chore(penpot): fix flags (#5685)

* core(penpot): fix flags

* add secret autogen

* no upgrade

* add db and redis creds to exporter too

* Update charts/incubator/penpot/templates/_secret.tpl

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
Stavros Kois
2022-12-24 22:34:23 +02:00
committed by GitHub
parent 31aa1404f6
commit 6bd8789cd0
6 changed files with 144 additions and 42 deletions

View File

@@ -32,7 +32,7 @@ sources:
- https://hub.docker.com/r/penpotapp/frontend
- https://hub.docker.com/r/penpotapp/backend
type: application
version: 0.0.2
version: 1.0.0
annotations:
truecharts.org/catagories: |
- media

View File

@@ -32,17 +32,82 @@ questions:
label: Flags
description: Feature flags
schema:
type: list
additional_attrs: true
type: dict
required: true
# TODO: Check if it works
default: ["enable-registration", "enable-login", "disable-email-verification"]
items:
- variable: feature_flag
label: Feature Flag Entry
attrs:
- variable: registration
label: Registration
description: Enables or disables, the registration process
schema:
type: string
required: true
default: ""
type: boolean
default: true
- variable: insecure_register
label: Insecure Register
description: Enables or disables, the insecure process of profile registration deactivating the email verification process
schema:
type: boolean
default: false
- variable: login
label: Login
description: Enables or disables, the password based login form
schema:
type: boolean
default: true
- variable: demo_users
label: Demo Users
description: Enables or disables, the creation of demo users without the need of a registration process.
schema:
type: boolean
default: false
- variable: demo_warning
label: Demo Warning
description: Enables or disables, demo warning in the register and login page saying that this is a demonstration purpose instance
schema:
type: boolean
default: false
- variable: user_feedback
label: User Feedback
description: Enables or disables, the feedback form at the dashboard
schema:
type: boolean
default: false
- variable: mail_verification
label: Mail Verification
description: Enables or disables, mail verification
schema:
type: boolean
default: true
- variable: log_invitation_token
label: Log Invitation Token
description: Enables or disables, invitation token logging in console
schema:
type: boolean
default: false
- variable: log_emails
label: Log Emails
description: Enables or disables, email logging in console. This only works if smtp is not enabled.
schema:
type: boolean
default: false
- variable: secure_session_cookies
label: Secure Session Cookies
description: Enables or disables, the secure flag on cookies
schema:
type: boolean
default: true
- variable: cors
label: CORS
description: Enables or disables, the default cors configuration that allows all domains
schema:
type: boolean
default: false
- variable: backend_api_doc
label: API Docs
description: Enables or disables, /api/_doc endpoint that lists all rpc methods available on backend.
schema:
type: boolean
default: false
- variable: registration_domain_whitelist
label: Registration Domain Whitelist
description: Registration Domain Whitelist

View File

@@ -14,7 +14,7 @@ envFrom:
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-backend-secret'
name: '{{ include "tc.common.names.fullname" . }}-backend-exporter-secret'
readinessProbe:
tcpSocket:
port: 6060

View File

@@ -12,6 +12,8 @@ envFrom:
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-exporter-secret'
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-backend-exporter-secret'
readinessProbe:
tcpSocket:
port: 6061

View File

@@ -1,46 +1,48 @@
{{/* Define the secret */}}
{{- define "penpot.secret" -}}
{{- $secretName := printf "%s-common-secret" (include "tc.common.names.fullname" .) }}
{{- $commonSecretName := printf "%s-common-secret" (include "tc.common.names.fullname" .) }}
{{- $exporterSecretName := printf "%s-exporter-secret" (include "tc.common.names.fullname" .) }}
{{- $backendSecretName := printf "%s-backend-secret" (include "tc.common.names.fullname" .) }}
{{- $frontendSecretName := printf "%s-frontend-secret" (include "tc.common.names.fullname" .) }}
{{- $backendAndExporterSecretName := printf "%s-backend-exporter-secret" (include "tc.common.names.fullname" .) }}
{{- $backendFlags := list }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-smtp" (ternary "enable" "disable" .Values.penpot.smtp.enabled)) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-email-verification" (ternary "enable" "disable" .Values.penpot.flags.mail_verification)) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-log-invitation-tokens" (ternary "enable" "disable" .Values.penpot.flags.log_invitation_token)) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-log-emails" (ternary "enable" "disable" (and .Values.penpot.flags.log_emails (not .Values.penpot.smtp.enabled)))) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-secure-session-cookies" (ternary "enable" "disable" .Values.penpot.flags.secure_session_cookies)) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-insecure-register" (ternary "enable" "disable" .Values.penpot.flags.insecure_register)) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-cors" (ternary "enable" "disable" .Values.penpot.flags.backend_api_doc)) }}
{{- $backendFlags = mustAppend $backendFlags (printf "%s-backend-api-doc" (ternary "enable" "disable" .Values.penpot.flags.backend_api_doc)) }}
{{- $frontendFlags := list }}
{{- $frontendFlags = mustAppend $frontendFlags (printf "%s-demo-warning" (ternary "enable" "disable" .Values.penpot.flags.demo_warning)) }}
{{- $commonFlags := list }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login" (ternary "enable" "disable" .Values.penpot.flags.login)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-registration" (ternary "enable" "disable" .Values.penpot.flags.registration)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-demo-users" (ternary "enable" "disable" .Values.penpot.flags.demo_users)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-user-feedback" (ternary "enable" "disable" .Values.penpot.flags.user_feedback)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-google" (ternary "enable" "disable" .Values.penpot.identity_providers.google.enabled)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-github" (ternary "enable" "disable" .Values.penpot.identity_providers.github.enabled)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-gitlab" (ternary "enable" "disable" .Values.penpot.identity_providers.gitlab.enabled)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-oidc" (ternary "enable" "disable" .Values.penpot.identity_providers.oidc.enabled)) }}
{{- $commonFlags = mustAppend $commonFlags (printf "%s-login-with-ldap" (ternary "enable" "disable" .Values.penpot.identity_providers.ldap.enabled)) }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ $secretName }}
name: {{ $commonSecretName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
stringData:
{{/* Dependencies */}}
PENPOT_DATABASE_URI: {{ printf "postgresql://%v/%v" (.Values.postgresql.url.plainport | trimAll "\"") .Values.postgresql.postgresqlDatabase }}
PENPOT_DATABASE_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
PENPOT_DATABASE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
PENPOT_REDIS_URI: {{ printf "redis://%v:%v@%v/%v" "default" (.Values.redis.redisPassword | trimAll "\"") (.Values.redis.url.plainport | trimAll "\"") "0" }}
{{/* Penpot */}}
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: {{ .Values.persistence.assets.mountPath }}
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
PENPOT_HTTP_SERVER_HOST: "0.0.0.0"
{{- with .Values.penpot.flags }}
PENPOT_FLAGS: {{ join " " . | quote }}
{{- end }}
PENPOT_TELEMETRY_ENABLED: {{ .Values.penpot.telemetry_enabled | quote }}
{{- with .Values.penpot.registration_domain_whitelist }}
PENPOT_REGISTRATION_DOMAIN_WHITELIST: {{ join "," . }}
{{- end }}
{{- if .Values.penpot.smtp.enabled }}
PENPOT_SMTP_DEFAULT_FROM: {{ .Values.penpot.smtp.default_from | quote }}
PENPOT_SMTP_DEFAULT_REPLY_TO: {{ .Values.penpot.smtp.default_reply_to | quote }}
PENPOT_SMTP_HOST: {{ .Values.penpot.smtp.host | quote }}
PENPOT_SMTP_PORT: {{ .Values.penpot.smtp.port | quote }}
PENPOT_SMTP_USERNAME: {{ .Values.penpot.smtp.user | quote }}
PENPOT_SMTP_PASSWORD: {{ .Values.penpot.smtp.pass | quote }}
PENPOT_SMTP_TLS: {{ .Values.penpot.smtp.tls | quote }}
PENPOT_SMTP_SSL: {{ .Values.penpot.smtp.ssl | quote }}
{{- end }}
{{- if .Values.penpot.identity_providers.google.enabled }}
PENPOT_GOOGLE_CLIENT_ID: {{ .Values.penpot.identity_providers.google.client_id | quote }}
PENPOT_GOOGLE_CLIENT_SECRET: {{ .Values.penpot.identity_providers.google.client_secret | quote }}
@@ -71,7 +73,6 @@ stringData:
PENPOT_LDAP_ATTRS_EMAIL: {{ .Values.penpot.identity_providers.ldap.attrs_email | quote }}
PENPOT_LDAP_ATTRS_FULLNAME: {{ .Values.penpot.identity_providers.ldap.attrs_fullname | quote }}
{{- end }}
---
apiVersion: v1
kind: Secret
@@ -87,11 +88,36 @@ apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ $backendSecretName }}
name: {{ $backendAndExporterSecretName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
stringData:
PENPOT_FLAGS: {{ join " " (concat $commonFlags $backendFlags) | quote }}
PENPOT_PUBLIC_URI: {{ .Values.penpot.public_uri | quote }}
{{- with (lookup "v1" "Secret" .Release.Namespace $backendAndExporterSecretName) }}
PENPOT_SECRET_KEY: {{ index .data "PENPOT_SECRET_KEY" }}
{{- else }}
PENPOT_SECRET_KEY: {{ randAlphaNum 32 | b64enc }}
{{- end }}
{{/* Dependencies */}}
PENPOT_DATABASE_URI: {{ printf "postgresql://%v/%v" (.Values.postgresql.url.plainport | trimAll "\"") .Values.postgresql.postgresqlDatabase }}
PENPOT_DATABASE_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
PENPOT_DATABASE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
PENPOT_REDIS_URI: {{ printf "redis://%v:%v@%v/%v" "default" (.Values.redis.redisPassword | trimAll "\"") (.Values.redis.url.plainport | trimAll "\"") "0" }}
{{/* Penpot */}}
{{- if .Values.penpot.smtp.enabled }}
PENPOT_SMTP_DEFAULT_FROM: {{ .Values.penpot.smtp.default_from | quote }}
PENPOT_SMTP_DEFAULT_REPLY_TO: {{ .Values.penpot.smtp.default_reply_to | quote }}
PENPOT_SMTP_HOST: {{ .Values.penpot.smtp.host | quote }}
PENPOT_SMTP_PORT: {{ .Values.penpot.smtp.port | quote }}
PENPOT_SMTP_USERNAME: {{ .Values.penpot.smtp.user | quote }}
PENPOT_SMTP_PASSWORD: {{ .Values.penpot.smtp.pass | quote }}
PENPOT_SMTP_TLS: {{ .Values.penpot.smtp.tls | quote }}
PENPOT_SMTP_SSL: {{ .Values.penpot.smtp.ssl | quote }}
{{- end }}
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: {{ .Values.persistence.assets.mountPath }}
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
PENPOT_HTTP_SERVER_HOST: "0.0.0.0"
---
apiVersion: v1
kind: Secret
@@ -102,4 +128,5 @@ metadata:
{{- include "tc.common.labels" . | nindent 4 }}
stringData:
PENPOT_PUBLIC_URI: {{ .Values.penpot.public_uri | quote }}
PENPOT_FLAGS: {{ join " " (concat $commonFlags $frontendFlags) | quote }}
{{- end }}

View File

@@ -1,4 +1,3 @@
# TODO: Update images
image:
repository: tccr.io/truecharts/penpot-frontend
pullPolicy: IfNotPresent
@@ -32,9 +31,18 @@ hostAliases:
penpot:
public_uri: "http://localhost:{{ .Values.service.main.ports.main.port }}"
flags:
- enable-registration
- enable-login
- disable-email-verification
registration: true
insecure_register: false
login: true
demo_users: false
demo_warning: false
user_feedback: false
mail_verification: true
log_invitation_token: false
log_emails: false
secure_session_cookies: true
cors: false
backend_api_doc: false
telemetry_enabled: false
registration_domain_whitelist: []
smtp: