diff --git a/.github/workflows/daily-release.yml b/.github/workflows/daily-release.yml index 586ecb87..fa17d57c 100644 --- a/.github/workflows/daily-release.yml +++ b/.github/workflows/daily-release.yml @@ -28,6 +28,7 @@ jobs: - proximity-cli - transcript - use + - jq steps: - name: release images with tags uses: exivity/actions/retag-image@main diff --git a/.github/workflows/image-release.yml b/.github/workflows/image-release.yml index bf79a0cb..5bdd2000 100644 --- a/.github/workflows/image-release.yml +++ b/.github/workflows/image-release.yml @@ -29,6 +29,7 @@ jobs: - proximity-cli - transcript - use + - jq steps: - name: release images with tags uses: exivity/actions/retag-image@main diff --git a/charts/exivity/templates/_config.tpl b/charts/exivity/templates/_config.tpl index d0d02f51..c41b60e8 100644 --- a/charts/exivity/templates/_config.tpl +++ b/charts/exivity/templates/_config.tpl @@ -26,8 +26,8 @@ data: "port": {{ $.Values.postgresql.port | default 5432 }}, "sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }}, "dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }}, - "user": {{ $.Values.postgresql.global.postgresql.auth.username | quote }}, - "password": {{ $.Values.postgresql.global.postgresql.auth.password | quote }}, + "user": "{{ "{{" }}DB_USER{{ "}}" }}", + "password": "{{ "{{" }}DB_PASSWORD{{ "}}" }}", "connect_timeout": 10 } }, @@ -39,8 +39,8 @@ data: "secure": {{ $.Values.rabbitmq.secure | default false }} } ], - "user": {{ $.Values.rabbitmq.auth.username | quote }}, - "password": {{ $.Values.rabbitmq.auth.password | quote }}, + "user": "{{ "{{" }}MQ_USER{{ "}}" }}", + "password": "{{ "{{" }}MQ_PASSWORD{{ "}}" }}", "vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }}, "redialPeriod": 5 }, diff --git a/charts/exivity/templates/_init_config_injector.tpl b/charts/exivity/templates/_init_config_injector.tpl new file mode 100644 index 00000000..b0e81c09 --- /dev/null +++ b/charts/exivity/templates/_init_config_injector.tpl @@ -0,0 +1,80 @@ +{{/* +Simple init container that injects secrets into config.json +Replaces placeholders {{DB_USER}}, {{DB_PASSWORD}}, {{MQ_USER}}, {{MQ_PASSWORD}} +Can be used by all deployments +*/}} +{{- define "exivity.initConfigInjector" }} +- name: inject-secrets + image: {{ include "exivity.image" (set $ "name" "configGenerator") }} + imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy | default .Values.service.pullPolicy | default "IfNotPresent" }} + command: ["/bin/sh", "-c"] + args: + - | + set -e + echo "Injecting secrets into config.json..." + + jq --arg db_user "$DB_USER" \ + --arg db_password "$DB_PASSWORD" \ + --arg mq_user "$MQ_USER" \ + --arg mq_password "$MQ_PASSWORD" \ + '.db.parameters.user = $db_user | + .db.parameters.password = $db_password | + .mq.user = $mq_user | + .mq.password = $mq_password' \ + /config-template/config.json > /config/config.json + + echo "Config generated successfully" + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-rabbitmq-secret + key: RABBITMQ_PASSWORD + volumeMounts: + - name: config-template + mountPath: /config-template + readOnly: true + - name: config-generated + mountPath: /config +{{- end }} + +{{/* +Volume for the config template (ConfigMap with placeholders) +*/}} +{{- define "exivity.configTemplateVolume" }} +- name: config-template + configMap: + name: {{ .configMapName }} +{{- end }} + +{{/* +Volume for the generated config (emptyDir) +*/}} +{{- define "exivity.configGeneratedVolume" }} +- name: config-generated + emptyDir: {} +{{- end }} + +{{/* +Volume mount for the generated config.json +*/}} +{{- define "exivity.configVolumeMount" }} +- name: config-generated + mountPath: /exivity/home/system/config.json + subPath: config.json +{{- end }} diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index a178c25c..01b25c3c 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -13,18 +13,19 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: chronos {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "chronos") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-chronos-config @@ -32,7 +33,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-chronos-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: chronos image: {{ include "exivity.image" (set $ "name" "chronos") }} @@ -47,11 +50,10 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/chronos - {{- include "exivity.probes" $ | indent 10}} + {{- include "exivity.probes" $ | nindent 10 }} {{- with .Values.service.pullSecrets }} imagePullSecrets: {{- range $name := .}} diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index bbe0927c..b97b6757 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -15,14 +15,39 @@ spec: ttlSecondsAfterFinished: 300 template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: dummy-data {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "dummyData") | indent 8 }} + volumes: + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: preset-file + configMap: + name: {{ include "exivity.fullname" $ -}}-dummy-data-preset + - name: config + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-etl-config + - name: import + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-import + - name: report + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-report + - name: exported + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-exported + - name: extracted + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-extracted + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} containers: - name: dummy-data image: {{ include "exivity.image" (set $ "name" "dummyData") }} @@ -39,8 +64,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted @@ -51,28 +75,6 @@ spec: mountPath: /exivity/home/system/report - name: preset-file mountPath: /exivity/home/system/preset - volumes: - - name: preset-file - configMap: - name: {{ include "exivity.fullname" $ -}}-dummy-data-preset - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared - - name: config - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-etl-config - - name: import - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-import - - name: report - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-report - - name: exported - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-exported - - name: extracted - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-extracted restartPolicy: Never {{- with .Values.service.pullSecrets }} imagePullSecrets: diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 70a1cdea..05e72cce 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -17,22 +17,23 @@ spec: app.kubernetes.io/component: edify {{- include "exivity.labels" $ | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }} volumes: - - name: config-file - projected: - sources: - - configMap: - name: {{ include "exivity.fullname" $ -}}-config-edify - - configMap: - name: {{ include "exivity.fullname" $ -}}-licence-pub - - secret: - name: {{ include "exivity.fullname" $ -}}-licence-key + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-edify" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: licence-pub + configMap: + name: {{ include "exivity.fullname" $ -}}-licence-pub + - name: licence-key + secret: + secretName: {{ include "exivity.fullname" $ -}}-licence-key - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -46,7 +47,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} containers: - name: edify image: {{ include "exivity.image" (set $ "name" "edify") }} @@ -65,8 +68,13 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} + - name: licence-pub + mountPath: /exivity/home/system/license.pub + subPath: license.pub + - name: licence-key + mountPath: /exivity/home/system/license.key + subPath: license.key - name: extracted mountPath: /exivity/home/system/extracted - name: log diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 36a70f32..8120c306 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -13,15 +13,19 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: executor {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "executor") | indent 8 }} volumes: + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-executor" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config-file configMap: name: {{ include "exivity.fullname" $ -}}-config-executor @@ -44,7 +48,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-executor-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} containers: - name: executor image: {{ include "exivity.image" (set $ "name" "executor") }} @@ -59,8 +65,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted @@ -84,4 +89,4 @@ spec: {{- include "exivity.tolerations" (dict "Values" .Values "component" .Values.service.executor) | nindent 6 }} {{- include "exivity.nodeSelector" (dict "Values" .Values "component" .Values.service.executor) | nindent 6 }} affinity: - {{- include "exivity.nodeAffinity" (dict "Values" .Values "component" .Values.service.executor) | nindent 8 }} \ No newline at end of file + {{- include "exivity.nodeAffinity" (dict "Values" .Values "component" .Values.service.executor) | nindent 8 }} diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index 86c5158b..19e2b215 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -13,18 +13,19 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: griffon {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "griffon") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-config @@ -32,7 +33,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: griffon image: {{ include "exivity.image" (set $ "name" "griffon") }} @@ -45,10 +48,9 @@ spec: - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" volumeMounts: - - name: config-file - mountPath: /exivity/home/system - name: config mountPath: /exivity/home/system/config + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/griffon {{- include "exivity.probes" $ | indent 10}} diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index b9828dea..c8dd74f0 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -13,23 +13,26 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-horizon: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: horizon {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-horizon: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "horizon") | indent 8 }} volumes: - - name: config - configMap: - name: {{ include "exivity.fullname" $ -}}-config-horizon + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-horizon" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-horizon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 8 }} containers: - name: horizon image: {{ include "exivity.image" (set $ "name" "horizon") }} @@ -42,8 +45,7 @@ spec: - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" volumeMounts: - - name: config - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/horizon - name: log diff --git a/charts/exivity/templates/pigeon/configmap.yaml b/charts/exivity/templates/pigeon/configmap.yaml index a8679bf3..1f711f5b 100644 --- a/charts/exivity/templates/pigeon/configmap.yaml +++ b/charts/exivity/templates/pigeon/configmap.yaml @@ -17,8 +17,8 @@ data: "port": {{ $.Values.postgresql.port | default 5432 }}, "sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }}, "dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }}, - "user": {{ $.Values.postgresql.global.postgresql.auth.username | quote }}, - "password": {{ $.Values.postgresql.global.postgresql.auth.password | quote }}, + "user": "{{ "{{" }}DB_USER{{ "}}" }}", + "password": "{{ "{{" }}DB_PASSWORD{{ "}}" }}", "connect_timeout": 10 } }, @@ -30,8 +30,8 @@ data: "secure": {{ $.Values.rabbitmq.secure | default false }} } ], - "user": {{ $.Values.rabbitmq.auth.username | quote }}, - "password": {{ $.Values.rabbitmq.auth.password | quote }}, + "user": "{{ "{{" }}MQ_USER{{ "}}" }}", + "password": "{{ "{{" }}MQ_PASSWORD{{ "}}" }}", "vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }}, "redialPeriod": 5 }, diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index dfce5989..db2c071a 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -13,18 +13,19 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-pigeon: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: pigeon {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-pigeon: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "pigeon") | indent 8 }} volumes: - - name: config - configMap: - name: {{ include "exivity.fullname" $ -}}-config-pigeon + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-pigeon" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-pigeon-log @@ -38,7 +39,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 8 }} containers: - name: pigeon image: {{ include "exivity.image" (set $ "name" "pigeon") }} @@ -46,8 +49,7 @@ spec: resources: {{- toYaml .Values.service.pigeon.resources | nindent 12 }} volumeMounts: - - name: config - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/pigeon - name: log diff --git a/charts/exivity/templates/postgres-secret.yaml b/charts/exivity/templates/postgres-secret.yaml index 7ea09359..9bb196ec 100644 --- a/charts/exivity/templates/postgres-secret.yaml +++ b/charts/exivity/templates/postgres-secret.yaml @@ -7,4 +7,5 @@ metadata: {{- include "exivity.labels" . | nindent 4 }} type: Opaque data: + POSTGRES_USER: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }} POSTGRES_PASSWORD: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }} diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 732133b1..3ba4c87d 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -23,6 +23,8 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-lock: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-proximity-api-env: {{ include (print $.Template.BasePath "/proximity/api.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} {{- if .Values.ldap.tlsCacert }} checksum/{{- include "exivity.fullname" $ -}}-ldap-tls-cert: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} {{- end }} @@ -30,15 +32,14 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityApi") | indent 8 }} volumes: - - name: projected - projected: - sources: - - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared - - configMap: - name: {{ include "exivity.fullname" $ -}}-licence-pub - - secret: - name: {{ include "exivity.fullname" $ -}}-licence-key + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: licence-pub + configMap: + name: {{ include "exivity.fullname" $ -}}-licence-pub + - name: licence-key + secret: + secretName: {{ include "exivity.fullname" $ -}}-licence-key - name: exivity-lock configMap: name: {{ include "exivity.fullname" $ -}}-lock @@ -88,7 +89,9 @@ spec: defaultMode: 0444 {{- end }} {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 8 }} containers: - name: proximity-api image: {{ include "exivity.image" (set $ "name" "proximityApi") }} @@ -102,8 +105,13 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: projected - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} + - name: licence-pub + mountPath: /exivity/home/system/license.pub + subPath: license.pub + - name: licence-key + mountPath: /exivity/home/system/license.key + subPath: license.key - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index cf054985..d403178d 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -17,14 +17,18 @@ spec: app.kubernetes.io/component: proximity-cli {{- include "exivity.labels" $ | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-proximity-cli: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-proximity-cli-env: {{ include (print $.Template.BasePath "/proximity/cli.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-config-logfiles: {{ include (print $.Template.BasePath "/logfiles-configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-proximity-cli: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityCli") | indent 8 }} volumes: + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-proximity-cli" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config-file configMap: name: {{ include "exivity.fullname" $ -}}-config-proximity-cli @@ -47,7 +51,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-exported {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 8 }} containers: - name: proximity-cli image: {{ include "exivity.image" (set $ "name" "proximityCli") }} @@ -57,8 +63,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/system/exported - name: extracted diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index 8cacf7d7..16cf9c26 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -18,19 +18,20 @@ spec: app.kubernetes.io/component: proximity-migration {{- include "exivity.labels" . | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityMigrate") | indent 8 }} volumes: - - name: config-shared - configMap: - name: {{ include "exivity.fullname" . }}-config-shared - readOnly: true + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} containers: - name: proximity-migration image: {{ include "exivity.image" (set $ "name" "proximityMigrate") }} @@ -38,10 +39,9 @@ spec: resources: {{- toYaml .Values.service.proximityMigrate.resources | nindent 12 }} volumeMounts: - - name: config-shared - mountPath: /exivity/home/system - name: config mountPath: /exivity/home/system/config + {{- include "exivity.configVolumeMount" . | nindent 12 }} command: [php] args: - /app/artisan diff --git a/charts/exivity/templates/rabbitmq-secret.yaml b/charts/exivity/templates/rabbitmq-secret.yaml new file mode 100644 index 00000000..08f6a804 --- /dev/null +++ b/charts/exivity/templates/rabbitmq-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "exivity.fullname" . }}-rabbitmq-secret + labels: + app.kubernetes.io/component: rabbitmq-secret + {{- include "exivity.labels" . | nindent 4 }} +type: Opaque +data: + RABBITMQ_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} + RABBITMQ_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} diff --git a/charts/exivity/templates/secret.yaml b/charts/exivity/templates/secret.yaml index ee879f8f..304dfd5f 100644 --- a/charts/exivity/templates/secret.yaml +++ b/charts/exivity/templates/secret.yaml @@ -28,3 +28,4 @@ data: {{- else }} EXIVITY_JWT_SECRET: {{ randAlphaNum 32 | b64enc }} {{- end }} + \ No newline at end of file diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 2941f5bd..e30e49c8 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -13,15 +13,19 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-transcript: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: transcript {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-transcript: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "transcript") | indent 8 }} volumes: + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-transcript" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config-file configMap: name: {{ include "exivity.fullname" $ -}}-config-transcript @@ -44,7 +48,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} containers: - name: transcript image: {{ include "exivity.image" (set $ "name" "transcript") }} @@ -54,8 +60,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index b36a7c7b..1239a394 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -13,15 +13,19 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-use: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: use {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-use: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "use") | indent 8 }} volumes: + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-use" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config-file configMap: name: {{ include "exivity.fullname" $ -}}-config-use @@ -49,7 +53,8 @@ spec: secretName: {{ include "exivity.fullname" $ -}}-use-certificates {{- end }} initContainers: - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} {{- if gt (len (default "" .Values.service.use.caCertificates)) 0 }} - name: install-ca-cert image: {{ include "exivity.image" (set $ "name" "use") }} @@ -76,8 +81,7 @@ spec: resources: {{- toYaml .Values.service.use.resources | nindent 12 }} volumeMounts: - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: etl-config mountPath: /exivity/home/system/config - name: exported diff --git a/charts/exivity/values.schema.json b/charts/exivity/values.schema.json index dc0972be..d3601e0c 100644 --- a/charts/exivity/values.schema.json +++ b/charts/exivity/values.schema.json @@ -320,9 +320,9 @@ }, "sslmode": { "type": "string", - "default": "", + "default": "disable", "title": "The sslmode Schema", - "examples": [""] + "examples": ["disable"] } }, "examples": [ @@ -423,9 +423,9 @@ }, "vhost": { "type": "string", - "default": "", + "default": "/", "title": "The vhost Schema", - "examples": [""] + "examples": ["/"] }, "secure": { "type": "boolean", @@ -535,6 +535,7 @@ "tag", "pullPolicy", "pullSecrets", + "configGenerator", "glass", "proximityApi", "proximityMigrate", @@ -576,6 +577,46 @@ "items": {}, "examples": [[]] }, + "configGenerator": { + "type": "object", + "default": {}, + "title": "The configGenerator Schema", + "required": ["registry", "repository", "tag", "pullPolicy"], + "properties": { + "registry": { + "type": "string", + "default": "", + "title": "The registry Schema", + "examples": ["docker.io"] + }, + "repository": { + "type": "string", + "default": "exivity/jq", + "title": "The repository Schema", + "examples": ["exivity/jq"] + }, + "tag": { + "type": "string", + "default": "", + "title": "The tag Schema", + "examples": ["3.7.0"] + }, + "pullPolicy": { + "type": "string", + "default": "", + "title": "The pullPolicy Schema", + "examples": ["IfNotPresent", "Always", "Never"] + } + }, + "examples": [ + { + "registry": "ghcr.io", + "repository": "exivity/jq", + "tag": "sha-9d8fe68", + "pullPolicy": "IfNotPresent" + } + ] + }, "glass": { "type": "object", "default": {}, diff --git a/charts/exivity/values.yaml b/charts/exivity/values.yaml index 6d300747..ecb72c53 100644 --- a/charts/exivity/values.yaml +++ b/charts/exivity/values.yaml @@ -23,7 +23,8 @@ ingress: # Example values: '10.0.0.1', '10.244.0.0/16', '127.0.0.1, 10.244.0.0/16', or '*'. trustedProxy: "" - annotations: {} + annotations: + {} # Example annotations for ingress behavior: # kubernetes.io/ingress.allow-http: "false" # nginx.ingress.kubernetes.io/ssl-redirect: "true" @@ -127,7 +128,7 @@ postgresql: # Configuration for using an external PostgreSQL database. host: "" # Hostname of the external database server, if applicable. port: 5432 # Port number on which the external database server is accessible. - sslmode: "" # SSL mode for database connection: 'disable', 'require', 'verify-ca', or 'verify-full'. + sslmode: "disable" # SSL mode for database connection: 'disable', 'require', 'verify-ca', or 'verify-full'. # Example of customizing the embedded Bitnami PostgreSQL chart for larger deployments. # For more options and details, refer to the Bitnami PostgreSQL Helm chart: https://bitnami.com/stack/postgresql/helm @@ -165,7 +166,7 @@ rabbitmq: # Configuration for using an external RabbitMQ server. host: "" # Hostname of the external RabbitMQ server, if applicable. port: 5672 # Port number on which the external RabbitMQ server is accessible. - vhost: "" # Virtual host for RabbitMQ, if applicable. + vhost: "/" # Virtual host for RabbitMQ, if applicable. secure: false # Indicates if the connection to RabbitMQ should be secured (true/false). Set to true to enable TLS for RabbitMQ communication. global: @@ -208,6 +209,13 @@ service: # # Replace with the base64-encoded JSON string that contains the registry authentication information. + # Configuration for the init container that generates config.json files + configGenerator: + registry: "" + repository: exivity/jq + tag: "" + pullPolicy: "" + # Configuration for the 'glass' service, Exivity's front-end component. glass: registry: "" @@ -607,7 +615,8 @@ service: # CA certificates configuration section. Add CA certificates that your service uses here. # Each certificate should be listed as a key-value pair, where the key is a unique identifier. - caCertificates: {} + caCertificates: + {} # Example placeholders for CA certificates. Replace with your actual certificate data. # rootCA.pem: | # -----BEGIN CERTIFICATE-----