Merge pull request #575 from julianengel/patch-1

Added GoCardless/Nordigen key to env file

.github/workflows/build-image-v5.yaml

@@ -44,7 +44,7 @@ jobs:
         with:
           builder: ${{ steps.buildx.outputs.name }}
           context: ./alpine/5/
-          build-args: INVOICENINJA_VERSION=5-stable
+          build-args: INVOICENINJA_VERSION=5-develop
           target: prod
           platforms: linux/amd64,linux/arm64
           tags: invoiceninja/invoiceninja:cache
@@ -54,4 +54,4 @@ jobs:
       - name: Move cache
         run: |
           rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/release-chart.yaml

@@ -12,21 +12,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Configure Git
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
-      - uses: azure/setup-helm@v1
-        id: install
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
 
       - name: Add Helm repos
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.1
+        uses: helm/chart-releaser-action@v1.4.1
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test-charts.yaml

@@ -17,14 +17,15 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v3
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: "3.9"
+          check-latest: true
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.0.1
+        uses: helm/chart-testing-action@v2.3.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -41,7 +42,7 @@ jobs:
       - name: Run chart-testing (lint)
         run: ct lint --config .github/ct-lint.yaml
 
-  kubeval-chart:
+  kubeconform-chart:
     runs-on: ubuntu-latest
     needs:
       - lint-chart
@@ -49,39 +50,44 @@ jobs:
       matrix:
         chart: ${{ fromJson(needs.lint-chart.outputs.matrix) }}
         k8s:
-          - v1.19.11
-          - v1.20.7
-          - v1.21.2
+          - "1.25.5"
+          - "1.24.9"
+          - "1.23.15"
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Update Helm depdendencies
         env:
           CHART_DIR: ${{ matrix.chart }}
         run: |
           helm dependency update "${CHART_DIR}"
-          mkdir kubeval
-          helm template "${CHART_DIR}" > kubeval/combined.yaml
+          mkdir tmp
+          helm template "${CHART_DIR}" > tmp/combined.yaml
 
-      - name: Run kubeval
-        uses: instrumenta/kubeval-action@master
+      - uses: yokawasa/action-setup-kube-tools@v0.9.2
         with:
-          files: kubeval
-          version: ${{ matrix.k8s }}
+          setup-tools: |
+            kubeconform
+
+      - name: Run kubeconform
+        if: ${{ matrix.k8s }}
+        run: kubeconform -kubernetes-version ${{ matrix.k8s }} tmp/combined.yaml
 
   install-chart:
     name: install-chart
     runs-on: ubuntu-latest
     needs:
       - lint-chart
-      - kubeval-chart
+      - kubeconform-chart
     strategy:
       matrix:
         k8s:
-          - v1.19.11
-          - v1.20.7
-          - v1.21.2
+          - v1.25.3
+          - v1.24.7
+          - v1.23.13
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -89,16 +95,17 @@ jobs:
           fetch-depth: 0
 
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@v1.4.0
         with:
           node_image: kindest/node:${{ matrix.k8s }}
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: "3.9"
+          check-latest: true
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.0.1
+        uses: helm/chart-testing-action@v2.3.1
 
       - name: Run chart-testing (install)
         run: ct install --config .github/ct-install.yaml

README.md

@@ -4,8 +4,6 @@
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/invoiceninja)](https://artifacthub.io/packages/search?repo=invoiceninja)
 [![Pusblish Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml) [![Cache v5 Image](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
 
-
-
 # Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
 :crown: **Features**
@@ -22,7 +20,8 @@ Introducing our very own [Helm Chart](https://github.com/invoiceninja/dockerfile
 Other resources:
 
 [Helm Chart](https://github.com/Saddamus/invoiceninja-helm) by @Saddamus  
-[K8s Manifest](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk
+[K8s Manifest](https://github.com/invoiceninja/dockerfiles/issues/94) by @spacepluk  
+[You Tube installation video by DBTech](https://www.youtube.com/watch?v=xo6a3KtLC2g&ab_channel=DBTech)
 
 ## Alternatively get started with Docker Compose
 
@@ -84,7 +83,7 @@ All that is left to do now is bring up the container
 
 ### Running on ARM64 (Raspberry Pi 4)
 
-When deploying on an ARM64 system, you need to comment out the `image: mysql:5` line and uncomment `image: mariadb:10.4` in the `docker-compose.yml` file.
+When deploying on an ARM64 system, you need to comment out the `image: mysql:8` line and uncomment `image: mariadb:10.4` in the `docker-compose.yml` file.
 
 ### Updating the Image when using `docker-compose`
 
@@ -96,8 +95,13 @@ To upgrade to a newer release image, please make sure to update the `docker-comp
 git pull
 ```
 
+It is recommended to perform a backup before.
 You may need to manually merge any changes that cannot be merged automatically by git.
 
+### Thanks
+Massive thank you to [lwj5](https://github.com/lwj5) for the tireless work to continually improve the dockerfile and its associated tooling.
+
+
 ## Support
 
 If you discover a bug, please create and issue, if you query is general in nature please visit us on our [Forum ](https://forum.invoiceninja.com/)

alpine/4/Dockerfile

@@ -1,4 +1,4 @@
-ARG PHP_VERSION=7.2
+ARG PHP_VERSION=7.3
 ARG BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
 ARG BAK_PUBLIC_PATH=/var/www/app/docker-backup-public/
 
@@ -70,4 +70,4 @@ ENV SELF_UPDATER_SOURCE ''
 VOLUME /var/www/app/public
 
 ENTRYPOINT ["docker-entrypoint"]
-CMD ["php-fpm"]
+CMD ["php-fpm"]

alpine/5/Dockerfile

@@ -1,43 +1,51 @@
-ARG PHP_VERSION=7.4
+ARG PHP_VERSION=8.2
 ARG BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
 ARG BAK_PUBLIC_PATH=/var/www/app/docker-backup-public/
 
 # Get Invoice Ninja and install nodejs packages
-FROM --platform=$BUILDPLATFORM node:lts-alpine as build
+FROM --platform=$BUILDPLATFORM node:lts-alpine as nodebuild
 
 # Download Invoice Ninja
 ARG INVOICENINJA_VERSION
-ADD https://github.com/invoiceninja/invoiceninja/tarball/v$INVOICENINJA_VERSION /tmp/ninja.tar.gz
+ADD https://github.com/invoiceninja/invoiceninja/releases/download/v$INVOICENINJA_VERSION/react-invoiceninja.tar /tmp/ninja.tar
+
+RUN set -eux; apk add curl unzip
 
 # Extract Invoice Ninja
 RUN mkdir -p /var/www/app \
-    && tar --strip-components=1 -xf /tmp/ninja.tar.gz -C /var/www/app/ \
-    && mkdir -p /var/www/app/public/logo /var/www/app/storage \
-    && mv /var/www/app/.env.example /var/www/app/.env \
-    && rm -rf /var/www/app/docs /var/www/app/tests
+    && tar -xvf /tmp/ninja.tar -C /var/www/app/ \
+    && mkdir -p /var/www/app/public/logo /var/www/app/storage
+    
+WORKDIR /var/www/app
 
-WORKDIR /var/www/app/
+RUN echo ls -l
 
-# Install node packages
-ARG BAK_STORAGE_PATH
-ARG BAK_PUBLIC_PATH
-RUN --mount=target=/var/www/app/node_modules,type=cache \
-    npm install --production \
-    && npm run production \
-    && mv /var/www/app/storage $BAK_STORAGE_PATH \
-    && mv /var/www/app/public $BAK_PUBLIC_PATH  
+RUN cp /var/www/app/ui/dist/index.html /var/www/app/resources/views/react/index.blade.php
 
 # Prepare php image
-FROM php:${PHP_VERSION}-fpm-alpine3.13 as prod
+FROM php:${PHP_VERSION}-fpm-alpine as phpbuild
 
 LABEL maintainer="David Bomba <turbo124@gmail.com>"
 
+# Adding caching_sha2_password.so
+# With this we get native support for caching_sha2_password
+RUN apk add --no-cache mariadb-connector-c
+
 RUN mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
 
 # Install PHP extensions
 # https://hub.docker.com/r/mlocati/php-extension-installer/tags
 COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
 
+# Install chromium
+RUN set -eux; \
+    apk add --no-cache \
+    font-isas-misc \
+    supervisor \
+    mysql-client \
+    chromium \
+    ttf-freefont
+
 RUN install-php-extensions \
     bcmath \
     exif \
@@ -50,15 +58,6 @@ RUN install-php-extensions \
     @composer \
     && rm /usr/local/bin/install-php-extensions
 
-# Install chromium
-RUN set -eux; \
-    apk add --no-cache \
-    supervisor \
-    mysql-client \
-    git \
-    chromium \
-    ttf-freefont
-
 # Copy files
 COPY rootfs /
 
@@ -74,6 +73,8 @@ RUN addgroup --gid=$UID -S "$INVOICENINJA_USER" \
     --ingroup "$INVOICENINJA_USER" \
     "$INVOICENINJA_USER"
 
+WORKDIR /var/www/app
+
 # Set up app
 ARG INVOICENINJA_VERSION
 ARG BAK_STORAGE_PATH
@@ -81,14 +82,30 @@ ARG BAK_PUBLIC_PATH
 ENV INVOICENINJA_VERSION $INVOICENINJA_VERSION
 ENV BAK_STORAGE_PATH $BAK_STORAGE_PATH
 ENV BAK_PUBLIC_PATH $BAK_PUBLIC_PATH
-COPY --from=build --chown=$INVOICENINJA_USER:$INVOICENINJA_USER /var/www/app /var/www/app
+COPY --from=nodebuild --chown=$INVOICENINJA_USER:$INVOICENINJA_USER /var/www/app /var/www/app
+
+RUN rm -rf /var/www/app/ui
 
 USER $UID
 WORKDIR /var/www/app
 
 # Do not remove this ENV
 ENV IS_DOCKER true
-RUN /usr/local/bin/composer install --no-dev --quiet
+FROM --platform=$BUILDPLATFORM nodebuild AS dependencybuild
+
+WORKDIR /var/www/app
+COPY --from=phpbuild /var/www/app /var/www/app
+
+# # Install node packages
+ARG BAK_STORAGE_PATH
+ARG BAK_PUBLIC_PATH
+
+RUN mv /var/www/app/storage $BAK_STORAGE_PATH \
+    && mv /var/www/app/public $BAK_PUBLIC_PATH
+
+FROM phpbuild as prod
+
+COPY --from=dependencybuild --chown=$INVOICENINJA_USER:$INVOICENINJA_USER /var/www/app /var/www/app
 
 # Override the environment settings from projects .env file
 ENV APP_ENV production

alpine/5/cache_buster

@@ -1 +1 @@
-Fri Jul  2 7:33:22 +00 2021
+Fri Jul  4 7:33:22 +00 2023

alpine/5/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -11,4 +11,4 @@ if [[ ! -z "${IN_PASSWORD}" ]]; then
     password="--password ${IN_PASSWORD}"
 fi
 
-php artisan ninja:create-account $email $password
+php artisan ninja:create-account $email $password

alpine/5/rootfs/usr/local/bin/invoiceninja-init.sh

@@ -27,6 +27,7 @@ docker_process_init_files() {
 
 php artisan config:cache
 php artisan optimize
+php artisan package:discover
 
 # Check if DB works, if not crash the app.
 DB_READY=$(php artisan tinker --execute='echo app()->call("App\Utils\SystemHealth@dbCheck")["success"];')

charts/invoiceninja/Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.7.0
+  version: 2.2.2
 - name: nginx
   repository: https://charts.bitnami.com/bitnami
-  version: 9.3.6
+  version: 13.2.20
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 9.3.16
+  version: 11.4.2
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 14.6.6
-digest: sha256:a9dced490c24324a0d76821d94569c12b49a2f40d7dc8f6aa07c139f116bf5ec
-generated: "2021-07-09T20:05:19.280732+08:00"
+  version: 16.13.2
+digest: sha256:da0dca54f32ca0465f89744d6247421ad13c907f09cd40fb21985c81888aaef1
+generated: "2022-12-23T12:54:52.476889+08:00"

charts/invoiceninja/Chart.yaml

@@ -13,11 +13,11 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.8
+version: 0.10.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 5.2.10
+appVersion: 5.6.24
 keywords:
   - invoiceninja
 home: https://invoiceninja.github.io/dockerfiles
@@ -29,19 +29,19 @@ dependencies:
     repository: https://charts.bitnami.com/bitnami
     tags:
       - bitnami-common
-    version: 1.x.x
+    version: 2.x.x
   - condition: nginx.enabled
     name: nginx
     repository: https://charts.bitnami.com/bitnami
-    version: 9.x.x
+    version: 13.x.x
   - condition: mariadb.enabled
     name: mariadb
     repository: https://charts.bitnami.com/bitnami
-    version: 9.3.x
+    version: 11.4.x
   - condition: redis.enabled
     name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 14.x.x
+    version: 16.x.x
 maintainers:
   - email: lwj5@hotmail.com
     name: lwj5

charts/invoiceninja/README.md

@@ -88,7 +88,7 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `cacheDriver`            | Name of cache driver to use                                                   | `nil`                                                   |
 | `sessionDriver`          | Name of session driver to use                                                 | `nil`                                                   |
 | `queueConnection`        | Name of queue connection to use                                               | `nil`                                                   |
-| `snappdf`                | Use snappdf instead of Phantom JS PDF generation                              | `true`                                                  |
+| `pdfGenerator`           | PDF generation method (Allowed values: `snappdf` or `phantom`)                | `snappdf`                                               |
 | `mailer`                 | Name of the mailer to use (log, smtp, etc.)                                   | `log`                                                   |
 | `requireHttps`           | Force HTTPS for internal connections to Invoice Ninja (see #349)              | `false`                                                 |
 | `existingSecret`         | Use existing secret that contain the keys `APP_KEY` and `IN_PASSWORD`         | `nil`                                                   |
@@ -102,7 +102,7 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `readinessProbe`         | Readiness probe configuration for Invoice Ninja                               | Check `values.yaml` file                                |
 | `containerPorts.fastcgi` | FastCGI port to expose at container level                                     | `9000`                                                  |
 
-### Inline web server container parameters (only used when `nginx.enabled` is false)
+### Inline web server container parameters (only used when `nginx.enabled` is **not** set to true)
 
 | Parameter                | Description                                              | Default                                                 |
 | ------------------------ | -------------------------------------------------------- | ------------------------------------------------------- |
@@ -169,7 +169,7 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `service.externalTrafficPolicy`    | Enable client source IP preservation                                       | `Cluster`                      |
 | `service.annotations`              | Service annotations                                                        | `{}` (evaluated as a template) |
 
-#### Inline web server (only used when `nginx.enabled` is false)
+#### Inline web server (only used when `nginx.enabled` is **not** set to true)
 
 | Parameter                               | Description                                                                | Default                        |
 | --------------------------------------- | -------------------------------------------------------------------------- | ------------------------------ |
@@ -187,20 +187,7 @@ The following table shows the configuration options for the Invoice Ninja helm c
 
 ### Ingress parameters 
 
-#### Nginx sub-chart
-
-| Parameter                            | Description                           | Default                                                |
-| ------------------------------------ | ------------------------------------- | ------------------------------------------------------ |
-| `nginx.enabled`                      | Deploy Nginx sub-chart                | `true`                                                 |
-| `nginx.service.type`                 | Kubernetes Service type               | `ClusterIP`                                            |
-| `nginx.ingress.enabled`              | Enable ingress controller resource    | `true`                                                 |
-| `nginx.ingress.hostname`             | Default host for the ingress resource | `invoiceninja.local`                                   |
-| `nginx.existingServerBlockConfigmap` | Custom NGINX server block config map  | `{{ include "invoiceninja.nginx.serverBlockName" . }}` |
-| `nginx.staticSitePVC`                | Name of Invoice Ninja public PVC      | `{{ include "invoiceninja.public.storageName" . }}`    |
-
-> See [Dependencies](#dependencies) for more.
-
-#### Inline web server (only used when `nginx.enabled` is false)
+#### Inline web server (only used when `nginx.enabled` is **not** set to true)
 
 | Parameter                  | Description                                                                                           | Default                  |
 | -------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
@@ -218,6 +205,19 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `ingress.extraTls`         | TLS configuration for additional hostname(s) to be covered with this ingress record                   | `[]`                     |
 | `ingress.secrets`          | Custom TLS certificates as secrets                                                                    | `[]`                     |
 
+#### Nginx sub-chart
+
+| Parameter                            | Description                           | Default                                                |
+| ------------------------------------ | ------------------------------------- | ------------------------------------------------------ |
+| `nginx.enabled`                      | Deploy Nginx sub-chart                | `false`                                                |
+| `nginx.service.type`                 | Kubernetes Service type               | `ClusterIP`                                            |
+| `nginx.ingress.enabled`              | Enable ingress controller resource    | `true`                                                 |
+| `nginx.ingress.hostname`             | Default host for the ingress resource | `invoiceninja.local`                                   |
+| `nginx.existingServerBlockConfigmap` | Custom NGINX server block config map  | `{{ include "invoiceninja.nginx.serverBlockName" . }}` |
+| `nginx.staticSitePVC`                | Name of Invoice Ninja public PVC      | `{{ include "invoiceninja.public.storageName" . }}`    |
+
+> See [Dependencies](#dependencies) for more.
+
 ### Persistence parameters
 
 | Parameter                           | Description                                         | Default           |
@@ -225,10 +225,10 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `persistence.public.enabled`        | Enable persistence using PVC                        | `true`            |
 | `persistence.public.existingClaim`  | Enable persistence using an existing PVC            | `nil`             |
 | `persistence.public.storageClass`   | PVC Storage Class                                   | `nil`             |
-| `persistence.public.accessModes`    | PVC Access Modes                                    | `[ReadWriteMany]` |
+| `persistence.public.accessModes`    | PVC Access Modes                                    | `[ReadWriteOnce]` |
 | `persistence.public.size`           | PVC Storage Request                                 | `1Gi`             |
 | `persistence.public.dataSource`     | PVC data source                                     | `{}`              |
-| `persistence.storage.enabled`       | Enable persistence using PVC (only for FILE driver) | `false`            |
+| `persistence.storage.enabled`       | Enable persistence using PVC (only for FILE driver) | `false`           |
 | `persistence.storage.existingClaim` | Enable persistence using an existing PVC            | `nil`             |
 | `persistence.storage.storageClass`  | PVC Storage Class                                   | `nil`             |
 | `persistence.storage.accessModes`   | PVC Access Modes                                    | `[ReadWriteMany]` |
@@ -245,6 +245,8 @@ The following table shows the configuration options for the Invoice Ninja helm c
 | `redis.auth.password`             | Redis password                               | _random 10 character alphanumeric string_ |
 | `redis.auth.sentinel`             | Use password for sentinel containers         | `false`                                   |
 | `redis.sentinel.enabled`          | Enable sentinel containers                   | `true`                                    |
+| `redis.sentinel.quorum`           | Sentinel Quorum                              | `1`                                       |
+| `redis.replica.replicaCount`      | Number of Redis replicas to deploy           | `1`                                       |
 | `externalRedis.host`              | Host of the external redis                   | `nil`                                     |
 | `externalRedis.port`              | Port of the external redis                   | `6379`                                    |
 | `externalRedis.password`          | Password for the external redis              | `nil`                                     |
@@ -290,27 +292,29 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 helm install invoiceninja \
   --set appKey=changeit \
   --set replicaCount=3 \
-  --set nginx.replicaCount=3 \
+  --set persistence.public.accessModes[0]=ReadWriteMany
   --set redis.auth.password=changeit \
+  --set redis.sentinel.quorum=2 \
+  --set redis.replica.replicaCount=3 \
   --set mariadb.auth.rootPassword=changeit \
   --set mariadb.auth.password=changeit \
   invoiceninja/invoiceninja
 ```
 
-The above command sets the number of replicas to 3 for a highly available (HA) setup. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup. For a production environment, it is recommended that you spin up the required databases in a separate Helm Chart to decouple the upgrading process.
+The above command sets the number of replicas to 3 for a highly available (HA) setup and uses a `ReadWriteMany` volume. Note that you would need to use an external DB such as MariaDB Galera for a full HA production setup. For a production environment, it is recommended that you spin up the required databases in a separate Helm Chart to decouple the upgrading process.
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while [installing](https://helm.sh/docs/helm/helm_install/) the chart. For example,
 
 ```yaml
 # values.yaml
 appKey: changeit
-replicaCount: 3
-nginx:
-  replicaCount: 3
+persistence:
+  public:
+    accessModes:
+      - ReadWriteMany
 redis:
-  cluster:
-    slaveCount: 3
-  password: changeit
+  auth:
+    password: changeit
 mariadb:
   auth:
     rootPassword: changeit
@@ -346,17 +350,39 @@ extraEnvVarsCM: examplemap
 
 ## Inline webserver vs Nginx sub-chart
 
-If you have the ability to use `ReadWriteMany` persistent volume access mode, using the Nginx sub-chart will provide you with the most features, such as:
+Since there are many people without access to a `ReadWriteMany` volume, the inline Nginx web server will allow you to use a `ReadWriteOnce` public volume limited to 1 IN replica.
+
+If you have the ability to use `ReadWriteMany` persistent volume, you can choose between the two by setting the `nginx.enabled` parameter. Setting `nginx.enabled` to true will enable the Nginx sub-chart and will provide you with some additional features, such as:
 
 - independent scaling of Nginx and IN pods
-- built-in TLS functionality
-- high-availability
-
-However, since there are a lot of people without access to this volume type, using the inline Nginx web server will allow you to use a `ReadWriteOnce` public volume. Please note that you will need to change `persistence.public.accessModes` parameter and disable the Nginx sub-chart by setting `nginx.enabled` to false. Also, you will be limited 1 IN replica.
+- separate resource limits/requests
+- other features available from the sub-chart
 
 ## Upgrading
 
+### To 0.10.0
+
+The following chart dependencies have been upgraded.
+- MariaDB 
+- Redis
+- Nginx
+- Bitnami common
+
+Please take note that this upgrade MariaDB from 10.5 to 10.6. Please backup your database before proceeding.
+
+### To 0.8.0
+
+To improve the accessibility of this chart to regular users. Some of the defaults have been changed. This include:
+
+- `persistence.public.accessModes` now defaults to `ReadWriteOnce`.
+- `nginx.enabled` now defaults to false.
+- `redis.replica.replicaCount` and `redis.sentinel.quorum` now defaults to `1`.
+
+Other changes:
+
+- `snappdf` parameter has been replaced by `pdfGenerator`.
+
 ### To 0.7.0
 
 - Redis chart dependency has been upgraded and may not be backwards compatible with previous versions. See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis) for more info.
-- Storage persitence defaults to `false`, set to `true` if not using Redis, or using any FILE driver
+- Storage persitence defaults to `false`. Set to `true` if not using Redis or using FILE driver

charts/invoiceninja/templates/configmap.yaml

@@ -44,7 +44,9 @@ data:
   {{- else if or .Values.redis.enabled .Values.externalRedis.host }}
   QUEUE_CONNECTION: redis
   {{- end }}
-  PHANTOMJS_PDF_GENERATION: {{ not .Values.snappdf | quote}}
+  # PHANTOMJS_PDF_GENERATION is deprecated
+  PHANTOMJS_PDF_GENERATION: "false"
+  PDF_GENERATOR: {{ .Values.pdfGenerator | quote}}
   REDIS_HOST: {{ include "invoiceninja.redisHost" . | quote }}
   REDIS_PORT: {{ include "invoiceninja.redisPort" . | quote }}
   REDIS_DB: {{ include "invoiceninja.redisDatabase" . | quote }}

charts/invoiceninja/templates/deployment.yaml

@@ -66,7 +66,7 @@ spec:
               [[ -z "${DB_HOST1}" ]] || DB_HOST="${DB_HOST1}";
               [[ -z "${DB_PORT1}" ]] || DB_PORT="${DB_PORT1}";
               while [ $COUNTER -lt 120 ]; do
-                if mysqladmin ping -h "$DB_HOST" -P $DB_PORT --silent; then
+                if mysqladmin ping -h "$DB_HOST" -P $DB_PORT --connect-timeout=15 --silent; then
                   exit 0;
                 fi;
                 let COUNTER=COUNTER+1;

charts/invoiceninja/templates/serverblock.yaml

@@ -15,6 +15,7 @@ data:
   server-block.conf: |-
     server {
         listen 8080 default_server;
+        listen [::]:8080 default_server;
         server_name _;
 
         root /app;

charts/invoiceninja/values.yaml

@@ -18,7 +18,7 @@
 image:
   registry: docker.io
   repository: invoiceninja/invoiceninja
-  tag: 5.2.11
+  tag: 5.6.24
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
@@ -77,8 +77,9 @@ queueConnection: ""
 trustedProxies: "*"
 
 ## Use local or Phantom JS PDF generation
+## Options are `snappdf` or `phantom`
 ##
-snappdf: true
+pdfGenerator: snappdf
 
 ## Name of queue connection to use (use "log" for debug)
 ## Please check the ref below for any other env you may need to define
@@ -297,7 +298,7 @@ http:
   image:
     registry: docker.io
     repository: bitnami/nginx
-    tag: 1.21.1-debian-10-r0
+    tag: 1.22.1-debian-11-r21
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
@@ -548,7 +549,7 @@ persistence:
     ## If you want to reuse an existing claim, you can pass the name of the PVC using
     ## the existingClaim variable
     # existingClaim: your-claim
-    accessMode: ReadWriteMany
+    accessMode: ReadWriteOnce
     size: 1Gi
     ## Custom dataSource
     ##
@@ -590,6 +591,9 @@ redis:
     sentinel: false
   sentinel:
     enabled: true
+    quorum: 1
+  replica:
+    replicaCount: 1
 
 ## External Redis Configuration
 ##
@@ -668,7 +672,7 @@ externalDatabase:
 ## ref: https://github.com/bitnami/charts/blob/master/bitnami/nginx/values.yaml
 ##
 nginx:
-  enabled: true
+  enabled: false
   service:
     ## Service type
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

config/mysql/Dockerfile

@@ -1,4 +1,4 @@
-FROM mysql:5
+FROM mysql:8
 # When running on ARM64 use MariaDB instead of MySQL
 #FROM mariadb:10.4
 ENV force_color_prompt yes

config/nginx/in-vhost.conf

@@ -1,7 +1,9 @@
 server {
     listen 80 default_server;
     server_name _;
-
+    
+    server_tokens off;
+    
     client_max_body_size 100M;
 
     root /var/www/app/public/;
@@ -14,6 +16,11 @@ server {
     location = /favicon.ico { access_log off; log_not_found off; }
     location = /robots.txt  { access_log off; log_not_found off; }
 
+
+    location ~* /storage/.*\.php$ {
+        return 503;
+    }
+
     location ~ \.php$ {
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_pass app:9000;

config/php/php-cli.ini

@@ -0,0 +1,18 @@
+session.auto_start = Off
+short_open_tag = Off
+
+error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+
+; opcache.enable_cli=1
+; opcache.fast_shutdown=1
+; opcache.memory_consumption=256
+; opcache.interned_strings_buffer=8
+; opcache.max_accelerated_files=4000
+; opcache.revalidate_freq=60
+; # http://symfony.com/doc/current/performance.html
+; realpath_cache_size = 4096K
+; realpath_cache_ttl = 600
+
+memory_limit = 2G
+post_max_size = 60M
+upload_max_filesize = 50M

config/php/php.ini

@@ -0,0 +1,21 @@
+session.auto_start = Off
+short_open_tag = Off
+
+error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+
+; opcache.enable=1
+; opcache.preload=/srv/www/invoiceninja/current/preload.php
+; opcache.preload_user=www-data
+
+; ; The OPcache shared memory storage size.
+; opcache.max_accelerated_files=300000
+; opcache.validate_timestamps=1
+; opcache.revalidate_freq=30
+; opcache.jit_buffer_size=256M
+; opcache.jit=1205
+; opcache.memory_consumption=1024M
+
+
+post_max_size = 60M
+upload_max_filesize = 50M
+memory_limit=512M

docker-compose.yml

@@ -30,6 +30,9 @@ services:
       - ./config/hosts:/etc/hosts:ro
       - ./docker/app/public:/var/www/app/public:rw,delegated
       - ./docker/app/storage:/var/www/app/storage:rw,delegated
+      - ./config/php/php.ini:/usr/local/etc/php/php.ini
+      - ./config/php/php-cli.ini:/usr/local/etc/php/php-cli.ini
+
     depends_on:
       - db
     networks:
@@ -38,7 +41,7 @@ services:
       - "in5.localhost:192.168.0.124 " #host and ip
 
   db:
-    image: mysql:5
+    image: mysql:8
 #    When running on ARM64 use MariaDB instead of MySQL
 #    image: mariadb:10.4
 #    For auto DB backups comment out image and use the build block below

env

@@ -5,6 +5,8 @@ APP_DEBUG=true
 REQUIRE_HTTPS=false
 PHANTOMJS_PDF_GENERATION=false
 PDF_GENERATOR=snappdf
+TRUSTED_PROXIES='*'
+
 
 QUEUE_CONNECTION=database
 
@@ -38,6 +40,10 @@ MYSQL_USER=ninja
 MYSQL_PASSWORD=ninja
 MYSQL_DATABASE=ninja
 
+# GoCardless/Nordigen API key for banking integration
+NORDIGEN_SECRET_ID=
+NORDIGEN_SECRET_KEY=
+
 # V4 env vars
 # DB_STRICT=false
 # APP_CIPHER=AES-256-CBC