From b700ec2ddcec3e628ed4a09aab0fb829eb2940ee Mon Sep 17 00:00:00 2001 From: Sukarn <10946339+sukarn-m@users.noreply.github.com> Date: Sat, 7 Oct 2023 21:53:59 +0530 Subject: [PATCH] chore(kimai): Migrate to new common and update app (#9831) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** ⚒️ Fixes # **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [x] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [x] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [x] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros kois --- charts/incubator/kimai/Chart.yaml | 6 +- charts/incubator/kimai/questions.yaml | 79 +++++++------ charts/incubator/kimai/templates/NOTES.txt | 1 + .../incubator/kimai/templates/_configmap.tpl | 23 ++++ charts/incubator/kimai/templates/_secrets.tpl | 26 ++--- charts/incubator/kimai/templates/common.yaml | 18 ++- charts/incubator/kimai/values.yaml | 106 ++++++++++-------- cspell.config.yaml | 6 +- 8 files changed, 162 insertions(+), 103 deletions(-) create mode 100644 charts/incubator/kimai/templates/NOTES.txt create mode 100644 charts/incubator/kimai/templates/_configmap.tpl diff --git a/charts/incubator/kimai/Chart.yaml b/charts/incubator/kimai/Chart.yaml index 12022a8e67c..3434d9fbbb6 100644 --- a/charts/incubator/kimai/Chart.yaml +++ b/charts/incubator/kimai/Chart.yaml @@ -3,11 +3,11 @@ appVersion: "1.20" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 11.1.2 + version: 14.0.1 - condition: mariadb.enabled name: mariadb repository: https://deps.truecharts.org/ - version: 5.0.35 + version: 9.0.17 description: Kimai is a free, open source and online time-tracking software designed for small businesses and freelancers. home: https://truecharts.org/charts/incubator/kimai icon: https://truecharts.org/img/hotlink-ok/chart-icons/kimai.png @@ -25,7 +25,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/incubator/kimai - https://github.com/kevinpapst/kimai2 - https://github.com/tobybatch/kimai2 -version: 7.0.0 +version: 8.0.0 annotations: truecharts.org/catagories: | - productivity diff --git a/charts/incubator/kimai/questions.yaml b/charts/incubator/kimai/questions.yaml index 721462ece2e..3b50291e280 100644 --- a/charts/incubator/kimai/questions.yaml +++ b/charts/incubator/kimai/questions.yaml @@ -6,48 +6,57 @@ questions: # Include{global} # Include{workload} # Include{workloadDeployment} - # Include{replicas1} # Include{podSpec} # Include{containerMain} - - variable: env - group: "App Configuration" - label: "Image Environment" - schema: - additional_attrs: true - type: dict - attrs: - - variable: ADMINMAIL - label: "Admin E-mail" - schema: - type: string - default: "" - required: true - - variable: ADMINPASS - label: "Admin Password" - schema: - type: string - default: "" - required: true - private: true - - variable: trust_hosts - label: "TRUSTED_HOSTS" - description: "Comma separated list of trusted hosts." - schema: - type: string - default: "YOUR.FQDN or YOUR.NAS.IP" # Include{containerBasic} # Include{containerAdvanced} # Include{containerConfig} -# Include{podOptions} -# Include{serviceRoot} - - variable: main - label: "Main Service" - description: "The Primary service on which the healthcheck runs, often the webUI" + - variable: kimai + group: App Configuration + label: Kimai + schema: + additional_attrs: true + type: dict + attrs: + - variable: credentials + group: App Configuration + label: Admin Credentials schema: additional_attrs: true type: dict attrs: + - variable: adminMail + label: Admin e-mail address + description: Email address of the admin account. + schema: + type: string + default: "" + required: true + - variable: adminPass + label: Admin password + description: Password for the admin account. + schema: + type: string + default: "" + required: true + private: true + - variable: trusted_hosts + label: Trusted Hosts + description: Comma separated list of trusted hosts. Sets the environment variable TRUSTED_HOSTS. + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Trusted Host + schema: + type: string + default: "" + required: true +# Include{podOptions} +# Include{serviceRoot} +# Include{serviceMain} # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main @@ -103,13 +112,13 @@ questions: description: "The UserID of the user running the application" schema: type: int - default: 33 + default: 0 - variable: runAsGroup label: "runAsGroup" description: "The groupID of the user running the application" schema: type: int - default: 33 + default: 0 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} @@ -118,7 +127,7 @@ questions: description: "The group that should own ALL storage." schema: type: int - default: 568 + default: 33 # Include{resources} # Include{advanced} diff --git a/charts/incubator/kimai/templates/NOTES.txt b/charts/incubator/kimai/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/kimai/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/kimai/templates/_configmap.tpl b/charts/incubator/kimai/templates/_configmap.tpl new file mode 100644 index 00000000000..16a3cb9551b --- /dev/null +++ b/charts/incubator/kimai/templates/_configmap.tpl @@ -0,0 +1,23 @@ +{{/* Define the configmap */}} +{{- define "kimai.configmap" -}} + +{{- $trusted_hosts := .Values.kimai.trusted_hosts -}} + +{{- if not (mustHas "localhost" $trusted_hosts) -}} + {{- $trusted_hosts = mustAppend $trusted_hosts "localhost" -}} +{{- end }} +kimai-config: + enabled: true + data: + APP_ENV: prod + DB_TYPE: mysql + DB_PORT: "3306" + DB_USER: {{ .Values.mariadb.mariadbDatabase }} + DB_BASE: {{ .Values.mariadb.mariadbUsername }} + {{/* Admin credentials */}} + ADMINMAIL: {{ .Values.kimai.credentials.adminMail }} + ADMINPASS: {{ .Values.kimai.credentials.adminPass }} + {{/* Trusted Hosts */}} + TRUSTED_HOSTS: {{ join "," $trusted_hosts }} + memory_limit: 256M +{{- end -}} diff --git a/charts/incubator/kimai/templates/_secrets.tpl b/charts/incubator/kimai/templates/_secrets.tpl index 8adbee153e1..01ba63f2925 100644 --- a/charts/incubator/kimai/templates/_secrets.tpl +++ b/charts/incubator/kimai/templates/_secrets.tpl @@ -1,20 +1,14 @@ {{/* Define the secrets */}} -{{- define "kimai.secrets" -}} ---- +{{- define "kimai.secret" -}} +{{- $secretName := (printf "%s-kimai-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) -}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: kimai-secrets -{{- $kimaiprevious := lookup "v1" "Secret" .Release.Namespace "kimai-secrets" }} -{{- $app_secret := "" }} -data: - {{- if $kimaiprevious}} - APP_SECRET: {{ index $kimaiprevious.data "APP_SECRET" }} - {{- else }} - {{- $app_secret := randAlphaNum 32 }} - APP_SECRET: {{ $app_secret | b64enc }} - {{- end }} +{{- $app_secret := randAlphaNum 32 -}} +{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) -}} + {{- $app_secret = index .data "APP_SECRET" | b64dec -}} +{{- end }} +kimai-secret: + enabled: true + data: + APP_SECRET: {{ $app_secret }} {{- end -}} diff --git a/charts/incubator/kimai/templates/common.yaml b/charts/incubator/kimai/templates/common.yaml index 1e9026ec785..9a711c20234 100644 --- a/charts/incubator/kimai/templates/common.yaml +++ b/charts/incubator/kimai/templates/common.yaml @@ -1,8 +1,18 @@ {{/* Make sure all variables are set properly */}} -{{- include "tc.common.loader.init" . }} +{{- include "tc.v1.common.loader.init" . }} + +{{- $secret := include "kimai.secret" . | fromYaml -}} +{{- if $secret -}} + {{ $secret := (mustMergeOverwrite .Values.secret $secret) }} + {{- $_ := set .Values "secret" $secret -}} +{{- end -}} + +{{- $config := include "kimai.configmap" . | fromYaml -}} +{{- if $config -}} + {{ $config := (mustMergeOverwrite .Values.configmap $config) }} + {{- $_ := set .Values "configmap" $config -}} +{{- end -}} -{{/* Render secrets for kimai */}} -{{- include "kimai.secrets" . }} {{/* Render the templates */}} -{{ include "tc.common.loader.apply" . }} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/charts/incubator/kimai/values.yaml b/charts/incubator/kimai/values.yaml index 38ed2980d31..fcef8676756 100644 --- a/charts/incubator/kimai/values.yaml +++ b/charts/incubator/kimai/values.yaml @@ -1,40 +1,62 @@ image: repository: tccr.io/truecharts/kimai - tag: v1.20@sha256:f13b70aa746b3d8a754bcf1f78dbdfde95b94f443ee17b9e3474ab0ebf6068e3 + tag: v2.0.35@sha256:064005e7296208101c07aa22c911bd3b886ae1d33ecc144e8cc158f47de0fe8e pullPolicy: IfNotPresent -securityContext: - readOnlyRootFilesystem: false +kimai: + credentials: + adminMail: admin@change.me + adminPass: ChangeME + trusted_hosts: + - localhost -podSecurityContext: - runAsUser: 33 - runAsGroup: 33 - -secretEnv: - ADMINMAIL: "admin@mysecretdomain.com" - ADMINPASS: "MvvTfjagiaqDprGNVA" - -env: - DB_TYPE: "mysql" - DB_PORT: "3306" - DB_USER: "{{ .Values.mariadb.mariadbDatabase }}" - DB_BASE: "{{ .Values.mariadb.mariadbUsername }}" - APP_ENV: "prod" - TRUSTED_HOSTS: "{{ .Values.env.trust_hosts }},localhost" - # User Defined - trust_hosts: "127.0.0.1" - DB_PASS: - secretKeyRef: - name: mariadbcreds - key: mariadb-password - DB_HOST: - secretKeyRef: - name: mariadbcreds - key: plainhost - APP_SECRET: - secretKeyRef: - name: kimai-secrets - key: APP_SECRET +workload: + main: + podSpec: + securityContext: + fsGroup: 33 + containers: + main: + securityContext: + readOnlyRootFilesystem: false + runAsUser: 0 + runAsGroup: 0 + capabilities: + disableS6Caps: true + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + env: + DB_PASS: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: mariadb-password + DB_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: plainhost + APP_SECRET: + secretKeyRef: + name: kimai-secret + key: APP_SECRET + envFrom: + - configMapRef: + name: kimai-config + probes: + liveness: + enabled: true + path: /en/login + readiness: + enabled: true + path: /en/login + startup: + enabled: true + type: tcp service: main: @@ -43,27 +65,23 @@ service: port: 10198 targetPort: 8001 -probes: - liveness: - path: "/en/login" - readiness: - path: "/en/login" - startup: - path: "/en/login" - persistence: data: enabled: true - mountPath: "/opt/kimai/var/data" + mountPath: /opt/kimai/var/data plugins: enabled: true - mountPath: "/opt/kimai/var/plugins" + mountPath: /opt/kimai/var/plugins + varlock: + enabled: true + type: emptyDir + mountPath: /var/lock mariadb: enabled: true mariadbUsername: kimai mariadbDatabase: kimai - existingSecret: "mariadbcreds" portal: - enabled: true + open: + enabled: true diff --git a/cspell.config.yaml b/cspell.config.yaml index e3efdf5deff..68f775f983d 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -73,6 +73,7 @@ words: - flemmarr - flushtables - forcegc + - FOWNER - fullname - geoip - geoipupdate @@ -112,6 +113,7 @@ words: - kavita - keepalive - killswitch + - kimai - kiwix - kjeld - kube @@ -240,6 +242,8 @@ words: - servername - serverstransports - serviceexpert + - SETGID + - SETUID - sgateway - signup - smallblock @@ -287,11 +291,11 @@ words: - unet - unifi - upsnap - - upsnap - upstreams - userspace - vaapi - valheim + - varlock - vaultwarden - vdev - vikunja