readiness probes
+## This applies to all the Invoice Ninja in the cluster
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+##
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 120
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 15
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+  port: fastcgi
+
+resources:
+  {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Inline http server (this is enabled only if nginx sub chart is disabled).
+##
+http:
+  image:
+    registry: docker.io
+    repository: bitnami/nginx
+    tag: 1.21.1-debian-10-r0
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    # pullSecrets:
+    #   - myRegistryKeySecretName
+
+  ## Container ports
+  ##
+  containerPorts:
+    http: 8080
+    https: 8443
+
+  ## An array to add extra env vars
+  ## Example:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+
+  ## ConfigMap with extra environment variables
+  ##
+  extraEnvVarsCM:
+
+  ## Secret with extra environment variables
+  ##
+  extraEnvVarsSecret:
+
+  ## Extra volume mounts to add to the container
+  ##
+  extraVolumeMounts: []
+
+  ## Configure extra options for liveness and readiness probes
+  ## This applies to all the web server in the cluster
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 15
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+
+  resources:
+    {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
 ## Kubernetes service type
 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
 ## Set this to NodePort, LoadBalancer or ClusterIP
@@ -245,40 +407,129 @@ service:
   ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
   ##
   annotations: {}
+  ## Service for http server
+  ##
+  http:
+    ## Service type
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+    ##
+    type: ClusterIP
+    ## Service ports
+    ##
+    ports:
+      http: 8080
+      https: 8443
+    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+    ##
+    nodePorts:
+      http: ""
+      https: ""
+    ## Service clusterIP.
+    ##
+    # clusterIP: None
+    ## Specify the loadBalancerIP value for LoadBalancer service types.
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+    ##
+    # loadBalancerIP:
+    ## Specify the loadBalancerSourceRanges value for LoadBalancer service types.
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ##
+    loadBalancerSourceRanges: []
+    ## Enable client source IP preservation
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## Additional service annotations (evaluate as a template)
+    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+    ##
+    annotations: {}
 
-## Configure extra options for liveness and readiness probes
+## Configure the ingress resource to access IN (this is enabled only if nginx sub chart is disabled).
-## This applies to all the Invoice Ninja in the sharded cluster
+## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
 ##
-livenessProbe:
+ingress:
+  ## Enable ingress
+  ##
   enabled: true
-  initialDelaySeconds: 30
+  ## Add the corresponding annotations for cert-manager integration
-  periodSeconds: 10
+  ##
-  timeoutSeconds: 5
+  certManager: false
-  failureThreshold: 6
+  ## Ingress path type
-  successThreshold: 1
+  ##
-  port: fastcgi
+  pathType: ImplementationSpecific
-readinessProbe:
+  ## Force Ingress API version (automatically detected if not set)
-  enabled: true
+  ##
-  initialDelaySeconds: 15
+  apiVersion:
-  periodSeconds: 10
+  ## IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
-  timeoutSeconds: 5
+  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
-  failureThreshold: 6
+  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
-  successThreshold: 1
+  ##
-  port: fastcgi
+  ingressClassName:
-
+  ## Default host for the ingress record
-resources:
+  ##
-  {}
+  hostname: invoiceninja.local
-  # We usually recommend not to specify default resources and to leave this as a conscious
+  ## Default path for the ingress record
-  # choice for the user. This also increases chances charts run on environments with little
+  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  ##
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  path: /
-  # limits:
+  ## Additional custom annotations for the ingress record
-  #   cpu: 100m
+  ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
-  #   memory: 128Mi
+  ##
-  # requests:
+  annotations: {}
-  #   cpu: 100m
+  ## Enable TLS configuration for the host defined at `ingress.hostname` parameter
-  #   memory: 128Mi
+  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+  ## You can:
+  ##   - Use the `ingress.secrets` parameter to create this TLS secret
+  ##   - Relay on cert-manager to create it by setting `ingress.certManager=true`
+  ##   - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
+  ##
+  tls: false
+  ## An array with additional hostname(s) to be covered with the ingress record
+  ## e.g:
+  ## extraHosts:
+  ##   - name: invoiceninja.local
+  ##     path: /
+  ##
+  extraHosts: []
+  ## An array with additional arbitrary paths that may need to be added to the ingress under the main host
+  ## e.g:
+  ## extraPaths:
+  ## - path: /*
+  ##   backend:
+  ##     serviceName: ssl-redirect
+  ##     servicePort: use-annotation
+  ##
+  extraPaths: []
+  ## TLS configuration for additional hostname(s) to be covered with this ingress record
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  ## e.g:
+  ## extraTls:
+  ## - hosts:
+  ##     - invoiceninja.local
+  ##   secretName: invoiceninja.local-tls
+  ##
+  extraTls: []
+  ## Custom TLS certificates as secrets
+  ## NOTE: 'key' and 'certificate' are expected in PEM format
+  ## NOTE: 'name' should line up with a 'secretName' set further up
+  ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  ## e.g:
+  ## secrets:
+  ##   - name: invoiceninja.local-tls
+  ##     key: |-
+  ##       -----BEGIN RSA PRIVATE KEY-----
+  ##       ...
+  ##       -----END RSA PRIVATE KEY-----
+  ##     certificate: |-
+  ##       -----BEGIN CERTIFICATE-----
+  ##       ...
+  ##       -----END CERTIFICATE-----
+  ##
+  secrets: []
 
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
@@ -298,13 +549,14 @@ persistence:
     ## If you want to reuse an existing claim, you can pass the name of the PVC using
     ## the existingClaim variable
     # existingClaim: your-claim
-    accessMode: ReadWriteMany
+    accessMode: ReadWriteOnce
     size: 1Gi
     ## Custom dataSource
     ##
     dataSource: {}
   storage:
-    enabled: true
+    ## Only required when using FILE cache or session driver
+    enabled: false
     ## Invoice Ninja data Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -335,9 +587,13 @@ autoscaling:
 ##
 redis:
   enabled: true
+  auth:
+    sentinel: false
   sentinel:
     enabled: true
-    usePassword: false
+    quorum: 1
+  replica:
+    replicaCount: 1
 
 ## External Redis Configuration
 ##
@@ -416,6 +672,7 @@ externalDatabase:
 ## ref: https://github.com/bitnami/charts/blob/master/bitnami/nginx/values.yaml
 ##
 nginx:
+  enabled: false
   service:
     ## Service type
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
@@ -427,43 +684,9 @@ nginx:
   ingress:
     enabled: true
     hostname: invoiceninja.local
-  ## Configure the serverblock for Invoice Ninja
+  ## Use the serverblock config map from Invoice Ninja
-  ## Note: you may need to replace the fastcgi_pass value if the release name is different
   ##
-  serverBlock: |
+  existingServerBlockConfigmap: '{{ include "invoiceninja.nginx.serverBlockName" . }}'
-    server {
+  ## Use the public PVC created by Invoice Ninja
-        listen 8080 default_server;
-        server_name _;
-
-        root /var/www/app/public/;
-        index index.php;
-
-        location / {
-            try_files $uri $uri/ /index.php?$query_string;
-        }
-
-        location = /favicon.ico { access_log off; log_not_found off; }
-        location = /robots.txt  { access_log off; log_not_found off; }
-
-        location ~ \.php$ {
-            fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass invoiceninja:9000;
-            fastcgi_index index.php;
-            include fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_intercept_errors off;
-            fastcgi_buffer_size 16k;
-            fastcgi_buffers 4 16k;
-        }
-    }
-  ## Configure the extraVolumes and extraVolumeMounts for Invoice Ninja
-  ## Note: you may need to replace the claimName if the release name is different
   ##
-  extraVolumes:
+  staticSitePVC: '{{ include "invoiceninja.public.storageName" . }}'
-    - name: public
-      persistentVolumeClaim:
-        claimName: invoiceninja-public
-  extraVolumeMounts:
-    - mountPath: /var/www/app/public
-      name: public
-      readOnly: true

env

@@ -1,26 +1,45 @@
-APP_URL=http://in.localhost:8003/
+# IN application vars
+APP_URL=http://in.localhost:8003
 APP_KEY=<insert your generated key in here>
 APP_DEBUG=true
-MULTI_DB_ENABLED=false
+REQUIRE_HTTPS=false
-DB_HOST1=db
+PHANTOMJS_PDF_GENERATION=false
-DB_PORT1=3306
+PDF_GENERATOR=snappdf
-DB_USERNAME1=ninja
+TRUSTED_PROXIES='*'
-DB_PASSWORD1=ninja
+
-DB_DATABASE1=ninja
+
+QUEUE_CONNECTION=database
+
+# DB connection
+DB_HOST=db
+DB_PORT=3306
+DB_DATABASE=ninja
+DB_USERNAME=ninja
+DB_PASSWORD=ninja
+
+# Create initial user
+# Default to these values if empty
+# IN_USER_EMAIL=admin@example.com
+# IN_PASSWORD=changeme!
+IN_USER_EMAIL=
+IN_PASSWORD=
+
+# Mail options
+MAIL_MAILER=log
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS='user@example.com'
+MAIL_FROM_NAME='Self Hosted User'
+
+# MySQL
 MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
 MYSQL_USER=ninja
 MYSQL_PASSWORD=ninja
 MYSQL_DATABASE=ninja
 
-#this is a system variable please do not remove
+# V4 env vars
-IS_DOCKER=true
+# DB_STRICT=false
-
+# APP_CIPHER=AES-256-CBC
-PHANTOMJS_PDF_GENERATION=false
-
-#V4 env vars
-DB_STRICT=false
-DB_HOST=db
-DB_DATABASE=ninja
-DB_USERNAME=ninja
-DB_PASSWORD=ninja
-APP_CIPHER=AES-256-CBC