From 4109f26fa10c15a497c76eccdb10ab6648d9d1b7 Mon Sep 17 00:00:00 2001 From: Jens Reimann Date: Tue, 19 Nov 2024 16:01:15 +0100 Subject: [PATCH 1/2] chore: auto-fill admin account details --- charts/trustify-infrastructure/templates/keycloak/020-Job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trustify-infrastructure/templates/keycloak/020-Job.yaml b/charts/trustify-infrastructure/templates/keycloak/020-Job.yaml index 912fbd6..132d61d 100644 --- a/charts/trustify-infrastructure/templates/keycloak/020-Job.yaml +++ b/charts/trustify-infrastructure/templates/keycloak/020-Job.yaml @@ -222,7 +222,7 @@ spec: if [[ -n "$ID" || "$ID" == "[]" ]]; then kcadm update "users/$ID" -r "${REALM}" -s enabled=true else - kcadm create users -r "${REALM}" -s "username=${CHICKEN_ADMIN}" -s enabled=true + kcadm create users -r "${REALM}" -s "username=${CHICKEN_ADMIN}" -s enabled=true -s email=test@example.com -s emailVerified=true -s firstName=Admin -s lastName=Admin fi # set role From e9bf53d4e5e747b0ff894ed8ce58627e0faeedb6 Mon Sep 17 00:00:00 2001 From: Jens Reimann Date: Tue, 19 Nov 2024 16:02:40 +0100 Subject: [PATCH 2/2] chore: work towards a more production ready chart --- README.md | 6 ++ charts/trustify/templates/helpers/_common.tpl | 2 +- .../trustify/templates/helpers/_storage.tpl | 72 ++++++++++++++++--- .../010-PersistentVolumeClaim-storage.yaml | 25 +++++++ .../services/server/030-Deployment.yaml | 20 +++++- charts/trustify/values.schema.json | 21 +++++- charts/trustify/values.schema.yaml | 11 ++- values-minikube.yaml | 2 +- 8 files changed, 142 insertions(+), 17 deletions(-) create mode 100644 charts/trustify/templates/services/server/010-PersistentVolumeClaim-storage.yaml diff --git a/README.md b/README.md index 4df5872..3ae44fe 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,12 @@ Create a new namespace: kubectl create ns trustify ``` +Use it as default: + +```bash +kubectl config set-context --current --namespace=trustify +``` + Install the infrastructure services: ```bash diff --git a/charts/trustify/templates/helpers/_common.tpl b/charts/trustify/templates/helpers/_common.tpl index 95ea915..39d45c3 100644 --- a/charts/trustify/templates/helpers/_common.tpl +++ b/charts/trustify/templates/helpers/_common.tpl @@ -32,5 +32,5 @@ Byte-size as a string value. Arguments: int or string */}} {{- define "trustification.common.byteSizeValue" }} -{{ . | quote }} +{{- . | quote }} {{- end }} diff --git a/charts/trustify/templates/helpers/_storage.tpl b/charts/trustify/templates/helpers/_storage.tpl index 74be396..acb50d4 100644 --- a/charts/trustify/templates/helpers/_storage.tpl +++ b/charts/trustify/templates/helpers/_storage.tpl @@ -6,46 +6,98 @@ Arguments (dict): * module - module object */}} {{ define "trustification.storage.envVars" -}} -{{- if .module.storage}} +{{- if .module.storage }} {{- include "_trustification.storage.envVars" ( set (deepCopy .) "storage" .module.storage ) }} {{- else }} {{- include "_trustification.storage.envVars" ( set (deepCopy .) "storage" .root.Values.storage ) }} {{- end }} {{- end }} +{{/* Internal: env-vars for the evaluated storage */}} {{ define "_trustification.storage.envVars"}} -{{- if .storage.filessytem }} + +{{- include "_trustification.storage.common.envVars" ( set (deepCopy .) "storage" .storage ) }} + +{{- if .storage.filesystem }} {{- include "_trustification.storage.filesystem.envVars" ( set (deepCopy .) "storage" .storage.filesystem ) }} {{- else if .storage.s3 }} {{- include "_trustification.storage.s3.envVars" ( set (deepCopy .) "storage" .storage.s3 ) }} +{{- else }} +{{- fail "Storage must either be set to .filesystem or .s3" }} {{- end }} {{- end }} +{{/* common storage configuration */}} +{{- define "_trustification.storage.common.envVars" -}} +{{- with .storage.compression }} +- name: TRUSTD_STORAGE_COMPRESSION + value: {{ . | quote }} +{{- end }} +{{- end }} {{/* filesystem storage configuration */}} -{{- define "_trustification.storage.s3.envVars" -}} +{{- define "_trustification.storage.filesystem.envVars" -}} +- name: TRUSTD_STORAGE_STRATEGY + value: fs + +- name: TRUSTD_STORAGE_FS_PATH + value: /data/storage {{- end }} {{/* S3 storage configuration */}} {{- define "_trustification.storage.s3.envVars" -}} -- name: STORAGE_ACCESS_KEY - {{- include "trustification.common.envVarValue" .storage.accessKey | nindent 2 }} +- name: TRUSTD_STORAGE_STRATEGY + value: s3 -- name: STORAGE_SECRET_KEY +- name: TRUSTD_S3_ACCESS_KEY + {{- include "trustification.common.envVarValue" .storage.accessKey | nindent 2 }} +- name: TRUSTD_S3_SECRET_KEY {{- include "trustification.common.envVarValue" .storage.secretKey | nindent 2 }} {{ if .storage.endpoint }} -- name: STORAGE_ENDPOINT +- name: TRUSTD_S3_ENDPOINT value: {{ .storage.endpoint | quote }} -- name: STORAGE_REGION +- name: TRUSTD_S3_REGION value: "eu-west-1" # just a dummy value {{ else }} -- name: STORAGE_REGION +- name: TRUSTD_S3_REGION value: "{{ .storage.region }}" {{ end }} -- name: STORAGE_BUCKET +- name: TRUSTD_S3_BUCKET value: {{ .storage.bucket | quote }} {{- end }} + +{{/* +Volume mounts for the filesystem storage. + +Arguments (dict): + * root - . + * module - module object +*/}} +{{- define "trustification.storage.volumeMount" }} +{{ $storage := .module.storage | default .root.Values.storage }} +{{- if $storage.filesystem }} +- name: storage + mountPath: /data/storage +{{- end }} +{{- end }} + +{{/* +Volume for the filesystem storage. + +Arguments (dict): + * root - . + * name - name of the service + * module - module object +*/}} +{{- define "trustification.storage.volume" }} +{{ $storage := .module.storage | default .root.Values.storage }} +{{- if $storage.filesystem }} +- name: storage + persistentVolumeClaim: + claimName: {{ include "trustification.common.name" ( set (deepCopy .) "name" "storage" ) }} +{{- end }} +{{- end }} diff --git a/charts/trustify/templates/services/server/010-PersistentVolumeClaim-storage.yaml b/charts/trustify/templates/services/server/010-PersistentVolumeClaim-storage.yaml new file mode 100644 index 0000000..c8e8eb7 --- /dev/null +++ b/charts/trustify/templates/services/server/010-PersistentVolumeClaim-storage.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.modules.server.enabled }} +{{- $res := dict "root" . "name" "storage" -}} + +{{- if .Values.storage }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "trustification.common.name" $res }} + labels: + {{- include "trustification.common.labels" $res | nindent 4 }} + +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ include "trustification.common.byteSizeValue" .Values.storage.filesystem.size }} + +{{- with .Values.storage.filesystem.storageClassName }} + storageClassName: {{ . | quote }} +{{- end }} + +{{- end }} + +{{- end }} diff --git a/charts/trustify/templates/services/server/030-Deployment.yaml b/charts/trustify/templates/services/server/030-Deployment.yaml index 7cbe2aa..016a8c9 100644 --- a/charts/trustify/templates/services/server/030-Deployment.yaml +++ b/charts/trustify/templates/services/server/030-Deployment.yaml @@ -36,6 +36,8 @@ spec: - api - --auth-configuration - "/etc/config/auth.yaml" + - --working-dir + - "/data/workdir" env: @@ -56,9 +58,17 @@ spec: - name: UI_CLIENT_ID value: {{ include "trustification.oidc.frontendClientId" . }} - {{/* FIXME: adapt env-var */}} + {{- with $mod.module.analyticsWriteKey }} + - name: UI_ANALYTICS_WRITE_KEY + value: {{ . | quote }} + {{- end }} + {{- with $mod.module.uploadLimit }} - - name: PUBLISH_LIMIT + - name: TRUSTD_SBOM_UPLOAD_LIMIT + value: {{ include "trustification.common.byteSizeValue" . }} + - name: TRUSTD_ADVISORY_UPLOAD_LIMIT + value: {{ include "trustification.common.byteSizeValue" . }} + - name: TRUSTD_DATASET_ENTRY_LIMIT value: {{ include "trustification.common.byteSizeValue" . }} {{- end }} @@ -75,13 +85,19 @@ spec: protocol: TCP volumeMounts: + - name: workdir + mountPath: /data/workdir {{- include "trustification.application.httpServerVolumesMounts" $mod | nindent 12 }} {{- include "trustification.authenticator.volumeMount" $mod | nindent 12 }} + {{- include "trustification.storage.volumeMount" $mod | nindent 12 }} {{- include "trustification.application.extraVolumeMounts" $mod | nindent 12 }} volumes: + - name: workdir + emptyDir: {} {{- include "trustification.application.httpServerVolumes" $mod | nindent 8 }} {{- include "trustification.authenticator.volume" $mod | nindent 8 }} + {{- include "trustification.storage.volume" $mod | nindent 8 }} {{- include "trustification.application.extraVolumes" $mod | nindent 8 }} {{ end }} diff --git a/charts/trustify/values.schema.json b/charts/trustify/values.schema.json index 56b0155..e29afc1 100644 --- a/charts/trustify/values.schema.json +++ b/charts/trustify/values.schema.json @@ -90,6 +90,11 @@ "port": { "type": "integer", "description": "Port on which infrastructure services are exposed.\n" + }, + "initialDelaySeconds": { + "type": "integer", + "minimum": 0, + "description": "The initial delay seconds for the infrastructure probes.\n" } } }, @@ -167,6 +172,17 @@ }, { "$ref": "#/definitions/Postgres" + }, + { + "type": "object", + "properties": { + "analyticsWriteKey": { + "type": "string" + }, + "uploadLimit": { + "$ref": "#/definitions/ByteSize" + } + } } ] }, @@ -701,7 +717,10 @@ ], "properties": { "size": { - "$ref": "#/definitions/ByteSize" + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.0/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "storageClassName": { + "type": "string" } } } diff --git a/charts/trustify/values.schema.yaml b/charts/trustify/values.schema.yaml index 8a60425..0f6ca82 100644 --- a/charts/trustify/values.schema.yaml +++ b/charts/trustify/values.schema.yaml @@ -153,6 +153,12 @@ properties: - $ref: "#/definitions/Tracing" - $ref: "#/definitions/HttpApplication" - $ref: "#/definitions/Postgres" + - type: object + properties: + analyticsWriteKey: + type: string + uploadLimit: + $ref: "#/definitions/ByteSize" createDatabase: description: | @@ -553,7 +559,9 @@ definitions: - size properties: size: - $ref: "#/definitions/ByteSize" + $ref: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.0/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + storageClassName: + type: string S3StorageConfig: type: object @@ -659,4 +667,3 @@ definitions: $ref: "#/definitions/ByteSize" jsonLimit: $ref: "#/definitions/ByteSize" - diff --git a/values-minikube.yaml b/values-minikube.yaml index 307882e..4c22264 100644 --- a/values-minikube.yaml +++ b/values-minikube.yaml @@ -4,7 +4,7 @@ tracing: { } storage: filesystem: - size: 32GiB + size: 32Gi database: host: infrastructure-postgresql