From 72a40c3039e2fa394965bee47f80d27a3d045584 Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Fri, 19 Apr 2024 17:01:44 +0200 Subject: [PATCH 1/7] Create sync-from-upstream.yaml Signed-off-by: Zach Stone --- .github/workflows/sync-from-upstream.yaml | 33 +++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/sync-from-upstream.yaml diff --git a/.github/workflows/sync-from-upstream.yaml b/.github/workflows/sync-from-upstream.yaml new file mode 100644 index 0000000..6bb8aa8 --- /dev/null +++ b/.github/workflows/sync-from-upstream.yaml @@ -0,0 +1,33 @@ +name: Sync from upstream + +on: + push: + branches: + - 'main' # Run at every sync + schedule: + - cron: '0 8 * * 5' # At 07:00 on every Friday + + # Allows to run this workflow manually from the Actions tab + workflow_dispatch: + +jobs: + sync-reports-server-charts-repository: + runs-on: ubuntu-latest + steps: + - name: Generate token + id: generate_token + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ steps.generate_token.outputs.token }} + - run: | + # Fetch tags from upstream repo + git fetch https://github.com/kyverno/reports-server --tags + # Remove release candidates local tags + git tag -d $(git tag -l | grep -E "\-rc|\-beta|\-dev|\-chart") + git push --tags From 841ae4d8da69cb083a8f8053954eb2c804f7eff9 Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Fri, 19 Apr 2024 17:09:00 +0200 Subject: [PATCH 2/7] Update sync-from-upstream.yaml Signed-off-by: Zach Stone --- .github/workflows/sync-from-upstream.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-from-upstream.yaml b/.github/workflows/sync-from-upstream.yaml index 6bb8aa8..ab6a934 100644 --- a/.github/workflows/sync-from-upstream.yaml +++ b/.github/workflows/sync-from-upstream.yaml @@ -29,5 +29,5 @@ jobs: # Fetch tags from upstream repo git fetch https://github.com/kyverno/reports-server --tags # Remove release candidates local tags - git tag -d $(git tag -l | grep -E "\-rc|\-beta|\-dev|\-chart") + git tag -d $(git tag -l | grep -E "\-rc|\-beta|\-dev") git push --tags From 5b03a762a456b42fe1dad3564d2c8bbd6b19f118 Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Thu, 25 Apr 2024 17:18:39 -0400 Subject: [PATCH 3/7] Allow loading Postgres config from secret Signed-off-by: Zach Stone --- charts/reports-server/templates/_helpers.tpl | 36 +++++++++++++++++++ .../reports-server/templates/deployment.yaml | 35 +++++++++++++----- charts/reports-server/values.yaml | 6 ++++ 3 files changed, 69 insertions(+), 8 deletions(-) diff --git a/charts/reports-server/templates/_helpers.tpl b/charts/reports-server/templates/_helpers.tpl index 807868a..240f606 100644 --- a/charts/reports-server/templates/_helpers.tpl +++ b/charts/reports-server/templates/_helpers.tpl @@ -60,3 +60,39 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Database config is injected into the environment, if a secret ref is set. Otherwise, Helm values are used directly. +*/}} +{{- define "reports-server.dbHost" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(PG_HOST)" }} +{{- else }} +{{- default (printf "%s-postgresql.%s" $.Release.Name $.Release.Namespace ) .Values.config.db.host }} +{{- end }} +{{- end }} + +{{- define "reports-server.dbName" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(PG_DATABASE)" }} +{{- else }} +{{- .Values.config.db.name }} +{{- end }} +{{- end }} + +{{- define "reports-server.dbUser" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(PG_USER)" }} +{{- else }} +{{- .Values.config.db.user }} +{{- end }} +{{- end }} + +{{- define "reports-server.dbPassword" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(PG_PASSWORD)" }} +{{- else }} +{{- .Values.config.db.password }} +{{- end }} +{{- end }} + diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml index 66722a2..3444f37 100644 --- a/charts/reports-server/templates/deployment.yaml +++ b/charts/reports-server/templates/deployment.yaml @@ -40,17 +40,36 @@ spec: {{- if .Values.config.debug }} - --debug {{- else }} - {{- if .Values.config.db.host }} - - --dbhost={{ .Values.config.db.host }} - {{- else }} - - --dbhost={{ $.Release.Name }}-postgresql.{{ $.Release.Namespace }} - {{- end }} - - --dbname={{ .Values.config.db.name }} - - --dbuser={{ .Values.config.db.user }} - - --dbpassword={{ .Values.config.db.password }} + - --dbhost={{ include "reports-server.dbHost" . }} + - --dbname={{ include "reports-server.dbName" . }} + - --dbuser={{ include "reports-server.dbUser" . }} + - --dbpassword={{ include "reports-server.dbPassword" . }} {{- end }} - --cert-dir=/tmp - --secure-port=4443 + {{- if .Values.config.db.secretName }} + env: + - name: PG_HOST + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.hostSecretKeyName }} + name: {{ .Values.config.db.secretName }} + - name: PG_DATABASE + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.dbNameSecretKeyName }} + name: {{ .Values.config.db.secretName }} + - name: PG_USER + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.userSecretKeyName }} + name: {{ .Values.config.db.secretName }} + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.passwordSecretKeyName }} + name: {{ .Values.config.db.secretName }} + {{- end}} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml index 0881de6..1333887 100644 --- a/charts/reports-server/values.yaml +++ b/charts/reports-server/values.yaml @@ -145,15 +145,21 @@ config: debug: false db: + # If a secret is provided, values from the secret will be used instead of those set below. + secretName: "" # -- Database host host: "" + hostSecretKeyName: "host" # -- Database name name: reportsdb + dbNameSecretKeyName: "dbname" # -- Database user user: postgres + userSecretKeyName: "username" # -- Database password password: reports + passwordSecretKeyName: "password" From 67ce28b5c2fee9e1c8b88ae519001a0def3ec176 Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Thu, 25 Apr 2024 17:31:26 -0400 Subject: [PATCH 4/7] Remove GS workflow (#1) Signed-off-by: Zach Stone --- .github/workflows/sync-from-upstream.yaml | 33 ----------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/sync-from-upstream.yaml diff --git a/.github/workflows/sync-from-upstream.yaml b/.github/workflows/sync-from-upstream.yaml deleted file mode 100644 index ab6a934..0000000 --- a/.github/workflows/sync-from-upstream.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: Sync from upstream - -on: - push: - branches: - - 'main' # Run at every sync - schedule: - - cron: '0 8 * * 5' # At 07:00 on every Friday - - # Allows to run this workflow manually from the Actions tab - workflow_dispatch: - -jobs: - sync-reports-server-charts-repository: - runs-on: ubuntu-latest - steps: - - name: Generate token - id: generate_token - uses: tibdex/github-app-token@v1 - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - - - name: Checkout - uses: actions/checkout@v3 - with: - token: ${{ steps.generate_token.outputs.token }} - - run: | - # Fetch tags from upstream repo - git fetch https://github.com/kyverno/reports-server --tags - # Remove release candidates local tags - git tag -d $(git tag -l | grep -E "\-rc|\-beta|\-dev") - git push --tags From 746dbd0a0ff362c640a28d528d6e82b7329d78eb Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Thu, 25 Apr 2024 17:42:24 -0400 Subject: [PATCH 5/7] Update README Signed-off-by: Zach Stone --- charts/reports-server/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md index 042c0f4..bc7bf5f 100644 --- a/charts/reports-server/README.md +++ b/charts/reports-server/README.md @@ -58,9 +58,14 @@ helm install reports-server --namespace reports-server --create-namespace report | service.port | int | `443` | Service port | | config.debug | bool | `false` | Enable debug (to use inmemorydatabase) | | config.db.host | string | `""` | Database host | +| config.db.hostSecretKeyName | string | `"host"` | The database host will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.name | string | `"reportsdb"` | Database name | +| config.db.dbNameSecretKeyName | string | `"dbname"` | The database name will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.user | string | `"postgres"` | Database user | +| config.db.userSecretKeyName | string | `"username"` | The database username will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.password | string | `"reports"` | Database password | +| config.db.passwordSecretKeyName | string | `"password"` | The database password will be read from this `key` in the specified Secret, when `db.secretName` is set. | +| config.db.secretName | string | `""` | If set, database connection information will be read from the Secret with this name. Overrides `db.host`, `db.name`, `db.user`, and `db.password`. | ## Source Code From 6a7f79805b37bddbd0156902542a1af02f8d8eec Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Thu, 25 Apr 2024 17:45:44 -0400 Subject: [PATCH 6/7] Use genreic "DB" instead of PG-specific references Signed-off-by: Zach Stone --- charts/reports-server/templates/_helpers.tpl | 8 ++++---- charts/reports-server/templates/deployment.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/reports-server/templates/_helpers.tpl b/charts/reports-server/templates/_helpers.tpl index 240f606..fd74989 100644 --- a/charts/reports-server/templates/_helpers.tpl +++ b/charts/reports-server/templates/_helpers.tpl @@ -66,7 +66,7 @@ Database config is injected into the environment, if a secret ref is set. Otherw */}} {{- define "reports-server.dbHost" -}} {{- if .Values.config.db.secretName }} -{{- printf "%s" "$(PG_HOST)" }} +{{- printf "%s" "$(DB_HOST)" }} {{- else }} {{- default (printf "%s-postgresql.%s" $.Release.Name $.Release.Namespace ) .Values.config.db.host }} {{- end }} @@ -74,7 +74,7 @@ Database config is injected into the environment, if a secret ref is set. Otherw {{- define "reports-server.dbName" -}} {{- if .Values.config.db.secretName }} -{{- printf "%s" "$(PG_DATABASE)" }} +{{- printf "%s" "$(DB_DATABASE)" }} {{- else }} {{- .Values.config.db.name }} {{- end }} @@ -82,7 +82,7 @@ Database config is injected into the environment, if a secret ref is set. Otherw {{- define "reports-server.dbUser" -}} {{- if .Values.config.db.secretName }} -{{- printf "%s" "$(PG_USER)" }} +{{- printf "%s" "$(DB_USER)" }} {{- else }} {{- .Values.config.db.user }} {{- end }} @@ -90,7 +90,7 @@ Database config is injected into the environment, if a secret ref is set. Otherw {{- define "reports-server.dbPassword" -}} {{- if .Values.config.db.secretName }} -{{- printf "%s" "$(PG_PASSWORD)" }} +{{- printf "%s" "$(DB_PASSWORD)" }} {{- else }} {{- .Values.config.db.password }} {{- end }} diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml index 3444f37..403df4c 100644 --- a/charts/reports-server/templates/deployment.yaml +++ b/charts/reports-server/templates/deployment.yaml @@ -49,22 +49,22 @@ spec: - --secure-port=4443 {{- if .Values.config.db.secretName }} env: - - name: PG_HOST + - name: DB_HOST valueFrom: secretKeyRef: key: {{ .Values.config.db.hostSecretKeyName }} name: {{ .Values.config.db.secretName }} - - name: PG_DATABASE + - name: DB_DATABASE valueFrom: secretKeyRef: key: {{ .Values.config.db.dbNameSecretKeyName }} name: {{ .Values.config.db.secretName }} - - name: PG_USER + - name: DB_USER valueFrom: secretKeyRef: key: {{ .Values.config.db.userSecretKeyName }} name: {{ .Values.config.db.secretName }} - - name: PG_PASSWORD + - name: DB_PASSWORD valueFrom: secretKeyRef: key: {{ .Values.config.db.passwordSecretKeyName }} From 275b1274fb6c426f85cd7ca2ca000ad43d34adb5 Mon Sep 17 00:00:00 2001 From: Zach Stone Date: Tue, 30 Apr 2024 10:17:08 -0400 Subject: [PATCH 7/7] Fix codegen-ed README Signed-off-by: Zach Stone --- charts/reports-server/README.md | 2 +- charts/reports-server/values.yaml | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md index bc7bf5f..045fa29 100644 --- a/charts/reports-server/README.md +++ b/charts/reports-server/README.md @@ -57,6 +57,7 @@ helm install reports-server --namespace reports-server --create-namespace report | service.type | string | `"ClusterIP"` | Service type | | service.port | int | `443` | Service port | | config.debug | bool | `false` | Enable debug (to use inmemorydatabase) | +| config.db.secretName | string | `""` | If set, database connection information will be read from the Secret with this name. Overrides `db.host`, `db.name`, `db.user`, and `db.password`. | | config.db.host | string | `""` | Database host | | config.db.hostSecretKeyName | string | `"host"` | The database host will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.name | string | `"reportsdb"` | Database name | @@ -65,7 +66,6 @@ helm install reports-server --namespace reports-server --create-namespace report | config.db.userSecretKeyName | string | `"username"` | The database username will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.password | string | `"reports"` | Database password | | config.db.passwordSecretKeyName | string | `"password"` | The database password will be read from this `key` in the specified Secret, when `db.secretName` is set. | -| config.db.secretName | string | `""` | If set, database connection information will be read from the Secret with this name. Overrides `db.host`, `db.name`, `db.user`, and `db.password`. | ## Source Code diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml index 1333887..811db77 100644 --- a/charts/reports-server/values.yaml +++ b/charts/reports-server/values.yaml @@ -145,21 +145,25 @@ config: debug: false db: - # If a secret is provided, values from the secret will be used instead of those set below. + # -- If set, database connection information will be read from the Secret with this name. Overrides `db.host`, `db.name`, `db.user`, and `db.password`. secretName: "" # -- Database host host: "" + # -- The database host will be read from this `key` in the specified Secret, when `db.secretName` is set. hostSecretKeyName: "host" # -- Database name name: reportsdb + # -- The database name will be read from this `key` in the specified Secret, when `db.secretName` is set. dbNameSecretKeyName: "dbname" # -- Database user user: postgres + # -- The database username will be read from this `key` in the specified Secret, when `db.secretName` is set. userSecretKeyName: "username" # -- Database password password: reports + # -- The database password will be read from this `key` in the specified Secret, when `db.secretName` is set. passwordSecretKeyName: "password"