diff --git a/docs/src/deployment.md b/docs/src/deployment.md index dcc90b4d79..c959073699 100644 --- a/docs/src/deployment.md +++ b/docs/src/deployment.md @@ -31,6 +31,12 @@ To deploy *Quality-time* locally, follow these steps: By default, the application listens on port 80. To change this, set the `PROXY_PORT` environment variable to a different port before starting the application. For example: `export PROXY_PORT=1080`. ``` +## Kubernetes + +The helm chart for deploying on Kubernetes does not support overriding port numbers. +Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port. +Instead, only the ingress should be configured. + ## Configuring authentication (mandatory) You need to either configure an LDAP server to authenticate users with or configure forwarded authentication. @@ -39,8 +45,8 @@ You need to either configure an LDAP server to authenticate users with or config To configure an LDAP server to authenticate users with, set the `LDAP_URL`, `LDAP_ROOT_DN`, `LDAP_LOOKUP_USER_DN`, `LDAP_LOOKUP_USER_PASSWORD`, and `LDAP_SEARCH_FILTER` environment variables. Note that `LDAP_URL` may be a comma-separated list of LDAP connection URL(s). -Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml): +Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml): ```yaml api_server: environment: @@ -51,6 +57,17 @@ Add the LDAP environment variables to the API-server service in the [compose fil - LDAP_SEARCH_FILTER=(|(uid=$username)(cn=$username)) ``` +Alternatively, for a Kubernetes deployment, add the LDAP environment variables to the API-server service in the [Helm values.yaml](https://github.com/ICTU/quality-time/blob/master/helm/values.yaml): +```yaml +api_server: + env: + LDAP_URL: "ldap://host.docker.internal:389" + LDAP_ROOT_DN: "dc=example,dc=org" + LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org" + LDAP_LOOKUP_USER_PASSWORD: "admin" + LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))" +``` + When using the `LDAP_SEARCH_FILTER` as shown above, users can use either their LDAP canonical name (`cn`) or their LDAP user id to login. The `$username` variable is filled by *Quality-time* at run time with the username that the user enters in the login dialog box. ```{seealso} diff --git a/helm/Chart.yaml b/helm/Chart.yaml index e01ebcc661..edc85096ef 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: Quality-time version: 1.0.0 -appVersion: "v5.11.0" +appVersion: "v5.13.0" description: Helm chart for Quality-time, an automated quality system for software development and maintenance type: application home: https://github.com/ICTU/Quality-time diff --git a/helm/templates/api_server.yaml b/helm/templates/api_server.yaml index 0716908022..2f399d192b 100644 --- a/helm/templates/api_server.yaml +++ b/helm/templates/api_server.yaml @@ -29,23 +29,29 @@ spec: envFrom: - configMapRef: name: {{ .Release.Name }}-{{ template "api_server_name" . }}-env - - configMapRef: - name: {{ .Release.Name }}-shared-env env: - - name: DATABASE_URL - value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017" -{{- if .Values.ldap }} + - name: DATABASE_HOST + value: "{{ .Release.Name }}-{{ template "database_name" . }}" + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "database_name" . }}-db-password-secret + key: DATABASE_PASSWORD + optional: true - name: LDAP_LOOKUP_USER_DN - value: "{{ .Values.ldap.lookupUserDN }}" + value: "{{ .Values.api_server.env.LDAP_LOOKUP_USER_DN }}" - name: LDAP_LOOKUP_USER_PASSWORD - value: "{{ .Values.ldap.lookupUserPassword }}" + valueFrom: + secretKeyRef: + name: {{ template "api_server_name" . }}-ldap-password-secret + key: LDAP_LOOKUP_USER_PASSWORD + optional: true - name: LDAP_ROOT_DN - value: "{{ .Values.ldap.rootDN }}" + value: "{{ .Values.api_server.env.LDAP_ROOT_DN }}" - name: LDAP_SEARCH_FILTER - value: "{{ .Values.ldap.search }}" + value: "{{ .Values.api_server.env.LDAP_SEARCH_FILTER }}" - name: LDAP_URL - value: "{{ .Values.ldap.url }}" -{{- end }} + value: "{{ .Values.api_server.env.LDAP_URL }}" resources: {} securityContext: capabilities: diff --git a/helm/templates/collector.yaml b/helm/templates/collector.yaml index 363bc0830f..8f3c704655 100644 --- a/helm/templates/collector.yaml +++ b/helm/templates/collector.yaml @@ -30,8 +30,14 @@ spec: - configMapRef: name: {{ .Release.Name }}-{{ template "collector_name" . }}-env env: - - name: DATABASE_URL - value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017" + - name: DATABASE_HOST + value: "{{ .Release.Name }}-{{ template "database_name" . }}" + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "database_name" . }}-db-password-secret + key: DATABASE_PASSWORD + optional: true resources: {} securityContext: capabilities: diff --git a/helm/templates/database.yaml b/helm/templates/database.yaml index a321daf852..62db61fc21 100644 --- a/helm/templates/database.yaml +++ b/helm/templates/database.yaml @@ -36,9 +36,11 @@ spec: name: {{ .Release.Name }}-{{ template "database_name" . }}-env env: - name: MONGO_INITDB_ROOT_PASSWORD - value: "root" - - name: MONGO_INITDB_ROOT_USERNAME - value: "root" + valueFrom: + secretKeyRef: + name: {{ template "database_name" . }}-db-password-secret + key: DATABASE_PASSWORD + optional: true resources: limits: cpu: "2" diff --git a/helm/templates/frontend.yaml b/helm/templates/frontend.yaml index 7edd8c201c..24f68b5cd1 100644 --- a/helm/templates/frontend.yaml +++ b/helm/templates/frontend.yaml @@ -29,8 +29,6 @@ spec: envFrom: - configMapRef: name: {{ .Release.Name }}-{{ template "frontend_name" . }}-env - - configMapRef: - name: {{ .Release.Name }}-shared-env resources: {} securityContext: capabilities: diff --git a/helm/templates/notifier.yaml b/helm/templates/notifier.yaml index 1913a01935..b7e55183ab 100644 --- a/helm/templates/notifier.yaml +++ b/helm/templates/notifier.yaml @@ -30,8 +30,14 @@ spec: - configMapRef: name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env env: - - name: DATABASE_URL - value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017" + - name: DATABASE_HOST + value: "{{ .Release.Name }}-{{ template "database_name" . }}" + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "database_name" . }}-db-password-secret + key: DATABASE_PASSWORD + optional: true resources: {} securityContext: capabilities: diff --git a/helm/templates/shared.yaml b/helm/templates/shared.yaml deleted file mode 100644 index 55afd116c5..0000000000 --- a/helm/templates/shared.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-shared-env - labels: - app.kubernetes.io/name: {{ .Chart.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "shared" -data: -{{- range $key, $val := .Values.shared.env }} - {{ $key }}: "{{ $val }}" -{{- end }} diff --git a/helm/templates/www.yaml b/helm/templates/www.yaml index 57eec5d64e..6581b144b0 100644 --- a/helm/templates/www.yaml +++ b/helm/templates/www.yaml @@ -29,8 +29,6 @@ spec: envFrom: - configMapRef: name: {{ .Release.Name }}-{{ template "www_name" . }}-env - - configMapRef: - name: {{ .Release.Name }}-shared-env env: - name: API_SERVER_HOST value: "{{ .Release.Name }}-{{ template "api_server_name" . }}" @@ -43,6 +41,9 @@ spec: capabilities: add: - CHOWN + - SETGID + - SETUID + - NET_BIND_SERVICE drop: - ALL restartPolicy: Always @@ -63,7 +64,7 @@ spec: app.kubernetes.io/component: {{ template "www_name" . }} ports: - protocol: TCP - port: 80 + port: 8080 targetPort: 80 sessionAffinity: None --- @@ -90,12 +91,14 @@ spec: service: name: {{ .Release.Name }}-{{ template "www_name" . }} port: - number: 80 + number: 8080 path: / pathType: ImplementationSpecific +{{- if .Values.www.ingress.tls }} tls: {{ toYaml .Values.www.ingress.tls | indent 4 }} {{- end }} +{{- end }} --- apiVersion: v1 kind: ConfigMap diff --git a/helm/values.yaml b/helm/values.yaml index 34f6749f95..9a645ef4cf 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -2,6 +2,12 @@ api_server: image: repository: "ictu/quality-time_api_server" + env: + LDAP_URL: "ldap://host.docker.internal:389" + LDAP_ROOT_DN: "dc=example,dc=org" + LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org" + LDAP_LOOKUP_USER_PASSWORD: "admin" + LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))" collector: image: @@ -23,12 +29,6 @@ renderer: image: repository: "ictu/quality-time_renderer" -shared: - env: - API_SERVER_PORT: "5001" - FRONTEND_PORT: "5000" - PROXY_PORT: "80" - www: image: repository: "ictu/quality-time_proxy"