PecanProject · computate · May 8, 2024 · Feb 28, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,43 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## 0.5.5
+
+### Fixed
+- use new repository for postgresql chart
+
+## Changed
+- upgraded postgresql to 14.5
+
+## 0.5.4
+
+### Fixed
+- back to hooks since job completion requires RBAC role
+
+## 0.5.3
+
+### Fixed
+- need to check for table before start bety application
+
+## 0.5.2
+
+### Added
+- use new check image to use PG environment variables
+- add-user and load-db are now jobs, not hooks (prevent timeout issues)
+
+## 0.5.1
+
+## Changed
+- update README to describe values
+- fix left over when initializing from URL
+- fix binami url change
+
+## 0.5.0
+
+## Added
+- initial release of the BETY helm chart.
+- build on bety 5.4.1
diff --git a/Chart.lock b/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: postgresql
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 8.9.9
-digest: sha256:526629d1646df6a72d4414adc89f3728f0e97e37a4e8ac65036c51e06361c7bb
-generated: "2022-06-22T22:35:06.775527-05:00"
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 11.9.13
+digest: sha256:f6c50d1570fe995f60d34ac2a25dcd502caa08ef5194624fe7db275aab8df10f
+generated: "2024-05-07T22:48:59.495844-05:00"
diff --git a/Chart.yaml b/Chart.yaml
@@ -34,13 +34,13 @@ sources:
 # are enabled.
 dependencies:
 - name: postgresql
-  version: ~8.9
-  repository:  https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
+  version: ~11
+  repository: oci://registry-1.docker.io/bitnamicharts
   condition: postgres.enabled
 
 annotations:
   artifacthub.io/links: |
     - name: Helm Chart
       url: https://github.com/pecanproject/bety-helm
   artifacthub.io/changes: |
-    - back to hooks since job completion requires RBAC role
+    - use new repository for postgresql chart
diff --git a/README.md b/README.md
@@ -86,6 +86,14 @@ The following table lists the configurable parameters of the Bety chart and thei
 | `betyPassword`                       | Password value for bety.password                                              | `bety`                                                  |
 | `betyDatabase`                       | Name of the database for bety.database                                        | `bety`                                                  |
 
+### OpenShift/Kubernetes parameters
+
+| Parameter                         | Description                                              | Default                        |
+|-----------------------------------|----------------------------------------------------------|--------------------------------|
+| `serviceAccount.enabled`          | Enable creation and use of a deployment service account  | false                          |
+| `serviceAccount.name`             | Add a serviceAccountName to the deployment               | ``                             |
+| `serviceAccount.annotations`      | Add annotations to the serviceAccount                    | {}                             |
+
 ### Ingress parameters
 
 | Parameter                         | Description                                              | Default                        |

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -24,6 +24,23 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create a default service account name.
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "serviceAccount.fullname" -}}
+{{- if .Values.serviceAccount.name -}}
+{{- .Values.serviceAccount.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
@@ -74,14 +91,16 @@ Environment variables for PostgreSQL
   value: {{ include "betydb.postgresqlHost" . | quote }}
 - name: PGPORT
   value: {{ include "betydb.postgresqlPort" . | quote }}
+- name: PGDATABASE
+  value: {{ .Values.postgresql.postgresqlDatabase | default "postgres" | quote }}
 - name: PGUSER
-  value: {{ .Values.postgresql.postgresqlUsername | default "postgres" | quote }}
+  value: {{ .Values.postgresql.auth.username | default "postgres" | quote }}
 - name: PGPASSWORD
   valueFrom:
     secretKeyRef:
 {{- if .Values.postgresql.enabled }}
       name: {{ .Release.Name }}-postgresql
-      key: postgresql-password
+      key: postgres-password
 {{- else }}
       name: {{ include "betydb.fullname" . }}
       key: postgresqlPassword

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -42,10 +42,6 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
             {{- include "betydb.postgresqlEnv" . | nindent 12 }}
-            - name: PGDATABASE
-              value: {{ .Values.betyDatabase | quote }}
-            - name: PG_TABLE
-              value: "sessions"
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -100,6 +96,9 @@ spec:
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.serviceAccount.enabled }}
+      serviceAccountName: {{ include "serviceAccount.fullname" . | quote }}
+      {{- end }}
     {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

diff --git a/templates/hooks/load-db.yaml b/templates/hooks/load-db.yaml
@@ -49,7 +49,7 @@ spec:
             - -m
             - ${LOCAL_SERVER}
             - -r
-            - 0
+            - '0'
             - -w
             - {{ .Values.dburl | quote }}
           {{- else }}

diff --git a/templates/secrets.yaml b/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.externalSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -11,3 +12,4 @@ data:
 {{- end }}
   betyPassword:  {{ .Values.betyPassword | b64enc | quote }}
   secretKey:  {{ .Values.secretKey | b64enc | quote }}
+{{- end }}
diff --git a/templates/serviceAccount.yaml b/templates/serviceAccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "serviceAccount.fullname" . }}
+  labels:
+    {{- include "betydb.labels" . | nindent 4 }}
+  annotations:
+  {{- with .Values.serviceAccount.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/values.yaml b/values.yaml
@@ -39,6 +39,11 @@ betyDatabase: bety
 ## changed users will not be able to login with their existing passwords.
 secretKey: thisisnotasecret
 
+## Set to true if you will be managing the `betydb` secret with external secrets. 
+## The `betydb` secret includes `betyPassword`, `postgresqlPassword`, 
+## and `secretKey`.
+externalSecret: false
+
 ## dbtag is the tag of the database to load. Normally will use latest to
 ## make sure latest tag is loaded, this might not work with an older database.
 ## set this to "" to not load the database
@@ -97,19 +102,21 @@ postgresql:
   ## postgresqlPort port to connect to postgresql
   # postgresqlPort: 5432
 
-  ## postgresqlUsername is the initial user added to the system. This is freqently the
-  ## postgres user. This user will have superuser abilities.
-  # postgresqlUsername: postgres
+  auth:
+    ## enablePostgresUser adds the postgres user This user will have superuser abilities.
+    # enablePostgresUser: true
 
-  ## postgresqlPassword the password for postgresqlUsername, if using auto generated
-  ## password make sure to save the password as described in the notes. When upgrading
-  ## you will need to provide this secret otherwise a new secret will be generated but
-  ## not saved in the database.
-  postgresqlPassword: supersecret
+    ## postgresPassword the password for postgres, if using auto generated
+    ## password make sure to save the password as described in the notes. When upgrading
+    ## you will need to provide this secret otherwise a new secret will be generated but
+    ## not saved in the database.
+    postgresPassword: supersecret
 
-  # need more space
-  persistence:
-    size: 20Gi
+  # we will only configure the primary database
+  primary:
+    # need more space
+    persistence:
+      size: 20Gi
 
 # -------------------------------------------------------------------------------
 
@@ -169,6 +176,21 @@ resources: {}
 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
 nodeSelector: {}
 
+serviceAccount:
+
+  # Specifies whether a service account should be added to the deployment
+  enabled: false
+
+  # Specifies whether a service account should be created
+  create: false
+
+  # Annotations to add to the service account
+  annotations: {}
+
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
 ## Tolerations
 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: []
-Original file line number
+Diff line change
@@ Expand Up / @@ -49,7 +49,7 @@ spec: @@
                 - -m
                 - ${LOCAL_SERVER}
                 - -r
-                - 0
+                - '0'
                 - -w
                 - {{ .Values.dburl | quote }}
               {{- else }}
@@ Expand Down @@