From d43e107a8a24bc0bd5822e0ceb76571fcc4f190e Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 1 Dec 2024 15:29:44 +0100 Subject: [PATCH 1/8] work on mail secret --- RELEASENOTES.md | 12 +++++++++ charts/wger/templates/_helpers.tpl | 35 +++++++++++++++----------- charts/wger/templates/deployment.yaml | 28 +++++++++++++++++++++ charts/wger/templates/secret-mail.yaml | 27 ++++++++++++++++++++ charts/wger/values.yaml | 20 ++++++++++++--- 5 files changed, 104 insertions(+), 18 deletions(-) create mode 100644 charts/wger/templates/secret-mail.yaml diff --git a/RELEASENOTES.md b/RELEASENOTES.md index cfb0e24..cb7ae13 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -1,3 +1,15 @@ +## 0.2.1 + +### Mail settings + +* Create a secret for the mail password +* Manually created secrets can be used with: +```yaml +secret: + name: yoursecret + key: yourkey +``` + ## 0.2.0 * redis upgrade diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 96a41df..12191e6 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -10,23 +10,29 @@ environment: - name: TIME_ZONE value: {{ .Values.app.timezone | default "UTC" | quote }} # email settings + {{- if .Values.app.mail.enabled }} - name: ENABLE_EMAIL - value: "False" + value: "True" - name: EMAIL_HOST - value: None + value: {{ .Values.app.mail.server | quote }} - name: EMAIL_PORT - value: "587" + value: {{ .Values.app.mail.port | default "587" | quote }} - name: EMAIL_HOST_USER - value: None - - name: EMAIL_HOST_PASSWORD - value: None + value: {{ .Values.app.mail.user | quote }} - name: FROM_EMAIL - value: "test@test.com" + value: {{ .Values.app.mail.from | quote }} - name: EMAIL_BACKEND - value: "django.core.mail.backends.console.EmailBackend" - # Set your name and email to be notified if an internal server error occurs. - #- name: DJANGO_ADMINS - # value: "SysAdmin, admin@test.com" + value: {{ .Values.app.mail.backend | default "django.core.mail.backends.console.EmailBackend" | quote }} + {{- if .Values.app.mail.django_admins }} + # Set your name and email to be notified if an internal server error occurs. + # not set when not used + - name: DJANGO_ADMINS + value: {{ .Values.app.mail.backend | default "SysAdmin, root@localhost" | quote }} + {{- end }} + {{- else }} + - name: ENABLE_EMAIL + value: "False" + {{- end }} # django db - name: DJANGO_PERFORM_MIGRATIONS value: "True" @@ -61,13 +67,12 @@ environment: - name: CSRF_TRUSTED_ORIGINS value: "http://127.0.0.1,https://127.0.0.1,http://localhost,https://localhost" {{- end }} - {{- if .Values.app.nginx.enabled }} - name: DJANGO_DEBUG + {{- if .Values.app.nginx.enabled }} value: "False" - {{- else }} - - name: DJANGO_DEBUG + {{- else }} value: "True" - {{- end }} + {{- end }} - name: DJANGO_MEDIA_ROOT value: "/home/wger/media" # axes diff --git a/charts/wger/templates/deployment.yaml b/charts/wger/templates/deployment.yaml index e65719c..7a6bc6b 100644 --- a/charts/wger/templates/deployment.yaml +++ b/charts/wger/templates/deployment.yaml @@ -64,6 +64,13 @@ spec: secretKeyRef: name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" + {{- if .Values.app.mail.enabled }} + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.app.mail.secret.name | default "mail" | quote }} + key: "mail-password" + {{- end }} # to enable redis authentication # additional settings in the values # must be made, passed to the redis @@ -244,6 +251,13 @@ spec: secretKeyRef: name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" + {{- if .Values.app.mail.enabled }} + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.app.mail.secret.name | default "mail" | quote }} + key: "mail-password" + {{- end }} # to enable redis authentication # additional settings in the values # must be made, passed to the redis @@ -313,6 +327,13 @@ spec: secretKeyRef: name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" + {{- if .Values.app.mail.enabled }} + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.app.mail.secret.name | default "mail" | quote }} + key: "mail-password" + {{- end }} # to enable redis authentication # additional settings in the values # must be made, passed to the redis @@ -443,6 +464,13 @@ spec: secretKeyRef: name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" + {{- if .Values.app.mail.enabled }} + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.app.mail.secret.name | default "mail" | quote }} + key: "mail-password" + {{- end }} # to enable redis authentication # additional settings in the values # must be made, passed to the redis diff --git a/charts/wger/templates/secret-mail.yaml b/charts/wger/templates/secret-mail.yaml new file mode 100644 index 0000000..e952c3a --- /dev/null +++ b/charts/wger/templates/secret-mail.yaml @@ -0,0 +1,27 @@ +# updates or creates the secret +{{- define "manipulate" -}} +{{- if (lookup "v1" "Secret" .Release.Namespace .Values.app.mail.secret.name) -}} + {{- if .Values.app.mail.secret.update -}} + {{- if .Values.app.mail.password -}} +doit + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.app.mail.password -}} +doit + {{- end -}} +{{- end -}} +{{- end -}} + +{{- if .Values.app.mail.enabled }} +{{- $manipulate := (include "manipulate" .) }} +{{- if eq $manipulate "doit" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.app.mail.secret.name }} + namespace: {{ .Release.Namespace }} +data: + {{ .Values.app.mail.secret.key }}: {{ .Values.app.mail.password | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index 65279f6..e24c203 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -1,4 +1,3 @@ ---- # App settings app: # The server's timezone, for a list of possible names: @@ -75,9 +74,24 @@ app: ipwareProxyCount: 0 # order of magnitude from last proxy for the real ip ipwareMetaPrecedenceOrder: "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" + mail: + enabled: false + secret: + name: mail + key: mail-password + # update: false + # server: mail.host.local + # port: 587 + # user: mailuser + # password: mailuser-password + + # from_mail: "test@test.com" + # backend: "django.core.mail.backends.console.EmailBackend" + # don't set django_admins when not needed + # django_admins: -# -# celery synchronisation +# celery tasks +# https://wger.readthedocs.io/en/latest/celery.html celery: enabled: false annotations: {} From f623ae1ae0a17a0db1be43c9254c10b820185126 Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 1 Dec 2024 15:39:04 +0100 Subject: [PATCH 2/8] use from_email --- charts/wger/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 12191e6..91e4198 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -20,7 +20,7 @@ environment: - name: EMAIL_HOST_USER value: {{ .Values.app.mail.user | quote }} - name: FROM_EMAIL - value: {{ .Values.app.mail.from | quote }} + value: {{ .Values.app.mail.from_mail | quote }} - name: EMAIL_BACKEND value: {{ .Values.app.mail.backend | default "django.core.mail.backends.console.EmailBackend" | quote }} {{- if .Values.app.mail.django_admins }} From 541ff7d61749884965eefdfb73719a48150a1887 Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 1 Dec 2024 15:39:54 +0100 Subject: [PATCH 3/8] use from_email --- charts/wger/templates/_helpers.tpl | 2 +- charts/wger/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 91e4198..748cf07 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -20,7 +20,7 @@ environment: - name: EMAIL_HOST_USER value: {{ .Values.app.mail.user | quote }} - name: FROM_EMAIL - value: {{ .Values.app.mail.from_mail | quote }} + value: {{ .Values.app.mail.from_email | quote }} - name: EMAIL_BACKEND value: {{ .Values.app.mail.backend | default "django.core.mail.backends.console.EmailBackend" | quote }} {{- if .Values.app.mail.django_admins }} diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index e24c203..d8918fe 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -85,7 +85,7 @@ app: # user: mailuser # password: mailuser-password - # from_mail: "test@test.com" + # from_email: "test@test.com" # backend: "django.core.mail.backends.console.EmailBackend" # don't set django_admins when not needed # django_admins: From 6c9b864883e5e2b5d934938d37495423eae9f5d4 Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 1 Dec 2024 15:52:29 +0100 Subject: [PATCH 4/8] keep the secret --- charts/wger/templates/secret-mail.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/wger/templates/secret-mail.yaml b/charts/wger/templates/secret-mail.yaml index e952c3a..87a960b 100644 --- a/charts/wger/templates/secret-mail.yaml +++ b/charts/wger/templates/secret-mail.yaml @@ -21,6 +21,8 @@ kind: Secret metadata: name: {{ .Values.app.mail.secret.name }} namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep data: {{ .Values.app.mail.secret.key }}: {{ .Values.app.mail.password | b64enc | quote }} {{- end }} From a0569f37f4536abcbda88a18af79e4f377fc1ed7 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 31 Jan 2025 12:37:38 +0100 Subject: [PATCH 5/8] update doc --- DEVEL.md | 2 +- README.md | 52 ++++++++++++++++++++++++------------------------- RELEASENOTES.md | 12 ++++++++++-- 3 files changed, 37 insertions(+), 29 deletions(-) diff --git a/DEVEL.md b/DEVEL.md index b07efde..b348c45 100644 --- a/DEVEL.md +++ b/DEVEL.md @@ -6,7 +6,7 @@ The following is done on a Fedora Desktop to run a minikube rootless setup. For The network namespace of the Node components has to have a non-loopback interface, which can be for example configured with slirp4netns, VPNKit, or lxc-user-nic(1). -Let's install the network component `slirp4netns` +Let's install the network component `slirp4netns`, from podman >5.0 `pasta` is used and installed as a default, it is still configurable to use `slirp4netns`, but you may not need it. ```bash sudo dnf install slirp4netns diff --git a/README.md b/README.md index 3216d24..3a2a84a 100644 --- a/README.md +++ b/README.md @@ -5,23 +5,6 @@ Helm charts for wger deployment on Kubernetes. * https://wger.readthedocs.io -## TL;DR - -If you know what you are doing, you can go ahead and run these commands to install wger. Otherwise, keep on reading! - -```bash -helm repo add github-wger https://wger-project.github.io/helm-charts - -helm upgrade \ - --install wger github-wger/wger \ - --version 0.1.5 \ - -n wger \ - --create-namespace -``` - -This will install the chart with the defaults, stated in [values.yaml](https://github.com/wger-project/helm-charts/blob/master/charts/wger/values.yaml). - - ## Introduction This chart bootstraps a wger deployment on a Kubernetes cluster using the Helm package manager, alongside with a PostgreSQL for a database and Redis as a caching service. @@ -54,6 +37,8 @@ helm upgrade \ First you may want to make a copy of [values.yaml](https://github.com/wger-project/helm-charts/blob/master/charts/wger/values.yaml) and modify it for your needs. +There are some examples of the `values.yaml` in the [example folder](https://github.com/wger-project/helm-charts/blob/master/example/). + Please see the [parameters section](#parameters). @@ -76,6 +61,21 @@ For additional configuration of the Groundhog2k's PostgreSQL and Redis charts, p | `app.global.securityContext` | Pod security context | Object | see [values.yaml](charts/wger/values.yaml) | +### Mail + +| Name | Description | Type | Default Value | +|------|-------------|------|---------------| +| `app.mail.enabled` | Enable mail client configuration | Boolean | `false` | +| `app.mail.server` | Mailserver | String | `null` | +| `app.mail.port` | Mailserver Port | String | `587` | +| `app.mail.user` | Mailserver User | String | `null` | +| `app.mail.from_email` | From Email Address | String | `null` | +| `app.mail.secret.name` | Name of the secret for the mail password | String | `mail` | +| `app.mail.secret.key` | Key in the secret used for the mail password | String | `mail-password` | +| `app.mail.secret.update` | Enable or disable changes to the secret with the values | Boolean | `false` | +| `app.mail.django_admins` | Django admins to receive internal server error, don't enable it when not needed | String | `null` | + + ### Django | Name | Description | Type | Default Value | @@ -85,7 +85,7 @@ For additional configuration of the Groundhog2k's PostgreSQL and Redis charts, p | `app.django.cache.timeout` | Cache timeout in seconds | String | `1296000` | -#### Celery +### Celery Celery requires persistent volumes. @@ -105,7 +105,7 @@ Celery requires persistent volumes. | `celery.flower.secret.password` | Password for the webinterface | String | `randAlphaNum 50` | -### SimpleJWT +## SimpleJWT | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -115,7 +115,7 @@ Celery requires persistent volumes. | `app.jwt.refreshTokenLifetime` | Duration of the refresh token, in hours | String | `24` | -### Axes +## Axes | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -127,7 +127,7 @@ Celery requires persistent volumes. | `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"HTTP_X_FORWARDED_FOR,REMOTE_ADDR"` | -### Nginx +## Nginx | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -136,7 +136,7 @@ Celery requires persistent volumes. | `app.nginx.imagePullPolicy` | [Pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use for the image | String | `IfNotPresent` | -### Ingress +## Ingress | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -147,7 +147,7 @@ Celery requires persistent volumes. | `ingress.annotations` | Annotations to attach to the ingress | Dictionary | `{}` | -### Service +## Service | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -156,7 +156,7 @@ Celery requires persistent volumes. | `service.annotations` | Annotations to attach to the service | Dictionary | `{}` | -### Persistence +## Persistence | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -171,7 +171,7 @@ Celery requires persistent volumes. | `app.persistence.enabled` | Whether to enable persistent storage. If `false`, the options from below are ignored | Boolean | `false` | -### Application Resources +## Application Resources | Name | Description | Type | Default Value | |------|-------------|------|---------------| @@ -325,7 +325,7 @@ kubectl -n wger exec -ti $POD -c postgres -- bash pg_dumpall --clean --username wger -f /var/lib/postgresql/data/dump.sql ``` -If you however missed that, you need to know which postgres version you where running before, stop the current postgres and wger app. +If you however missed that, you need to know which postgres version you where running before. First stop the current postgres and wger app. ```bash # stop the current wger deployment diff --git a/RELEASENOTES.md b/RELEASENOTES.md index cb7ae13..d7ca760 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -1,8 +1,10 @@ -## 0.2.1 +## 0.2.2 + +* Every helm upgrade will restart the deployments ### Mail settings -* Create a secret for the mail password +* Creates a secret for the mail password * Manually created secrets can be used with: ```yaml secret: @@ -10,6 +12,12 @@ secret: key: yourkey ``` +## 0.2.1 + +* fixes #54 Database migration fails +* fix celery redis password +* update development setup + ## 0.2.0 * redis upgrade From 2ec927cec0e62a1ae8b3b75590818f92f34e14e4 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 31 Jan 2025 12:39:28 +0100 Subject: [PATCH 6/8] add mail settings --- charts/wger/templates/_helpers.tpl | 6 +---- charts/wger/templates/deployment.yaml | 36 ++++++++++++-------------- charts/wger/templates/secret-mail.yaml | 6 ++--- charts/wger/values.yaml | 19 +++++++------- example/devel.yaml | 8 ++++++ example/prod_values.yaml | 19 +++++--------- 6 files changed, 44 insertions(+), 50 deletions(-) diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 748cf07..4b11d57 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -21,13 +21,9 @@ environment: value: {{ .Values.app.mail.user | quote }} - name: FROM_EMAIL value: {{ .Values.app.mail.from_email | quote }} - - name: EMAIL_BACKEND - value: {{ .Values.app.mail.backend | default "django.core.mail.backends.console.EmailBackend" | quote }} {{- if .Values.app.mail.django_admins }} - # Set your name and email to be notified if an internal server error occurs. - # not set when not used - name: DJANGO_ADMINS - value: {{ .Values.app.mail.backend | default "SysAdmin, root@localhost" | quote }} + value: {{ .Values.app.mail.django_admins | quote }} {{- end }} {{- else }} - name: ENABLE_EMAIL diff --git a/charts/wger/templates/deployment.yaml b/charts/wger/templates/deployment.yaml index 7a6bc6b..a5e4d0b 100644 --- a/charts/wger/templates/deployment.yaml +++ b/charts/wger/templates/deployment.yaml @@ -6,12 +6,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ .Release.Name }} - {{- with .Values.app.global.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote}} - {{- end }} - {{- end }} spec: replicas: {{ .Values.app.global.replicas }} selector: @@ -21,8 +15,10 @@ spec: metadata: labels: app.kubernetes.io/name: {{ .Release.Name }}-app - {{- with .Values.app.global.annotations }} annotations: + # every helm upgrade restarts the deployment + rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.app.global.annotations }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote}} {{- end }} @@ -69,7 +65,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.app.mail.secret.name | default "mail" | quote }} - key: "mail-password" + key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }} {{- end }} # to enable redis authentication # additional settings in the values @@ -182,10 +178,10 @@ spec: name: {{ .Release.Name }}-nginx-configmap {{- end }} {{- end }} ---- {{- if .Values.celery.enabled }} # celery only works with persistence enabled {{- if or (.Values.app.persistence.enabled) (.Values.app.nginx.enabled) }} +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -193,12 +189,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ .Release.Name }} - {{- with .Values.celery.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote}} - {{- end }} - {{- end }} spec: replicas: {{ .Values.celery.replicas }} selector: @@ -208,8 +198,10 @@ spec: metadata: labels: app.kubernetes.io/name: {{ .Release.Name }}-celery - {{- with .Values.celery.annotations }} annotations: + # every helm upgrade restarts the deployment + rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.celery.annotations }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote}} {{- end }} @@ -256,7 +248,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.app.mail.secret.name | default "mail" | quote }} - key: "mail-password" + key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }} {{- end }} # to enable redis authentication # additional settings in the values @@ -332,7 +324,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.app.mail.secret.name | default "mail" | quote }} - key: "mail-password" + key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }} {{- end }} # to enable redis authentication # additional settings in the values @@ -408,6 +400,8 @@ metadata: app.kubernetes.io/name: {{ .Release.Name }} {{- with .Values.celery.annotations }} annotations: + # every helm upgrade restarts the deployment + rollme: {{ randAlphaNum 5 | quote }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote}} {{- end }} @@ -421,8 +415,10 @@ spec: metadata: labels: app.kubernetes.io/name: {{ .Release.Name }}-celery-worker - {{- with .Values.celery.annotations }} annotations: + # every helm upgrade restarts the deployment + rollme: {{ randAlphaNum 5 | quote }} + {{- with .Values.celery.annotations }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote}} {{- end }} @@ -469,7 +465,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.app.mail.secret.name | default "mail" | quote }} - key: "mail-password" + key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }} {{- end }} # to enable redis authentication # additional settings in the values diff --git a/charts/wger/templates/secret-mail.yaml b/charts/wger/templates/secret-mail.yaml index 87a960b..ea3f21c 100644 --- a/charts/wger/templates/secret-mail.yaml +++ b/charts/wger/templates/secret-mail.yaml @@ -2,12 +2,12 @@ {{- define "manipulate" -}} {{- if (lookup "v1" "Secret" .Release.Namespace .Values.app.mail.secret.name) -}} {{- if .Values.app.mail.secret.update -}} - {{- if .Values.app.mail.password -}} + {{- if .Values.app.mail.secret.password -}} doit {{- end -}} {{- end -}} {{- else -}} - {{- if .Values.app.mail.password -}} + {{- if .Values.app.mail.secret.password -}} doit {{- end -}} {{- end -}} @@ -24,6 +24,6 @@ metadata: annotations: helm.sh/resource-policy: keep data: - {{ .Values.app.mail.secret.key }}: {{ .Values.app.mail.password | b64enc | quote }} + {{ .Values.app.mail.secret.key }}: {{ .Values.app.mail.secret.password | b64enc | quote }} {{- end }} {{- end }} diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index d8918fe..10dbedb 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -76,19 +76,18 @@ app: ipwareMetaPrecedenceOrder: "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" mail: enabled: false + server: null + port: null + user: null + from_email: null + # Set your name and email to be notified if an internal server error occurs. + # don't set django_admins when not needed + django_admins: null secret: name: mail key: mail-password - # update: false - # server: mail.host.local - # port: 587 - # user: mailuser - # password: mailuser-password - - # from_email: "test@test.com" - # backend: "django.core.mail.backends.console.EmailBackend" - # don't set django_admins when not needed - # django_admins: + password: null + update: false # celery tasks # https://wger.readthedocs.io/en/latest/celery.html diff --git a/example/devel.yaml b/example/devel.yaml index 992cdac..52b29c3 100644 --- a/example/devel.yaml +++ b/example/devel.yaml @@ -8,6 +8,14 @@ # # App settings app: + mail: + enabled: true + server: mail.example.com + user: wger@example.com + from_email: "wger@example.com" + secret: + password: XXXXXXXXXXXXXXXXXXXXXXX + update: true global: replicas: 1 # image: diff --git a/example/prod_values.yaml b/example/prod_values.yaml index 2694c25..39ffe0d 100644 --- a/example/prod_values.yaml +++ b/example/prod_values.yaml @@ -20,6 +20,13 @@ app: replicas: 1 # image: # PullPolicy: IfNotPresent + mail: + enabled: true + server: mail.example.com + user: wger@example.com + from_email: "wger@example.com" + secret: + password: XXXXXXXXXXXXXXXXXXXXXXX nginx: enabled: true axes: @@ -39,18 +46,6 @@ app: static: wger-static celeryBeat: wger-celery-beat environment: - - name: ENABLE_EMAIL - value: "True" - - name: EMAIL_HOST - value: "mail.example.com" - - name: EMAIL_HOST_USER - value: "fit@example.com" - - name: EMAIL_HOST_PASSWORD - value: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - - name: FROM_EMAIL - value: "fit@example.com" - - name: DJANGO_ADMINS - value: "SysAdmin, admin@test.com" - name: GUNICORN_CMD_ARGS value: "--timeout 240 --workers 2 --worker-class gthread --threads 3 --forwarded-allow-ips * --proxy-protocol True --access-logformat='%(h)s %(l)s %({client-ip}i)s %(l)s %({x-real-ip}i)s %(l)s %({x-forwarded-for}i)s %(l)s %(t)s \"%(r)s\" %(s)s %(b)s \"%(f)s\" \"%(a)s\"' --access-logfile - --error-logfile -" From 6029f4b98fe839bca9179caa75d7c8c49f6405b6 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 31 Jan 2025 12:42:58 +0100 Subject: [PATCH 7/8] release 0.2.2 --- charts/wger/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index 31ac77d..3f41488 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.2.1 +version: 0.2.2 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes From 515d6805bed2ead8cb5b58ecfd4d9c0d2b6a63d4 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 31 Jan 2025 13:53:15 +0100 Subject: [PATCH 8/8] create mail secret when upgrading / add hooks for other secrets --- RELEASENOTES.md | 12 ++++++++---- charts/wger/templates/secret-django.yaml | 3 +++ charts/wger/templates/secret-flower.yaml | 3 +++ charts/wger/templates/secret-jwt.yaml | 3 +++ charts/wger/templates/secret-mail.yaml | 2 ++ charts/wger/templates/secret-redis.yaml | 15 ++++++++++++--- 6 files changed, 31 insertions(+), 7 deletions(-) diff --git a/RELEASENOTES.md b/RELEASENOTES.md index d7ca760..46fa4a3 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -1,15 +1,19 @@ ## 0.2.2 * Every helm upgrade will restart the deployments +* Create/Update secrets in pre-* hooks ### Mail settings -* Creates a secret for the mail password +* Values to setup the mail configuration +* Creates a new secret for the mail password * Manually created secrets can be used with: ```yaml -secret: - name: yoursecret - key: yourkey +app: + mail: + secret: + name: yoursecret + key: yourkey ``` ## 0.2.1 diff --git a/charts/wger/templates/secret-django.yaml b/charts/wger/templates/secret-django.yaml index d25df08..647a34f 100644 --- a/charts/wger/templates/secret-django.yaml +++ b/charts/wger/templates/secret-django.yaml @@ -4,6 +4,9 @@ kind: Secret metadata: name: {{ .Values.app.django.secret.name | default "django" }} namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade,pre-rollback + helm.sh/hook-weight: "-5" stringData: {{ if .Values.app.django.secret.key }} secret-key: {{ .Values.app.django.secret.key | quote }} diff --git a/charts/wger/templates/secret-flower.yaml b/charts/wger/templates/secret-flower.yaml index 7f97b60..7e4bdd4 100644 --- a/charts/wger/templates/secret-flower.yaml +++ b/charts/wger/templates/secret-flower.yaml @@ -4,6 +4,9 @@ kind: Secret metadata: name: {{ .Values.celery.flower.secret.name | default "flower" }} namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade,pre-rollback + helm.sh/hook-weight: "-5" stringData: {{ if .Values.celery.flower.secret.password }} password: {{ .Values.celery.flower.secret.password | quote }} diff --git a/charts/wger/templates/secret-jwt.yaml b/charts/wger/templates/secret-jwt.yaml index 1e1dbc3..8d4647c 100644 --- a/charts/wger/templates/secret-jwt.yaml +++ b/charts/wger/templates/secret-jwt.yaml @@ -4,6 +4,9 @@ kind: Secret metadata: name: {{ .Values.app.jwt.secret.name | default "jwt" }} namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade,pre-rollback + helm.sh/hook-weight: "-5" stringData: {{ if .Values.app.jwt.secret.key }} signing-key: {{ .Values.app.jwt.secret.key | quote }} diff --git a/charts/wger/templates/secret-mail.yaml b/charts/wger/templates/secret-mail.yaml index ea3f21c..3c69e6d 100644 --- a/charts/wger/templates/secret-mail.yaml +++ b/charts/wger/templates/secret-mail.yaml @@ -23,6 +23,8 @@ metadata: namespace: {{ .Release.Namespace }} annotations: helm.sh/resource-policy: keep + helm.sh/hook: pre-install,pre-upgrade,pre-rollback + helm.sh/hook-weight: "-5" data: {{ .Values.app.mail.secret.key }}: {{ .Values.app.mail.secret.password | b64enc | quote }} {{- end }} diff --git a/charts/wger/templates/secret-redis.yaml b/charts/wger/templates/secret-redis.yaml index ba37bc3..063e1b4 100644 --- a/charts/wger/templates/secret-redis.yaml +++ b/charts/wger/templates/secret-redis.yaml @@ -6,15 +6,24 @@ kind: Secret metadata: name: redis namespace: {{ .Release.Namespace }} + annotations: + helm.sh/resource-policy: keep + helm.sh/hook: pre-install,pre-upgrade,pre-rollback + helm.sh/hook-weight: "-5" data: - {{- if .Values.redis.auth.password }} +{{- if .Values.redis.auth.password }} redis-password: {{ .Values.redis.auth.password | b64enc | quote }} - {{ else }} +{{ else }} {{- if .Release.IsUpgrade }} + {{- if (lookup "v1" "Secret" .Release.Namespace "redis") }} redis-password: {{ index (lookup "v1" "Secret" .Release.Namespace "redis").data "redis-password" | quote }} + {{- else }} + redis-password: {{ randAlphaNum 25 | b64enc | quote }} + {{- end }} {{ else }} redis-password: {{ randAlphaNum 25 | b64enc | quote }} {{- end }} - {{- end }} +{{- end }} +--- {{- end }} {{- end }}