Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
wkoot committed Jul 10, 2024
1 parent b714aeb commit c9fcb10
Show file tree
Hide file tree
Showing 13 changed files with 166 additions and 69 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,8 @@ jobs:
push: true
- name: Anchore SBOM Action
uses: anchore/[email protected]
- name: Package and push Helm chart to Docker Hub
run: |
cd helm
helm package .
helm push quality-time-*.tgz oci://registry-1.docker.io/ictu
19 changes: 19 additions & 0 deletions docs/src/deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ For example:
- "1080:${PROXY_PORT:-80}"
```
## Kubernetes
The helm chart for deploying on Kubernetes does not support overriding port numbers.
Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port.
Instead, only the ingress should be configured.

## Configuring authentication (mandatory)

You need to either configure an LDAP server to authenticate users with or configure forwarded authentication.
Expand All @@ -48,6 +54,7 @@ You need to either configure an LDAP server to authenticate users with or config

To configure an LDAP server to authenticate users with, set the `LDAP_URL`, `LDAP_ROOT_DN`, `LDAP_LOOKUP_USER_DN`, `LDAP_LOOKUP_USER_PASSWORD`, and `LDAP_SEARCH_FILTER` environment variables.
Note that `LDAP_URL` may be a comma-separated list of LDAP connection URL(s).

Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml):

```yaml
Expand All @@ -60,6 +67,18 @@ Add the LDAP environment variables to the API-server service in the [compose fil
- LDAP_SEARCH_FILTER=(|(uid=$username)(cn=$username))
```

Alternatively, for a Kubernetes deployment, add the LDAP environment variables to the API-server service in the [Helm values.yaml](https://github.com/ICTU/quality-time/blob/master/helm/values.yaml):

```yaml
api_server:
env:
LDAP_URL: "ldap://host.docker.internal:389"
LDAP_ROOT_DN: "dc=example,dc=org"
LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org"
LDAP_LOOKUP_USER_PASSWORD: "admin"
LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"
```

When using the `LDAP_SEARCH_FILTER` as shown above, users can use either their LDAP canonical name (`cn`) or their LDAP user id to login. The `$username` variable is filled by *Quality-time* at run time with the username that the user enters in the login dialog box.

```{seealso}
Expand Down
6 changes: 3 additions & 3 deletions helm/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
apiVersion: v2
name: Quality-time
version: 1.0.0
appVersion: "v5.11.0"
name: quality-time
version: 5.14.0
appVersion: "v5.14.0"
description: Helm chart for Quality-time, an automated quality system for software development and maintenance
type: application
home: https://github.com/ICTU/Quality-time
Expand Down
43 changes: 29 additions & 14 deletions helm/templates/api_server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,24 +29,39 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "api_server_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
optional: true
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
{{- if .Values.ldap }}
- name: DATABASE_HOST
value: {{ .Release.Name }}-{{ template "database_name" . }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
- name: LDAP_LOOKUP_USER_DN
value: "{{ .Values.ldap.lookupUserDN }}"
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.ldapCredential }}
key: LDAP_LOOKUP_USER_DN
optional: true
- name: LDAP_LOOKUP_USER_PASSWORD
value: "{{ .Values.ldap.lookupUserPassword }}"
- name: LDAP_ROOT_DN
value: "{{ .Values.ldap.rootDN }}"
- name: LDAP_SEARCH_FILTER
value: "{{ .Values.ldap.search }}"
- name: LDAP_URL
value: "{{ .Values.ldap.url }}"
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.ldapCredential }}
key: LDAP_LOOKUP_USER_PASSWORD
optional: true
- name: LDAP_SEARCH_FILTER # override to make sure that double dollar signs are processed like in docker
value: {{ .Values.api_server.env.LDAP_SEARCH_FILTER }}
{{- with .Values.api_server.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
resources: {}
securityContext:
capabilities:
drop:
Expand Down
21 changes: 18 additions & 3 deletions helm/templates/collector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,25 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "collector_name" . }}-env
optional: true
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
resources: {}
- name: DATABASE_HOST
value: {{ .Release.Name }}-{{ template "database_name" . }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
{{- with .Values.collector.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
34 changes: 24 additions & 10 deletions helm/templates/database.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,25 +27,35 @@ spec:
- name: {{ .Release.Name }}-{{ template "database_name" . }}
persistentVolumeClaim:
claimName: {{ .Release.Name }}-{{ template "database_name" . }}
{{- if .Values.database.backupVol }}
- name: backups
persistentVolumeClaim:
claimName: {{ .Values.database.backupVol.claimName }}
{{- end }}
containers:
- name: {{ template "database_name" . }}
image: "{{ .Values.database.image.repository }}:{{ .Values.database.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: Always
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "database_name" . }}-env
optional: true
env:
- name: MONGO_INITDB_ROOT_PASSWORD
value: "root"
- name: MONGO_INITDB_ROOT_USERNAME
value: "root"
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "1"
memory: "1Gi"
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
{{- with .Values.database.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
add:
Expand All @@ -58,6 +68,10 @@ spec:
volumeMounts:
- mountPath: /data/db
name: {{ .Release.Name }}-{{ template "database_name" . }}
{{- if .Values.database.backupVol }}
- mountPath: {{ .Values.database.backupVol.mountPath }}
name: backups
{{- end }}
restartPolicy: Always
---
apiVersion: v1
Expand Down
7 changes: 4 additions & 3 deletions helm/templates/frontend.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,10 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "frontend_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
resources: {}
optional: true
{{- with .Values.frontend.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
21 changes: 18 additions & 3 deletions helm/templates/notifier.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,25 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env
optional: true
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
resources: {}
- name: DATABASE_HOST
value: {{ .Release.Name }}-{{ template "database_name" . }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
{{- with .Values.notifier.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
13 changes: 7 additions & 6 deletions helm/templates/renderer.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,15 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "renderer_name" . }}-env
optional: true
env:
- name: LC_ALL
value: "en_GB.UTF-8"
- name: PROXY_HOST
value: "{{ .Release.Name }}-{{ template "www_name" . }}"
- name: TZ
value: "Europe/Amsterdam"
resources: {}
value: {{ .Release.Name }}-{{ template "www_name" . }}
- name: PROXY_PORT
value: "8080"
{{- with .Values.renderer.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
13 changes: 0 additions & 13 deletions helm/templates/shared.yaml

This file was deleted.

26 changes: 17 additions & 9 deletions helm/templates/www.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,20 +29,26 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "www_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
optional: true
env:
- name: API_SERVER_HOST
value: "{{ .Release.Name }}-{{ template "api_server_name" . }}"
value: {{ .Release.Name }}-{{ template "api_server_name" . }}
- name: FRONTEND_HOST
value: "{{ .Release.Name }}-{{ template "frontend_name" . }}"
value: {{ .Release.Name }}-{{ template "frontend_name" . }}
- name: PROXY_PORT
value: "8080"
ports:
- containerPort: 80
resources: {}
- containerPort: 8080
{{- with .Values.www.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
drop:
- ALL
restartPolicy: Always
Expand All @@ -63,8 +69,8 @@ spec:
app.kubernetes.io/component: {{ template "www_name" . }}
ports:
- protocol: TCP
port: 80
targetPort: 80
port: 8080
targetPort: 8080
sessionAffinity: None
---
{{- if .Values.www.ingress -}}
Expand All @@ -90,12 +96,14 @@ spec:
service:
name: {{ .Release.Name }}-{{ template "www_name" . }}
port:
number: 80
number: 8080
path: /
pathType: ImplementationSpecific
{{- if .Values.www.ingress.tls }}
tls:
{{ toYaml .Values.www.ingress.tls | indent 4 }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
Expand Down
22 changes: 17 additions & 5 deletions helm/values.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
---
secrets:
dbCredential: "quality-time-db-secret"
ldapCredential: "quality-time-ldap-secret"

api_server:
image:
repository: "ictu/quality-time_api_server"
env:
LDAP_URL: "ldap://host.docker.internal:389"
LDAP_ROOT_DN: "dc=example,dc=org"
LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"

collector:
image:
Expand All @@ -10,6 +18,13 @@ collector:
database:
image:
repository: "ictu/quality-time_database"
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "1"
memory: "1Gi"

frontend:
image:
Expand All @@ -22,12 +37,9 @@ notifier:
renderer:
image:
repository: "ictu/quality-time_renderer"

shared:
env:
API_SERVER_PORT: "5001"
FRONTEND_PORT: "5000"
PROXY_PORT: "80"
LC_ALL: "en_GB.UTF-8"
TZ: "Europe/Amsterdam"

www:
image:
Expand Down
5 changes: 5 additions & 0 deletions release/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,11 @@ filename = "../components/api_server/src/routes/server.py"
search = 'QUALITY_TIME_VERSION = "{current_version}"'
replace = 'QUALITY_TIME_VERSION = "{new_version}"'

[[tool.bumpversion.files]]
filename = "../helm/Chart.yaml"
search = "{current_version}"
replace = "{new_version}"

[[tool.bumpversion.files]]
glob = "../**/pyproject.toml"
search = 'version = "{current_version}"'
Expand Down

0 comments on commit c9fcb10

Please sign in to comment.