diff --git a/charts/ciso-assistant-next/Chart.lock b/charts/ciso-assistant-next/Chart.lock new file mode 100644 index 000000000..0ba08e089 --- /dev/null +++ b/charts/ciso-assistant-next/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.3.4 +digest: sha256:55fdc174ee8e9fe9525c9ab609f172c60e3271df3e754b7f8b80f752172e183c +generated: "2024-12-25T12:17:41.0140471+01:00" diff --git a/charts/ciso-assistant-next/Chart.yaml b/charts/ciso-assistant-next/Chart.yaml index 60f9ae9c6..ec39ace66 100644 --- a/charts/ciso-assistant-next/Chart.yaml +++ b/charts/ciso-assistant-next/Chart.yaml @@ -7,7 +7,8 @@ appVersion: "v1.9.3" icon: https://intuitem.com/ciso-assistant.svg sources: - https://github.com/intuitem/ciso-assistant-community -#dependencies: -# - name: postgresql -# version: "16.3.3" -# repository: "oci://registry-1.docker.io/bitnamicharts" +dependencies: + - name: postgresql + version: "16.3.4" + repository: "oci://registry-1.docker.io/bitnamicharts" + condition: postgresql.enabled diff --git a/charts/ciso-assistant-next/templates/backend/deployment.yaml b/charts/ciso-assistant-next/templates/backend/deployment.yaml index b0f67e020..5b60a63ec 100644 --- a/charts/ciso-assistant-next/templates/backend/deployment.yaml +++ b/charts/ciso-assistant-next/templates/backend/deployment.yaml @@ -33,6 +33,47 @@ spec: {{- with .Values.backend.env }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled }} + - name: SQLITE_FILE + value: /ciso/db/ciso-assistant.sqlite3 + {{- else if eq .Values.backend.config.databaseType "pgsql" }} + - name: DB_HOST + value: {{ template "ciso-assistant.fullname" . }}-postgresql + - name: DB_PORT + value: 5432 + - name: POSTGRES_NAME + value: {{ .Values.postgresql.global.postgresql.auth.database | quote }} + - name: POSTGRES_USER + value: {{ .Values.postgresql.global.postgresql.auth.username }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "ciso-assistant.fullname" . }}-postgresql + key: password + {{- else if eq .Values.backend.config.databaseType "externalPgsql" }} + - name: DB_HOST + value: {{ .Values.externalPgsql.host | quote }} + - name: DB_PORT + value: {{ .Values.externalPgsql.port | quote }} + - name: POSTGRES_NAME + value: {{ .Values.externalPgsql.database | quote }} + - name: POSTGRES_USER + value: {{ .Values.externalPgsql.user | quote }} + {{- if .Values.externalPgsql.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalPgsql.existingSecret }} + key: password + {{- else }} + - name: POSTGRES_PASSWORD + value: {{ .Values.externalPgsql.password | quote }} + {{- end }} + {{- end }} + {{- if .Values.backend.persistence.localStorage.enabled }} + - name: LOCAL_STORAGE_DIRECTORY + value: /ciso/localStorage + {{- end }} - name: DJANGO_DEBUG value: {{ ternary "True" "False" .Values.backend.config.djangoDebug | quote }} - name: CISO_ASSISTANT_SUPERUSER_EMAIL @@ -77,10 +118,16 @@ spec: name: {{ include "ciso-assistant.fullname" . }}-backend key: email-rescue-password {{- end }} - {{- if .Values.backend.persistence.enabled }} + {{- if or (and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled) .Values.backend.persistence.localStorage.enabled }} volumeMounts: - - name: backend-data - mountPath: /code/db + {{- if and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled }} + - name: sqlite-data + mountPath: /ciso/db + {{- end }} + {{- if .Values.backend.persistence.localStorage.enabled }} + - name: localstorage-data + mountPath: /ciso/localStorage + {{- end }} {{- end }} ports: - name: http @@ -102,9 +149,16 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.backend.persistence.enabled }} + {{- if or (and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled) .Values.backend.persistence.localStorage.enabled }} volumes: - - name: backend-data + {{- if and (eq .Values.backend.config.databaseType "sqlite") .Values.backend.persistence.sqlite.enabled }} + - name: sqlite-data + persistentVolumeClaim: + claimName: {{ include "ciso-assistant.fullname" . }}-sqlite + {{- end }} + {{- if .Values.backend.persistence.localStorage.enabled }} + - name: localstorage-data persistentVolumeClaim: - claimName: {{ include "ciso-assistant.fullname" . }}-backend + claimName: {{ include "ciso-assistant.fullname" . }}-localstorage {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/values.yaml b/charts/ciso-assistant-next/values.yaml index b3c1861f7..26a5b34c5 100644 --- a/charts/ciso-assistant-next/values.yaml +++ b/charts/ciso-assistant-next/values.yaml @@ -74,18 +74,26 @@ backend: password: "rescue_password_here" useTls: true - # -- Set the database type (sqlite or pgsql) + # -- Set the database type (sqlite, pgsql or externalPgsql) + ## Note : PostgreSQL database configuration at `postgresql` or `externalPgsql` section databaseType: sqlite # -- Enable Django debug mode djangoDebug: false - # -- Backend persistence configuration (used for sqlitedb and proofs storage) + # -- Backend persistence configuration (used for sqlitedb and local storage) + ## Note: SQLite PVC will not be created if `backend.config.databaseType` is not with `sqlite` value persistence: - enabled: true - size: 5Gi - storageClass: "" - accessMode: ReadWriteOnce + sqlite: + enabled: true + size: 5Gi + storageClass: "" + accessMode: ReadWriteOnce + localStorage: + enabled: true + size: 5Gi + storageClass: "" + accessMode: ReadWriteOnce ## Backend image image: @@ -246,3 +254,45 @@ ingress: # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- + +## Bundeled PostgreSQL database configuration (Bitnami chart) +## Ref: https://artifacthub.io/packages/helm/bitnami/postgresql +## Note: Don't enable if you use SQLite mode or external PgSQL database +postgresql: + enabled: false + # -- Customize auth to create ciso-assistant user. + ## Can be used to define static passwords. + global: + postgresql: + auth: + # postgresPassword: "" + database: ciso-assistant + username: ciso-assistant + # password: "" + # -- PostgreSQL persistant volume size (default 8Gi). + primary: + persistence: + size: 5Gi + +## External PostgreSQL database configuration +## Note: All of these values are only used when backend.config.databaseType is set to externalPgsql +externalPgsql: + # -- Host of an external PostgreSQL instance to connect + ## + host: "" + # -- User of an external PostgreSQL instance to connect + ## + user: ciso-assistant + # -- Password of an external PostgreSQL instance to connect + ## + password: "" + # -- Secret containing the password of an external PostgreSQL instance to connect + ## Name of an existing secret resource containing the DB password in a 'password' key + ## + existingSecret: "" + # -- Database inside an external PostgreSQL to connect + ## + database: ciso-assistant + # -- Port of an external PostgreSQL to connect + ## + port: 5432