diff --git a/.github/workflows/charts-lint.yaml b/.github/workflows/charts-lint.yaml index 9b13ebeee45..9016e73a38f 100644 --- a/.github/workflows/charts-lint.yaml +++ b/.github/workflows/charts-lint.yaml @@ -51,7 +51,7 @@ jobs: if [[ $(echo ${OUTPUT_JSON} | jq --compact-output '. | length') -gt 0 ]]; then echo "detected=true" >> "$GITHUB_OUTPUT" fi - + - name: Test and Fix Pre-Commit Issues shell: bash if: inputs.chartChangesDetected == 'true' @@ -92,6 +92,7 @@ jobs: filePath: /tmp/lint_result.txt comment_tag: lint_results mode: recreate + GITHUB_TOKEN: ${{ github.token }} - name: Lint Result if: steps.list-changed.outputs.detected == 'true' diff --git a/charts/incubator/etesync/Chart.yaml b/charts/incubator/etesync/Chart.yaml index ea8aa1bb3f5..626b0533fd1 100644 --- a/charts/incubator/etesync/Chart.yaml +++ b/charts/incubator/etesync/Chart.yaml @@ -3,15 +3,11 @@ appVersion: "0.11.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 11.1.2 - - condition: postgresql.enabled - name: postgresql - repository: https://deps.truecharts.org/ - version: 11.0.31 + version: 12.9.2 - condition: redis.enabled name: redis repository: https://deps.truecharts.org - version: 5.0.33 + version: 6.0.43 deprecated: false description: Secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes. home: https://truecharts.org/charts/incubator/etesync @@ -35,7 +31,7 @@ sources: - https://github.com/etesync - https://github.com/victor-rds/docker-etebase type: application -version: 3.0.25 +version: 4.0.0 annotations: truecharts.org/catagories: | - productivity diff --git a/charts/incubator/etesync/questions.yaml b/charts/incubator/etesync/questions.yaml index 9b07d4c9ec6..329862c219c 100644 --- a/charts/incubator/etesync/questions.yaml +++ b/charts/incubator/etesync/questions.yaml @@ -13,79 +13,73 @@ questions: # Include{containerBasic} # Include{containerAdvanced} - - variable: env - group: "App Configuration" - label: "Image Environment" - schema: - additional_attrs: true - type: dict - attrs: - - variable: ALLOWED_HOSTS - label: "ALLOWED_HOSTS" - description: "Must be a valid domain or * (* is not recommended for production)" - schema: - type: string - default: "localhost" - required: true - - variable: AUTO_SIGNUP - label: "AUTO_SIGNUP" - description: "Enable automatic signup" - schema: - type: boolean - default: false - - variable: LANGUAGE_CODE - label: "LANGUAGE_CODE" - description: "Django language code" - schema: - type: string - default: "en-us" - required: true - - variable: DEBUG - label: "DEBUG" - description: "Output additional messages from `/entrypoint.sh`. It doesn't change the output of the Etebase server." - schema: - type: boolean - default: false - - variable: SHELL_DEBUG - label: "SHELL_DEBUG" - description: "Run `/entrypoint.sh` with `set -x`" - schema: - type: boolean - default: false - - variable: DEBUG_DJANGO - label: "DEBUG_DJANGO" - description: "Enable Django debug mode (not recommended for production)" - schema: - type: boolean - default: false - - variable: secretEnv - group: "App Configuration" - label: "Image Secrets" - schema: - additional_attrs: true - type: dict - attrs: - - variable: SUPER_USER - label: "SUPER_USER" - description: "Username of the Django superuser (First Install Only)" - schema: - type: string - default: "admin" - required: true - - variable: SUPER_PASS - label: "SUPER_PASS" - description: "Password of the Django superuser (First Install Only). Will be generated if left unset." - schema: - type: string - default: "" - private: true - - variable: SUPER_EMAIL - label: "SUPER_EMAIL" - description: "Email of the Django superuser (First Install Only)" - schema: - type: string - default: "" + - variable: env + group: "App Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ALLOWED_HOSTS + label: "ALLOWED_HOSTS" + description: "Must be a valid domain or * (* is not recommended for production)" + schema: + type: string + default: "localhost" + required: true + - variable: AUTO_SIGNUP + label: "AUTO_SIGNUP" + description: "Enable automatic signup" + schema: + type: boolean + default: false + - variable: LANGUAGE_CODE + label: "LANGUAGE_CODE" + description: "Django language code" + schema: + type: string + default: "en-us" + required: true + - variable: DEBUG + label: "DEBUG" + description: "Output additional messages from `/entrypoint.sh`. It doesn't change the output of the Etebase server." + schema: + type: boolean + default: false + - variable: SHELL_DEBUG + label: "SHELL_DEBUG" + description: "Run `/entrypoint.sh` with `set -x`" + schema: + type: boolean + default: false + - variable: DEBUG_DJANGO + label: "DEBUG_DJANGO" + description: "Enable Django debug mode (not recommended for production)" + schema: + type: boolean + default: false + - variable: SUPER_USER + label: "SUPER_USER" + description: "Username of the Django superuser (First Install Only)" + schema: + type: string + default: "admin" + required: true + - variable: SUPER_PASS + label: "SUPER_PASS" + description: "Password of the Django superuser (First Install Only). Will be generated if left unset." + schema: + type: string + default: "" + private: true + - variable: SUPER_EMAIL + label: "SUPER_EMAIL" + description: "Email of the Django superuser (First Install Only)" + schema: + type: string + default: "" # Include{containerConfig} +# Include{podOptions} # Include{serviceRoot} - variable: main label: "Main Service" @@ -134,28 +128,27 @@ questions: # Include{ingressTraefik} # Include{ingressList} # Include{securityContextRoot} - - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 373 - - variable: runAsGroup - label: "runAsGroup" - description: "The groupID this App of the user running the application" - schema: - type: int - default: 373 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 373 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - - variable: fsGroup - label: "fsGroup" - description: "The group that should own ALL storage." - schema: - type: int - default: 373 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 373 # Include{resources} # Include{advanced} diff --git a/charts/incubator/etesync/templates/_secret.tpl b/charts/incubator/etesync/templates/_secret.tpl index e5481a4f895..12e7abec390 100644 --- a/charts/incubator/etesync/templates/_secret.tpl +++ b/charts/incubator/etesync/templates/_secret.tpl @@ -1,18 +1,10 @@ {{/* EteSync superuser credentials and Django SECRET_KEY */}} {{- define "etesync.secret" -}} ---- -{{- $secretName := "etesync-secret" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} +enabled: true data: - {{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }} - secret.txt: {{ index .data "secret.txt" }} + {{- with (lookup "v1" "Secret" .Release.Namespace "etesync-secret") }} + secret.txt: {{ index .data "secret.txt" | b64dec }} {{- else }} - secret.txt: {{ randAlphaNum 32 | b64enc }} + secret.txt: {{ randAlphaNum 32 }} {{- end }} - -{{- end }} +{{- end -}} diff --git a/charts/incubator/etesync/templates/common.yaml b/charts/incubator/etesync/templates/common.yaml index 13294003223..e8858854201 100644 --- a/charts/incubator/etesync/templates/common.yaml +++ b/charts/incubator/etesync/templates/common.yaml @@ -1,8 +1,11 @@ {{/* Make sure all variables are set properly */}} -{{- include "tc.common.loader.init" . }} +{{- include "tc.v1.common.loader.init" . }} -{{/* Render secret for etesync */}} -{{- include "etesync.secret" . }} +{{/* Render secrets for etesync */}} +{{- $secret := include "etesync.secret" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "etesync-secret" $secret -}} +{{- end -}} {{/* Render the templates */}} -{{ include "tc.common.loader.apply" . }} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/charts/incubator/etesync/values.yaml b/charts/incubator/etesync/values.yaml index 0f5a377a33c..06c1b11a163 100644 --- a/charts/incubator/etesync/values.yaml +++ b/charts/incubator/etesync/values.yaml @@ -3,10 +3,13 @@ image: pullPolicy: IfNotPresent tag: 0.11.0@sha256:47478da0d1b3ab18d5bfbcd4537fa80305ace94746b01c32e609c7e9e663d860 -podSecurityContext: - runAsUser: 373 - runAsGroup: 373 - fsGroup: 373 +securityContext: + container: + runAsUser: 373 + runAsGroup: 373 + readOnlyRootFilesystem: false + pod: + fsGroup: 373 # Docker image configuration docs: # https://github.com/victor-rds/docker-etebase#settings-and-customization @@ -14,50 +17,60 @@ podSecurityContext: # EteSync configuration docs: # https://github.com/etesync/server#configuration -env: - # App - SERVER: http - AUTO_UPDATE: true - ALLOWED_HOSTS: "localhost" - AUTO_SIGNUP: false - LANGUAGE_CODE: "en-us" - TIME_ZONE: "{{ .Values.TZ }}" +workload: + main: + podSpec: + containers: + main: + probes: + liveness: + type: tcp + readiness: + type: tcp + startup: + type: tcp + env: + PORT: "{{ .Values.service.main.ports.main.port }}" + # App + SERVER: http + AUTO_UPDATE: true + ALLOWED_HOSTS: "localhost" + AUTO_SIGNUP: false + LANGUAGE_CODE: "en-us" + TIME_ZONE: "{{ .Values.TZ }}" - # Debugging - DEBUG: false - SHELL_DEBUG: false - DEBUG_DJANGO: false - - # Postgres - DB_ENGINE: postgres - DATABASE_NAME: "{{ .Values.postgresql.postgresqlDatabase }}" - DATABASE_USER: "{{ .Values.postgresql.postgresqlUsername }}" - DATABASE_PASSWORD: - secretKeyRef: - name: dbcreds - key: postgresql-password - DATABASE_HOST: - secretKeyRef: - name: dbcreds - key: plainhost - DATABASE_PORT: 5432 - REDIS_URI: - secretKeyRef: - name: rediscreds - key: url - -secretEnv: - # Superuser - SUPER_USER: "admin" - SUPER_PASS: "" - SUPER_EMAIL: "" + # Debugging + DEBUG: false + SHELL_DEBUG: false + DEBUG_DJANGO: false + # Postgres + DB_ENGINE: postgres + DATABASE_NAME: "{{ .Values.cnpg.main.database }}" + DATABASE_USER: "{{ .Values.cnpg.main.user }}" + DATABASE_PASSWORD: + secretKeyRef: + name: cnpg-main-user + key: password + DATABASE_HOST: + secretKeyRef: + name: cnpg-main-urls + key: host + DATABASE_PORT: 5432 + REDIS_URI: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}' + key: url + # Superuser + SUPER_USER: "admin" + SUPER_PASS: "" + SUPER_EMAIL: "" service: main: ports: main: - protocol: HTTP - targetPort: 3735 + protocol: http port: 10254 persistence: @@ -66,23 +79,22 @@ persistence: mountPath: "/data" secret: enabled: true - type: "custom" + type: secret readOnly: true mountPath: "/data/secret.txt" subPath: "secret.txt" - volumeSpec: - secret: - secretName: "etesync-secret" + objectName: "etesync-secret" -postgresql: - enabled: true - existingSecret: "dbcreds" - postgresqlUsername: etesync - postgresqlDatabase: etesync +# Enabled postgres +cnpg: + main: + enabled: true + user: etesync + database: etesync redis: enabled: true - existingSecret: rediscreds portal: - enabled: true + open: + enabled: true