mirror of
https://github.com/truecharts/charts.git
synced 2026-07-13 05:12:24 -03:00
chore(penpot): fix flags (#5685)
* core(penpot): fix flags * add secret autogen * no upgrade * add db and redis creds to exporter too * Update charts/incubator/penpot/templates/_secret.tpl Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
@@ -32,7 +32,7 @@ sources:
|
||||
- https://hub.docker.com/r/penpotapp/frontend
|
||||
- https://hub.docker.com/r/penpotapp/backend
|
||||
type: application
|
||||
version: 0.0.2
|
||||
version: 1.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
|
||||
@@ -32,17 +32,82 @@ questions:
|
||||
label: Flags
|
||||
description: Feature flags
|
||||
schema:
|
||||
type: list
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
required: true
|
||||
# TODO: Check if it works
|
||||
default: ["enable-registration", "enable-login", "disable-email-verification"]
|
||||
items:
|
||||
- variable: feature_flag
|
||||
label: Feature Flag Entry
|
||||
attrs:
|
||||
- variable: registration
|
||||
label: Registration
|
||||
description: Enables or disables, the registration process
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: insecure_register
|
||||
label: Insecure Register
|
||||
description: Enables or disables, the insecure process of profile registration deactivating the email verification process
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: login
|
||||
label: Login
|
||||
description: Enables or disables, the password based login form
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: demo_users
|
||||
label: Demo Users
|
||||
description: Enables or disables, the creation of demo users without the need of a registration process.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: demo_warning
|
||||
label: Demo Warning
|
||||
description: Enables or disables, demo warning in the register and login page saying that this is a demonstration purpose instance
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: user_feedback
|
||||
label: User Feedback
|
||||
description: Enables or disables, the feedback form at the dashboard
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: mail_verification
|
||||
label: Mail Verification
|
||||
description: Enables or disables, mail verification
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: log_invitation_token
|
||||
label: Log Invitation Token
|
||||
description: Enables or disables, invitation token logging in console
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: log_emails
|
||||
label: Log Emails
|
||||
description: Enables or disables, email logging in console. This only works if smtp is not enabled.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: secure_session_cookies
|
||||
label: Secure Session Cookies
|
||||
description: Enables or disables, the secure flag on cookies
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: cors
|
||||
label: CORS
|
||||
description: Enables or disables, the default cors configuration that allows all domains
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: backend_api_doc
|
||||
label: API Docs
|
||||
description: Enables or disables, /api/_doc endpoint that lists all rpc methods available on backend.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: registration_domain_whitelist
|
||||
label: Registration Domain Whitelist
|
||||
description: Registration Domain Whitelist
|
||||
|
||||
@@ -14,7 +14,7 @@ envFrom:
|
||||
- secretRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
|
||||
- secretRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-backend-secret'
|
||||
name: '{{ include "tc.common.names.fullname" . }}-backend-exporter-secret'
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 6060
|
||||
|
||||
@@ -12,6 +12,8 @@ envFrom:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
|
||||
- secretRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-exporter-secret'
|
||||
- secretRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-backend-exporter-secret'
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 6061
|
||||
|
||||
@@ -1,46 +1,48 @@
|
||||
{{/* Define the secret */}}
|
||||
{{- define "penpot.secret" -}}
|
||||
|
||||
{{- $secretName := printf "%s-common-secret" (include "tc.common.names.fullname" .) }}
|
||||
{{- $commonSecretName := printf "%s-common-secret" (include "tc.common.names.fullname" .) }}
|
||||
{{- $exporterSecretName := printf "%s-exporter-secret" (include "tc.common.names.fullname" .) }}
|
||||
{{- $backendSecretName := printf "%s-backend-secret" (include "tc.common.names.fullname" .) }}
|
||||
{{- $frontendSecretName := printf "%s-frontend-secret" (include "tc.common.names.fullname" .) }}
|
||||
{{- $backendAndExporterSecretName := printf "%s-backend-exporter-secret" (include "tc.common.names.fullname" .) }}
|
||||
|
||||
{{- $backendFlags := list }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-smtp" (ternary "enable" "disable" .Values.penpot.smtp.enabled)) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-email-verification" (ternary "enable" "disable" .Values.penpot.flags.mail_verification)) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-log-invitation-tokens" (ternary "enable" "disable" .Values.penpot.flags.log_invitation_token)) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-log-emails" (ternary "enable" "disable" (and .Values.penpot.flags.log_emails (not .Values.penpot.smtp.enabled)))) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-secure-session-cookies" (ternary "enable" "disable" .Values.penpot.flags.secure_session_cookies)) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-insecure-register" (ternary "enable" "disable" .Values.penpot.flags.insecure_register)) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-cors" (ternary "enable" "disable" .Values.penpot.flags.backend_api_doc)) }}
|
||||
{{- $backendFlags = mustAppend $backendFlags (printf "%s-backend-api-doc" (ternary "enable" "disable" .Values.penpot.flags.backend_api_doc)) }}
|
||||
|
||||
{{- $frontendFlags := list }}
|
||||
{{- $frontendFlags = mustAppend $frontendFlags (printf "%s-demo-warning" (ternary "enable" "disable" .Values.penpot.flags.demo_warning)) }}
|
||||
|
||||
{{- $commonFlags := list }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login" (ternary "enable" "disable" .Values.penpot.flags.login)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-registration" (ternary "enable" "disable" .Values.penpot.flags.registration)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-demo-users" (ternary "enable" "disable" .Values.penpot.flags.demo_users)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-user-feedback" (ternary "enable" "disable" .Values.penpot.flags.user_feedback)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-google" (ternary "enable" "disable" .Values.penpot.identity_providers.google.enabled)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-github" (ternary "enable" "disable" .Values.penpot.identity_providers.github.enabled)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-gitlab" (ternary "enable" "disable" .Values.penpot.identity_providers.gitlab.enabled)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-oidc" (ternary "enable" "disable" .Values.penpot.identity_providers.oidc.enabled)) }}
|
||||
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-ldap" (ternary "enable" "disable" .Values.penpot.identity_providers.ldap.enabled)) }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
name: {{ $commonSecretName }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
stringData:
|
||||
{{/* Dependencies */}}
|
||||
PENPOT_DATABASE_URI: {{ printf "postgresql://%v/%v" (.Values.postgresql.url.plainport | trimAll "\"") .Values.postgresql.postgresqlDatabase }}
|
||||
PENPOT_DATABASE_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
|
||||
PENPOT_DATABASE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
|
||||
PENPOT_REDIS_URI: {{ printf "redis://%v:%v@%v/%v" "default" (.Values.redis.redisPassword | trimAll "\"") (.Values.redis.url.plainport | trimAll "\"") "0" }}
|
||||
{{/* Penpot */}}
|
||||
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: {{ .Values.persistence.assets.mountPath }}
|
||||
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
|
||||
PENPOT_HTTP_SERVER_HOST: "0.0.0.0"
|
||||
{{- with .Values.penpot.flags }}
|
||||
PENPOT_FLAGS: {{ join " " . | quote }}
|
||||
{{- end }}
|
||||
PENPOT_TELEMETRY_ENABLED: {{ .Values.penpot.telemetry_enabled | quote }}
|
||||
{{- with .Values.penpot.registration_domain_whitelist }}
|
||||
PENPOT_REGISTRATION_DOMAIN_WHITELIST: {{ join "," . }}
|
||||
{{- end }}
|
||||
{{- if .Values.penpot.smtp.enabled }}
|
||||
PENPOT_SMTP_DEFAULT_FROM: {{ .Values.penpot.smtp.default_from | quote }}
|
||||
PENPOT_SMTP_DEFAULT_REPLY_TO: {{ .Values.penpot.smtp.default_reply_to | quote }}
|
||||
PENPOT_SMTP_HOST: {{ .Values.penpot.smtp.host | quote }}
|
||||
PENPOT_SMTP_PORT: {{ .Values.penpot.smtp.port | quote }}
|
||||
PENPOT_SMTP_USERNAME: {{ .Values.penpot.smtp.user | quote }}
|
||||
PENPOT_SMTP_PASSWORD: {{ .Values.penpot.smtp.pass | quote }}
|
||||
PENPOT_SMTP_TLS: {{ .Values.penpot.smtp.tls | quote }}
|
||||
PENPOT_SMTP_SSL: {{ .Values.penpot.smtp.ssl | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.penpot.identity_providers.google.enabled }}
|
||||
PENPOT_GOOGLE_CLIENT_ID: {{ .Values.penpot.identity_providers.google.client_id | quote }}
|
||||
PENPOT_GOOGLE_CLIENT_SECRET: {{ .Values.penpot.identity_providers.google.client_secret | quote }}
|
||||
@@ -71,7 +73,6 @@ stringData:
|
||||
PENPOT_LDAP_ATTRS_EMAIL: {{ .Values.penpot.identity_providers.ldap.attrs_email | quote }}
|
||||
PENPOT_LDAP_ATTRS_FULLNAME: {{ .Values.penpot.identity_providers.ldap.attrs_fullname | quote }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@@ -87,11 +88,36 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: {{ $backendSecretName }}
|
||||
name: {{ $backendAndExporterSecretName }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
stringData:
|
||||
PENPOT_FLAGS: {{ join " " (concat $commonFlags $backendFlags) | quote }}
|
||||
PENPOT_PUBLIC_URI: {{ .Values.penpot.public_uri | quote }}
|
||||
{{- with (lookup "v1" "Secret" .Release.Namespace $backendAndExporterSecretName) }}
|
||||
PENPOT_SECRET_KEY: {{ index .data "PENPOT_SECRET_KEY" }}
|
||||
{{- else }}
|
||||
PENPOT_SECRET_KEY: {{ randAlphaNum 32 | b64enc }}
|
||||
{{- end }}
|
||||
{{/* Dependencies */}}
|
||||
PENPOT_DATABASE_URI: {{ printf "postgresql://%v/%v" (.Values.postgresql.url.plainport | trimAll "\"") .Values.postgresql.postgresqlDatabase }}
|
||||
PENPOT_DATABASE_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
|
||||
PENPOT_DATABASE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
|
||||
PENPOT_REDIS_URI: {{ printf "redis://%v:%v@%v/%v" "default" (.Values.redis.redisPassword | trimAll "\"") (.Values.redis.url.plainport | trimAll "\"") "0" }}
|
||||
{{/* Penpot */}}
|
||||
{{- if .Values.penpot.smtp.enabled }}
|
||||
PENPOT_SMTP_DEFAULT_FROM: {{ .Values.penpot.smtp.default_from | quote }}
|
||||
PENPOT_SMTP_DEFAULT_REPLY_TO: {{ .Values.penpot.smtp.default_reply_to | quote }}
|
||||
PENPOT_SMTP_HOST: {{ .Values.penpot.smtp.host | quote }}
|
||||
PENPOT_SMTP_PORT: {{ .Values.penpot.smtp.port | quote }}
|
||||
PENPOT_SMTP_USERNAME: {{ .Values.penpot.smtp.user | quote }}
|
||||
PENPOT_SMTP_PASSWORD: {{ .Values.penpot.smtp.pass | quote }}
|
||||
PENPOT_SMTP_TLS: {{ .Values.penpot.smtp.tls | quote }}
|
||||
PENPOT_SMTP_SSL: {{ .Values.penpot.smtp.ssl | quote }}
|
||||
{{- end }}
|
||||
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: {{ .Values.persistence.assets.mountPath }}
|
||||
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
|
||||
PENPOT_HTTP_SERVER_HOST: "0.0.0.0"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@@ -102,4 +128,5 @@ metadata:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
stringData:
|
||||
PENPOT_PUBLIC_URI: {{ .Values.penpot.public_uri | quote }}
|
||||
PENPOT_FLAGS: {{ join " " (concat $commonFlags $frontendFlags) | quote }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
# TODO: Update images
|
||||
image:
|
||||
repository: tccr.io/truecharts/penpot-frontend
|
||||
pullPolicy: IfNotPresent
|
||||
@@ -32,9 +31,18 @@ hostAliases:
|
||||
penpot:
|
||||
public_uri: "http://localhost:{{ .Values.service.main.ports.main.port }}"
|
||||
flags:
|
||||
- enable-registration
|
||||
- enable-login
|
||||
- disable-email-verification
|
||||
registration: true
|
||||
insecure_register: false
|
||||
login: true
|
||||
demo_users: false
|
||||
demo_warning: false
|
||||
user_feedback: false
|
||||
mail_verification: true
|
||||
log_invitation_token: false
|
||||
log_emails: false
|
||||
secure_session_cookies: true
|
||||
cors: false
|
||||
backend_api_doc: false
|
||||
telemetry_enabled: false
|
||||
registration_domain_whitelist: []
|
||||
smtp:
|
||||
|
||||
Reference in New Issue
Block a user