Merge remote-tracking branch 'k8s-helmfile/um-adam'

+/Dockerfile
+.*.sw?
+/build.log

 .*.sw?
 .*.sw?
+/build.log
+charts/*/charts/*.tgz

+# syntax=docker/dockerfile:1.4
+# Builds a minimal docker image with openjdk and moqui with various volumes for configuration and persisted data outside the container
+# NOTE: add components, build and if needed load data before building a docker image with this
+ARG RUNTIME_IMAGE=eclipse-temurin:11-jdk
+FROM ${RUNTIME_IMAGE} AS moqui-base
+
+RUN true \
+	&& apt-get update \
+	&& apt-get install -y unzip less git \
+	&& apt-get clean && rm -rf /var/lib/apt/lists/* \
+	&& groupadd -g 1000 moqui \
+	&& useradd -u 1000 -g 1000 -G 0 -d /opt/moqui moqui \
+	&& mkdir /opt/moqui \
+	&& chown moqui:moqui /opt/moqui \
+	&& true
+
+FROM moqui-base AS moqui-jdbc-drivers
+
+RUN true \
+	&& apt-get update \
+	&& apt-get install -y libpostgresql-jdbc-java \
+	&& apt-get clean && rm -rf /var/lib/apt/lists/* \
+	&& true
+
+# build runs as root; attempting to chown all the copied-in files runs
+# *very* slow
+FROM moqui-base AS moqui-build
+
+WORKDIR /opt/moqui-build
+
+RUN ["mkdir", "/opt/moqui-scripts"]
+COPY --from=moqui-builder fix-git-submodules /opt/moqui-scripts/fix-git-submodules
+
+COPY ./ /opt/moqui-app/
+
+RUN ["/opt/moqui-scripts/fix-git-submodules", "-start", "/opt/moqui-app"]
+
+RUN true && set -x \
+	&& rm -rf /opt/moqui-build && ln -sf /opt/moqui-app/framework /opt/moqui-build \
+	&& rm -rf /opt/moqui-build/runtime && ln -sf /opt/moqui-app/runtime /opt/moqui-build/runtime \
+	&& rm -rf /opt/moqui-build/runtime/component && ln -sf /opt/moqui-app/component /opt/moqui-build/runtime/component \
+	&& true
+
+RUN ["./gradlew", "--no-daemon", "--info", "build", "addRuntime"]
+
+WORKDIR /opt/moqui
+USER moqui
+RUN ["unzip", "-o", "/opt/moqui-build/moqui-plus-runtime.war"]
+
+FROM moqui-base AS moqui-app
+MAINTAINER Moqui Framework <moqui@googlegroups.com>
+
+USER moqui
+WORKDIR /opt/moqui
+
+COPY --from=moqui-build /opt/moqui/ /opt/moqui/
+RUN ["ls", "-l", "/opt/moqui/"]
+
+# create user for search and chown corresponding files
+#ARG search_name=opensearch
+
+# This is a fix for previous installs, not needed for new setups.
+# upgrade fix #RUN if [ -d runtime/opensearch/bin ]; then echo "Installing OpenSearch User"; \
+# upgrade fix #      search_name=opensearch; \
+# upgrade fix #      groupadd -g 1000 opensearch && \
+# upgrade fix #      useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch && \
+# upgrade fix #      chmod 0775 /opt/moqui/runtime/opensearch && \
+# upgrade fix #      chown -R 1000:0 /opt/moqui/runtime/opensearch; \
+# upgrade fix #    elif [ -d runtime/elasticsearch/bin ]; then echo "Installing ElasticSearch User"; \
+# upgrade fix #      search_name=elasticsearch; \
+# upgrade fix #      groupadd -r elasticsearch && \
+# upgrade fix #      useradd --no-log-init -r -g elasticsearch -d /opt/moqui/runtime/elasticsearch elasticsearch && \
+# upgrade fix #      chown -R elasticsearch:elasticsearch runtime/elasticsearch; \
+# upgrade fix #    fi
+
+# exposed as volumes for configuration purposes
+RUN ["mkdir", "-p", "/opt/moqui/runtime/conf", "/opt/moqui/runtime/lib", "/opt/moqui/runtime/classes", "/opt/moqui/runtime/ecomponent"]
+VOLUME ["/opt/moqui/runtime/conf", "/opt/moqui/runtime/lib", "/opt/moqui/runtime/classes", "/opt/moqui/runtime/ecomponent"]
+# exposed as volumes to persist data outside the container, recommended
+RUN ["mkdir", "-p", "/opt/moqui/runtime/log", "/opt/moqui/runtime/txlog", "/opt/moqui/runtime/sessions", "/opt/moqui/runtime/db"]
+VOLUME ["/opt/moqui/runtime/log", "/opt/moqui/runtime/txlog", "/opt/moqui/runtime/sessions", "/opt/moqui/runtime/db"]
+
+# Main Servlet Container Port
+EXPOSE 8080
+# Not used for external search # # Search HTTP Port
+# Not used for external search # EXPOSE 9200
+# Not used for external search # # Search Cluster (TCP Transport) Port
+# Not used for external search # EXPOSE 9300
+# Hazelcast Cluster Port
+EXPOSE 5701
+
+# this is to run from the war file directly, preferred approach unzips war file in advance
+# ENTRYPOINT ["java", "-jar", "moqui.war"]
+ENTRYPOINT ["java", "-cp", ".", "MoquiStart"]
+
+HEALTHCHECK --interval=30s --timeout=600ms --start-period=120s CMD curl -f -H "X-Forwarded-Proto: https" -H "X-Forwarded-Ssl: on" http://localhost:8080/status || exit 1
+# specify this as a default parameter if none are specified with docker exec/run, ie run production by default
+CMD ["port=8080", "conf=conf/MoquiProductionConf.xml"]
+

+#!/bin/bash
+
+set -e
+
+TAG=test-latest
+APP=moqui-app
+PUSH_TO=docker://5.161.91.120:31234
+PREFIX=
+declare -a images=(moqui-jdbc-drivers moqui-app)
+
+TOP_DIR="$(cd "$(dirname "$0")"; pwd -P)"
+
+_build() {
+	for image in "${images[@]}"; do
+		docker buildx build --progress plain --build-context "moqui-builder=$TOP_DIR" -f "${TOP_DIR}/Dockerfile" --tag "${PREFIX}${image}:${TAG}" --target "${image}" "${APP}"
+	done
+}
+
+_push() {
+	for image in "${images[@]}"; do
+		echo "Pushing ${PREFIX}${image}:${TAG} to ${PUSH_TO}/${image}:${TAG}"
+		skopeo copy --dest-tls-verify=false "docker-daemon:${PREFIX}${image}:${TAG}" "${PUSH_TO}/${image}:${TAG}"
+	done
+}
+
+while [[ $# -gt 0 ]]; do
+	case "$1" in
+		(--app)
+			APP="$2"
+			shift 2
+			;;
+		(--prefix)
+			PREFIX="$2"
+			shift 2
+			;;
+		(--push-to)
+			PUSH_TO="$2"
+			shift 2
+			;;
+		(--tag)
+			TAG="$2"
+			shift 2
+			;;
+		(*)
+			break
+			;;
+	esac
+done
+case "$1" in
+	(build)
+		_build
+		;;
+	(push)
+		_push
+		;;
+	("")
+		_build
+		_push
+		;;
+esac
+

+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: moqui
+spec:
+  version: 8.2.3
+  nodeSets:
+  - name: default
+    count: 2
+    config:
+      node.store.allow_mmap: false
+---
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+  name: moqui
+spec:
+  version: 8.2.3
+  count: 1
+  elasticsearchRef:
+    name: moqui
+---
+

+#!/bin/sh
+set -ex
+
+elasticsearch_timeout=${elasticsearch_timeout:-3}
+
+check_es() {
+	status="$(curl -o /dev/null -w "%{http_code}" --max-time ${elasticsearch_timeout} -XGET -g -s -k -u "${elasticsearch_user}:${elasticsearch_password}" "${elasticsearch_url}")"
+	if [ "z$status" = z200 ]; then
+		return 0
+	fi
+	return 1
+}
+
+while ! check_es; do
+	echo "Waiting for Elasticsearch" 1>&2
+	sleep 1
+	count=5
+	while [ $count -gt 0 ] && ! check_es; do
+		count=$(($count - 1))
+		sleep 1
+	done
+done

+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./elasticsearch.yaml
+
+configMapGenerator:
+  - name: moqui-elasticsearch-scripts
+    files:
+      - ./es_isready
+    options:
+      disableNameSuffixHash: true
+

+dependencies:
+- name: opensearch
+  repository: https://opensearch-project.github.io/helm-charts/
+  version: 2.10.0
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.1.14
+digest: sha256:32398ca9a1a4833794b8e26cfdbcf4281951a0fc4caad9951a078bcd0d646b7a
+generated: "2023-02-08T12:41:35.591551351-06:00"

+apiVersion: v2
+name: moqui
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "latest"
+
+
+dependencies:
+  - name: opensearch
+    condition: opensearch.enabled
+    repository: https://opensearch-project.github.io/helm-charts/
+    version: "2.10.0"
+    import-values:
+      - child: .
+        parent: opensearch
+  - name: postgresql
+    condition: postgresql.enabled
+    repository: https://charts.bitnami.com/bitnami
+    version: "12.1.14"
+    import-values:
+      - child: .
+        parent: postgresql

+#!/bin/sh
+
+cp -a /usr/share/java/postgresql* /mnt/jdbc-drivers

+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./moqui.yaml
+
+configMapGenerator:
+  - name: moqui-scripts
+    files:
+      - ./copy-jdbc-drivers
+    options:
+      disableNameSuffixHash: true
+

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: moqui
+data:
+  instance_purpose: production
+  default_locale: en_US
+  default_time_zone: US/Central
+  database_time_zone: US/Central
+  entity_ds_db_conf: postgres
+  entity_ds_host: postgresql
+  entity_ds_port: "5432"
+  entity_ds_database: moqui
+  entity_ds_schema: public
+  _entity_add_missing_runtime: "true"
+  moqui_load_types: seed,seed-initial,install
+  moqui.conf: "conf/MoquiProductionConf.xml"
+  jetty_threads: "100"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: moqui
+stringData:
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: moqui-log
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: moqui-txlog
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: moqui-sessions
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: moqui
+spec:
+  type: ClusterIP
+  selector:
+    app: moqui-app
+  ports:
+    - name: http-moqui
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+    - name: http-hazelcast
+      protocol: TCP
+      port: 5701
+      targetPort: 5701
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: moqui-app
+  labels:
+    app: moqui-app
+spec:
+  selector:
+    matchLabels:
+      app: moqui-app
+  template:
+    metadata:
+      labels:
+        app: moqui-app
+    spec:
+      restartPolicy: Always
+      securityContext:
+        runAsUser: 0
+        runAsGroup: 0
+
+      volumes:
+        - name: log
+          persistentVolumeClaim:
+            claimName: moqui-log
+        - name: txlog
+          persistentVolumeClaim:
+            claimName: moqui-txlog
+        - name: txlog-init
+          emptyDir: {}
+        - name: sessions
+          persistentVolumeClaim:
+            claimName: moqui-sessions
+        - name: scripts
+          configMap:
+            name: moqui-scripts
+            defaultMode: 0755
+        - name: lib
+          emptyDir: {}
+
+      initContainers:
+        - name: copy-jdbc-drivers
+          image: moqui-jdbc-drivers:latest
+          imagePullPolicy: IfNotPresent
+          command: ["/scripts/copy-jdbc-drivers"]
+          volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+            - name: lib
+              mountPath: /mnt/jdbc-drivers
+
+        - name: load-moqui
+          image: moqui-app:latest
+          imagePullPolicy: IfNotPresent
+          args: ["load", "conf=$(moqui.conf)", "types=$(moqui_load_types)"]
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              memory: 1Gi
+          envFrom:
+            - configMapRef:
+                name: moqui
+            - secretRef:
+                name: moqui
+          env:
+            - name: entity_add_missing_runtime
+              value: "true"
+          volumeMounts:
+            - name: lib
+              mountPath: /opt/moqui/runtime/lib
+            - name: log
+              mountPath: /opt/moqui/runtime/log
+            - name: txlog-init
+              mountPath: /opt/moqui/runtime/txlog
+            - name: sessions
+              mountPath: /opt/moqui/runtime/sessions
+
+      containers:
+        - name: moqui
+          image: moqui-app:latest
+          imagePullPolicy: IfNotPresent
+          args: ["port=8080", "conf=$(moqui.conf)", "threads=$(jetty_threads)"]
+          resources:
+            limits:
+              memory: 1Gi
+            requests:
+              memory: 1Gi
+          envFrom:
+            - configMapRef:
+                name: moqui
+            - secretRef:
+                name: moqui
+          env:
+            - name: entity_add_missing_runtime
+              value: "false"
+          volumeMounts:
+            - name: lib
+              mountPath: /opt/moqui/runtime/lib
+            - name: log
+              mountPath: /opt/moqui/runtime/log
+            - name: txlog
+              mountPath: /opt/moqui/runtime/txlog
+            - name: sessions
+              mountPath: /opt/moqui/runtime/sessions
+

+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "moqui.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "moqui.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "moqui.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "moqui.labels" -}}
+helm.sh/chart: {{ include "moqui.chart" . }}
+{{ include "moqui.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "moqui.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "moqui.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "moqui.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "moqui.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "moqui.opensearch-url" -}}
+{{- if .Values.opensearch.enabled -}}
+"https://{{- include "opensearch.masterService" .Subcharts.opensearch }}:{{ .Values.opensearch.httpPort }}"
+{{- else }}
+{{- printf "%s" .Values.opensearch.url }}
+{{- end }}
+{{- end }}
+
+{{- define "moqui.image-helper" -}}
+image: "{{ if .registry }}{{ .registry }}/{{ end }}{{ .repository }}{{ if .tag }}:{{ .tag }}{{ end }}"
+imagePullPolicy: {{ .pullPolicy }}
+{{- end }}
+
+{{- define "moqui.entity_ds_host" -}}
+{{-   if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
+{{-     include "postgresql.primary.svc.headless" .Subcharts.postgresql }}
+{{-   else -}}
+{{      .Values.configMap.entity_ds_host }}
+{{-   end -}}
+{{- end }}
+
+{{- define "moqui.entity_ds_port" -}}
+{{-   if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
+{{-     include "postgresql.service.port" .Subcharts.postgresql }}
+{{-   else -}}
+{{      .Values.configMap.entity_ds_port }}
+{{-   end -}}
+{{- end }}
+
+{{- define "moqui.entity_ds_database" -}}
+{{-   if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
+{{-     include "postgresql.database" .Subcharts.postgresql }}
+{{-   else -}}
+{{      .Values.configMap.entity_ds_database }}
+{{-   end -}}
+{{- end }}
+
+{{- define "moqui.entity_ds_user" -}}
+{{-   if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
+{{-     include "postgresql.username" .Subcharts.postgresql }}
+{{-   else -}}
+{{      .Values.configMap.entity_ds_user }}
+{{-   end -}}
+{{- end }}
+
+{{- define "moqui.entity_ds_password.secret.name" -}}
+{{-   if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) -}}
+{{-     include "postgresql.secretName" .Subcharts.postgresql }}
+{{-   else -}}
+{{      include "moqui.fullname" . }}-dsauth
+{{-   end -}}
+{{- end }}
+
+{{- define "moqui.entity_ds_password.secret.key" -}}
+{{-   if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) -}}
+password
+{{-   else -}}
+entity_ds_password
+{{-   end -}}
+{{- end }}
+

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "moqui.fullname" . }}
+  labels:
+    {{- include "moqui.labels" . | nindent 4 }}
+data: {{ .Values.configMap | toYaml | nindent 2 }}
+

+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "moqui.fullname" . }}
+  labels: {{- include "moqui.labels" . | nindent 4 }}
+  annotations: {{ .Values.ingress.annotations | toYaml | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "moqui.fullname" $ }}
+                port:
+                  name: http-moqui
+    {{- end }}
+  {{- if .Values.ingress.tls.enabled }}
+  tls:
+    - hosts: {{ .Values.ingress.hosts | toYaml | nindent 8 }}
+      secretName: {{ .Values.ingress.tls.secretName }}
+  {{- end }}
+{{- end }}
+

+apiVersion: apps/v1
+kind: {{ .Values.kind }}
+metadata:
+  name: {{ include "moqui.fullname" . }}
+  labels:
+    {{- include "moqui.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  {{- if (eq "StatefulSet" .Values.kind) }}
+  serviceName: {{ include "moqui.fullname" . }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "moqui.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "moqui.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "moqui.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+        - name: runtime-lib
+          emptyDir: {}
+        - name: disable-elasticsearch
+          emptyDir: {}
+      initContainers:
+        {{- if (eq .Values.configMap.entity_ds_db_conf "postgres") }}
+        {{-   if .Values.postgresql.jdbcImage.enabled }}
+        - name: postgresql-copy-jdbc
+          {{ include "moqui.image-helper" .Values.postgresql.jdbcImage | nindent 10 }}
+          command:
+            - bash
+            - -cx
+            - cp -a /usr/share/java/*.jar /tmp/runtime-lib
+          volumeMounts:
+            - mountPath: /tmp/runtime-lib
+              name: runtime-lib
+
+        {{-   end }}
+        {{-   if (.Values.checkDsConnection.enabled) }}
+        - name: postgresql-check-connection
+          {{ include "moqui.image-helper" (coalesce .Values.postgresql.image .Values.checkImage) | nindent 10 }}
+          env:
+            - name: POSTGRES_HOST
+              value: {{ include "moqui.entity_ds_host" . }}
+            - name: POSTGRES_USER
+              value: {{ include "moqui.entity_ds_user" . }}
+            - name: POSTGRES_PORT
+              value: {{ include "moqui.entity_ds_port" . | quote }}
+          command:
+            - bash
+            - -cx
+            - |-
+              until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -p ${POSTGRES_PORT}; do
+                 sleep 5
+              done
+
+        {{-   end }}
+        {{- end }}
+
+          {{- define "moqui-container-pod" }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{ include "moqui.image-helper" .Values.image | nindent 10 }}
+          command: ["java", "-server", "-XX:-OmitStackTraceInFastThrow", "-cp", ".", "MoquiStart"]
+          envFrom:
+            - configMapRef:
+                name: {{ include "moqui.fullname" . }}
+            - secretRef:
+                name: {{ include "moqui.fullname" . }}-opensearch
+          env:
+            - name: entity_ds_db_conf
+              value: 'postgres'
+            - name: entity_ds_database
+              value: {{ include "moqui.entity_ds_database" . }}
+            - name: entity_ds_host
+              value: {{ include "moqui.entity_ds_host" . }}
+            - name: entity_ds_port
+              value: {{ include "moqui.entity_ds_port" . | quote }}
+            - name: entity_ds_user
+              value: {{ include "moqui.entity_ds_user" . }}
+            - name: entity_ds_password
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "moqui.entity_ds_password.secret.name" . }}
+                  key: {{ include "moqui.entity_ds_password.secret.key" . }}
+                  optional: false
+            - name: elasticsearch_url
+              value: {{ include "moqui.opensearch-url" . }}
+          volumeMounts:
+            - mountPath: /opt/moqui/runtime/lib
+              name: runtime-lib
+            - mountPath: /opt/moqui/runtime/elasticsearch
+              name: disable-elasticsearch
+          {{- end }}
+
+        - name: load
+          {{ include "moqui-container-pod" . }}
+          args: ["load"]
+
+      containers:
+        - name: {{ .Chart.Name }}
+          {{ include "moqui-container-pod" . }}
+          args: ["run"]
+
+          ports:
+            - name: http-moqui
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /status
+              port: http-moqui
+          readinessProbe:
+            httpGet:
+              path: /status
+              port: http-moqui
+          startupProbe:
+            httpGet:
+              path: /status
+              port: http-moqui
+            periodSeconds: 10
+            failureThreshold: 3
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      itolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+ 

+{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
+{{- else }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "moqui.fullname" . }}-dsauth
+  labels:
+    {{- include "moqui.labels" . | nindent 4 }}
+stringData:
+  entity_ds_password: {{ .Values.configMap.entity_ds_password }}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "moqui.fullname" . }}-opensearch
+  labels:
+    {{- include "moqui.labels" . | nindent 4 }}
+stringData:
+  elasticsearch_password: admin
+

+apiVersion: /v1
+kind: Service
+metadata:
+  name: {{ include "moqui.fullname" . }}
+  labels:
+    {{- include "moqui.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http-moqui
+      protocol: TCP
+      name: http-moqui
+  selector:
+    {{- include "moqui.selectorLabels" . | nindent 4 }}

+{{- if .Values.virtualService.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ include "moqui.fullname" . }}
+  labels:
+    {{- include "moqui.labels" . | nindent 4 }}
+spec:
+  gateways: {{ .Values.virtualService.gateways | toYaml | nindent 4 }}
+  hosts: {{ .Values.virtualService.hosts | toYaml | nindent 4 }}
+  http:
+    - match: {{ .Values.virtualService.match | toYaml | nindent 8 }}
+      route:
+        - destination:
+            port:
+              number: 8080
+            host: {{ include "moqui.fullname" . }}
+{{- end }}

+kind: Deployment
+
+imagePullSecrets: {}
+image:
+  pullPolicy: IfNotPresent
+  registry: docker.io
+  repository: moqui/moquidemo
+  tag: latest
+
+configMap:
+  entity_ds_db_conf: "postgres"
+  entity_ds_database: "moqui"
+  entity_ds_host: external-postgres
+  entity_ds_port: "5432"
+  entity_ds_user: "moqui"
+  entity_ds_password: "iuqom"
+  elasticsearch_user: "admin"
+
+checkDsConnection:
+  enabled: true
+
+postgresql:
+  enabled: true
+  auth:
+    database: moqui
+    username: moqui
+    password: iuqom
+  checkImage:
+    pullPolicy: IfNotPresent
+    registry: null
+    repository: null
+    tag: latest
+  jdbcImage:
+    enabled: false
+    pullPolicy: IfNotPresent
+    repository: null
+    tag: latest
+
+opensearch:
+  enabled: true
+  clusterName: foo-opensearch
+  url: "http://127.0.0.1:9200"
+  singleNode: true
+  masterService: ""
+
+service:
+  type: ClusterIP
+  port: 8080
+ingress:
+  enabled: false
+  annotations: {}
+  ingressClassName: ""
+  hosts:
+    - moqui.local
+  tls:
+    enabled: false
+    secretName: moqui-tls
+
+virtualService:
+  enabled: false
+  gateways:
+    - istio-system/ingress-gateway
+  hosts:
+    - moqui.local
+  match:
+    - uri:
+        prefix: "/"
+
+serviceAccount:
+  create: false
+  name: default
+podSecurityContext: {}
+securityContext: {}
+replicaCount: 1
+podAnnotations: {}
+resources: {}
+nodeSelector: {}
+affinity: {}
+tolerations: {}
+autoscaling:
+  enabled: false
+

+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./postgresql.yaml
+
+configMapGenerator:
+  - name: moqui-postgresql-scripts
+    files:
+      - ./pg_isready
+    options:
+      disableNameSuffixHash: true
+

+#!/bin/sh
+set -ex
+
+# POSTGRES_HOST
+# POSTGRES_USER
+# POSTGRES_DATABASE
+# PGPASSWORD
+
+check_pg() {
+	pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}"
+}
+
+check_auth() {
+	psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" "${POSTGRES_DATABASE}"
+}
+
+loop() {
+	checker="$1"
+	message="$2"
+	while ! $checker; do
+		echo "$message" 1>&2
+		sleep 1
+		count=5
+		while [ $count -gt 0 ] && ! $checker; do
+			count=$(($count - 1))
+			sleep 1
+		done
+	done
+}
+
+loop check_pg "Waiting for database to be up"
+loop check_auth "Waiting for user+password to be active"

+---
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: moqui-postgresql
+spec:
+  enableLogicalBackup: true
+  teamId: "moqui"
+  volume:
+    size: 1Gi
+  numberOfInstances: 2
+  users:
+    zalando:  # database owner
+      - superuser
+      - createdb
+    moqui:
+      - login
+  databases:
+    moqui: moqui
+  postgresql:
+    version: "14"
+---

+name: test
+namespace: default
+app:
+  resources:
+    limits:
+      memory: 1Gi
+    requests:
+      memory: 1Gi
+  images:
+    moqui-app:
+      name: localhost:31234/moqui-app:latest
+      pullPolicy: Always
+    moqui-jdbc-drivers:
+      name: localhost:31234/moqui-jdbc-drivers:latest
+      pullPolicy: Always
+storage:
+  log:
+    requests: 10Gi
+    storageClassName: null
+  txlog:
+    requests: 2Gi
+    storageClassName: null
+  sessions:
+    requests: 2Gi
+    storageClassName: null
+elasticsearch:
+  enabled: true
+  version: 8.2.3
+  count: 2
+  resources:
+    limits:
+      memory: 1.5Gi
+  env:
+    - name: ES_JAVA_OPTS
+      value: "-Xms1g -Xmx1g"
+  kibana:
+    count: 1
+    resources:
+      limits:
+        memory: 1Gi
+postgresql:
+  enabled: true
+  clone: {}
+  numberOfInstances: 2
+  volume:
+    size: 1Gi
+  version: "14"
+  images:
+    wait-for-pg:
+      name: registry.opensource.zalan.do/acid/spilo-14:2.1-p6
+      pullPolicy: IfNotPresent
+

+#!/bin/bash
+
+set -ex
+
+cmd="$1"
+shift
+case "$cmd" in
+	(-start)
+		dir="$1"
+		shift
+		find "$dir" -type f -name '.git' -exec "$0" -fix "$dir" '{}' \;
+		;;
+	(-fix)
+		dir="$1"
+		gitdir_link="$2"
+		gitdir_dir="$(dirname "$gitdir_link")"
+		read gitdir_token gitdir_location < "$gitdir_link"
+		case "$gitdir_location" in
+			(/*)
+				echo "Can't handle absolute gitdir location: $gitdir_location" 1>&2
+				exit 1
+				;;
+		esac
+		cd "$gitdir_dir"
+		pushd "$gitdir_location"
+		git config --unset core.worktree
+		popd
+		rm .git
+		mv "$gitdir_location" .git
+		;;
+esac
+

+environments:
+  {{ .Environment.Name }}:
+    missingFileHandler: Debug
+    values:
+      - environments/default-values.yaml
+      {{- if ne .Environment.Name "default" }}
+      - environments/{{ .Environment.Name }}-values.yaml
+      {{- end }}
+
+---
+releases:
+  - name: {{ .Values.name }}-moqui-elasticsearch
+    condition: elasticsearch.enabled
+    chart: charts/elasticsearch
+    namespace: {{ .Values.namespace }}
+    values:
+      - namePrefix: {{ .Values.name }}-
+    strategicMergePatches:
+      - apiVersion: elasticsearch.k8s.elastic.co/v1
+        kind: Elasticsearch
+        metadata:
+          name: {{ .Values.name }}-moqui
+          namespace: {{ .Values.namespace }}
+        spec:
+          version: {{ .Values.elasticsearch.version }}
+      - apiVersion: kibana.k8s.elastic.co/v1
+        kind: Kibana
+        metadata:
+          name: {{ .Values.name }}-moqui
+          namespace: {{ .Values.namespace }}
+        spec:
+          count: {{ .Values.elasticsearch.kibana.count }}
+          version: {{ .Values.elasticsearch.version }}
+          elasticsearchRef:
+            name: {{ .Values.name }}-moqui
+          podTemplate:
+            spec:
+              containers:
+                - name: kibana
+                  resources: {{ .Values.elasticsearch.kibana.resources | toYaml | nindent 20 }}
+    jsonPatches:
+      - target:
+          group: elasticsearch.k8s.elastic.co
+          version: v1
+          kind: Elasticsearch
+          name: {{ .Values.name }}-moqui
+          namespace: {{ .Values.namespace }}
+        patch:
+          - op: replace
+            path: /spec/nodeSets/0/count
+            value: {{ .Values.elasticsearch.count }}
+          - op: add
+            path: /spec/nodeSets/0/podTemplate
+            value:
+              spec:
+                containers:
+                  - name: elasticsearch
+                    resources: {{ .Values.elasticsearch.resources | toYaml | nindent 22 }}
+                    env: {{ .Values.elasticsearch.env | toYaml | nindent 22 }}
+
+  - name: {{ .Values.name }}-moqui-postgresql
+    condition: postgresql.enabled
+    chart: charts/postgresql
+    namespace: {{ .Values.namespace }}
+    values:
+      - namePrefix: {{ .Values.name }}-
+    strategicMergePatches:
+      - apiVersion: acid.zalan.do/v1
+        kind: postgresql
+        metadata:
+          name: {{ .Values.name }}-moqui-postgresql
+          namespace: {{ .Values.namespace }}
+        spec:
+          teamId: {{ .Values.name }}-moqui
+          volume:
+            size: {{ .Values.postgresql.volume.size | quote }}
+          postgresql:
+            version: {{ .Values.postgresql.version | quote }}
+          {{- if .Values | get "postgresql.clone.uid" nil }}
+          clone:
+            {{ merge .Values.postgresql.clone ( dict "cluster" ( print .Values.name "-moqui-postgresql" ) ) | toYaml | nindent 12 }}
+          {{- end }}
+
+  - name: {{ .Values.name }}-moqui-app
+    chart: charts/moqui
+    namespace: {{ .Values.namespace }}
+    values:
+      - namePrefix: {{ .Values.name }}-
+    jsonPatches:
+      - target:
+          group: apps
+          version: v1
+          kind: Deployment
+          name: {{ .Values.name }}-moqui-app
+          namespace: {{ .Values.namespace }}
+        patch:
+          {{- if .Values.postgresql.enabled }}
+          - op: add
+            path: /spec/template/spec/volumes/-
+            value:
+              name: postgresql-scripts
+              configMap:
+                name: {{ .Values.name }}-moqui-postgresql-scripts
+                defaultMode: 0755
+          - op: add
+            path: /spec/template/spec/initContainers/0
+            value:
+              name: wait-for-pg
+              image: {{ .Values.postgresql.images | get "wait-for-pg.name" }}
+              imagePullPolicy: {{ .Values.postgresql.images | get "wait-for-pg.pullPolicy" }}
+              command: ["/postgresql-scripts/pg_isready"]
+              volumeMounts:
+                - name: postgresql-scripts
+                  mountPath: /postgresql-scripts
+              env:
+                - name: POSTGRES_DATABASE
+                  value: moqui
+                - name: POSTGRES_HOST
+                  value: {{ .Values.name }}-moqui-postgresql
+                - name: POSTGRES_USER
+                  valueFrom:
+                    secretKeyRef:
+                      name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
+                      key: username
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
+                      key: password
+          {{- end }}
+          {{- if .Values.elasticsearch.enabled }}
+          - op: add
+            path: /spec/template/spec/volumes/-
+            value:
+              name: elasticsearch-scripts
+              configMap:
+                name: {{ .Values.name }}-moqui-elasticsearch-scripts
+                defaultMode: 0755
+          - op: add
+            path: /spec/template/spec/initContainers/0
+            value:
+              name: wait-for-elasticsearch
+              image: {{ .Values.app.images | get "moqui-app.name" }}
+              imagePullPolicy: {{ .Values.app.images | get "moqui-app.pullPolicy" }}
+              command: ["/elasticsearch-scripts/es_isready"]
+              volumeMounts:
+                - name: elasticsearch-scripts
+                  mountPath: /elasticsearch-scripts
+              env:
+                - name: elasticsearch_url
+                  value: https://{{ .Values.name }}-moqui-es-http:9200
+                - name: elasticsearch_user
+                  value: elastic
+                - name: elasticsearch_password
+                  valueFrom:
+                    secretKeyRef:
+                      name: {{ .Values.name }}-moqui-es-elastic-user
+                      key: elastic
+          {{- end }}
+
+    strategicMergePatches:
+      - apiVersion: v1
+        kind: PersistentVolumeClaim
+        metadata:
+          name: {{ .Values.name }}-moqui-log
+          namespace: {{ .Values.namespace }}
+        spec:
+          resources:
+            requests:
+              storage: {{ .Values.storage.log.requests }}
+          {{- if .Values.storage.log.storageClassName }}
+          storageClassName: {{ .Values.storage.log.storageClassName }}
+          {{- end }}
+      - apiVersion: v1
+        kind: PersistentVolumeClaim
+        metadata:
+          name: {{ .Values.name }}-moqui-txlog
+          namespace: {{ .Values.namespace }}
+        spec:
+          resources:
+            requests:
+              storage: {{ .Values.storage.txlog.requests }}
+          {{- if .Values.storage.txlog.storageClassName }}
+          storageClassName: {{ .Values.storage.txlog.storageClassName }}
+          {{- end }}
+      - apiVersion: v1
+        kind: PersistentVolumeClaim
+        metadata:
+          name: {{ .Values.name }}-moqui-sessions
+          namespace: {{ .Values.namespace }}
+        spec:
+          resources:
+            requests:
+              storage: {{ .Values.storage.sessions.requests }}
+          {{- if .Values.storage.sessions.storageClassName }}
+          storageClassName: {{ .Values.storage.sessions.storageClassName }}
+          {{- end }}
+      - apiVersion: v1
+        kind: Service
+        metadata:
+          name: {{ .Values.name }}-moqui
+          namespace: {{ .Values.namespace }}
+        spec:
+          selector:
+            app: {{ .Values.name }}-moqui-app
+      - apiVersion: apps/v1
+        kind: Deployment
+        metadata:
+          name: {{ .Values.name }}-moqui-app
+          namespace: {{ .Values.namespace }}
+          labels:
+            app: {{ .Values.name }}-moqui-app
+        spec:
+          selector:
+            matchLabels:
+              app: {{ .Values.name }}-moqui-app
+          template:
+            metadata:
+              labels:
+                app: {{ .Values.name }}-moqui-app
+            spec:
+              restartPolicy: Always
+              securityContext:
+                runAsUser: 0
+                runAsGroup: 0
+
+              initContainers:
+                - name: copy-jdbc-drivers
+                  image: {{ .Values.app.images | get "moqui-jdbc-drivers.name" }}
+                  imagePullPolicy: {{ .Values.app.images | get "moqui-jdbc-drivers.pullPolicy" }}
+
+                - name: load-moqui
+                  image: {{ .Values.app.images | get "moqui-app.name" }}
+                  imagePullPolicy: {{ .Values.app.images | get "moqui-app.pullPolicy" }}
+                  env:
+                  {{- block "moquideps" . }}
+                    {{- if .Values.elasticsearch.enabled }}
+                    - name: kibana_host
+                      value: {{ .Values.name }}-moqui-kb-http
+                    - name: elasticsearch_url
+                      value: https://{{ .Values.name }}-moqui-es-http:9200
+                    - name: elasticsearch_user
+                      value: elastic
+                    - name: elasticsearch_password
+                      valueFrom:
+                        secretKeyRef:
+                          name: {{ .Values.name }}-moqui-es-elastic-user
+                          key: elastic
+                    {{- end }}
+                    {{- if .Values.postgresql.enabled }}
+                    - name: entity_ds_db_conf
+                      value: postgres
+                    - name: entity_ds_host
+                      value: {{ .Values.name }}-moqui-postgresql
+                    - name: entity_ds_port
+                      value: "5432"
+                    - name: entity_ds_user
+                      valueFrom:
+                        secretKeyRef:
+                          name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
+                          key: username
+                    - name: entity_ds_password
+                      valueFrom:
+                        secretKeyRef:
+                          name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
+                          key: password
+                    - name: entity_ds_database
+                      value: moqui
+                    - name: entity_ds_schema
+                      value: public
+                    {{- end }}
+                  {{- end }}
+
+              containers:
+                - name: moqui
+                  image: {{ .Values.app.images | get "moqui-app.name" }}
+                  imagePullPolicy: {{ .Values.app.images | get "moqui-app.pullPolicy" }}
+                  resources: {{ .Values.app.resources | toYaml | nindent 20 }}
+                  env:
+                  {{- template "moquideps" . }}
+
+