diff --git a/charts/incubator/openproject/Chart.yaml b/charts/incubator/openproject/Chart.yaml index 24848531c80..cba9eddd6a7 100644 --- a/charts/incubator/openproject/Chart.yaml +++ b/charts/incubator/openproject/Chart.yaml @@ -1,17 +1,15 @@ -annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - Productivity apiVersion: v2 appVersion: "12" dependencies: - name: common repository: https://library-charts.truecharts.org version: 10.4.8 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.truecharts.org/ + version: 8.0.48 deprecated: false -description: - OpenProject is a web-based project management system for location-independent - team collaboration. +description: OpenProject is a web-based project management system for location-independent team collaboration. home: https://github.com/truecharts/charts/tree/master/charts/incubator/openproject icon: https://truecharts.org/img/chart-icons/openproject.png keywords: @@ -27,4 +25,9 @@ sources: - http://openproject.org - https://hub.docker.com/u/openproject type: application -version: 0.0.13 +version: 0.0.14 +annotations: + truecharts.org/SCALE-support: "true" + truecharts.org/catagories: | + - Productivity + truecharts.org/grade: U diff --git a/charts/incubator/openproject/questions.yaml b/charts/incubator/openproject/questions.yaml index 1a10a0da224..c4657045d5b 100644 --- a/charts/incubator/openproject/questions.yaml +++ b/charts/incubator/openproject/questions.yaml @@ -1,5 +1,12 @@ # Include{groups} -portals: {} +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" questions: - variable: portal group: "Container Image" @@ -15,9 +22,8 @@ questions: hidden: true editable: false type: boolean - default: false + default: true # Include{global} - - variable: controller group: "Controller" label: "" @@ -68,23 +74,69 @@ questions: - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" # Include{controllerExpert} - - - variable: env - group: "Container Configuration" - label: "Image Environment" +# Include{containerConfig} + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" schema: additional_attrs: true type: dict attrs: - - - variable: SECRET_KEY_BASE - label: 'SECRET_KEY_BASE' - description: "Container Variable SECRETKEYBASE" + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" schema: - type: string - default: "secret" - - + additional_attrs: true + type: dict + attrs: +# Include{serviceSelector} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10290 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 8080 - variable: serviceexpert group: "Networking and Services" label: "Show Expert Config" @@ -99,11 +151,8 @@ questions: schema: type: boolean default: false - # Include{serviceExpert} - # Include{serviceList} - - variable: persistence label: "Integrated Persistent Storage" description: "Integrated Persistent Storage" @@ -112,34 +161,36 @@ questions: additional_attrs: true type: dict attrs: - - - variable: hostpath1 - label: "hostpath1 Storage" - description: "Container Path varopenprojectpgdata" + - variable: assets + label: "App Assets Storage" + description: "Stores the Application Assets." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} - - variable: hostpath2 - label: "hostpath2 Storage" - description: "Container Path varopenprojectassets" - schema: - additional_attrs: true - type: dict - attrs: -# Include{persistenceBasic} -# Include{persistenceAdvanced} - - # Include{persistenceList} - + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressExpert} # Include{ingressList} - # Include{security} - - variable: advancedSecurity label: "Show Advanced Security Settings" group: "Security and Permissions" @@ -175,7 +226,6 @@ questions: type: boolean default: false # Include{securityContextAdvanced} - - variable: podSecurityContext group: "Security and Permissions" label: "Pod Security Context" @@ -191,7 +241,7 @@ questions: default: 0 - variable: runAsGroup label: "runAsGroup" - description: The groupID this App of the user running the application" + description: "The groupID this App of the user running the application" schema: type: int default: 0 @@ -202,10 +252,6 @@ questions: type: int default: 568 # Include{podSecurityContextAdvanced} - - # Include{resources} - # Include{advanced} - # Include{addons} diff --git a/charts/incubator/openproject/templates/_secrets.tpl b/charts/incubator/openproject/templates/_secrets.tpl new file mode 100644 index 00000000000..4591e301100 --- /dev/null +++ b/charts/incubator/openproject/templates/_secrets.tpl @@ -0,0 +1,20 @@ +{{/* Define the secrets */}} +{{- define "openproject.secrets" -}} +--- + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: openproject-secrets +{{- $openprojectprevious := lookup "v1" "Secret" .Release.Namespace "openproject-secrets" }} +{{- $secret_key_base := "" }} +data: + {{- if $openprojectprevious}} + SECRET_KEY_BASE: {{ index $openprojectprevious.data "SECRET_KEY_BASE" }} + {{- else }} + {{- $secret_key_base := randAlphaNum 32 }} + SECRET_KEY_BASE: {{ $secret_key_base | b64enc }} + {{- end }} + +{{- end -}} diff --git a/charts/incubator/openproject/templates/common.yaml b/charts/incubator/openproject/templates/common.yaml index cbf66c20818..c17fdc82a86 100644 --- a/charts/incubator/openproject/templates/common.yaml +++ b/charts/incubator/openproject/templates/common.yaml @@ -1,2 +1,7 @@ +{{- include "tc.common.loader.init" . }} + +{{/* Render secrets for openproject */}} +{{- include "openproject.secrets" . }} + {{/* Render the templates */}} -{{ include "tc.common.loader.all" . }} +{{ include "tc.common.loader.apply" . }} diff --git a/charts/incubator/openproject/values.yaml b/charts/incubator/openproject/values.yaml index 03fff68cec0..f7a873ab9dd 100644 --- a/charts/incubator/openproject/values.yaml +++ b/charts/incubator/openproject/values.yaml @@ -1,32 +1,40 @@ -env: - SECRET_KEY_BASE: secret image: - pullPolicy: IfNotPresent repository: tccr.io/truecharts/openproject - tag: v12 -persistence: - hostpath1: - enabled: true - mountPath: /var/openproject/pgdata - hostpath2: - enabled: true - mountPath: /var/openproject/assets -podSecurityContext: - runAsGroup: 0 - runAsUser: 0 -probes: - liveness: - enabled: false - readiness: - enabled: false - startup: - enabled: false + pullPolicy: IfNotPresent + tag: v12@sha256:25d6bc69202ae6e256a93295b9c23c50afdc69a0ba1fc66e608c4e404fc66750 + securityContext: readOnlyRootFilesystem: false runAsNonRoot: false + +podSecurityContext: + runAsGroup: 0 + runAsUser: 0 + +env: + SECRET_KEY_BASE: + secretKeyRef: + name: openproject-secrets + key: SECRET_KEY_BASE + DATABASE_URL: + secretKeyRef: + name: dbcreds + key: url-noql + +persistence: + assets: + enabled: true + mountPath: /var/openproject/assets + service: main: - enabled: false ports: main: - enabled: false + port: 10290 + targetPort: 8080 + +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: openproject + postgresqlDatabase: openproject