From 3efe1b53ccb876e5ce178b90dd50228ff89e0b69 Mon Sep 17 00:00:00 2001
From: wkoot <3715211+wkoot@users.noreply.github.com>
Date: Tue, 30 Apr 2024 23:13:15 +0200
Subject: [PATCH] WIP

---
 docs/src/deployment.md         | 19 ++++++++++++++++++-
 helm/Chart.yaml                |  2 +-
 helm/templates/api_server.yaml | 18 +++++++-----------
 helm/templates/collector.yaml  |  4 ++--
 helm/templates/frontend.yaml   |  2 --
 helm/templates/notifier.yaml   |  4 ++--
 helm/templates/shared.yaml     | 13 -------------
 helm/templates/www.yaml        | 14 ++++++++------
 helm/values.yaml               | 12 ++++++------
 9 files changed, 44 insertions(+), 44 deletions(-)
 delete mode 100644 helm/templates/shared.yaml

diff --git a/docs/src/deployment.md b/docs/src/deployment.md
index fc706325b0..159297b905 100644
--- a/docs/src/deployment.md
+++ b/docs/src/deployment.md
@@ -23,6 +23,12 @@ To deploy *Quality-time* locally, follow these steps:
 By default, the application listens on port 80. To change this, set the `PROXY_PORT` environment variable to a different port before starting the application. For example: `export PROXY_PORT=1080`.
 ```
 
+## Kubernetes
+
+The helm chart for deploying on Kubernetes does not support overriding port numbers.
+Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port.
+Instead, only the ingress should be configured.
+
 ## Configuring authentication (mandatory)
 
 You need to either configure an LDAP server to authenticate users with or configure forwarded authentication.
@@ -31,8 +37,8 @@ You need to either configure an LDAP server to authenticate users with or config
 
 To configure an LDAP server to authenticate users with, set the `LDAP_URL`, `LDAP_ROOT_DN`, `LDAP_LOOKUP_USER_DN`, `LDAP_LOOKUP_USER_PASSWORD`, and `LDAP_SEARCH_FILTER` environment variables.
 Note that `LDAP_URL` may be a comma-separated list of LDAP connection URL(s).
-Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml):
 
+Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml):
 ```yaml
   api_server:
     environment:
@@ -43,6 +49,17 @@ Add the LDAP environment variables to the API-server service in the [compose fil
       - LDAP_SEARCH_FILTER=(|(uid=$username)(cn=$username))
 ```
 
+Alternatively, for a Kubernetes deployment, add the LDAP environment variables to the API-server service in the [Helm values.yaml](https://github.com/ICTU/quality-time/blob/master/helm/values.yaml):
+```yaml
+api_server:
+  env:
+    LDAP_URL: "ldap://host.docker.internal:389"
+    LDAP_ROOT_DN: "dc=example,dc=org"
+    LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org"
+    LDAP_LOOKUP_USER_PASSWORD: "admin"
+    LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"
+```
+
 When using the `LDAP_SEARCH_FILTER` as shown above, users can use either their LDAP canonical name (`cn`) or their LDAP user id to login. The `$username` variable is filled by *Quality-time* at run time with the username that the user enters in the login dialog box.
 
 ```{seealso}
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index e01ebcc661..edc85096ef 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 name: Quality-time
 version: 1.0.0
-appVersion: "v5.11.0"
+appVersion: "v5.13.0"
 description: Helm chart for Quality-time, an automated quality system for software development and maintenance
 type: application
 home: https://github.com/ICTU/Quality-time
diff --git a/helm/templates/api_server.yaml b/helm/templates/api_server.yaml
index 0716908022..f4dcb77160 100644
--- a/helm/templates/api_server.yaml
+++ b/helm/templates/api_server.yaml
@@ -29,23 +29,19 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "api_server_name" . }}-env
-            - configMapRef:
-                name: {{ .Release.Name }}-shared-env
           env:
-            - name: DATABASE_URL
-              value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
-{{- if .Values.ldap }}
+            - name: DATABASE_HOST
+              value: "{{ .Release.Name }}-{{ template "database_name" . }}"
             - name: LDAP_LOOKUP_USER_DN
-              value: "{{ .Values.ldap.lookupUserDN }}"
+              value: "{{ .Values.api_server.env.LDAP_LOOKUP_USER_DN }}"
             - name: LDAP_LOOKUP_USER_PASSWORD
-              value: "{{ .Values.ldap.lookupUserPassword }}"
+              value: "{{ .Values.api_server.env.LDAP_LOOKUP_USER_PASSWORD }}"
             - name: LDAP_ROOT_DN
-              value: "{{ .Values.ldap.rootDN }}"
+              value: "{{ .Values.api_server.env.LDAP_ROOT_DN }}"
             - name: LDAP_SEARCH_FILTER
-              value: "{{ .Values.ldap.search }}"
+              value: "{{ .Values.api_server.env.LDAP_SEARCH_FILTER }}"
             - name: LDAP_URL
-              value: "{{ .Values.ldap.url }}"
-{{- end }}
+              value: "{{ .Values.api_server.env.LDAP_URL }}"
           resources: {}
           securityContext:
             capabilities:
diff --git a/helm/templates/collector.yaml b/helm/templates/collector.yaml
index 363bc0830f..0acc8f9448 100644
--- a/helm/templates/collector.yaml
+++ b/helm/templates/collector.yaml
@@ -30,8 +30,8 @@ spec:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "collector_name" . }}-env
           env:
-            - name: DATABASE_URL
-              value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
+            - name: DATABASE_HOST
+              value: "{{ .Release.Name }}-{{ template "database_name" . }}"
           resources: {}
           securityContext:
             capabilities:
diff --git a/helm/templates/frontend.yaml b/helm/templates/frontend.yaml
index 7edd8c201c..24f68b5cd1 100644
--- a/helm/templates/frontend.yaml
+++ b/helm/templates/frontend.yaml
@@ -29,8 +29,6 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "frontend_name" . }}-env
-            - configMapRef:
-                name: {{ .Release.Name }}-shared-env
           resources: {}
           securityContext:
             capabilities:
diff --git a/helm/templates/notifier.yaml b/helm/templates/notifier.yaml
index 1913a01935..d02bbbf08d 100644
--- a/helm/templates/notifier.yaml
+++ b/helm/templates/notifier.yaml
@@ -30,8 +30,8 @@ spec:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env
           env:
-            - name: DATABASE_URL
-              value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
+            - name: DATABASE_HOST
+              value: "{{ .Release.Name }}-{{ template "database_name" . }}"
           resources: {}
           securityContext:
             capabilities:
diff --git a/helm/templates/shared.yaml b/helm/templates/shared.yaml
deleted file mode 100644
index 55afd116c5..0000000000
--- a/helm/templates/shared.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-shared-env
-  labels:
-    app.kubernetes.io/name: {{ .Chart.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "shared"
-data:
-{{- range $key, $val := .Values.shared.env }}
-  {{ $key }}: "{{ $val }}"
-{{- end }}
diff --git a/helm/templates/www.yaml b/helm/templates/www.yaml
index 57eec5d64e..26b848381b 100644
--- a/helm/templates/www.yaml
+++ b/helm/templates/www.yaml
@@ -29,20 +29,20 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "www_name" . }}-env
-            - configMapRef:
-                name: {{ .Release.Name }}-shared-env
           env:
             - name: API_SERVER_HOST
               value: "{{ .Release.Name }}-{{ template "api_server_name" . }}"
             - name: FRONTEND_HOST
               value: "{{ .Release.Name }}-{{ template "frontend_name" . }}"
           ports:
-            - containerPort: 80
+            - containerPort: 8080
           resources: {}
           securityContext:
             capabilities:
               add:
                 - CHOWN
+                - SETGID
+                - SETUID
               drop:
                 - ALL
       restartPolicy: Always
@@ -63,8 +63,8 @@ spec:
     app.kubernetes.io/component: {{ template "www_name" . }}
   ports:
     - protocol: TCP
-      port: 80
-      targetPort: 80
+      port: 8080
+      targetPort: 8080
   sessionAffinity: None
 ---
 {{- if .Values.www.ingress -}}
@@ -90,12 +90,14 @@ spec:
               service:
                 name: {{ .Release.Name }}-{{ template "www_name" . }}
                 port:
-                  number: 80
+                  number: 8080
             path: /
             pathType: ImplementationSpecific
+{{- if .Values.www.ingress.tls -}}
   tls:
 {{ toYaml .Values.www.ingress.tls | indent 4 }}
 {{- end }}
+{{- end }}
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/helm/values.yaml b/helm/values.yaml
index 34f6749f95..9a645ef4cf 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -2,6 +2,12 @@
 api_server:
   image:
     repository: "ictu/quality-time_api_server"
+  env:
+    LDAP_URL: "ldap://host.docker.internal:389"
+    LDAP_ROOT_DN: "dc=example,dc=org"
+    LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org"
+    LDAP_LOOKUP_USER_PASSWORD: "admin"
+    LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"
 
 collector:
   image:
@@ -23,12 +29,6 @@ renderer:
   image:
     repository: "ictu/quality-time_renderer"
 
-shared:
-  env:
-    API_SERVER_PORT: "5001"
-    FRONTEND_PORT: "5000"
-    PROXY_PORT: "80"
-
 www:
   image:
     repository: "ictu/quality-time_proxy"