From cf121064141073f1af76f4058480d2f36638c451 Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Mon, 14 Feb 2022 11:59:11 +0000 Subject: [PATCH 1/5] added support to plugin an external sql database Signed-off-by: Tom Meadows --- charts/dependency-track/Chart.yaml | 2 +- .../templates/backend/deployment.yaml | 140 ++++++++++-------- charts/dependency-track/values.yaml | 35 ++++- 3 files changed, 112 insertions(+), 65 deletions(-) diff --git a/charts/dependency-track/Chart.yaml b/charts/dependency-track/Chart.yaml index 9356dab..a1b0f70 100644 --- a/charts/dependency-track/Chart.yaml +++ b/charts/dependency-track/Chart.yaml @@ -24,7 +24,7 @@ dependencies: - name: postgresql version: ~10.10 repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled + condition: database.internal.enabled - name: common version: 1.9.x repository: https://charts.bitnami.com/bitnami diff --git a/charts/dependency-track/templates/backend/deployment.yaml b/charts/dependency-track/templates/backend/deployment.yaml index 1cc1750..05463bc 100644 --- a/charts/dependency-track/templates/backend/deployment.yaml +++ b/charts/dependency-track/templates/backend/deployment.yaml @@ -24,65 +24,89 @@ spec: initContainers: {{- toYaml . | nindent 6 }} {{- end }} containers: - - name: {{ .Chart.Name }}-apiserver - securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }} - image: {{ include "apiserver.image" . }} - imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }} - {{- with .Values.apiserver.resources }} - resources: {{ . | toYaml | nindent 10 }} - {{- end }} - env: - - name: ALPINE_DATA_DIRECTORY - value: "/data" - {{- if .Values.postgresql.enabled }} - - name: ALPINE_DATABASE_MODE - value: "external" - - name: ALPINE_DATABASE_DRIVER - value: "org.postgresql.Driver" - - name: ALPINE_DATABASE_URL - value: jdbc:postgresql://{{ .Release.Name }}-postgresql/{{ .Values.postgresql.postgresqlDatabase }} - - name: ALPINE_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-postgresql - key: postgresql-password - - name: ALPINE_DATABASE_USERNAME - value: {{ .Values.postgresql.postgresqlUsername }} - {{- end }} - {{- with .Values.apiserver.env }} - {{- toYaml . | nindent 8 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /data - - name: tmp - mountPath: /tmp - ports: - - name: api - containerPort: 8080 - protocol: TCP - {{- if .Values.apiserver.livenessProbe.enabled }} - livenessProbe: - httpGet: - port: api - path: {{ .Values.apiserver.livenessProbe.path }} - initialDelaySeconds: {{ .Values.apiserver.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.apiserver.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.apiserver.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.apiserver.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.apiserver.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.apiserver.livenessProbe.enabled }} - readinessProbe: - httpGet: - port: api - path: {{ .Values.apiserver.readinessProbe.path }} - initialDelaySeconds: {{ .Values.apiserver.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.apiserver.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.apiserver.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.apiserver.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.apiserver.readinessProbe.failureThreshold }} + - name: {{ .Chart.Name }}-apiserver + securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }} + image: {{ include "apiserver.image" . }} + imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }} + {{- with .Values.apiserver.resources }} + resources: {{ . | toYaml | nindent 12 }} + {{- end }} + env: + - name: ALPINE_DATA_DIRECTORY + value: "/data" + {{- if eq .Values.database.internal.enabled true }} + - name: ALPINE_DATABASE_MODE + value: "external" + - name: ALPINE_DATABASE_DRIVER + value: "org.postgresql.Driver" + - name: ALPINE_DATABASE_URL + value: jdbc:postgresql://{{ .Release.Name }}-postgresql/{{ .Values.database.internal.postgresql.database }} + - name: ALPINE_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgresql + key: postgresql-password + - name: ALPINE_DATABASE_USERNAME + value: {{ .Values.database.internal.postgresql.username }} + {{- else if eq .Values.database.external.enabled true }} + - name: ALPINE_DATABASE_MODE + value: {{ .Values.database.external.databaseMode}} + - name: ALPINE_DATABASE_DRIVER + value: {{ .Values.database.external.databaseDriver}} + - name: ALPINE_DATABASE_URL + value: {{ .Values.database.external.databaseURL}} + - name: ALPINE_DATABASE_USERNAME + value: {{ .Values.database.external.databaseUsername }} + - name: ALPINE_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.database.external.databaseUserPassword.secretName }} + key: {{ .Values.database.external.databaseUserPassword.secretKey }} + {{- end }} + {{- with .Values.apiserver.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data + - name: tmp + mountPath: /tmp + ports: + - name: api + containerPort: 8080 + protocol: TCP + {{- if .Values.apiserver.livenessProbe.enabled }} + livenessProbe: + httpGet: + port: api + path: {{ .Values.apiserver.livenessProbe.path }} + initialDelaySeconds: {{ .Values.apiserver.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.apiserver.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.apiserver.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.apiserver.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.apiserver.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.apiserver.livenessProbe.enabled }} + readinessProbe: + httpGet: + port: api + path: {{ .Values.apiserver.readinessProbe.path }} + initialDelaySeconds: {{ .Values.apiserver.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.apiserver.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.apiserver.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.apiserver.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.apiserver.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.apiserver.sidecarContainers }} + {{- range $name, $spec := .Values.apiserver.sidecarContainers }} + - name: {{ $name }} + {{- if kindIs "string" $spec }} + {{- tpl $spec $ | nindent 10 }} + {{- else }} + {{- toYaml $spec | nindent 10 }} + {{- end }} {{- end }} + {{- end }} {{- with .Values.apiserver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml index ce27f5c..c128f84 100644 --- a/charts/dependency-track/values.yaml +++ b/charts/dependency-track/values.yaml @@ -89,6 +89,13 @@ frontend: # -- config of the apiserver apiserver: enabled: true + # sidecarContainers - add more containers to the api-server (e.g. Google Cloud SQL Proxy) + # Key/Value where Key is the sidecar `- name: ` + # Example: + # sidecarContainers: + # cloud-sql-proxy: + # image: gcr.io/cloudsql-docker/gce-proxy:1.23.0 + sidecarContainers: {} # Max: 1 - DT is not designed for HA replicaCount: 1 image: @@ -170,9 +177,25 @@ ingress: host: chart-example.local # ingressClassName: nginx -# -- configuration of postgres -postgresql: - enabled: true - postgresqlUsername: deptrack - postgresqlPassword: deptrack - postgresqlDatabase: deptrack + # "internal" currently only supports postgres + # -- configuration of SQL database setup as a Kubernetes deployment + internal: + enabled: false + postgresql: + username: deptrack + password: deptrack + database: deptrack + + # -- configuration of database + database: + external: + enabled: false + # Please see variable definitions here https://docs.dependencytrack.org/getting-started/configuration/ + databaseMode: "external" + databaseDriver: "org.postgresql.Driver" + databaseURL: "" + databaseUsername: "" + # Store the database user password in a Kubernetes Secret + databaseUserPassword: + secretName: "" + secretKey: "" From 4e732fddd9d85818f69dd99536a7ff493c9e9518 Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Mon, 14 Feb 2022 12:10:33 +0000 Subject: [PATCH 2/5] added some comments to the values Signed-off-by: Tom Meadows --- charts/dependency-track/values.yaml | 31 ++++++++++++++--------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml index c128f84..6e0f58c 100644 --- a/charts/dependency-track/values.yaml +++ b/charts/dependency-track/values.yaml @@ -177,25 +177,24 @@ ingress: host: chart-example.local # ingressClassName: nginx - # "internal" currently only supports postgres - # -- configuration of SQL database setup as a Kubernetes deployment +# -- configuration of database +database: + # internal - deploys a PostgreSQL database to the Kubernetes cluster (currently only supports postgres) internal: enabled: false postgresql: username: deptrack password: deptrack database: deptrack - - # -- configuration of database - database: - external: - enabled: false - # Please see variable definitions here https://docs.dependencytrack.org/getting-started/configuration/ - databaseMode: "external" - databaseDriver: "org.postgresql.Driver" - databaseURL: "" - databaseUsername: "" - # Store the database user password in a Kubernetes Secret - databaseUserPassword: - secretName: "" - secretKey: "" + # Allows for configuring dependency track to use an external database + external: + enabled: false + # Please see variable definitions here https://docs.dependencytrack.org/getting-started/configuration/ + databaseMode: "external" + databaseDriver: "org.postgresql.Driver" + databaseURL: "" + databaseUsername: "" + # Store the database user password in a Kubernetes Secret + databaseUserPassword: + secretName: "" + secretKey: "" From 75512c82ad0be60ea884ada677230d11b8b87159 Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Mon, 14 Feb 2022 12:27:08 +0000 Subject: [PATCH 3/5] setting internal db as enabled by default Signed-off-by: Tom Meadows --- charts/dependency-track/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml index 6e0f58c..37702a9 100644 --- a/charts/dependency-track/values.yaml +++ b/charts/dependency-track/values.yaml @@ -181,7 +181,7 @@ ingress: database: # internal - deploys a PostgreSQL database to the Kubernetes cluster (currently only supports postgres) internal: - enabled: false + enabled: true postgresql: username: deptrack password: deptrack From 5d0a8ab4da9f02f656eccfecc9460b849c91d51d Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Thu, 24 Feb 2022 14:53:12 +0000 Subject: [PATCH 4/5] adding the ability to have the chart create kubernetes secret --- .../dependency-track/templates/backend/secret.yaml | 12 ++++++++++++ charts/dependency-track/values.yaml | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 charts/dependency-track/templates/backend/secret.yaml diff --git a/charts/dependency-track/templates/backend/secret.yaml b/charts/dependency-track/templates/backend/secret.yaml new file mode 100644 index 0000000..eff17ff --- /dev/null +++ b/charts/dependency-track/templates/backend/secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.database.external.enabled -}} +{{- if .Values.database.external.databaseUserPassword.createSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.database.external.databaseUserPassword.secretName }} + labels: {{- include "backend.labels.standard" . | nindent 4 }} +type: Opaque +data: + {{ .Values.database.external.databaseUserPassword.secretKey }}: {{ .Values.database.external.databaseUserPassword.secretValue }} +{{- end -}} +{{- end -}} diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml index 3b91d76..e4d448a 100644 --- a/charts/dependency-track/values.yaml +++ b/charts/dependency-track/values.yaml @@ -198,3 +198,6 @@ database: databaseUserPassword: secretName: "" secretKey: "" + # IT IS ADVISED THAT THIS VALUE IS NOT DECLARED AND STORED IN GIT UNENCRYPTED + secretValue: "" + createSecret: false From 6fd489e2572d4d4fb3cc87554ae563a2fd79c754 Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Thu, 24 Feb 2022 14:57:28 +0000 Subject: [PATCH 5/5] moved secret yaml as generic --- charts/dependency-track/{templates/backend => }/secret.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename charts/dependency-track/{templates/backend => }/secret.yaml (100%) diff --git a/charts/dependency-track/templates/backend/secret.yaml b/charts/dependency-track/secret.yaml similarity index 100% rename from charts/dependency-track/templates/backend/secret.yaml rename to charts/dependency-track/secret.yaml