WIP ldap

docs/src/changelog.md

@@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 <!-- The line "## <square-bracket>Unreleased</square-bracket>" is replaced by the release/release.py script with the new release version and release date. -->
 
-## v5.12.0-rc.3 - 2024-05-16
+## [Unreleased]
 
 ### Deployment notes
 

docs/src/deployment.md

@@ -23,6 +23,12 @@ To deploy *Quality-time* locally, follow these steps:
 By default, the application listens on port 80. To change this, set the `PROXY_PORT` environment variable to a different port before starting the application. For example: `export PROXY_PORT=1080`.
 ```
 
+## Kubernetes
+
+The helm chart for deploying on Kubernetes does not support overriding port numbers.
+Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port.
+Instead, only the ingress should be configured.
+
 ## Configuring authentication (mandatory)
 
 You need to either configure an LDAP server to authenticate users with or configure forwarded authentication.

helm/Chart.yaml

@@ -2,7 +2,7 @@
 apiVersion: v2
 name: Quality-time
 version: 1.0.0
-appVersion: "v5.11.0"
+appVersion: "v5.12.0-rc.3"
 description: Helm chart for Quality-time, an automated quality system for software development and maintenance
 type: application
 home: https://github.com/ICTU/Quality-time

helm/templates/api_server.yaml

@@ -32,8 +32,8 @@ spec:
             - configMapRef:
                 name: {{ .Release.Name }}-shared-env
           env:
-            - name: DATABASE_URL
-              value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
+            - name: DATABASE_HOST
+              value: "{{ .Release.Name }}-{{ template "database_name" . }}"
 {{- if .Values.ldap }}
             - name: LDAP_LOOKUP_USER_DN
               value: "{{ .Values.ldap.lookupUserDN }}"

helm/templates/collector.yaml

@@ -30,8 +30,8 @@ spec:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "collector_name" . }}-env
           env:
-            - name: DATABASE_URL
-              value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
+            - name: DATABASE_HOST
+              value: "{{ .Release.Name }}-{{ template "database_name" . }}"
           resources: {}
           securityContext:
             capabilities:

helm/templates/ldap.yaml

@@ -0,0 +1,73 @@
+---
+{{- if .Values.ldap_local }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-ldap
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: ldap
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Chart.Name }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/component: ldap
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ .Chart.Name }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/component: ldap
+    spec:
+      volumes:
+        - name: {{ .Release.Name }}-ldap-ldifs
+          hostPath:
+{{/*        cannot use relative paths, but hostPath is not desirable anyway      */}}
+            path: ../docker/ldap_ldifs
+      containers:
+        - name: ldap
+          image: "bitnami/openldap:2.6.4"
+          imagePullPolicy: Always
+          env:
+            - name: LDAP_ADMIN_PASSWORD
+              value: "admin"
+            - name: LDAP_PORT_NUMBER
+              value: "389"
+            - name: LDAP_SKIP_DEFAULT_TREE
+              value: "yes"
+          resources: {}
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - mountPath: /ldifs
+              name: {{ .Release.Name }}-ldap-ldifs
+      restartPolicy: Always
+{{- end }}
+---
+{{- if .Values.ldap_local }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-ldap
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: ldap
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: ldap
+  ports:
+    - protocol: TCP
+      port: 389
+      targetPort: 389
+  sessionAffinity: None
+{{- end }}

helm/templates/notifier.yaml

@@ -30,8 +30,8 @@ spec:
             - configMapRef:
                 name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env
           env:
-            - name: DATABASE_URL
-              value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
+            - name: DATABASE_HOST
+              value: "{{ .Release.Name }}-{{ template "database_name" . }}"
           resources: {}
           securityContext:
             capabilities:

helm/templates/www.yaml

@@ -43,6 +43,8 @@ spec:
             capabilities:
               add:
                 - CHOWN
+                - SETGID
+                - SETUID
               drop:
                 - ALL
       restartPolicy: Always

helm/values.yaml

@@ -32,3 +32,11 @@ shared:
 www:
   image:
     repository: "ictu/quality-time_proxy"
+
+# ldap_local: true
+ldap:
+  lookupUserDN: "cn=admin,dc=example,dc=org"
+  lookupUserPassword: "admin"
+  rootDN: "dc=example,dc=org"
+  search: "(|(uid=$$username)(cn=$$username))"
+  url: "ldap://192.168.65.3:389"