Add Helm configMap to update application configuration (#10157)

Dockerfile

@@ -64,7 +64,10 @@ COPY ./app/rts/package.json ./app/rts/dist/* rts/
 COPY ./app/rts/node_modules rts/node_modules
 
 # Nginx & MongoDB config template - Configuration layer
-COPY ./deploy/docker/templates/nginx/* ./deploy/docker/templates/mongo-init.js.sh ./deploy/docker/templates/docker.env.sh templates/
+COPY ./deploy/docker/templates/nginx/* \
+  ./deploy/docker/templates/mongo-init.js.sh\
+  ./deploy/docker/templates/docker.env.sh \
+  templates/
 
 # Add bootstrapfile
 COPY ./deploy/docker/entrypoint.sh ./deploy/docker/scripts/* ./

deploy/docker/entrypoint.sh

@@ -2,6 +2,67 @@
 
 set -e
 
+init_env_file() {
+  CONF_PATH="/appsmith-stacks/configuration"
+  ENV_PATH="$CONF_PATH/docker.env"
+  TEMPLATES_PATH="/opt/appsmith/templates"
+  echo "Initialize .env file"
+  if ! [[ -e "$ENV_PATH" ]]; then
+    # Generate new docker.env file when initializing container for first time or in Heroku which does not have persistent volume
+    echo "Generating default configuration file"
+    mkdir -p "$CONF_PATH"
+    AUTO_GEN_MONGO_PASSWORD=$(
+      tr -dc A-Za-z0-9 </dev/urandom | head -c 13
+      echo ''
+    )
+    AUTO_GEN_ENCRYPTION_PASSWORD=$(
+      tr -dc A-Za-z0-9 </dev/urandom | head -c 13
+      echo ''
+    )
+    AUTO_GEN_ENCRYPTION_SALT=$(
+      tr -dc A-Za-z0-9 </dev/urandom | head -c 13
+      echo ''
+    )
+    bash "$TEMPLATES_PATH/docker.env.sh" "$AUTO_GEN_MONGO_PASSWORD" "$AUTO_GEN_ENCRYPTION_PASSWORD" "$AUTO_GEN_ENCRYPTION_SALT" > "$ENV_PATH"
+  fi
+
+  printenv | grep -E '^APPSMITH_|^MONGO_' > "$TEMPLATES_PATH/pre-define.env"
+
+  echo 'Load environment configuration'
+  set -o allexport
+  . "$ENV_PATH"
+  . "$TEMPLATES_PATH/pre-define.env"
+  set +o allexport
+}
+
+unset_unused_variables() {
+  # Check for enviroment vairalbes
+  echo 'Checking environment configuration'
+  if [[ -z "${APPSMITH_MAIL_ENABLED}" ]]; then
+    unset APPSMITH_MAIL_ENABLED # If this field is empty is might cause application crash
+  fi
+
+  if [[ -z "${APPSMITH_OAUTH2_GITHUB_CLIENT_ID}" ]] || [[ -z "${APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET}" ]]; then
+    unset APPSMITH_OAUTH2_GITHUB_CLIENT_ID # If this field is empty is might cause application crash
+    unset APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET
+  fi
+
+  if [[ -z "${APPSMITH_OAUTH2_GOOGLE_CLIENT_ID}" ]] || [[ -z "${APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET}" ]]; then
+    unset APPSMITH_OAUTH2_GOOGLE_CLIENT_ID # If this field is empty is might cause application crash
+    unset APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET
+  fi
+
+  if [[ -z "${APPSMITH_GOOGLE_MAPS_API_KEY}" ]]; then
+    unset APPSMITH_GOOGLE_MAPS_API_KEY
+  fi
+
+  if [[ -z "${APPSMITH_RECAPTCHA_SITE_KEY}" ]] || [[ -z "${APPSMITH_RECAPTCHA_SECRET_KEY}" ]] || [[ -z "${APPSMITH_RECAPTCHA_ENABLED}" ]]; then
+    unset APPSMITH_RECAPTCHA_SITE_KEY # If this field is empty is might cause application crash
+    unset APPSMITH_RECAPTCHA_SECRET_KEY
+    unset APPSMITH_RECAPTCHA_ENABLED
+  fi
+}
+
 check_initialized_db() {
   echo 'Check initialized database'
   shouldPerformInitdb=1
@@ -88,62 +149,9 @@ configure_supervisord() {
   fi
 }
 
-echo 'Checking configuration file'
-CONF_PATH="/appsmith-stacks/configuration"
-ENV_PATH="$CONF_PATH/docker.env"
-if ! [[ -e "$ENV_PATH" ]]; then
-  echo "Generating default configuration file"
-  mkdir -p "$CONF_PATH"
-  AUTO_GEN_MONGO_PASSWORD=$(
-    tr -dc A-Za-z0-9 </dev/urandom | head -c 13
-    echo ''
-  )
-  AUTO_GEN_ENCRYPTION_PASSWORD=$(
-    tr -dc A-Za-z0-9 </dev/urandom | head -c 13
-    echo ''
-  )
-  AUTO_GEN_ENCRYPTION_SALT=$(
-    tr -dc A-Za-z0-9 </dev/urandom | head -c 13
-    echo ''
-  )
-  bash "/opt/appsmith/templates/docker.env.sh" "$AUTO_GEN_MONGO_PASSWORD" "$AUTO_GEN_ENCRYPTION_PASSWORD" "$AUTO_GEN_ENCRYPTION_SALT" >"$ENV_PATH"
-fi
-
-if [[ -f "$ENV_PATH" ]]; then
-  sed -i 's/APPSMITH_MONGO_USERNAME/MONGO_INITDB_ROOT_USERNAME/; s/APPSMITH_MONGO_PASSWORD/MONGO_INITDB_ROOT_PASSWORD/; s/APPSMITH_MONGO_DATABASE/MONGO_INITDB_DATABASE/' "$ENV_PATH"
-  echo 'Load environment configuration'
-  set -o allexport
-  . "$ENV_PATH"
-  set +o allexport
-fi
-
-# Check for enviroment vairalbes
-echo 'Checking environment configuration'
-if [[ -z "${APPSMITH_MAIL_ENABLED}" ]]; then
-  unset APPSMITH_MAIL_ENABLED # If this field is empty is might cause application crash
-fi
-
-if [[ -z "${APPSMITH_OAUTH2_GITHUB_CLIENT_ID}" ]] || [[ -z "${APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET}" ]]; then
-  unset APPSMITH_OAUTH2_GITHUB_CLIENT_ID # If this field is empty is might cause application crash
-  unset APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET
-fi
-
-if [[ -z "${APPSMITH_OAUTH2_GOOGLE_CLIENT_ID}" ]] || [[ -z "${APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET}" ]]; then
-  unset APPSMITH_OAUTH2_GOOGLE_CLIENT_ID # If this field is empty is might cause application crash
-  unset APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET
-fi
-
-if [[ -z "${APPSMITH_GOOGLE_MAPS_API_KEY}" ]]; then
-  unset APPSMITH_GOOGLE_MAPS_API_KEY
-fi
-
-if [[ -z "${APPSMITH_RECAPTCHA_SITE_KEY}" ]] || [[ -z "${APPSMITH_RECAPTCHA_SECRET_KEY}" ]] || [[ -z "${APPSMITH_RECAPTCHA_ENABLED}" ]]; then
-  unset APPSMITH_RECAPTCHA_SITE_KEY # If this field is empty is might cause application crash
-  unset APPSMITH_RECAPTCHA_SECRET_KEY
-  unset APPSMITH_RECAPTCHA_ENABLED
-fi
-
 # Main Section
+init_env_file
+unset_unused_variables
 init_mongodb
 mount_letsencrypt_directory
 configure_supervisord

deploy/docker/scripts/renew-certificate.sh

@@ -2,25 +2,28 @@
 
 set -e
 
+ENV_PATH="/appsmith-stacks/configuration/docker.env"
+PRE_DEFINED_ENV_PATH="/opt/appsmith/templates/pre-define.env"
 if [[ -f /appsmith-stacks/configuration/docker.env ]]; then
-	echo 'Load environment configuration'
-	set -o allexport
-	. /appsmith-stacks/configuration/docker.env
-	set +o allexport
+  echo 'Load environment configuration'
+  set -o allexport
+  . "$ENV_PATH"
+  . "$PRE_DEFINED_ENV_PATH"
+  set +o allexport
 fi
 
 if [[ -n $APPSMITH_CUSTOM_DOMAIN ]]; then
-	data_path="/appsmith-stacks/data/certificate"
-	domain="$APPSMITH_CUSTOM_DOMAIN"
-	rsa_key_size=4096
+  data_path="/appsmith-stacks/data/certificate"
+  domain="$APPSMITH_CUSTOM_DOMAIN"
+  rsa_key_size=4096
 
-	certbot certonly --webroot --webroot-path="$data_path/certbot" \
-		--register-unsafely-without-email \
-		--domains $domain \
-		--rsa-key-size $rsa_key_size \
-		--agree-tos \
-		--force-renewal
-	supervisorctl restart editor
+  certbot certonly --webroot --webroot-path="$data_path/certbot" \
+    --register-unsafely-without-email \
+    --domains $domain \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal
+  supervisorctl restart editor
 else
-	echo 'Custom domain not configured. Cannot enable SSL without a custom domain.' >&2
+  echo 'Custom domain not configured. Cannot enable SSL without a custom domain.' >&2
 fi

deploy/docker/scripts/run-with-env.sh

@@ -1,9 +1,11 @@
 #!/bin/bash
 
 ENV_PATH="/appsmith-stacks/configuration/docker.env"
+PRE_DEFINED_ENV_PATH="/opt/appsmith/templates/pre-define.env"
 echo 'Load environment configuration'
 set -o allexport
 . "$ENV_PATH"
+. "$PRE_DEFINED_ENV_PATH"
 set +o allexport
 
 if [[ -z "${APPSMITH_MAIL_ENABLED}" ]]; then

deploy/docker/templates/docker.env.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
 
 set -o nounset
-
 MONGO_PASSWORD="$1"
 ENCRYPTION_PASSWORD="$2"
 ENCRYPTION_SALT="$3"
@@ -43,7 +42,7 @@ APPSMITH_CLIENT_LOG_LEVEL=
 APPSMITH_GOOGLE_MAPS_API_KEY=
 
 # Email server
-APPSMITH_MAIL_ENABLED=false
+APPSMITH_MAIL_ENABLED=
 APPSMITH_MAIL_HOST=
 APPSMITH_MAIL_PORT=
 APPSMITH_MAIL_USERNAME=
@@ -60,7 +59,6 @@ APPSMITH_MAIL_SMTP_TLS_ENABLED=
 # Note: This only takes effect in self-hosted scenarios. 
 # Please visit: https://docs.appsmith.com/telemetry to read more about anonymized data collected by Appsmith
 APPSMITH_DISABLE_TELEMETRY=false
-
 #APPSMITH_SENTRY_DSN=
 #APPSMITH_SENTRY_ENVIRONMENT=
 
@@ -82,8 +80,9 @@ APPSMITH_ENCRYPTION_PASSWORD=$ENCRYPTION_PASSWORD
 APPSMITH_ENCRYPTION_SALT=$ENCRYPTION_SALT
 
 APPSMITH_CUSTOM_DOMAIN=
-# APPSMITH_PLUGIN_MAX_RESPONSE_SIZE_MB=5
 
+# APPSMITH_PLUGIN_MAX_RESPONSE_SIZE_MB=5
 # MAX PAYLOAD SIZE
 # APPSMITH_CODEC_SIZE=
-EOF
+
+EOF

deploy/helm/Chart.yaml

@@ -12,4 +12,4 @@ sources:
   - https://github.com/appsmithorg/appsmith
 home: https://www.appsmith.com/
 icon: https://assets.appsmith.com/appsmith-icon.png
-version: 1.4.1
+version: 1.5.0

deploy/helm/README.md

@@ -163,13 +163,49 @@ helm install \
 ```
 The above command deploys Appsmith application and configure application to use storage class name `appsmith-pv`
 
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:
 ```
 helm install -f values.yaml stable-appsmith/appsmith --generate-name
 ```
 
 *Tip: You can use the default [values.yaml](https://github.com/appsmithorg/appsmith/blob/release/deploy/helm/values.yaml)*
 
+### Appsmith configuration
+To change Appsmith configurations, you can use configuration UI in application or update value in values.yaml(The available configurations is listed below). 
+|	Name																										|	Value									|
+|	----------------------------------------------------		|	---------------------	|
+| `applicationConfig.APPSMITH_OAUTH2_GOOGLE_CLIENT_ID`		| `""`									|
+| `applicationConfig.APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET`| `""`									|
+| `applicationConfig.APPSMITH_OAUTH2_GITHUB_CLIENT_ID`		| `""`									|
+| `applicationConfig.APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET`| `""`									|
+| `applicationConfig.APPSMITH_CLIENT_LOG_LEVEL`						| `""`									|
+| `applicationConfig.APPSMITH_GOOGLE_MAPS_API_KEY`				| `""`									|
+| `applicationConfig.APPSMITH_MAIL_ENABLED`								| `""`									|
+| `applicationConfig.APPSMITH_MAIL_HOST`									| `""`									|
+| `applicationConfig.APPSMITH_MAIL_PORT`									| `""`									|
+| `applicationConfig.APPSMITH_MAIL_USERNAME`							| `""`									|
+| `applicationConfig.APPSMITH_MAIL_PASSWORD`							| `""`									|
+| `applicationConfig.APPSMITH_MAIL_FROM`									| `""`									|
+| `applicationConfig.APPSMITH_REPLY_TO`										| `""`									|
+| `applicationConfig.APPSMITH_MAIL_SMTP_AUTH`							| `""`									|
+| `applicationConfig.APPSMITH_MAIL_SMTP_TLS_ENABLED`			| `""`									|
+| `applicationConfig.APPSMITH_DISABLE_TELEMETRY`					| `""`									|
+| `applicationConfig.APPSMITH_RECAPTCHA_SITE_KEY`					| `""`									|
+| `applicationConfig.APPSMITH_RECAPTCHA_SECRET_KEY`				| `""`									|
+| `applicationConfig.APPSMITH_RECAPTCHA_ENABLED`					| `""`									|
+| `applicationConfig.APPSMITH_MONGODB_URI`								| `""`									|
+| `applicationConfig.APPSMITH_REDIS_URL`									| `""`									|
+| `applicationConfig.APPSMITH_ENCRYPTION_PASSWORD`				| `""`									|
+| `applicationConfig.APPSMITH_ENCRYPTION_SALT`						| `""`									|
+| `applicationConfig.APPSMITH_CUSTOM_DOMAIN`							| `""`									|
+
+For example, to change the encryption salt configuration, you can run the following command:
+```
+helm install \
+--set applicationConfig.APPSMITH_ENCRYPTION_SALT=123 \
+  stable-appsmith/appsmith --generate-name
+```
+
 ## Troubleshooting
 If at any time you encounter an error during the installation process, reach out to support@appsmith.com or join our Discord Server
 

deploy/helm/templates/configMap.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "appsmith.fullname" . }}
+  namespace: {{ include "appsmith.namespace" . }}
+  labels:
+    {{- include "appsmith.labels" . | nindent 4 }}
+data:
+  {{- range $key, $value := .Values.applicationConfig }}
+  {{- if $value }}
+  {{ $key }}: {{ $value | quote }}		
+  {{- end }}
+  {{- end }}

deploy/helm/templates/deployment.yaml

@@ -78,6 +78,9 @@ spec:
           volumeMounts:
             - name: data
               mountPath: /appsmith-stacks
+          envFrom:
+            - configMapRef:
+                name: {{ include "appsmith.fullname" . }}
       volumes:
   {{- if not .Values.persistence.enabled }}
       - name: data

deploy/helm/templates/tls-secret.yaml

@@ -1,8 +1,6 @@
-{{- if .Values.ingress.enabled }}
-{{- if .Values.ingress.secrets }}
+{{- if and .Values.ingress.enabled .Values.ingress.secrets }}
 {{- range .Values.ingress.secrets }}
-{{- if .certificate }}
-{{- if .key }}
+{{- if and .certificate .key }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -22,6 +20,7 @@ data:
 ---
 {{- end }}
 {{- end }}
+{{- end }}
 {{- if and .Values.ingress.tls (not .Values.ingress.certManager) }}
 {{- range .Values.ingress.hosts }}
 {{- $ca := genCA "appsmith-ca" 365 }}
@@ -44,7 +43,4 @@ data:
   tls.key: {{ $cert.Key | b64enc | quote }}
   ca.crt: {{ $ca.Cert | b64enc | quote }}
 {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
 {{- end }}

deploy/helm/values.yaml

@@ -271,3 +271,29 @@ autoupdate:
   ## @param autoupdate.scheduler - Schedule cron job to check & update Helm image
   ##
   scheduler: "0 * * * *"
+
+applicationConfig:
+  APPSMITH_OAUTH2_GOOGLE_CLIENT_ID: ""
+  APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET: ""
+  APPSMITH_OAUTH2_GITHUB_CLIENT_ID: ""
+  APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET: ""
+  APPSMITH_CLIENT_LOG_LEVEL: ""
+  APPSMITH_GOOGLE_MAPS_API_KEY: ""
+  APPSMITH_MAIL_ENABLED: ""
+  APPSMITH_MAIL_HOST: ""
+  APPSMITH_MAIL_PORT: ""
+  APPSMITH_MAIL_USERNAME: ""
+  APPSMITH_MAIL_PASSWORD: ""
+  APPSMITH_MAIL_FROM: ""
+  APPSMITH_REPLY_TO: ""
+  APPSMITH_MAIL_SMTP_AUTH: ""
+  APPSMITH_MAIL_SMTP_TLS_ENABLED: ""
+  APPSMITH_DISABLE_TELEMETRY: ""
+  APPSMITH_RECAPTCHA_SITE_KEY: ""
+  APPSMITH_RECAPTCHA_SECRET_KEY: ""
+  APPSMITH_RECAPTCHA_ENABLED: ""
+  APPSMITH_MONGODB_URI: ""
+  APPSMITH_REDIS_URL: ""
+  APPSMITH_ENCRYPTION_PASSWORD: ""
+  APPSMITH_ENCRYPTION_SALT: ""
+  APPSMITH_CUSTOM_DOMAIN: ""