Merge branch 'development'

docs/installation-on-digital-ocean.md

@@ -76,7 +76,7 @@ host:
 ```
 
 - update custom mysql password
-- check which containers are set, latest one currently is development (and devel for application), but be aware these are auto pushed on git updates, so it might break every know and then
+- check which containers are set, latest one currently is development (and devel for application), but be aware these are auto pushed on git updates, so it might break every now and then
 
 - Set mail server if you want login to work. By default is e-mail for now. Will move it to have a token by default
 ```

index.yaml

@@ -92,6 +92,6 @@ entries:
     digest: 4a66a0e0173365328738729bb4534776ae05ada3827ff1873af35a94828f8dfb
     name: openstad
     urls:
-    - https://amsterdam.github.io/openstad-kubernetes/k8s/helmrepo/openstad-0.2.0.tgz
-    version: 0.2.0
+    - https://amsterdam.github.io/openstad-kubernetes/k8s/helmrepo/openstad-0.2.1.tgz
+    version: 0.2.1
 generated: "2020-06-13T22:27:59.4990971Z"

k8s/openstad/Chart.yaml

@@ -1,5 +1,6 @@
 apiVersion: v1
 name: openstad
-version: 0.2.0
+version: 0.2.1
 appVersion: "1.0"
 description: This chart deploys the OpenStad Apostrophe project with optional databases.
+icon: https://openstad.org/uploads/attachments/ckf3z5imd3w4pnl3w91not6qs-favicon-2x.svg

k8s/openstad/requirements.yaml

@@ -7,7 +7,7 @@ dependencies:
 
 - name: mongodb
   version: "7.14.5"
-  repository: "https://charts.bitnami.com/bitnami"
+  repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami"
   condition: dependencies.mongodb.enabled
   image:
     ## Bitnami MongoDB registry
@@ -23,5 +23,5 @@ dependencies:
 
 - name: mysql
   version: "6.14.2"
-  repository: "https://charts.bitnami.com/bitnami"
+  repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami"
   condition: dependencies.mysql.enabled

k8s/openstad/templates/template.yaml → k8s/openstad/templates/_template.tpl

@@ -18,6 +18,9 @@
   hostname: {{ .Values.secrets.mongodb.hostname | default (printf "%s-mongodb.%s.svc.cluster.local" .Release.Name .Release.Namespace) | b64enc }}
   hostport: {{ .Values.secrets.mongodb.hostport | default 27017 | toString | b64enc }}
   database: {{ .Values.secrets.mongodb.database | default "openstad_mongodb" | b64enc }}
+  user: {{ .Values.secrets.mongodb.user | default "" | b64enc }}
+  password: {{ .Values.secrets.mongodb.password | default "" | b64enc }}
+  auth-source: {{ .Values.secrets.mongodb.authSource | default "" | b64enc }}
 {{- end }}
 
 {{- define "cookieSecret" -}}

k8s/openstad/templates/adminer/ingress.yaml

@@ -1,5 +1,5 @@
----
 {{- if .Values.adminer.ingress.enabled -}}
+---
 {{ $serviceName := include "openstad.adminer.fullname" . }}
 {{ $servicePort := .Values.adminer.service.httpPort }}
 {{ $tls := .Values.adminer.ingress.tls }}
@@ -24,7 +24,7 @@ metadata:
 
   name: {{ template "openstad.adminer.fullname" . }}
   namespace: {{ .Release.Namespace }}
-  
+
 spec:
   rules:
 {{- range $host := .Values.adminer.ingress.hosts }}
@@ -41,7 +41,7 @@ spec:
           - backend:
               serviceName: {{ $serviceName }}
               servicePort: {{ $servicePort }}
-              
+
   tls:
     - secretName: {{ .Values.adminer.ingress.tls.secretName }}
       hosts:
@@ -50,4 +50,4 @@ spec:
         - {{ $value }}
   {{- end -}}
 
-{{- end -}}
+{{- end -}}

k8s/openstad/templates/auth/deployment.yaml

@@ -80,11 +80,36 @@ spec:
               secretKeyRef:
                 name: openstad-db-credentials
                 key: hostport
+          - name: MONGO_DB_CONNECTION_STRING
+            valueFrom:
+              secretKeyRef:
+                key: auth-connection-string
+                name: mongo-secret
           - name: MONGO_DB_HOST
             valueFrom:
               secretKeyRef:
                 key: hostname
                 name: openstad-mongo-credentials
+          - name: MONGO_DB_PORT
+            valueFrom:
+              secretKeyRef:
+                key: hostport
+                name: openstad-mongo-credentials
+          - name: MONGO_DB_USER
+            valueFrom:
+              secretKeyRef:
+                key: user
+                name: openstad-mongo-credentials
+          - name: MONGO_DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: password
+                name: mongo-secret
+          - name: MONGO_DB_AUTHSOURCE
+            valueFrom:
+              secretKeyRef:
+                key: auth-source
+                name: openstad-mongo-credentials
           - name: DB_NAME
             valueFrom:
               secretKeyRef:

k8s/openstad/templates/cert-manager/clusterissuer-prod.yaml

@@ -1,5 +1,5 @@
----
 {{- if .Values.clusterIssuer.enabled -}}
+---
 apiVersion: cert-manager.io/v1alpha3
 kind: ClusterIssuer
 metadata:
@@ -17,4 +17,4 @@ spec:
     - http01:
         ingress:
           class: nginx
-{{- end -}}
+{{- end -}}

k8s/openstad/templates/cert-manager/clusterissuer-staging.yaml

@@ -1,5 +1,5 @@
----
 {{- if .Values.clusterIssuer.enabled -}}
+---
 apiVersion: cert-manager.io/v1alpha3
 kind: ClusterIssuer
 metadata:
@@ -17,4 +17,4 @@ spec:
     - http01:
         ingress:
           class: nginx
-{{- end -}}
+{{- end -}}

k8s/openstad/templates/frontend/deployment.yaml

@@ -66,6 +66,11 @@ spec:
                 secretKeyRef:
                   key: fixed_token
                   name: openstad-auth-credentials
+            - name: MONGO_DB_CONNECTION_STRING
+              valueFrom:
+                secretKeyRef:
+                  key: frontend-connection-string
+                  name: mongo-secret
             - name: MONGO_DB_HOST
               valueFrom:
                 secretKeyRef:
@@ -76,6 +81,26 @@ spec:
                 secretKeyRef:
                   key: hostname
                   name: openstad-mongo-credentials
+            - name: MONGO_DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: hostport
+                  name: openstad-mongo-credentials
+            - name: MONGO_DB_USER
+              valueFrom:
+                secretKeyRef:
+                  key: user
+                  name: openstad-mongo-credentials
+            - name: MONGO_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: mongo-secret
+            - name: MONGO_DB_AUTHSOURCE
+              valueFrom:
+                secretKeyRef:
+                  key: auth-source
+                  name: openstad-mongo-credentials
             - name: DEFAULT_DB
               valueFrom:
                 secretKeyRef:
@@ -122,7 +147,7 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: status.podIP
-{{- if and .Values.frontend.ingress.enabled ((.Values.clusterIssuer.useProdIssuer | not) or (eq (index .Values.frontend.ingress.annotations "cert-manager.io/cluster-issuer") "letsencrypt-staging")) }}
+{{- if and .Values.frontend.ingress.enabled (or (not .Values.clusterIssuer.useProdIssuer) (eq (index .Values.frontend.ingress.annotations "cert-manager.io/cluster-issuer" | default "") "letsencrypt-staging")) }}
             - name: NODE_TLS_REJECT_UNAUTHORIZED
               value: "0"
 {{- end }}

k8s/openstad/templates/secrets/mongo-secret.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mongo-secret
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+data:
+  password: {{ .Values.secrets.mongodb.password | default "" | b64enc | quote }}
+  frontend-connection-string: {{ .Values.secrets.mongodb.frontendConnectionString | default "" | b64enc | quote }}
+  auth-connection-string: {{ .Values.secrets.mongodb.authConnectionString | default "" | replace "{database}" "sessions" | b64enc | quote }}

k8s/openstad/templates/secrets/mongo.yaml

@@ -10,4 +10,5 @@ data:
   hostname: {{ .Values.secrets.mongodb.hostname | default (printf "%s-mongodb.%s.svc.cluster.local" .Release.Name .Release.Namespace) | b64enc }}
   hostport: {{ .Values.secrets.mongodb.hostport | default 27017 | toString | b64enc }}
   database: {{ .Values.secrets.mongodb.database | default "openstad_mongodb" | b64enc }}
-
+  user: {{ .Values.secrets.mongodb.user | default "" | b64enc | quote }}
+  auth-source: {{ .Values.secrets.mongodb.authSource | default "" | b64enc | quote }}

k8s/openstad/values.yaml

@@ -620,6 +620,26 @@ secrets:
     hostname:
     hostport:
     database:
+    user:
+    password:
+
+    # The authSource allows us to specify which database is associated with the given credentials.
+    # Reference: https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource
+    authSource:
+
+    # The frontendConnectionString will take priority over the above MongoDB configuration for the frontend service
+    # Use {database} in this string to allow the application to specify the correct database
+    # Reference: https://www.mongodb.com/docs/manual/reference/connection-string/
+    # Example: "mongodb://mongoadmin:mongoadmin@localhost:27017/{database}?authSource=admin"
+    frontendConnectionString:
+
+    # The authConnectionString will take priority over the above MongoDB configuration for the auth service
+    # Keep in mind that the default database for the auth environment is `sessions`
+    # If this contains the `{database}` string, this will be replaced with `sessions` before being passed into the auth service
+    # Reference: https://www.mongodb.com/docs/manual/reference/connection-string/
+    # Example: "mongodb://mongoadmin:mongoadmin@localhost:27017/sessions?authSource=admin"
+    authConnectionString:
+
   basicAuth:
     user:
     password: