diff --git a/docs/installation-on-digital-ocean.md b/docs/installation-on-digital-ocean.md index 8e6d9225..63240933 100644 --- a/docs/installation-on-digital-ocean.md +++ b/docs/installation-on-digital-ocean.md @@ -76,7 +76,7 @@ host: ``` - update custom mysql password -- check which containers are set, latest one currently is development (and devel for application), but be aware these are auto pushed on git updates, so it might break every know and then +- check which containers are set, latest one currently is development (and devel for application), but be aware these are auto pushed on git updates, so it might break every now and then - Set mail server if you want login to work. By default is e-mail for now. Will move it to have a token by default ``` diff --git a/index.yaml b/index.yaml index 149413f4..cea92666 100644 --- a/index.yaml +++ b/index.yaml @@ -92,6 +92,6 @@ entries: digest: 4a66a0e0173365328738729bb4534776ae05ada3827ff1873af35a94828f8dfb name: openstad urls: - - https://amsterdam.github.io/openstad-kubernetes/k8s/helmrepo/openstad-0.2.0.tgz - version: 0.2.0 + - https://amsterdam.github.io/openstad-kubernetes/k8s/helmrepo/openstad-0.2.1.tgz + version: 0.2.1 generated: "2020-06-13T22:27:59.4990971Z" diff --git a/k8s/helmrepo/openstad-0.2.0.tgz b/k8s/helmrepo/openstad-0.2.0.tgz deleted file mode 100644 index cfcc43b7..00000000 Binary files a/k8s/helmrepo/openstad-0.2.0.tgz and /dev/null differ diff --git a/k8s/helmrepo/openstad-0.2.1.tgz b/k8s/helmrepo/openstad-0.2.1.tgz new file mode 100644 index 00000000..bc5ea6ce Binary files /dev/null and b/k8s/helmrepo/openstad-0.2.1.tgz differ diff --git a/k8s/openstad/Chart.yaml b/k8s/openstad/Chart.yaml index 06939ca8..64f4c55c 100644 --- a/k8s/openstad/Chart.yaml +++ b/k8s/openstad/Chart.yaml @@ -1,5 +1,6 @@ apiVersion: v1 name: openstad -version: 0.2.0 +version: 0.2.1 appVersion: "1.0" description: This chart deploys the OpenStad Apostrophe project with optional databases. +icon: https://openstad.org/uploads/attachments/ckf3z5imd3w4pnl3w91not6qs-favicon-2x.svg diff --git a/k8s/openstad/requirements.yaml b/k8s/openstad/requirements.yaml index 4b1e8d93..0e7ac24f 100644 --- a/k8s/openstad/requirements.yaml +++ b/k8s/openstad/requirements.yaml @@ -7,7 +7,7 @@ dependencies: - name: mongodb version: "7.14.5" - repository: "https://charts.bitnami.com/bitnami" + repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" condition: dependencies.mongodb.enabled image: ## Bitnami MongoDB registry @@ -23,5 +23,5 @@ dependencies: - name: mysql version: "6.14.2" - repository: "https://charts.bitnami.com/bitnami" + repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" condition: dependencies.mysql.enabled diff --git a/k8s/openstad/templates/template.yaml b/k8s/openstad/templates/_template.tpl similarity index 96% rename from k8s/openstad/templates/template.yaml rename to k8s/openstad/templates/_template.tpl index 5d7e5564..ac220667 100644 --- a/k8s/openstad/templates/template.yaml +++ b/k8s/openstad/templates/_template.tpl @@ -18,6 +18,9 @@ hostname: {{ .Values.secrets.mongodb.hostname | default (printf "%s-mongodb.%s.svc.cluster.local" .Release.Name .Release.Namespace) | b64enc }} hostport: {{ .Values.secrets.mongodb.hostport | default 27017 | toString | b64enc }} database: {{ .Values.secrets.mongodb.database | default "openstad_mongodb" | b64enc }} + user: {{ .Values.secrets.mongodb.user | default "" | b64enc }} + password: {{ .Values.secrets.mongodb.password | default "" | b64enc }} + auth-source: {{ .Values.secrets.mongodb.authSource | default "" | b64enc }} {{- end }} {{- define "cookieSecret" -}} diff --git a/k8s/openstad/templates/adminer/ingress.yaml b/k8s/openstad/templates/adminer/ingress.yaml index 7d56dc2c..13f1c6a0 100644 --- a/k8s/openstad/templates/adminer/ingress.yaml +++ b/k8s/openstad/templates/adminer/ingress.yaml @@ -1,5 +1,5 @@ ---- {{- if .Values.adminer.ingress.enabled -}} +--- {{ $serviceName := include "openstad.adminer.fullname" . }} {{ $servicePort := .Values.adminer.service.httpPort }} {{ $tls := .Values.adminer.ingress.tls }} @@ -24,7 +24,7 @@ metadata: name: {{ template "openstad.adminer.fullname" . }} namespace: {{ .Release.Namespace }} - + spec: rules: {{- range $host := .Values.adminer.ingress.hosts }} @@ -41,7 +41,7 @@ spec: - backend: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - + tls: - secretName: {{ .Values.adminer.ingress.tls.secretName }} hosts: @@ -50,4 +50,4 @@ spec: - {{ $value }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/k8s/openstad/templates/auth/deployment.yaml b/k8s/openstad/templates/auth/deployment.yaml index 33724ea7..2cd5f2b1 100644 --- a/k8s/openstad/templates/auth/deployment.yaml +++ b/k8s/openstad/templates/auth/deployment.yaml @@ -80,11 +80,36 @@ spec: secretKeyRef: name: openstad-db-credentials key: hostport + - name: MONGO_DB_CONNECTION_STRING + valueFrom: + secretKeyRef: + key: auth-connection-string + name: mongo-secret - name: MONGO_DB_HOST valueFrom: secretKeyRef: key: hostname name: openstad-mongo-credentials + - name: MONGO_DB_PORT + valueFrom: + secretKeyRef: + key: hostport + name: openstad-mongo-credentials + - name: MONGO_DB_USER + valueFrom: + secretKeyRef: + key: user + name: openstad-mongo-credentials + - name: MONGO_DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mongo-secret + - name: MONGO_DB_AUTHSOURCE + valueFrom: + secretKeyRef: + key: auth-source + name: openstad-mongo-credentials - name: DB_NAME valueFrom: secretKeyRef: diff --git a/k8s/openstad/templates/cert-manager/clusterissuer-prod.yaml b/k8s/openstad/templates/cert-manager/clusterissuer-prod.yaml index f85b7cc8..dd69add8 100644 --- a/k8s/openstad/templates/cert-manager/clusterissuer-prod.yaml +++ b/k8s/openstad/templates/cert-manager/clusterissuer-prod.yaml @@ -1,5 +1,5 @@ ---- {{- if .Values.clusterIssuer.enabled -}} +--- apiVersion: cert-manager.io/v1alpha3 kind: ClusterIssuer metadata: @@ -17,4 +17,4 @@ spec: - http01: ingress: class: nginx -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/k8s/openstad/templates/cert-manager/clusterissuer-staging.yaml b/k8s/openstad/templates/cert-manager/clusterissuer-staging.yaml index b468f7ee..883117d5 100644 --- a/k8s/openstad/templates/cert-manager/clusterissuer-staging.yaml +++ b/k8s/openstad/templates/cert-manager/clusterissuer-staging.yaml @@ -1,5 +1,5 @@ ---- {{- if .Values.clusterIssuer.enabled -}} +--- apiVersion: cert-manager.io/v1alpha3 kind: ClusterIssuer metadata: @@ -17,4 +17,4 @@ spec: - http01: ingress: class: nginx -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/k8s/openstad/templates/frontend/deployment.yaml b/k8s/openstad/templates/frontend/deployment.yaml index 0eb45d82..1c149830 100644 --- a/k8s/openstad/templates/frontend/deployment.yaml +++ b/k8s/openstad/templates/frontend/deployment.yaml @@ -66,6 +66,11 @@ spec: secretKeyRef: key: fixed_token name: openstad-auth-credentials + - name: MONGO_DB_CONNECTION_STRING + valueFrom: + secretKeyRef: + key: frontend-connection-string + name: mongo-secret - name: MONGO_DB_HOST valueFrom: secretKeyRef: @@ -76,6 +81,26 @@ spec: secretKeyRef: key: hostname name: openstad-mongo-credentials + - name: MONGO_DB_PORT + valueFrom: + secretKeyRef: + key: hostport + name: openstad-mongo-credentials + - name: MONGO_DB_USER + valueFrom: + secretKeyRef: + key: user + name: openstad-mongo-credentials + - name: MONGO_DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mongo-secret + - name: MONGO_DB_AUTHSOURCE + valueFrom: + secretKeyRef: + key: auth-source + name: openstad-mongo-credentials - name: DEFAULT_DB valueFrom: secretKeyRef: @@ -122,7 +147,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP -{{- if and .Values.frontend.ingress.enabled ((.Values.clusterIssuer.useProdIssuer | not) or (eq (index .Values.frontend.ingress.annotations "cert-manager.io/cluster-issuer") "letsencrypt-staging")) }} +{{- if and .Values.frontend.ingress.enabled (or (not .Values.clusterIssuer.useProdIssuer) (eq (index .Values.frontend.ingress.annotations "cert-manager.io/cluster-issuer" | default "") "letsencrypt-staging")) }} - name: NODE_TLS_REJECT_UNAUTHORIZED value: "0" {{- end }} diff --git a/k8s/openstad/templates/secrets/mongo-secret.yaml b/k8s/openstad/templates/secrets/mongo-secret.yaml new file mode 100644 index 00000000..e4444057 --- /dev/null +++ b/k8s/openstad/templates/secrets/mongo-secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: mongo-secret + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep +data: + password: {{ .Values.secrets.mongodb.password | default "" | b64enc | quote }} + frontend-connection-string: {{ .Values.secrets.mongodb.frontendConnectionString | default "" | b64enc | quote }} + auth-connection-string: {{ .Values.secrets.mongodb.authConnectionString | default "" | replace "{database}" "sessions" | b64enc | quote }} diff --git a/k8s/openstad/templates/secrets/mongo.yaml b/k8s/openstad/templates/secrets/mongo.yaml index 537dc940..3ee6b825 100644 --- a/k8s/openstad/templates/secrets/mongo.yaml +++ b/k8s/openstad/templates/secrets/mongo.yaml @@ -10,4 +10,5 @@ data: hostname: {{ .Values.secrets.mongodb.hostname | default (printf "%s-mongodb.%s.svc.cluster.local" .Release.Name .Release.Namespace) | b64enc }} hostport: {{ .Values.secrets.mongodb.hostport | default 27017 | toString | b64enc }} database: {{ .Values.secrets.mongodb.database | default "openstad_mongodb" | b64enc }} - + user: {{ .Values.secrets.mongodb.user | default "" | b64enc | quote }} + auth-source: {{ .Values.secrets.mongodb.authSource | default "" | b64enc | quote }} diff --git a/k8s/openstad/values.yaml b/k8s/openstad/values.yaml index 8beb09ab..6f5e108c 100644 --- a/k8s/openstad/values.yaml +++ b/k8s/openstad/values.yaml @@ -620,6 +620,26 @@ secrets: hostname: hostport: database: + user: + password: + + # The authSource allows us to specify which database is associated with the given credentials. + # Reference: https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource + authSource: + + # The frontendConnectionString will take priority over the above MongoDB configuration for the frontend service + # Use {database} in this string to allow the application to specify the correct database + # Reference: https://www.mongodb.com/docs/manual/reference/connection-string/ + # Example: "mongodb://mongoadmin:mongoadmin@localhost:27017/{database}?authSource=admin" + frontendConnectionString: + + # The authConnectionString will take priority over the above MongoDB configuration for the auth service + # Keep in mind that the default database for the auth environment is `sessions` + # If this contains the `{database}` string, this will be replaced with `sessions` before being passed into the auth service + # Reference: https://www.mongodb.com/docs/manual/reference/connection-string/ + # Example: "mongodb://mongoadmin:mongoadmin@localhost:27017/sessions?authSource=admin" + authConnectionString: + basicAuth: user: password: