diff --git a/docs/src/changelog.md b/docs/src/changelog.md index 7e5ddd786e..eeabcd9090 100644 --- a/docs/src/changelog.md +++ b/docs/src/changelog.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) -## v5.12.0-rc.3 - 2024-05-16 +## [Unreleased] ### Deployment notes diff --git a/docs/src/deployment.md b/docs/src/deployment.md index fc706325b0..b5b3b31811 100644 --- a/docs/src/deployment.md +++ b/docs/src/deployment.md @@ -23,6 +23,12 @@ To deploy *Quality-time* locally, follow these steps: By default, the application listens on port 80. To change this, set the `PROXY_PORT` environment variable to a different port before starting the application. For example: `export PROXY_PORT=1080`. ``` +## Kubernetes + +The helm chart for deploying on Kubernetes does not support overriding port numbers. +Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port. +Instead, only the ingress should be configured. + ## Configuring authentication (mandatory) You need to either configure an LDAP server to authenticate users with or configure forwarded authentication. diff --git a/helm/Chart.yaml b/helm/Chart.yaml index e01ebcc661..8d08d914f1 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: Quality-time version: 1.0.0 -appVersion: "v5.11.0" +appVersion: "v5.12.0-rc.3" description: Helm chart for Quality-time, an automated quality system for software development and maintenance type: application home: https://github.com/ICTU/Quality-time diff --git a/helm/templates/api_server.yaml b/helm/templates/api_server.yaml index 0716908022..f732a3bea7 100644 --- a/helm/templates/api_server.yaml +++ b/helm/templates/api_server.yaml @@ -32,8 +32,8 @@ spec: - configMapRef: name: {{ .Release.Name }}-shared-env env: - - name: DATABASE_URL - value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017" + - name: DATABASE_HOST + value: "{{ .Release.Name }}-{{ template "database_name" . }}" {{- if .Values.ldap }} - name: LDAP_LOOKUP_USER_DN value: "{{ .Values.ldap.lookupUserDN }}" diff --git a/helm/templates/collector.yaml b/helm/templates/collector.yaml index 363bc0830f..0acc8f9448 100644 --- a/helm/templates/collector.yaml +++ b/helm/templates/collector.yaml @@ -30,8 +30,8 @@ spec: - configMapRef: name: {{ .Release.Name }}-{{ template "collector_name" . }}-env env: - - name: DATABASE_URL - value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017" + - name: DATABASE_HOST + value: "{{ .Release.Name }}-{{ template "database_name" . }}" resources: {} securityContext: capabilities: diff --git a/helm/templates/ldap.yaml b/helm/templates/ldap.yaml new file mode 100644 index 0000000000..fd2b7e6664 --- /dev/null +++ b/helm/templates/ldap.yaml @@ -0,0 +1,73 @@ +--- +{{- if .Values.ldap_local }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-ldap + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: ldap +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: ldap + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: ldap + spec: + volumes: + - name: {{ .Release.Name }}-ldap-ldifs + hostPath: +{{/* cannot use relative paths, but hostPath is not desirable anyway */}} + path: ../docker/ldap_ldifs + containers: + - name: ldap + image: "bitnami/openldap:2.6.4" + imagePullPolicy: Always + env: + - name: LDAP_ADMIN_PASSWORD + value: "admin" + - name: LDAP_PORT_NUMBER + value: "389" + - name: LDAP_SKIP_DEFAULT_TREE + value: "yes" + resources: {} + securityContext: + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /ldifs + name: {{ .Release.Name }}-ldap-ldifs + restartPolicy: Always +{{- end }} +--- +{{- if .Values.ldap_local }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-ldap + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: ldap +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: ldap + ports: + - protocol: TCP + port: 389 + targetPort: 389 + sessionAffinity: None +{{- end }} \ No newline at end of file diff --git a/helm/templates/notifier.yaml b/helm/templates/notifier.yaml index 1913a01935..d02bbbf08d 100644 --- a/helm/templates/notifier.yaml +++ b/helm/templates/notifier.yaml @@ -30,8 +30,8 @@ spec: - configMapRef: name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env env: - - name: DATABASE_URL - value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017" + - name: DATABASE_HOST + value: "{{ .Release.Name }}-{{ template "database_name" . }}" resources: {} securityContext: capabilities: diff --git a/helm/templates/www.yaml b/helm/templates/www.yaml index 57eec5d64e..f3386e9fee 100644 --- a/helm/templates/www.yaml +++ b/helm/templates/www.yaml @@ -43,6 +43,8 @@ spec: capabilities: add: - CHOWN + - SETGID + - SETUID drop: - ALL restartPolicy: Always diff --git a/helm/values.yaml b/helm/values.yaml index 34f6749f95..d439bfd49a 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -32,3 +32,11 @@ shared: www: image: repository: "ictu/quality-time_proxy" + +# ldap_local: true +ldap: + lookupUserDN: "cn=admin,dc=example,dc=org" + lookupUserPassword: "admin" + rootDN: "dc=example,dc=org" + search: "(|(uid=$$username)(cn=$$username))" + url: "ldap://192.168.65.3:389"