Add PgSQL support

intuitem · Dec 25, 2024 · 93115ea · 93115ea
1 parent a5b1430
commit 93115ea
Show file tree

Hide file tree

Showing 4 changed files with 127 additions and 16 deletions.
diff --git a/charts/ciso-assistant-next/Chart.lock b/charts/ciso-assistant-next/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 16.3.4
+digest: sha256:55fdc174ee8e9fe9525c9ab609f172c60e3271df3e754b7f8b80f752172e183c
+generated: "2024-12-25T12:17:41.0140471+01:00"
diff --git a/charts/ciso-assistant-next/Chart.yaml b/charts/ciso-assistant-next/Chart.yaml
@@ -7,7 +7,8 @@ appVersion: "v1.9.3"
 icon: https://intuitem.com/ciso-assistant.svg
 sources:
   - https://github.com/intuitem/ciso-assistant-community
-#dependencies:
-#  - name: postgresql
-#    version: "16.3.3"
-#    repository: "oci://registry-1.docker.io/bitnamicharts"
+dependencies:
+  - name: postgresql
+    version: "16.3.4"
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+    condition: postgresql.enabled 
diff --git a/charts/ciso-assistant-next/templates/backend/deployment.yaml b/charts/ciso-assistant-next/templates/backend/deployment.yaml
@@ -33,6 +33,47 @@ spec:
           {{- with .Values.backend.env }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
+          {{- if and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled }}
+          - name: SQLITE_FILE
+            value: /ciso/db/ciso-assistant.sqlite3
+          {{- else if eq .Values.backend.config.databaseType "pgsql" }}
+          - name: DB_HOST
+            value: {{ template "ciso-assistant.fullname" . }}-postgresql
+          - name: DB_PORT
+            value: 5432
+          - name: POSTGRES_NAME
+            value: {{ .Values.postgresql.global.postgresql.auth.database | quote }}
+          - name: POSTGRES_USER
+            value: {{ .Values.postgresql.global.postgresql.auth.username }}
+          - name: POSTGRES_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                  name: {{ include "ciso-assistant.fullname" . }}-postgresql
+                  key: password
+          {{- else if eq .Values.backend.config.databaseType "externalPgsql" }}
+          - name: DB_HOST
+            value: {{ .Values.externalPgsql.host | quote }}
+          - name: DB_PORT
+            value: {{ .Values.externalPgsql.port | quote }}
+          - name: POSTGRES_NAME
+            value: {{ .Values.externalPgsql.database | quote }}
+          - name: POSTGRES_USER
+            value: {{ .Values.externalPgsql.user | quote }}
+          {{- if .Values.externalPgsql.existingSecret }}
+          - name: POSTGRES_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                  name: {{ .Values.externalPgsql.existingSecret }}
+                  key: password
+          {{- else }}
+          - name: POSTGRES_PASSWORD
+            value: {{ .Values.externalPgsql.password | quote }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.backend.persistence.localStorage.enabled }}
+          - name: LOCAL_STORAGE_DIRECTORY
+            value: /ciso/localStorage
+          {{- end }}
           - name: DJANGO_DEBUG
             value: {{ ternary "True" "False" .Values.backend.config.djangoDebug | quote }}
           - name: CISO_ASSISTANT_SUPERUSER_EMAIL
@@ -77,10 +118,16 @@ spec:
                 name: {{ include "ciso-assistant.fullname" . }}-backend
                 key: email-rescue-password
           {{- end }}
-        {{- if .Values.backend.persistence.enabled }}
+        {{- if or (and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled) .Values.backend.persistence.localStorage.enabled }}
         volumeMounts:
-        - name: backend-data
-          mountPath: /code/db
+        {{- if and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled }}
+        - name: sqlite-data
+          mountPath: /ciso/db
+        {{- end }}
+        {{- if .Values.backend.persistence.localStorage.enabled }}
+        - name: localstorage-data
+          mountPath: /ciso/localStorage
+        {{- end }}
         {{- end }}
         ports:
         - name: http
@@ -102,9 +149,16 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.backend.persistence.enabled }}
+      {{- if or (and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled) .Values.backend.persistence.localStorage.enabled }}
       volumes:
-      - name: backend-data
+      {{- if and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled }}
+      - name: sqlite-data
+        persistentVolumeClaim:
+          claimName: {{ include "ciso-assistant.fullname" . }}-sqlite
+      {{- end }}
+      {{- if .Values.backend.persistence.localStorage.enabled }}
+      - name: localstorage-data
         persistentVolumeClaim:
-          claimName: {{ include "ciso-assistant.fullname" . }}-backend
+          claimName: {{ include "ciso-assistant.fullname" . }}-localstorage
       {{- end }}
+      {{- end }}
diff --git a/charts/ciso-assistant-next/values.yaml b/charts/ciso-assistant-next/values.yaml
@@ -74,18 +74,26 @@ backend:
         password: "rescue_password_here"
         useTls: true
 
-    # -- Set the database type (sqlite or pgsql)
+    # -- Set the database type (sqlite, pgsql or externalPgsql)
+    ## Note : PostgreSQL database configuration at `postgresql` or `externalPgsql` section
     databaseType: sqlite
 
     # -- Enable Django debug mode
     djangoDebug: false
 
-  # -- Backend persistence configuration (used for sqlitedb and proofs storage)
+  # -- Backend persistence configuration (used for sqlitedb and local storage)
+  ## Note: SQLite PVC will not be created if `backend.config.databaseType` is not with `sqlite` value
   persistence:
-    enabled: true
-    size: 5Gi
-    storageClass: ""
-    accessMode: ReadWriteOnce
+    sqlite:
+      enabled: true
+      size: 5Gi
+      storageClass: ""
+      accessMode: ReadWriteOnce
+    localStorage:
+      enabled: true
+      size: 5Gi
+      storageClass: ""
+      accessMode: ReadWriteOnce
 
   ## Backend image
   image:
@@ -246,3 +254,45 @@ ingress:
     #   -----BEGIN CERTIFICATE-----
     #   ...
     #   -----END CERTIFICATE-----
+
+## Bundeled PostgreSQL database configuration (Bitnami chart)
+## Ref: https://artifacthub.io/packages/helm/bitnami/postgresql
+## Note: Don't enable if you use SQLite mode or external PgSQL database
+postgresql:
+  enabled: false
+  # -- Customize auth to create ciso-assistant user.
+  ## Can be used to define static passwords.
+  global:
+    postgresql:
+      auth:
+       # postgresPassword: ""
+        database: ciso-assistant
+        username: ciso-assistant
+       # password: ""
+  # -- PostgreSQL persistant volume size (default 8Gi).
+  primary:
+    persistence:
+      size: 5Gi
+
+## External PostgreSQL database configuration
+## Note: All of these values are only used when backend.config.databaseType is set to externalPgsql
+externalPgsql:
+  # -- Host of an external PostgreSQL instance to connect
+  ##
+  host: ""
+  # -- User of an external PostgreSQL instance to connect
+  ##
+  user: ciso-assistant
+  # -- Password of an external PostgreSQL instance to connect
+  ##
+  password: ""
+  # -- Secret containing the password of an external PostgreSQL instance to connect
+  ## Name of an existing secret resource containing the DB password in a 'password' key
+  ##
+  existingSecret: ""
+  # -- Database inside an external PostgreSQL to connect
+  ##
+  database: ciso-assistant
+  # -- Port of an external PostgreSQL to connect
+  ##
+  port: 5432