add secret for mail password

DEVEL.md

@@ -6,7 +6,7 @@ The following is done on a Fedora Desktop to run a minikube rootless setup. For
 
 The network namespace of the Node components has to have a non-loopback interface, which can be for example configured with slirp4netns, VPNKit, or lxc-user-nic(1).
 
-Let's install the network component `slirp4netns`
+Let's install the network component `slirp4netns`, from podman >5.0 `pasta` is used and installed as a default, it is still configurable to use `slirp4netns`, but you may not need it.
 
 ```bash
 sudo dnf install slirp4netns

README.md

@@ -5,23 +5,6 @@ Helm charts for wger deployment on Kubernetes.
 * https://wger.readthedocs.io
 
 
-## TL;DR
-
-If you know what you are doing, you can go ahead and run these commands to install wger. Otherwise, keep on reading!
-
-```bash
-helm repo add github-wger https://wger-project.github.io/helm-charts
-
-helm upgrade \
-  --install wger github-wger/wger \
-  --version 0.1.5 \
-  -n wger \
-  --create-namespace
-```
-
-This will install the chart with the defaults, stated in [values.yaml](https://github.com/wger-project/helm-charts/blob/master/charts/wger/values.yaml). 
-
-
 ## Introduction
 
 This chart bootstraps a wger deployment on a Kubernetes cluster using the Helm package manager, alongside with a PostgreSQL for a database and Redis as a caching service.
@@ -54,6 +37,8 @@ helm upgrade \
 
 First you may want to make a copy of [values.yaml](https://github.com/wger-project/helm-charts/blob/master/charts/wger/values.yaml) and modify it for your needs.
 
+There are some examples of the `values.yaml` in the [example folder](https://github.com/wger-project/helm-charts/blob/master/example/).
+
 Please see the [parameters section](#parameters).
 
 
@@ -76,6 +61,21 @@ For additional configuration of the Groundhog2k's PostgreSQL and Redis charts, p
 | `app.global.securityContext` | Pod security context | Object | see [values.yaml](charts/wger/values.yaml)	|
 
 
+### Mail
+
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| `app.mail.enabled` | Enable mail client configuration | Boolean | `false` |
+| `app.mail.server` | Mailserver | String | `null` |
+| `app.mail.port` | Mailserver Port | String | `587` |
+| `app.mail.user` | Mailserver User | String | `null` |
+| `app.mail.from_email` | From Email Address | String | `null` |
+| `app.mail.secret.name` | Name of the secret for the mail password | String | `mail` |
+| `app.mail.secret.key` | Key in the secret used for the mail password | String | `mail-password` |
+| `app.mail.secret.update` | Enable or disable changes to the secret with the values | Boolean | `false` |
+| `app.mail.django_admins` | Django admins to receive internal server error, don't enable it when not needed | String | `null` |
+
+
 ### Django
 
 | Name | Description | Type | Default Value |
@@ -85,7 +85,7 @@ For additional configuration of the Groundhog2k's PostgreSQL and Redis charts, p
 | `app.django.cache.timeout` | Cache timeout in seconds | String | `1296000` |
 
 
-#### Celery
+### Celery
 
 Celery requires persistent volumes.
 
@@ -105,7 +105,7 @@ Celery requires persistent volumes.
 | `celery.flower.secret.password` | Password for the webinterface   | String | `randAlphaNum 50` |
 
 
-### SimpleJWT
+## SimpleJWT
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -115,7 +115,7 @@ Celery requires persistent volumes.
 | `app.jwt.refreshTokenLifetime` | Duration of the refresh token, in hours | String | `24` |
 
 
-### Axes
+## Axes
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -127,7 +127,7 @@ Celery requires persistent volumes.
 | `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"HTTP_X_FORWARDED_FOR,REMOTE_ADDR"` |
 
 
-### Nginx
+## Nginx
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -136,7 +136,7 @@ Celery requires persistent volumes.
 | `app.nginx.imagePullPolicy` | [Pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use for the image | String | `IfNotPresent` |
 
 
-### Ingress
+## Ingress
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -147,7 +147,7 @@ Celery requires persistent volumes.
 | `ingress.annotations` | Annotations to attach to the ingress | Dictionary | `{}` |
 
 
-### Service
+## Service
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -156,7 +156,7 @@ Celery requires persistent volumes.
 | `service.annotations` | Annotations to attach to the service | Dictionary | `{}` |
 
 
-### Persistence
+## Persistence
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -171,7 +171,7 @@ Celery requires persistent volumes.
 | `app.persistence.enabled` | Whether to enable persistent storage. If `false`, the options from below are ignored | Boolean | `false` |
 
 
-### Application Resources
+## Application Resources
 
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
@@ -325,7 +325,7 @@ kubectl -n wger exec -ti $POD -c postgres -- bash
 pg_dumpall --clean --username wger -f /var/lib/postgresql/data/dump.sql
 ```
 
-If you however missed that, you need to know which postgres version you where running before, stop the current postgres and wger app.
+If you however missed that, you need to know which postgres version you where running before. First stop the current postgres and wger app.
 
 ```bash
 # stop the current wger deployment

RELEASENOTES.md

@@ -1,3 +1,27 @@
+## 0.2.2
+
+* Every helm upgrade will restart the deployments
+* Create/Update secrets in pre-* hooks
+
+### Mail settings
+
+* Values to setup the mail configuration
+* Creates a new secret for the mail password
+* Manually created secrets can be used with:
+```yaml
+app:
+  mail:
+    secret:
+      name: yoursecret
+      key: yourkey
+```
+
+## 0.2.1
+
+* fixes #54 Database migration fails
+* fix celery redis password
+* update development setup
+
 ## 0.2.0
 
 * redis upgrade

charts/wger/Chart.yaml

@@ -1,6 +1,6 @@
 ---
 apiVersion: v2
-version: 0.2.1
+version: 0.2.2
 appVersion: latest
 name: wger
 description: A Helm chart for Wger installation on Kubernetes

charts/wger/templates/_helpers.tpl

@@ -10,23 +10,25 @@ environment:
   - name: TIME_ZONE
     value: {{ .Values.app.timezone | default "UTC" | quote }}
   # email settings
+  {{- if .Values.app.mail.enabled }}
   - name: ENABLE_EMAIL
-    value: "False"
+    value: "True"
   - name: EMAIL_HOST
-    value: None
+    value: {{ .Values.app.mail.server | quote }}
   - name: EMAIL_PORT
-    value: "587"
+    value: {{ .Values.app.mail.port | default "587" | quote }}
   - name: EMAIL_HOST_USER
-    value: None
-  - name: EMAIL_HOST_PASSWORD
-    value: None
+    value: {{ .Values.app.mail.user | quote }}
   - name: FROM_EMAIL
-    value: "[email protected]"
-  - name: EMAIL_BACKEND
-    value: "django.core.mail.backends.console.EmailBackend"
-  # Set your name and email to be notified if an internal server error occurs.
-  #- name: DJANGO_ADMINS
-  #  value: "SysAdmin, [email protected]"
+    value: {{ .Values.app.mail.from_email | quote }}
+    {{- if .Values.app.mail.django_admins }}
+  - name: DJANGO_ADMINS
+    value: {{ .Values.app.mail.django_admins | quote }}
+    {{- end }}
+  {{- else }}
+  - name: ENABLE_EMAIL
+    value: "False"
+  {{- end }}
   # django db
   - name: DJANGO_PERFORM_MIGRATIONS
     value: "True"
@@ -61,13 +63,12 @@ environment:
   - name: CSRF_TRUSTED_ORIGINS
     value: "http://127.0.0.1,https://127.0.0.1,http://localhost,https://localhost"
   {{- end }}
-  {{- if .Values.app.nginx.enabled }}
   - name: DJANGO_DEBUG
+    {{- if .Values.app.nginx.enabled }}
     value: "False"
-  {{- else }}
-  - name: DJANGO_DEBUG
+    {{- else }}
     value: "True"
-  {{- end }}
+    {{- end }}
   - name: DJANGO_MEDIA_ROOT
     value: "/home/wger/media"
   # axes

charts/wger/templates/deployment.yaml

@@ -6,12 +6,6 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: {{ .Release.Name }}
-  {{- with .Values.app.global.annotations }}
-  annotations:
-  {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote}}
-  {{- end }}
-  {{- end }}
 spec:
   replicas: {{ .Values.app.global.replicas }}
   selector:
@@ -21,8 +15,10 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: {{ .Release.Name }}-app
-    {{- with .Values.app.global.annotations }}
       annotations:
+        # every helm upgrade restarts the deployment
+        rollme: {{ randAlphaNum 5 | quote }}
+      {{- with .Values.app.global.annotations }}
       {{- range $key, $value := . }}
         {{ $key }}: {{ $value | quote}}
       {{- end }}
@@ -64,6 +60,13 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            {{- if .Values.app.mail.enabled }}
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.app.mail.secret.name | default "mail" | quote }}
+                  key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }}
+            {{- end }}
             # to enable redis authentication
             # additional settings in the values
             # must be made, passed to the redis
@@ -175,23 +178,17 @@ spec:
             name: {{ .Release.Name }}-nginx-configmap
         {{- end }}
       {{- end }}
----
 {{- if .Values.celery.enabled }}
 # celery only works with persistence enabled
 {{- if or (.Values.app.persistence.enabled) (.Values.app.nginx.enabled) }}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Release.Name }}-celery
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: {{ .Release.Name }}
-  {{- with .Values.celery.annotations }}
-  annotations:
-  {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote}}
-  {{- end }}
-  {{- end }}
 spec:
   replicas: {{ .Values.celery.replicas }}
   selector:
@@ -201,8 +198,10 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: {{ .Release.Name }}-celery
-    {{- with .Values.celery.annotations }}
       annotations:
+        # every helm upgrade restarts the deployment
+        rollme: {{ randAlphaNum 5 | quote }}
+      {{- with .Values.celery.annotations }}
       {{- range $key, $value := . }}
         {{ $key }}: {{ $value | quote}}
       {{- end }}
@@ -244,6 +243,13 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            {{- if .Values.app.mail.enabled }}
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.app.mail.secret.name | default "mail" | quote }}
+                  key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }}
+            {{- end }}
             # to enable redis authentication
             # additional settings in the values
             # must be made, passed to the redis
@@ -313,6 +319,13 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            {{- if .Values.app.mail.enabled }}
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.app.mail.secret.name | default "mail" | quote }}
+                  key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }}
+            {{- end }}
             # to enable redis authentication
             # additional settings in the values
             # must be made, passed to the redis
@@ -387,6 +400,8 @@ metadata:
     app.kubernetes.io/name: {{ .Release.Name }}
   {{- with .Values.celery.annotations }}
   annotations:
+    # every helm upgrade restarts the deployment
+      rollme: {{ randAlphaNum 5 | quote }}
   {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote}}
   {{- end }}
@@ -400,8 +415,10 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: {{ .Release.Name }}-celery-worker
-    {{- with .Values.celery.annotations }}
       annotations:
+        # every helm upgrade restarts the deployment
+        rollme: {{ randAlphaNum 5 | quote }}
+      {{- with .Values.celery.annotations }}
       {{- range $key, $value := . }}
         {{ $key }}: {{ $value | quote}}
       {{- end }}
@@ -443,6 +460,13 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            {{- if .Values.app.mail.enabled }}
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.app.mail.secret.name | default "mail" | quote }}
+                  key: {{ .Values.app.mail.secret.key | default "mail-password" | quote }}
+            {{- end }}
             # to enable redis authentication
             # additional settings in the values
             # must be made, passed to the redis

charts/wger/templates/secret-django.yaml

@@ -4,6 +4,9 @@ kind: Secret
 metadata:
   name: {{ .Values.app.django.secret.name | default "django" }}
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade,pre-rollback
+    helm.sh/hook-weight: "-5"
 stringData:
   {{ if .Values.app.django.secret.key }}
   secret-key: {{ .Values.app.django.secret.key | quote }}

charts/wger/templates/secret-flower.yaml

@@ -4,6 +4,9 @@ kind: Secret
 metadata:
   name: {{ .Values.celery.flower.secret.name | default "flower" }}
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade,pre-rollback
+    helm.sh/hook-weight: "-5"
 stringData:
   {{ if .Values.celery.flower.secret.password }}
   password: {{ .Values.celery.flower.secret.password | quote }}