From a432893f87259a7ad15e8d5863f0bf42fe1901ec Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 1 Dec 2023 12:58:39 +0100 Subject: [PATCH 1/5] feat(helm): add pgadmin4 as component to the chart (disabled by default) Changes: - update values.yaml doc strimg and README.md - use fixed version for helm-unittest in pipeline - add pgadmin4 helm chart to local charts (due to missing feature in upstream Helm chart) - Postgresql is preconfigured in pgadmin (password needed only) --- .github/workflows/chart-verification.yml | 4 +- .../managed-identity-wallet/.helmdocsignore | 1 + charts/managed-identity-wallet/.helmignore | 2 +- charts/managed-identity-wallet/Chart.lock | 9 +- charts/managed-identity-wallet/Chart.yaml | 5 + charts/managed-identity-wallet/README.md | 12 +- .../charts/pgadmin4/Chart.yaml | 17 + .../charts/pgadmin4/README.md | 151 ++++++++ .../charts/pgadmin4/templates/NOTES.txt | 21 + .../charts/pgadmin4/templates/_helpers.tpl | 108 ++++++ .../pgadmin4/templates/auth-secret.yaml | 13 + .../charts/pgadmin4/templates/deployment.yaml | 248 ++++++++++++ .../charts/pgadmin4/templates/extra-list.yaml | 4 + .../charts/pgadmin4/templates/hpa.yaml | 40 ++ .../charts/pgadmin4/templates/ingress.yaml | 60 +++ .../pgadmin4/templates/networkpolicy.yaml | 20 + .../charts/pgadmin4/templates/pvc.yaml | 27 ++ .../server-definitions-configmap.yaml | 12 + .../templates/server-definitions-secret.yaml | 14 + .../charts/pgadmin4/templates/service.yaml | 29 ++ .../pgadmin4/templates/serviceaccount.yaml | 14 + .../templates/tests/test-connection.yaml | 35 ++ .../charts/pgadmin4/values.yaml | 361 ++++++++++++++++++ .../templates/_helpers.tpl | 6 + .../templates/pgAdmin-server-definitions.yaml | 30 ++ charts/managed-identity-wallet/values.yaml | 45 ++- dev-assets/tasks/helm.yaml | 2 +- 27 files changed, 1281 insertions(+), 9 deletions(-) create mode 100644 charts/managed-identity-wallet/.helmdocsignore create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/README.md create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/values.yaml create mode 100644 charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml index 9442c63c1..2f330ec4f 100644 --- a/.github/workflows/chart-verification.yml +++ b/.github/workflows/chart-verification.yml @@ -74,7 +74,7 @@ jobs: with: image: jnorwood/helm-docs:v1.11.3 options: -v ${{ github.workspace }}/charts:/helm-docs - run: helm-docs + run: helm-docs -i managed-identity-wallet/.helmdocsignore - name: Verify that no changes are required run: | @@ -119,7 +119,7 @@ jobs: - name: Install Helm unittest plugin run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git + helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 0.3.5 - name: Run Helm unittests run: task helm:unittest diff --git a/charts/managed-identity-wallet/.helmdocsignore b/charts/managed-identity-wallet/.helmdocsignore new file mode 100644 index 000000000..ee3892e87 --- /dev/null +++ b/charts/managed-identity-wallet/.helmdocsignore @@ -0,0 +1 @@ +charts/ diff --git a/charts/managed-identity-wallet/.helmignore b/charts/managed-identity-wallet/.helmignore index 0886f15ef..70181f49b 100644 --- a/charts/managed-identity-wallet/.helmignore +++ b/charts/managed-identity-wallet/.helmignore @@ -24,5 +24,5 @@ tests/ values-*.yaml README.md.gotmpl +.helmdocsignore ci/ -argocd/ diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock index 45fec3516..4bc218a11 100644 --- a/charts/managed-identity-wallet/Chart.lock +++ b/charts/managed-identity-wallet/Chart.lock @@ -4,9 +4,12 @@ dependencies: version: 15.1.6 - name: common repository: https://charts.bitnami.com/bitnami - version: 2.8.0 + version: 2.13.3 - name: postgresql repository: https://charts.bitnami.com/bitnami version: 11.9.13 -digest: sha256:4ec5952d86e68eb97bc393404e52e5a7371eed72d769440d1fa549c8db8b4a3b -generated: "2023-08-21T23:08:36.120845+02:00" +- name: pgadmin4 + repository: file://charts/pgadmin4 + version: 1.19.0 +digest: sha256:30c1e41f2c5f35829f68dd52ecc80005b4edf726d9e472801f6bfb834b8be512 +generated: "2023-11-22T12:12:48.461495+01:00" diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 902a93446..467caff70 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -58,3 +58,8 @@ dependencies: version: 11.9.13 repository: https://charts.bitnami.com/bitnami condition: postgresql.internal.enabled + - name: pgadmin4 + repository: file://charts/pgadmin4 # https://helm.runix.net + # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE + version: 1.19.0 + condition: pgadmin4.enabled diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 25bd5ab60..6d5de86d0 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -2,7 +2,7 @@ # managed-identity-wallet -![Version: 0.2.0-develop.4](https://img.shields.io/badge/Version-0.2.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.4](https://img.shields.io/badge/AppVersion-0.2.0--develop.4-informational?style=flat-square) +![Version: 0.2.0-develop.7](https://img.shields.io/badge/Version-0.2.0--develop.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.7](https://img.shields.io/badge/AppVersion-0.2.0--develop.7-informational?style=flat-square) Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains. @@ -77,6 +77,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | Repository | Name | Version | |------------|------|---------| +| file://charts/pgadmin4 | pgadmin4 | 1.19.0 | | https://charts.bitnami.com/bitnami | common | 2.x.x | | https://charts.bitnami.com/bitnami | keycloak | 15.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | @@ -142,6 +143,15 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12- | | nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) | | nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | +| pgadmin4.enabled | bool | `true` | Enable to deploy pgAdmin | +| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email | +| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) | +| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin | +| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers | +| pgadmin4.ingress.annotations | object | `{}` | | +| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress | +| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) | +| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) | | podAnnotations | object | `{}` | PodAnnotation configuration | | podSecurityContext | object | `{}` | PodSecurityContext | | postgresql.auth.database | string | `"miw_app"` | Postgresql database to create | diff --git a/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml b/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml new file mode 100644 index 000000000..0845449b1 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +description: pgAdmin4 is a web based administration tool for PostgreSQL database +name: pgadmin4 +version: 1.19.0 +appVersion: "7.8" +keywords: + - pgadmin + - postgres + - database + - sql +home: https://www.pgadmin.org/ +icon: https://wiki.postgresql.org/images/3/30/PostgreSQL_logo.3colors.120x120.png +sources: + - https://github.com/rowanruseler/helm-charts +maintainers: + - name: rowanruseler + email: rowanruseler@gmail.com diff --git a/charts/managed-identity-wallet/charts/pgadmin4/README.md b/charts/managed-identity-wallet/charts/pgadmin4/README.md new file mode 100644 index 000000000..ad7618f1f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/README.md @@ -0,0 +1,151 @@ +###### based on [dpage/pgadmin4] + +# pgAdmin 4 + +[pgAdmin4](https://www.pgadmin.org/) is the leading Open Source management tool for Postgres, the world’s most advanced Open Source database. pgAdmin4 is designed to meet the needs of both novice and experienced Postgres users alike, providing a powerful graphical interface that simplifies the creation, maintenance and use of database objects. + +## TL;DR; + +```console +helm repo add runix https://helm.runix.net +helm install runix/pgadmin4 +``` + +## Introduction + +This chart bootstraps a [pgAdmin4](https://www.pgadmin.org/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Install the Chart + +To install the chart with the release name `my-release`: + +```console +$ # Helm 2 +helm install --name my-release runix/pgadmin4 +$ # Helm 3 +helm install my-release runix/pgadmin4 +``` + +The command deploys pgAdmin4 on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstall the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete --purge my-release +``` + +The command removes nearly all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `replicaCount` | Number of pgadmin4 replicas | `1` | +| `image.registry` | Docker image registry | `docker.io` | +| `image.repository` | Docker image | `dpage/pgadmin4` | +| `image.tag` | Docker image tag | `""` | +| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | +| `annotations` | Deployment Annotations | `{}` | +| `priorityClassName` | Deployment priorityClassName | `""` | +| `command` | Deployment command override | `""` | +| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | +| `service.clusterIP` | Service type Cluster IP | `""` | +| `service.loadBalancerIP` | Service Load Balancer IP | `""` | +| `service.annotations` | Service Annotations | `{}` | +| `service.port` | Service port | `80` | +| `service.portName` | Name of the port on the service | `http` | +| `service.targetPort` | Internal service port | `http` | +| `service.nodePort` | Kubernetes service nodePort | `` | +| `serviceAccount.create` | Creates a ServiceAccount for the pod. | `false` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | The name of the service account. Otherwise uses the fullname. | `` | +| `serviceAccount.automountServiceAccountToken` | Opt out of API credential automounting. | `false` | +| `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` | +| `serverDefinitions.enabled` | Enables Server Definitions | `false` | +| `serverDefinitions.resourceType` | The type of resource to deploy server definitions (either `ConfigMap` or `Secret`) | `ConfigMap` | +| `serverDefinitions.servers` | Pre-configured server parameters | `{}` | +| `networkPolicy.enabled` | Enables Network Policy | `true` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.ingressClassName` | Ingress class name | `""` | +| `ingress.hosts.host` | Ingress accepted hostname | `nil` | +| `ingress.hosts.paths` | Ingress paths list | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `extraConfigmapMounts` | Additional configMap volume mounts for pgadmin4 pod | `[]` | +| `extraSecretMounts` | Additional secret volume mounts for pgadmin4 pod | `[]` | +| `extraContainers` | Sidecar containers to add to the pgadmin4 pod | `"[]"` | +| `existingSecret` | The name of an existing secret containing the pgadmin4 default password. | `""` | +| `secretKeys.pgadminPasswordKey` | Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. | `"password"` | +| `extraInitContainers` | Sidecar init containers to add to the pgadmin4 pod | `"[]"` | +| `env.email` | pgAdmin4 default email. Needed chart reinstall for apply changes | `chart@domain.com` | +| `env.password` | pgAdmin4 default password. Needed chart reinstall for apply changes | `SuperSecret` | +| `env.pgpassfile` | Path to pgpasssfile (optional). Needed chart reinstall for apply changes | `` | +| `env.enhanced_cookie_protection` | Allows pgAdmin4 to create session cookies based on IP address | `"False"` | +| `env.contextPath` | Context path for accessing pgadmin (optional) | `` | +| `envVarsFromConfigMaps` | Array of ConfigMap names to load as environment variables | `[]` | +| `envVarsFromSecrets` | Array of Secret names to load as environment variables | `[]` | +| `persistentVolume.enabled` | If true, pgAdmin4 will create a Persistent Volume Claim | `true` | +| `persistentVolume.accessMode` | Persistent Volume access Mode | `ReadWriteOnce` | +| `persistentVolume.size` | Persistent Volume size | `10Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `unset` | +| `persistentVolume.existingClaim` | Persistent Volume existing claim name | | `unset` | +| `persistentVolume.subPath` | Subdirectory of the volume to mount at | `unset` | +| `securityContext` | Custom [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 pod | `` | +| `containerSecurityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 container | `` | +| `livenessProbe` | [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `startupProbe` | [startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `readinessProbe` | [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `VolumePermissions.enabled` | Enables init container that changes volume permissions in the data directory | `false` | +| `extraDeploy` | list of extra manifests to deploy | `[]` | +| `extraInitContainers` | Init containers to launch alongside the app | `[]` | +| `containerPorts.http` | Sets http port inside pgadmin container | `80` | +| `resources` | CPU/memory resource requests/limits | `{}` | +| `autoscaling.enabled` | Enables Autoscaling | `false` | +| `autoscaling.minReplicas` | Minimum amount of Replicas | `1` | +| `autoscaling.maxReplicas` | Maximum amount of Replicas| `100` | +| `autoscaling.targetCPUUtilizationPercentage` | Target CPU Utilization in percentage | `80` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Node tolerations for pod assignment | `[]` | +| `affinity` | Node affinity for pod assignment | `{}` | +| `podAnnotations` | Annotations for pod | `{}` | +| `podLabels` | Labels for pod | `{}` | +| `namespace` | Namespace where to deploy resources | `null` | +| `init.resources` | Init container CPU/memory resource requests/limits | `{}` | +| `test.image.registry` | Docker image registry for test | `docker.io` | +| `test.image.repository` | Docker image for test | `busybox` | +| `test.image.tag` | Docker image tag for test| `latest` | +| `test.resources` | CPU/memory resource requests/limits for test | `{}` | +| `test.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for test Pod | `` | + +> The values for "extraConfigmapMounts.[].configMap" and "extraSecretMounts.[].secret" can be either a simple string +> or a template string. +> Then it will be resolved for you. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```console +$ # Helm 2 +helm install runix/pgadmin4 --name my-release \ + --set env.password=SuperSecret +$ # Helm 3 +helm install my-release runix/pgadmin4 \ + --set env.password=SuperSecret +``` + +Alternatively, a YAML file that specifies the values for the parameters can be +provided while installing the chart. For example: + +```console +$ # Helm 2 +helm install runix/pgadmin4 --name my-release -f values.yaml +$ # Helm 3 +helm install my-release runix/pgadmin4 -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/values.yaml) and look on [examples](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/). + +[dpage/pgadmin4]: https://hub.docker.com/r/dpage/pgadmin4 diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt b/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt new file mode 100644 index 000000000..67b0bdcb4 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pgadmin.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pgadmin.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pgadmin.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pgadmin.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl b/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl new file mode 100644 index 000000000..22129b2c7 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pgadmin.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pgadmin.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pgadmin.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pgadmin.labels" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/name: {{ include "pgadmin.name" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +helm.sh/chart: {{ include "pgadmin.chart" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pgadmin.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pgadmin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Generate chart secret name +*/}} +{{- define "pgadmin.secretName" -}} +{{ default (include "pgadmin.fullname" .) .Values.existingSecret }} +{{- end -}} + +{{/* +Defines a JSON file containing server definitions. This allows connection information to be pre-loaded into the instance of pgAdmin in the container. Note that server definitions are only loaded on first launch, i.e. when the configuration database is created, and not on subsequent launches using the same configuration database. +*/}} +{{- define "pgadmin.serverDefinitions" -}} +{ + "Servers": {{ .Values.serverDefinitions.servers | toJson }} +} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- if semverCompare "<1.9.0-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for network policy. +*/}} +{{- define "networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.8.0-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Create the name of the namespace +*/}} +{{- define "pgadmin.namespaceName" -}} +{{- default .Release.Namespace .Values.namespace }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml new file mode 100644 index 000000000..aecd2efac --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.existingSecret }} +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +type: Opaque +data: + password: {{ default "SuperSecret" .Values.env.password | b64enc | quote }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml new file mode 100644 index 000000000..a343ee38f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml @@ -0,0 +1,248 @@ +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: {{ template "deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +{{- if .Values.annotations }} + annotations: + {{- if .Values.annotations }} + {{- .Values.annotations | toYaml | nindent 4 }} + {{- end }} +{{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pgadmin.selectorLabels" . | nindent 6 }} +{{- if .Values.strategy }} + strategy: + {{- .Values.strategy | toYaml | nindent 4 }} +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "pgadmin.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or (not .Values.existingSecret) .Values.podAnnotations }} + annotations: + {{- if .Values.podAnnotations }} + {{- .Values.podAnnotations | toYaml | nindent 8 }} + {{- end }} + {{- if not .Values.existingSecret }} + checksum/secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum }} + {{- end }} + {{- end }} + + spec: + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ default $fullName .Values.serviceAccount.name }} + {{- end }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} + {{- if or (.Values.VolumePermissions.enabled) .Values.extraInitContainers }} + initContainers: + {{- if .Values.VolumePermissions.enabled }} + - name: init-chmod-data + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"] + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + subPath: {{ .Values.persistentVolume.subPath | default "" }} + securityContext: + runAsUser: 0 + resources: + {{- .Values.init.resources | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.extraInitContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: + {{- toYaml .Values.command | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: + {{- toYaml .Values.args | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + {{- if .Values.livenessProbe }} + livenessProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.livenessProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe }} + startupProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.startupProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe }} + readinessProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.readinessProbe | toYaml | nindent 12 }} + {{- end }} + env: + - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION + value: {{ .Values.env.enhanced_cookie_protection | quote }} + - name: PGADMIN_DEFAULT_EMAIL + value: {{ .Values.env.email }} + {{- if .Values.env.pgpassfile }} + - name: PGPASSFILE + value: {{ .Values.env.pgpassfile }} + {{- end }} + - name: PGADMIN_DEFAULT_PASSWORD + valueFrom: + secretKeyRef: + {{- if not .Values.existingSecret }} + name: {{ $fullName }} + key: password + {{- else }} + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.pgadminPasswordKey }} + {{- end }} + {{- if .Values.env.contextPath }} + - name: SCRIPT_NAME + value: {{ .Values.env.contextPath }} + {{- end }} + {{- if .Values.serverDefinitions.enabled }} + - name: PGADMIN_SERVER_JSON_FILE + value: /pgadmin4/servers.json + {{- end }} + {{- range .Values.env.variables }} + - name: {{ .name | quote }} + value: {{ .value | quote }} + {{- end }} + {{- if or .Values.envVarsFromConfigMaps .Values.envVarsFromSecrets }} + envFrom: + {{- range .Values.envVarsFromConfigMaps }} + - configMapRef: + name: {{ . | quote }} + {{- end }} + {{- range .Values.envVarsFromSecrets }} + - secretRef: + name: {{ . | quote }} + {{- end }} + {{- end }} + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + subPath: {{ .Values.persistentVolume.subPath | default "" }} + {{- if .Values.serverDefinitions.enabled }} + - name: definitions + mountPath: /pgadmin4/servers.json + subPath: servers.json + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- .Values.extraVolumeMounts | toYaml | nindent 12 }} + {{- end }} + resources: + {{- .Values.resources | toYaml | nindent 12 }} + {{- with .Values.extraContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + volumes: + - name: pgadmin-data + {{- if .Values.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ $fullName }}{{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl (.configMap) $ }} + defaultMode: {{ .defaultMode | default 256 }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl (.secret) $ }} + defaultMode: {{ .defaultMode | default 256 }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- .Values.extraVolumes | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serverDefinitions.enabled }} + - name: definitions + {{- if eq .Values.serverDefinitions.resourceType "Secret" }} + secret: + secretName: {{ $fullName }}-server-definitions + {{- else }} + configMap: + name: {{ $fullName }}-server-definitions + {{- end }} + items: + - key: servers.json + path: servers.json + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- .Values.imagePullSecrets | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: + {{- .Values.securityContext | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- .Values.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- .Values.tolerations | toYaml | nindent 8 }} + {{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml new file mode 100644 index 000000000..9ac65f9e1 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml new file mode 100644 index 000000000..1e063941f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml @@ -0,0 +1,40 @@ +{{- if .Values.autoscaling.enabled }} +{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.23-0" $kubeVersion -}} +apiVersion: autoscaling/v2 +{{- else if semverCompare ">=1.18-0" $kubeVersion -}} +apiVersion: autoscaling/v2beta2 +{{- else -}} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "pgadmin.fullname" . }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "pgadmin.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml new file mode 100644 index 000000000..ca181fdea --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pgadmin.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.19-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare "<=1.13-0" $kubeVersion -}} +apiVersion: extensions/v1beta1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" $kubeVersion) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl (.) $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl (.host) $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $kubeVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $kubeVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml new file mode 100644 index 000000000..8a12a9d36 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if .Values.networkPolicy.enabled -}} +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: {{ template "networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +spec: + policyTypes: + - Ingress + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "pgadmin.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - ports: + - port: {{ .Values.service.targetPort }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml new file mode 100644 index 000000000..c088652e9 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistentVolume.enabled (not .Values.persistentVolume.existingClaim) }} +{{- $fullName := include "pgadmin.fullname" . -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.persistentVolume.annotations }} + annotations: + {{- .Values.persistentVolume.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- .Values.persistentVolume.accessModes | toYaml | nindent 4 }} +{{- if .Values.persistentVolume.storageClass }} +{{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" +{{- end }} +{{- end }} + resources: + requests: + storage: {{ .Values.persistentVolume.size }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml new file mode 100644 index 000000000..3245d1eea --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.serverDefinitions.enabled ( ne .Values.serverDefinitions.resourceType "Secret" ) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "pgadmin.fullname" . }}-server-definitions + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +data: + servers.json: |- +{{ include "pgadmin.serverDefinitions" . | indent 4 }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml new file mode 100644 index 000000000..13768e0f8 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.existingSecret }} +{{- if and .Values.serverDefinitions.enabled ( eq .Values.serverDefinitions.resourceType "Secret" ) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pgadmin.fullname" . }}-server-definitions + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +type: Opaque +data: + servers.json: {{ include "pgadmin.serverDefinitions" . | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml new file mode 100644 index 000000000..f6399b1d8 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pgadmin.fullname" . }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.service.annotations }} + annotations: + {{- .Values.service.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP)) }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + protocol: TCP + name: {{ .Values.service.portName }} + selector: + {{- include "pgadmin.selectorLabels" . | nindent 4 }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml new file mode 100644 index 000000000..877dc9031 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if and (.Values.serviceAccount.create) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pgadmin.fullname" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{- .Values.serviceAccount.annotations | toYaml | nindent 4 }} + {{- end }} + namespace: {{ include "pgadmin.namespaceName" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml new file mode 100644 index 000000000..986cb7050 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "pgadmin.fullname" . }}-test-connection" + namespace: {{ include "pgadmin.namespaceName" . }} + labels: +{{ include "pgadmin.labels" . | indent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + securityContext: + runAsNonRoot: true + {{- if .Values.test.securityContext }} + {{- .Values.test.securityContext | toYaml | nindent 4 }} + {{- end }} + containers: + - name: wget + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" + env: + - name: PGADMIN_HOST + value: {{ include "pgadmin.fullname" . }} + - name: PGADMIN_PORT + value: "{{ .Values.service.port }}" + command: + - /bin/sh + - -ec + - | + response=$(wget -qSO - http://${PGADMIN_HOST}:${PGADMIN_PORT} 2>&1) + check=$(echo $response | grep -c '200 OK'); echo $check; if [[ $check -gt 0 ]]; then echo "Response OK"; else exit 1; fi + resources: + {{- .Values.test.resources | toYaml | nindent 8 }} + securityContext: + readOnlyRootFilesystem: true + restartPolicy: Never diff --git a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml new file mode 100644 index 000000000..4fceed5ac --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml @@ -0,0 +1,361 @@ +# Default values for pgAdmin4. + +replicaCount: 1 + +## pgAdmin4 container image +## +image: + registry: docker.io + repository: dpage/pgadmin4 + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +## Deployment annotations +annotations: {} + +## priorityClassName +priorityClassName: "" + +## Deployment entrypoint override +## Useful when there's a requirement to modify container's default: +## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example +## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206 +# command: "['/bin/sh', '-c', 'source /vault/secrets/config && ']" + +service: + type: ClusterIP + clusterIP: "" + loadBalancerIP: "" + port: 80 + targetPort: 80 + # targetPort: 4181 To be used with a proxy extraContainer + portName: http + + annotations: {} + ## Special annotations at the service level, e.g + ## this will set vnet internal IP's rather than public ip's + ## service.beta.kubernetes.io/azure-load-balancer-internal: "true" + + ## Specify the nodePort value for the service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # Opt out of API credential automounting. + # If you don't want the kubelet to automatically mount a ServiceAccount's API credentials, + # you can opt out of the default behavior + automountServiceAccountToken: false + +## Strategy used to replace old Pods by new ones +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + +## Server definitions will be loaded at launch time. This allows connection +## information to be pre-loaded into the instance of pgAdmin4 in the container. +## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html +## +serverDefinitions: + ## If true, server definitions will be created + ## + enabled: false + + ## The resource type to use for deploying server definitions. + ## Can either be ConfigMap or Secret + resourceType: ConfigMap + + servers: + # firstServer: + # Name: "Minimally Defined Server" + # Group: "Servers" + # Port: 5432 + # Username: "postgres" + # Host: "localhost" + # SSLMode: "prefer" + # MaintenanceDB: "postgres" + +networkPolicy: + enabled: true + +## Ingress +## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # ingressClassName: "" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# Additional config maps to be mounted inside a container +# Can be used to map config maps for sidecar as well +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/ssl/certs + # subPath: ca-certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + +extraSecretMounts: [] + # - name: pgpassfile + # secret: pgpassfile + # subPath: pgpassfile + # mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass" + # readOnly: true + +## Additional volumes to be mounted inside a container +## +extraVolumeMounts: [] + +## Specify additional containers in extraContainers. +## For example, to add an authentication proxy to a pgadmin4 pod. +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret. +## +existingSecret: "" +## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. +## +secretKeys: + pgadminPasswordKey: password + +## pgAdmin4 startup configuration +## Values in here get injected as environment variables +## Needed chart reinstall for apply changes +env: + # can be email or nickname + email: chart@domain.com + password: SuperSecret + # pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass + + # set context path for application (e.g. /pgadmin4/*) + # contextPath: /pgadmin4 + + ## If True, allows pgAdmin4 to create session cookies based on IP address + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html + ## + enhanced_cookie_protection: "False" + + ## Add custom environment variables that will be injected to deployment + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html + ## + variables: [] + # - name: PGADMIN_LISTEN_ADDRESS + # value: "0.0.0.0" + # - name: PGADMIN_LISTEN_PORT + # value: "8080" + +## Additional environment variables from ConfigMaps +envVarsFromConfigMaps: [] + # - array-of + # - config-map-names + +## Additional environment variables from Secrets +envVarsFromSecrets: [] + # - array-of + # - secret-names + +persistentVolume: + ## If true, pgAdmin4 will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## pgAdmin4 Persistent Volume Claim annotations + ## + annotations: {} + + ## pgAdmin4 Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + accessModes: + - ReadWriteOnce + + ## pgAdmin4 Persistent Volume Size + ## + size: 10Gi + + ## pgAdmin4 Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + # existingClaim: "" + ## Sub-directory of the PV to mount + # subPath: "" + +## Additional volumes to be added to the deployment +## +extraVolumes: [] + +## Security context to be added to pgAdmin4 pods +## +securityContext: + runAsUser: 5050 + runAsGroup: 5050 + fsGroup: 5050 + +containerSecurityContext: + enabled: false + allowPrivilegeEscalation: false + +## pgAdmin4 readiness and liveness probe initial delay and timeout +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +## +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin. +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## +VolumePermissions: + ## If true, enables an InitContainer to set permissions on /var/lib/pgadmin. + ## + enabled: false + +## @param extraDeploy list of extra manifests to deploy +## +extraDeploy: [] + +## Additional InitContainers to initialize the pod +## +extraInitContainers: | +# - name: add-folder-for-pgpass +# image: "dpage/pgadmin4:latest" +# command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"] +# volumeMounts: +# - name: pgadmin-data +# mountPath: /var/lib/pgadmin +# securityContext: +# runAsUser: 5050 + +containerPorts: + http: 80 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +## Horizontal Pod Autoscaling +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +# +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +## Node labels for pgAdmin4 pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Node tolerations for server scheduling to nodes with taints +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +## +tolerations: [] + +## Pod affinity +## +affinity: {} + +## Pod annotations +## +podAnnotations: {} + +## Pod labels +## +podLabels: {} + # key1: value1 + # key2: value2 + +# -- The name of the Namespace to deploy +# If not set, `.Release.Namespace` is used +namespace: null + +init: + ## Init container resources + ## + resources: {} + +## Define values for chart tests +test: + ## Container image for test-connection.yaml + image: + registry: docker.io + repository: busybox + tag: latest + ## Resources request/limit for test-connection Pod + resources: {} + # limits: + # cpu: 50m + # memory: 32Mi + # requests: + # cpu: 25m + # memory: 16Mi + ## Security context for test-connection Pod + securityContext: + runAsUser: 5051 + runAsGroup: 5051 + fsGroup: 5051 diff --git a/charts/managed-identity-wallet/templates/_helpers.tpl b/charts/managed-identity-wallet/templates/_helpers.tpl index 0d78c77c0..cf153767c 100644 --- a/charts/managed-identity-wallet/templates/_helpers.tpl +++ b/charts/managed-identity-wallet/templates/_helpers.tpl @@ -79,3 +79,9 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{- define "managed-identity-wallet.pgadminServerDefinitions" -}} +{ + "Servers": {{ .Values.pgadmin4.extraServerDefinitions.servers | toJson }} +} +{{- end -}} diff --git a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml new file mode 100644 index 000000000..53fd2be4f --- /dev/null +++ b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml @@ -0,0 +1,30 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +{{- if and .Values.pgadmin4.enabled .Values.pgadmin4.extraServerDefinitions.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-pgadmin4-server-definitions + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +data: + servers.json: |- +{{- include "common.tplvalues.render" (dict "value" (include "managed-identity-wallet.pgadminServerDefinitions" .) "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index b627e1961..c78e9a65b 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -41,7 +41,7 @@ secrets: {} envs: {} serviceAccount: - # -- Enable creation of ServiceAccount + # -- Enable creation of ServiceAccount create: true # -- Annotations to add to the ServiceAccount annotations: {} @@ -259,3 +259,46 @@ postgresql: resourcePolicy: "keep" # -- PVC Storage Request for the backup data volume size: "8Gi" + +# For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4. +pgadmin4: + # -- Enable to deploy pgAdmin + enabled: true + env: + # -- Preset the admin user email + email: admin@miw.com + # -- preset password (there is no auto-generated password) + password: very-secret-password + # @ignore + variables: + - name: PGADMIN_SERVER_JSON_FILE + value: /pgadmin4/servers.json + ingress: + # -- Enagle pgAdmin ingress + enabled: false + annotations: {} + # -- See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) + hosts: [] + # -- See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) + tls: [] + extraServerDefinitions: + # -- enable the predefined server for pgadmin + enabled: true + # -- See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers + servers: + # @ignore + miw-internal-postgresql: + Name: "MIW internal Postgresql DB" + Group: "Servers" + Port: 5432 + Username: "miw" + Host: "{{ .Release.Name }}-postgresql" + SSLMode: "prefer" + MaintenanceDB: "postgres" + # @ignore + extraConfigmapMounts: + - name: server-definitions + configMap: "{{ .Release.Name }}-pgadmin4-server-definitions" + subPath: servers.json + mountPath: "/pgadmin4/servers.json" + readOnly: true diff --git a/dev-assets/tasks/helm.yaml b/dev-assets/tasks/helm.yaml index dce88ee83..741515101 100644 --- a/dev-assets/tasks/helm.yaml +++ b/dev-assets/tasks/helm.yaml @@ -30,4 +30,4 @@ tasks: desc: Rebuilds the readme of the Helm chart dir: charts/managed-identity-wallet cmds: - - helm-docs . + - helm-docs -i charts/managed-identity-wallet/.helmdocsignore . From eaaca0ac285427f696784b8d090732d0f5adfc5a Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 1 Dec 2023 13:07:46 +0100 Subject: [PATCH 2/5] chore(helm): update chart README.md --- charts/managed-identity-wallet/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 6d5de86d0..a54fa2811 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -2,7 +2,7 @@ # managed-identity-wallet -![Version: 0.2.0-develop.7](https://img.shields.io/badge/Version-0.2.0--develop.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.7](https://img.shields.io/badge/AppVersion-0.2.0--develop.7-informational?style=flat-square) +![Version: 0.2.0-develop.9](https://img.shields.io/badge/Version-0.2.0--develop.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.9](https://img.shields.io/badge/AppVersion-0.2.0--develop.9-informational?style=flat-square) Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains. From aca136cfe8682dc8713c93684587ce5c18a201ea Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 5 Dec 2023 10:59:37 +0100 Subject: [PATCH 3/5] chore(helm): remove unneeded templates (and add note of this modification) --- .../charts/pgadmin4/templates/extra-list.yaml | 4 -- .../charts/pgadmin4/templates/hpa.yaml | 40 ------------------- .../pgadmin4/templates/networkpolicy.yaml | 20 ---------- .../server-definitions-configmap.yaml | 12 ------ .../templates/server-definitions-secret.yaml | 14 ------- .../templates/tests/test-connection.yaml | 35 ---------------- .../charts/pgadmin4/values.yaml | 40 ------------------- charts/managed-identity-wallet/values.yaml | 1 + 8 files changed, 1 insertion(+), 165 deletions(-) delete mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml delete mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml delete mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml delete mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml delete mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml delete mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml deleted file mode 100644 index 1e063941f..000000000 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} -{{- if semverCompare ">=1.23-0" $kubeVersion -}} -apiVersion: autoscaling/v2 -{{- else if semverCompare ">=1.18-0" $kubeVersion -}} -apiVersion: autoscaling/v2beta2 -{{- else -}} -apiVersion: autoscaling/v2beta1 -{{- end }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "pgadmin.fullname" . }} - namespace: {{ include "pgadmin.namespaceName" . }} - labels: - {{- include "pgadmin.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "pgadmin.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml deleted file mode 100644 index 8a12a9d36..000000000 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.networkPolicy.enabled -}} -{{- $fullName := include "pgadmin.fullname" . -}} -apiVersion: {{ template "networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ $fullName }} - namespace: {{ include "pgadmin.namespaceName" . }} - labels: - {{- include "pgadmin.labels" . | nindent 4 }} -spec: - policyTypes: - - Ingress - podSelector: - matchLabels: - app.kubernetes.io/name: {{ include "pgadmin.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - ports: - - port: {{ .Values.service.targetPort }} -{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml deleted file mode 100644 index 3245d1eea..000000000 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and .Values.serverDefinitions.enabled ( ne .Values.serverDefinitions.resourceType "Secret" ) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "pgadmin.fullname" . }}-server-definitions - namespace: {{ include "pgadmin.namespaceName" . }} - labels: - {{- include "pgadmin.labels" . | nindent 4 }} -data: - servers.json: |- -{{ include "pgadmin.serverDefinitions" . | indent 4 }} -{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml deleted file mode 100644 index 13768e0f8..000000000 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.existingSecret }} -{{- if and .Values.serverDefinitions.enabled ( eq .Values.serverDefinitions.resourceType "Secret" ) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pgadmin.fullname" . }}-server-definitions - namespace: {{ include "pgadmin.namespaceName" . }} - labels: - {{- include "pgadmin.labels" . | nindent 4 }} -type: Opaque -data: - servers.json: {{ include "pgadmin.serverDefinitions" . | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml deleted file mode 100644 index 986cb7050..000000000 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "pgadmin.fullname" . }}-test-connection" - namespace: {{ include "pgadmin.namespaceName" . }} - labels: -{{ include "pgadmin.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": hook-succeeded -spec: - securityContext: - runAsNonRoot: true - {{- if .Values.test.securityContext }} - {{- .Values.test.securityContext | toYaml | nindent 4 }} - {{- end }} - containers: - - name: wget - image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" - env: - - name: PGADMIN_HOST - value: {{ include "pgadmin.fullname" . }} - - name: PGADMIN_PORT - value: "{{ .Values.service.port }}" - command: - - /bin/sh - - -ec - - | - response=$(wget -qSO - http://${PGADMIN_HOST}:${PGADMIN_PORT} 2>&1) - check=$(echo $response | grep -c '200 OK'); echo $check; if [[ $check -gt 0 ]]; then echo "Response OK"; else exit 1; fi - resources: - {{- .Values.test.resources | toYaml | nindent 8 }} - securityContext: - readOnlyRootFilesystem: true - restartPolicy: Never diff --git a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml index 4fceed5ac..ed8c8d912 100644 --- a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml +++ b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml @@ -67,32 +67,6 @@ strategy: {} # maxSurge: 0 # maxUnavailable: 1 -## Server definitions will be loaded at launch time. This allows connection -## information to be pre-loaded into the instance of pgAdmin4 in the container. -## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html -## -serverDefinitions: - ## If true, server definitions will be created - ## - enabled: false - - ## The resource type to use for deploying server definitions. - ## Can either be ConfigMap or Secret - resourceType: ConfigMap - - servers: - # firstServer: - # Name: "Minimally Defined Server" - # Group: "Servers" - # Port: 5432 - # Username: "postgres" - # Host: "localhost" - # SSLMode: "prefer" - # MaintenanceDB: "postgres" - -networkPolicy: - enabled: true - ## Ingress ## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: @@ -265,10 +239,6 @@ VolumePermissions: ## enabled: false -## @param extraDeploy list of extra manifests to deploy -## -extraDeploy: [] - ## Additional InitContainers to initialize the pod ## extraInitContainers: | @@ -296,16 +266,6 @@ resources: {} # cpu: 100m # memory: 128Mi -## Horizontal Pod Autoscaling -## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -# -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - ## Node labels for pgAdmin4 pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index c78e9a65b..1658e9d6d 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -261,6 +261,7 @@ postgresql: size: "8Gi" # For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4. +# (Here we're using a stripped-down version of the pgadmin chart, to just ) pgadmin4: # -- Enable to deploy pgAdmin enabled: true From 547b4cacbf2a623379f044cb88d2078899b632a1 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 5 Dec 2023 11:08:25 +0100 Subject: [PATCH 4/5] chore(helm): remove obsolete config --- .../charts/pgadmin4/templates/deployment.yaml | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml index a343ee38f..58cdb0f24 100644 --- a/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml @@ -142,10 +142,6 @@ spec: - name: SCRIPT_NAME value: {{ .Values.env.contextPath }} {{- end }} - {{- if .Values.serverDefinitions.enabled }} - - name: PGADMIN_SERVER_JSON_FILE - value: /pgadmin4/servers.json - {{- end }} {{- range .Values.env.variables }} - name: {{ .name | quote }} value: {{ .value | quote }} @@ -165,11 +161,6 @@ spec: - name: pgadmin-data mountPath: /var/lib/pgadmin subPath: {{ .Values.persistentVolume.subPath | default "" }} - {{- if .Values.serverDefinitions.enabled }} - - name: definitions - mountPath: /pgadmin4/servers.json - subPath: servers.json - {{- end }} {{- range .Values.extraConfigmapMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} @@ -213,19 +204,6 @@ spec: {{- if .Values.extraVolumes }} {{- .Values.extraVolumes | toYaml | nindent 8 }} {{- end }} - {{- if .Values.serverDefinitions.enabled }} - - name: definitions - {{- if eq .Values.serverDefinitions.resourceType "Secret" }} - secret: - secretName: {{ $fullName }}-server-definitions - {{- else }} - configMap: - name: {{ $fullName }}-server-definitions - {{- end }} - items: - - key: servers.json - path: servers.json - {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- .Values.imagePullSecrets | toYaml | nindent 8 }} From 4ebc5403d40979958eed1586c8ad73221d2e7e17 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 6 Dec 2023 09:41:06 +0100 Subject: [PATCH 5/5] chore(helm): remove some comments and clean up README.md --- .../charts/pgadmin4/README.md | 14 -- .../charts/pgadmin4/values.yaml | 121 +----------------- 2 files changed, 1 insertion(+), 134 deletions(-) diff --git a/charts/managed-identity-wallet/charts/pgadmin4/README.md b/charts/managed-identity-wallet/charts/pgadmin4/README.md index ad7618f1f..7a3aa7b8f 100644 --- a/charts/managed-identity-wallet/charts/pgadmin4/README.md +++ b/charts/managed-identity-wallet/charts/pgadmin4/README.md @@ -65,10 +65,6 @@ The command removes nearly all the Kubernetes components associated with the cha | `serviceAccount.name` | The name of the service account. Otherwise uses the fullname. | `` | | `serviceAccount.automountServiceAccountToken` | Opt out of API credential automounting. | `false` | | `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` | -| `serverDefinitions.enabled` | Enables Server Definitions | `false` | -| `serverDefinitions.resourceType` | The type of resource to deploy server definitions (either `ConfigMap` or `Secret`) | `ConfigMap` | -| `serverDefinitions.servers` | Pre-configured server parameters | `{}` | -| `networkPolicy.enabled` | Enables Network Policy | `true` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.ingressClassName` | Ingress class name | `""` | @@ -100,14 +96,9 @@ The command removes nearly all the Kubernetes components associated with the cha | `startupProbe` | [startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | | `readinessProbe` | [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | | `VolumePermissions.enabled` | Enables init container that changes volume permissions in the data directory | `false` | -| `extraDeploy` | list of extra manifests to deploy | `[]` | | `extraInitContainers` | Init containers to launch alongside the app | `[]` | | `containerPorts.http` | Sets http port inside pgadmin container | `80` | | `resources` | CPU/memory resource requests/limits | `{}` | -| `autoscaling.enabled` | Enables Autoscaling | `false` | -| `autoscaling.minReplicas` | Minimum amount of Replicas | `1` | -| `autoscaling.maxReplicas` | Maximum amount of Replicas| `100` | -| `autoscaling.targetCPUUtilizationPercentage` | Target CPU Utilization in percentage | `80` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Node tolerations for pod assignment | `[]` | | `affinity` | Node affinity for pod assignment | `{}` | @@ -115,11 +106,6 @@ The command removes nearly all the Kubernetes components associated with the cha | `podLabels` | Labels for pod | `{}` | | `namespace` | Namespace where to deploy resources | `null` | | `init.resources` | Init container CPU/memory resource requests/limits | `{}` | -| `test.image.registry` | Docker image registry for test | `docker.io` | -| `test.image.repository` | Docker image for test | `busybox` | -| `test.image.tag` | Docker image tag for test| `latest` | -| `test.resources` | CPU/memory resource requests/limits for test | `{}` | -| `test.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for test Pod | `` | > The values for "extraConfigmapMounts.[].configMap" and "extraSecretMounts.[].secret" can be either a simple string > or a template string. diff --git a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml index ed8c8d912..d13dd3fbb 100644 --- a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml +++ b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml @@ -1,80 +1,36 @@ -# Default values for pgAdmin4. - replicaCount: 1 -## pgAdmin4 container image -## image: registry: docker.io repository: dpage/pgadmin4 - # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: IfNotPresent -## Deployment annotations annotations: {} -## priorityClassName priorityClassName: "" -## Deployment entrypoint override -## Useful when there's a requirement to modify container's default: -## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example -## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206 -# command: "['/bin/sh', '-c', 'source /vault/secrets/config && ']" - service: type: ClusterIP clusterIP: "" loadBalancerIP: "" port: 80 targetPort: 80 - # targetPort: 4181 To be used with a proxy extraContainer portName: http annotations: {} - ## Special annotations at the service level, e.g - ## this will set vnet internal IP's rather than public ip's - ## service.beta.kubernetes.io/azure-load-balancer-internal: "true" - - ## Specify the nodePort value for the service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## serviceAccount: - # Specifies whether a service account should be created create: false - # Annotations to add to the service account annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template name: "" - # Opt out of API credential automounting. - # If you don't want the kubelet to automatically mount a ServiceAccount's API credentials, - # you can opt out of the default behavior automountServiceAccountToken: false -## Strategy used to replace old Pods by new ones -## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 -## Ingress -## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: enabled: false annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # ingressClassName: "" hosts: - host: chart-example.local paths: @@ -85,8 +41,6 @@ ingress: # hosts: # - chart-example.local -# Additional config maps to be mounted inside a container -# Can be used to map config maps for sidecar as well extraConfigmapMounts: [] # - name: certs-configmap # mountPath: /etc/ssl/certs @@ -101,12 +55,8 @@ extraSecretMounts: [] # mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass" # readOnly: true -## Additional volumes to be mounted inside a container -## extraVolumeMounts: [] -## Specify additional containers in extraContainers. -## For example, to add an authentication proxy to a pgadmin4 pod. extraContainers: | # - name: proxy # image: quay.io/gambol99/keycloak-proxy:latest @@ -123,19 +73,11 @@ extraContainers: | # - name: proxy-web # containerPort: 4181 -## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret. -## existingSecret: "" -## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. -## secretKeys: pgadminPasswordKey: password -## pgAdmin4 startup configuration -## Values in here get injected as environment variables -## Needed chart reinstall for apply changes env: - # can be email or nickname email: chart@domain.com password: SuperSecret # pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass @@ -157,12 +99,10 @@ env: # - name: PGADMIN_LISTEN_PORT # value: "8080" -## Additional environment variables from ConfigMaps envVarsFromConfigMaps: [] # - array-of # - config-map-names -## Additional environment variables from Secrets envVarsFromSecrets: [] # - array-of # - secret-names @@ -199,12 +139,8 @@ persistentVolume: ## Sub-directory of the PV to mount # subPath: "" -## Additional volumes to be added to the deployment -## extraVolumes: [] -## Security context to be added to pgAdmin4 pods -## securityContext: runAsUser: 5050 runAsGroup: 5050 @@ -214,9 +150,6 @@ containerSecurityContext: enabled: false allowPrivilegeEscalation: false -## pgAdmin4 readiness and liveness probe initial delay and timeout -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -## livenessProbe: initialDelaySeconds: 30 periodSeconds: 60 @@ -231,16 +164,11 @@ readinessProbe: successThreshold: 1 failureThreshold: 3 -## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin. -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## VolumePermissions: ## If true, enables an InitContainer to set permissions on /var/lib/pgadmin. ## enabled: false -## Additional InitContainers to initialize the pod -## extraInitContainers: | # - name: add-folder-for-pgpass # image: "dpage/pgadmin4:latest" @@ -255,67 +183,20 @@ containerPorts: http: 80 resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pgAdmin4 pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## + nodeSelector: {} -## Node tolerations for server scheduling to nodes with taints -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -## tolerations: [] -## Pod affinity -## affinity: {} -## Pod annotations -## podAnnotations: {} -## Pod labels -## podLabels: {} # key1: value1 # key2: value2 -# -- The name of the Namespace to deploy -# If not set, `.Release.Namespace` is used namespace: null init: - ## Init container resources - ## - resources: {} - -## Define values for chart tests -test: - ## Container image for test-connection.yaml - image: - registry: docker.io - repository: busybox - tag: latest - ## Resources request/limit for test-connection Pod resources: {} - # limits: - # cpu: 50m - # memory: 32Mi - # requests: - # cpu: 25m - # memory: 16Mi - ## Security context for test-connection Pod - securityContext: - runAsUser: 5051 - runAsGroup: 5051 - fsGroup: 5051