bitnamicharts/redmine

Verified Publisher

By VMware

Updated 11 months ago

Bitnami Helm chart for Redmine

Helm
Image
Security
Integration & delivery
Content management system
0

500K+

bitnamicharts/redmine repository overview

Bitnami Secure Images Helm chart for Redmine

Redmine is an open source management application. It includes a tracking issue system, Gantt charts for a visual view of projects and deadlines, and supports SCM integration for version control.

Overview of Redmine

Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redmine

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository.

Introduction

This chart bootstraps a Redmine deployment on a Kubernetes cluster using the Helm package manager.

It also packages the Bitnami MariaDB chart and the PostgreSQL chart which are required for bootstrapping a MariaDB/PostgreSQL deployment for the database requirements of the Redmine application.

Before you begin

  • Kubernetes 1.23+
  • Helm 3.8.0+
  • PV provisioner support in the underlying infrastructure
  • ReadWriteMany volumes for deployment scaling

Installing the Chart

To install the chart with the release name my-release:

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redmine

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

The command deploys Redmine on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Configuration and installation details

This section describes credentials, configuration, and other installation options.

Using PostgreSQL instead of MariaDB

This chart includes the option to use a PostgreSQL database for Redmine instead of MariaDB. To use this, set the databaseType parameter to postgresql:

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redmine --set databaseType=postgresql

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

Gateway API

This chart provides support for exposing Redmine using the Gateway API and its HTTPRoute resource. If you have a Gateway controller installed on your cluster, such as APISIX, Contour, Envoy Gateway, NGINX Gateway Fabric or Kong Ingress Controller you can utilize the Gateway controller to serve your application. To enable Gateway API integration, set httpRoute.enabled to true. The Gateway to be used can be customized by setting the httpRoute.parentRefs parameter. By default, it will reference a Gateway named gateway in the same namespace as the release.

You can specify the list of hostnames to be mapped to the deployment using the httpRoute.hostnames parameter. Additionally, you can customize the rules used to route the traffic to the service by modifying the httpRoute.matches and httpRoute.filters parameters or adding new rules using the httpRoute.extraRules parameter.

Ingress

This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as NGINX Ingress Controller or Contour you can utilize the ingress controller to serve your application. To enable Ingress integration, set ingress.enabled to true.

The most common scenario is to have one host name mapped to the deployment. In this case, the ingress.hostname property can be used to set the host name. The ingress.tls parameter can be used to add the TLS configuration for this host.

However, it is also possible to have more than one host. To facilitate this, the ingress.extraHosts parameter (if available) can be set with the host names specified as an array. The ingress.extraTLS parameter (if available) can also be used to add the TLS configuration for extra hosts.

NOTE: For each host specified in the ingress.extraHosts parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but this annotation reference document lists the annotations supported by many popular Ingress controllers.

Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.

Learn more about Ingress controllers.

Certificates
CA Certificates

Custom CA certificates not included in the base docker image can be added with the following configuration. The secret must exist in the same namespace as the deployment. Will load all certificates files it finds in the secret.

certificates:
  customCAs:
    - secret: my-ca-1
    - secret: my-ca-2
CA Certificates Secret

Secret can be created with:

kubectl create secret generic my-ca-1 --from-file my-ca-1.crt
TLS Certificate

A web server TLS Certificate can be injected into the container with the following configuration. The certificate will be stored at the location specified in the certificateLocation value.

certificates:
  customCertificate:
    certificateSecret: my-secret
    certificateLocation: /ssl/server.pem
    keyLocation: /ssl/key.pem
    chainSecret:
      name: my-cert-chain
      key: chain.pem
TLS Certificate Secret

The certificate tls secret can be created with:

kubectl create secret tls my-secret --cert tls.crt --key tls.key

The certificate chain is created with:

kubectl create secret generic my-cert-chain --from-file chain.pem
Resource requests and limits

Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the resources value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.

To make this process easier, the chart contains the resourcesPreset values, which automatically sets the resources section according to different presets. Check these presets in the bitnami/common chart. However, in production workloads using resourcesPreset is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the official Kubernetes documentation.

Rolling VS Immutable tags

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

Update credentials

Bitnami charts configure credentials at first boot. Any further change in the secrets or credentials require manual intervention. Follow these instructions:

  • Update the user password following the upstream documentation
  • Update the password secret with the new values (replace the SECRET_NAME, PASSWORD and SMTP_PASSWORD placeholders)
kubectl create secret generic SECRET_NAME --from-literal=redmine-password=PASSWORD --from-literal=smtp-password=SMTP_PASSWORD --dry-run -o yaml | kubectl apply -f -
Replicas

Redmine writes uploaded files to a persistent volume. By default that volume cannot be shared between pods (RWO). In such a configuration the replicas option must be set to 1. If the persistent volume supports more than one writer (RWX), ie NFS, replicas can be greater than 1.

Important: When running more than one instance of Redmine they must share the same secret_key_base to have sessions working across all instances. This can be achieved by setting

  extraEnvVars:
   - name: SECRET_KEY_BASE
     value: someredminesecretkeybase
Deploying to a sub-URI

(adapted from https://github.com/bitnami/containers/tree/main/bitnami/redmine)

On certain occasions, you may need that Redmine is available under a specific sub-URI path rather than the root. A common scenario to this problem may arise if you plan to set up your Redmine container behind a reverse proxy. To deploy your Redmine container using a certain sub-URI you just need to follow these steps:

Create a configmap containing an altered version of post-init.sh
apiVersion: v1
kind: ConfigMap
metadata:
  name: redmine-init-configmap
  namespace: <same-namespace-as-the-chart>
  labels:
  ...
data:

  post-init.sh: |-
    #!/bin/bash

    # REPLACE WITH YOUR OWN SUB-URI
    SUB_URI_PATH='/redmine'

    #Config files where to apply changes
    config1=/opt/bitnami/redmine/config.ru
    config2=/opt/bitnami/redmine/config/environment.rb

    sed -i '$ d' ${config1}
    echo 'map ActionController::Base.config.try(:relative_url_root) || "/" do' >> ${config1}
    echo 'run Rails.application' >> ${config1}
    echo 'end' >> ${config1}
    echo 'Redmine::Utils::relative_url_root = "'${SUB_URI_PATH}'"' >> ${config2}

    SUB_URI_PATH=$(echo ${SUB_URI_PATH} | sed -e 's|/|\\/|g')
    sed -i -e "s/\(relative_url_root\ \=\ \"\).*\(\"\)/\1${SUB_URI_PATH}\2/" ${config2}
Add this confimap as a volume/volume mount in the chart values
## <a id="extra-volumes-to-add-to"></a> Extra volumes to add to the deployment
##
extraVolumes:
  - name: redmine-init-volume
    configMap:
      name: redmine-init-configmap

## <a id="extra-volume-mounts-to-add"></a> Extra volume mounts to add to the container
##
extraVolumeMounts:
  - name: "redmine-init-volume"
    mountPath: "/post-init.sh"
    subPath: post-init.sh
Change the probes URI
## <a id="configure-extra-options-for-liveness"></a> Configure extra options for liveness and readiness probes
## <a id="ref-https-kubernetes-io-docs"></a> ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
startupProbe:
  enabled: true
  path: /redmine/
---
readinessProbe:
  enabled: true
  path: /redmine/
Backup and restore

To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool. Find the instructions for using Velero in this guide.

FIPS parameters

The FIPS parameters only have effect if you are using images from the Bitnami Secure Images catalog.

For more information on this new feature, please refer to the FIPS Compliance section.

Persistence

The Bitnami Redmine image stores the Redmine data and configurations at the /bitnami/redmine path of the container.

Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. The volume is created using dynamic volume provisioning. Clusters configured with NFS mounts require manually managed volumes and claims.

See the Parameters section to configure the PVC or to disable persistence.

Existing PersistentVolumeClaims

The following example includes two PVCs, one for Redmine and another for MariaDB.

  1. Create the PersistentVolume
  2. Create the PersistentVolumeClaim
  3. Create the directory, on a worker
  4. Install the chart
helm install test --set persistence.existingClaim=PVC_REDMINE,mariadb.persistence.existingClaim=PVC_MARIADB oci://REGISTRY_NAME/REPOSITORY_NAME/redmine

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

Parameters

The following subsections list global, common, and component-specific parameters.

Global parameters
NameDescriptionValue
global.imageRegistryGlobal Docker image registry""
global.imagePullSecretsGlobal Docker registry secret names as an array[]
global.defaultStorageClassGlobal default StorageClass for Persistent Volume(s)""
global.defaultFipsDefault value for the FIPS configuration (allowed values: '', restricted, relaxed, off). Can be overridden by the 'fips' objectrestricted
global.security.allowInsecureImagesAllows skipping image verificationfalse
global.compatibility.openshift.adaptSecurityContextAdapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)auto
Common parameters
NameDescriptionValue
kubeVersionOverride Kubernetes version""
nameOverrideString to partially override common.names.fullname""
fullnameOverrideString to fully override common.names.fullname""
commonLabelsLabels to add to all deployed objects{}
commonAnnotationsAnnotations to add to all deployed objects{}
clusterDomainDefault Kubernetes cluster domaincluster.local
extraDeployArray of extra objects to deploy with the release[]
usePasswordFilesMount credentials as files instead of using environment variablestrue
diagnosticMode.enabledEnable diagnostic mode (all probes will be disabled and the command will be overridden)false
diagnosticMode.commandCommand to override all containers in the the deployment["sleep"]
diagnosticMode.argsArgs to override all containers in the the deployment["infinity"]
Redmine Configuration parameters
NameDescriptionValue
image.registryRedmine image registryREGISTRY_NAME
image.repositoryRedmine image repositoryREPOSITORY_NAME/redmine
image.digestRedmine image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag""
image.pullPolicyRedmine image pull policyIfNotPresent
image.pullSecretsRedmine image pull secrets[]
image.debugEnable image debug modefalse
redmineUsernameRedmine usernameuser
redminePasswordRedmine user password""
redmineEmailRedmine user email[email protected]
redmineLanguageRedmine default data languageen
allowEmptyPasswordAllow the container to be started with blank passwordsfalse
smtpHostSMTP server host""
smtpPortSMTP server port""
smtpUserSMTP username""
smtpPasswordSMTP user password""
smtpProtocolSMTP protocol""
existingSecretName of existing secret containing Redmine credentials""
smtpExistingSecretThe name of an existing secret with SMTP credentials""
customPostInitScriptsCustom post-init.d user scripts{}
commandOverride default container command (useful when using custom images)[]
argsOverride default container args (useful when using custom images)[]
extraEnvVarsArray with extra environment variables to add to the Redmine container[]
extraEnvVarsCMName of existing ConfigMap containing extra env vars""
extraEnvVarsSecretName of existing Secret containing extra env vars""
Redmine deployment parameters

| Name | Description | Value | | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note: the README for this chart is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at https://techdocs.broadcom.com/us/en/vmware-tanzu/bitnami-secure-images/bitnami-secure-images/services/bsi-app-doc/apps-charts-redmine-index.html

Tag summary

Content type

Image

Digest

sha256:ae58c82a9

Size

7.8 kB

Last updated

11 months ago

docker pull bitnamicharts/redmine:sha256-7e07905339e40db43eec61e66bcc60a35df41bdb7a7f1ba90a649b324937b9b8

This week's pulls

Pulls:

2,357

Last week

Bitnami