Modifying chart to include dependencies (#14758)

2024-11-06 00:45:19 +00:00 · 2023-11-07 11:16:33 -06:00 · 2023-11-07 11:16:33 -06:00 · 4b25709081
commit 4b25709081
parent 91063d8385
17 changed files with 139 additions and 73 deletions
--- a/.gitignore
+++ b/.gitignore
@ -37,6 +37,7 @@ mysqldata/

 # test helm charts
 helm-temp
+charts/fleet/charts

 #editors
 .idea
--- a/charts/example-skaffold.yaml
+++ b/charts/example-skaffold.yaml
@ -0,0 +1,35 @@
+apiVersion:  skaffold/v2beta28
+kind: Config
+deploy:
+  helm:
+    releases:
+    - name: fleet
+      imageStrategy:
+        helm: {}
+      chartPath: ./fleet
+      valuesFiles:
+      - ./fleet/values.yaml
+      recreatePods: false
+      setValues:
+        image.pullPolicy: Never
+        imageTag: main
+        replicas: 1
+        hostName: fleet.example.com
+        database.secretName: fleet-mysql
+        database.address: fleet-mysql:3306
+        cache.secretName: fleet-redis
+        cache.address: fleet-redis-master:6379
+        ingress.enabled: true
+        ingress.hosts[0].host: fleet.example.com
+        ingress.tls[0].secretName: fleet-web-tls
+        ingress.tls[0].hosts: ["fleet.example.com"]
+        fleet.tls.enabled: false
+        mysql.enabled: true
+        mysql.auth.username: fleet
+        mysql.auth.database: fleet
+        mysql.primary.livenessProbe.enabled: false
+        mysql.primary.readinessProbe.enabled: false
+        mysql.primary.startupProbe.enabled: false
+        redis.enabled: true
+        redis.architecture: standalone
+        redis.auth.enabled: false
--- a/charts/fleet/Chart.yaml
+++ b/charts/fleet/Chart.yaml
@ -4,8 +4,17 @@ name: fleet
 keywords:
  - fleet
  - osquery
-version: v5.0.1
+version: v6.0.1
 home: https://github.com/fleetdm/fleet
 sources:
  - https://github.com/fleetdm/fleet.git
 appVersion: v4.40.0
+dependencies:
+- name: mysql
+  condition: mysql.enabled
+  version: 9.12.5
+  repository: https://charts.bitnami.com/bitnami
+- name: redis
+  condition: redis.enabled
+  version: 18.1.6
+  repository: https://charts.bitnami.com/bitnami
--- a/charts/fleet/charts/mysql-9.12.5.tgz
+++ b/charts/fleet/charts/mysql-9.12.5.tgz
--- a/charts/fleet/charts/redis-18.1.6.tgz
+++ b/charts/fleet/charts/redis-18.1.6.tgz
--- a/charts/fleet/requirements.lock
+++ b/charts/fleet/requirements.lock
@ -0,0 +1,9 @@
+dependencies:
+- name: mysql
+  repository: https://charts.bitnami.com/bitnami
+  version: 9.12.5
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 18.1.6
+digest: sha256:f0b4e3397c22afafde5a56c3a78beecf72c2604ae5bdcad83c5ce9920fd2ea9a
+generated: "2023-10-20T12:53:32.721448425-05:00"
--- a/charts/fleet/templates/deployment.yaml
+++ b/charts/fleet/templates/deployment.yaml
@ -99,52 +99,52 @@ spec:
          ## END FLEET SECTION
          ## BEGIN MYSQL SECTION
          - name: FLEET_MYSQL_ADDRESS
-            value: "{{ .Values.mysql.address }}"
+            value: "{{ .Values.database.address }}"
          - name: FLEET_MYSQL_DATABASE
-            value: "{{ .Values.mysql.database }}"
+            value: "{{ .Values.database.database }}"
          - name: FLEET_MYSQL_USERNAME
-            value: "{{ .Values.mysql.username }}"
+            value: "{{ .Values.database.username }}"
          - name: FLEET_MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ .Values.mysql.secretName }}
-                key: {{ .Values.mysql.passwordKey }}
+                name: {{ .Values.database.secretName }}
+                key: {{ .Values.database.passwordKey }}
          - name: FLEET_MYSQL_MAX_OPEN_CONNS
-            value: "{{ .Values.mysql.maxOpenConns }}"
+            value: "{{ .Values.database.maxOpenConns }}"
          - name: FLEET_MYSQL_MAX_IDLE_CONNS
-            value: "{{ .Values.mysql.maxIdleConns }}"
+            value: "{{ .Values.database.maxIdleConns }}"
          - name: FLEET_MYSQL_CONN_MAX_LIFETIME
-            value: "{{ .Values.mysql.connMaxLifetime }}"
-          {{- if .Values.mysql.tls.enabled }}
-          {{- if .Values.mysql.tls.caCertKey }}
+            value: "{{ .Values.database.connMaxLifetime }}"
+          {{- if .Values.database.tls.enabled }}
+          {{- if .Values.database.tls.caCertKey }}
          - name: FLEET_MYSQL_TLS_CA
-            value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.caCertKey }}"
          {{- end }}
-          {{- if .Values.mysql.tls.certKey }}
+          {{- if .Values.database.tls.certKey }}
          - name: FLEET_MYSQL_TLS_CERT
-            value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.certKey }}"
          {{- end }}
-          {{- if .Values.mysql.tls.keyKey }}
+          {{- if .Values.database.tls.keyKey }}
          - name: FLEET_MYSQL_TLS_KEY
-            value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.keyKey }}"
          {{- end }}
          - name: FLEET_MYSQL_TLS_CONFIG
-            value: "{{ .Values.mysql.tls.config }}"
+            value: "{{ .Values.database.tls.config }}"
          - name: FLEET_MYSQL_TLS_SERVER_NAME
-            value: "{{ .Values.mysql.tls.serverName }}"
+            value: "{{ .Values.database.tls.serverName }}"
          {{- end }}
          ## END MYSQL SECTION
          ## BEGIN REDIS SECTION
          - name: FLEET_REDIS_ADDRESS
-            value: "{{ .Values.redis.address }}"
+            value: "{{ .Values.cache.address }}"
          - name: FLEET_REDIS_DATABASE
-            value: "{{ .Values.redis.database }}"
-          {{- if .Values.redis.usePassword }}
+            value: "{{ .Values.cache.database }}"
+          {{- if .Values.cache.usePassword }}
          - name: FLEET_REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: "{{ .Values.redis.secretName }}"
-                key: "{{ .Values.redis.passwordKey }}"
+                name: "{{ .Values.cache.secretName }}"
+                key: "{{ .Values.cache.passwordKey }}"
          {{- end }}
          ## END REDIS SECTION
          ## BEGIN OSQUERY SECTION
@ -290,7 +290,7 @@ spec:
            {{- if .Values.fleet.tls.enabled }}
            scheme: HTTPS
            {{- end }}
-        {{- if or (.Values.fleet.tls.enabled) (.Values.mysql.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
+        {{- if or (.Values.fleet.tls.enabled) (.Values.database.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
        volumeMounts:
          - name: tmp
            mountPath: /tmp
@ -299,7 +299,7 @@ spec:
            readOnly: true
            mountPath: /secrets/tls
          {{- end }}
-          {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.database.tls.enabled }}
          - name: mysql-tls
            readOnly: true
            mountPath: /secrets/mysql
@ -340,7 +340,7 @@ spec:
      hostNetwork: false
      hostIPC: false
      serviceAccountName: fleet
-      {{- if or (.Values.fleet.tls.enabled) (.Values.mysql.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
+      {{- if or (.Values.fleet.tls.enabled) (.Values.database.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
      volumes:
        - name: tmp
          emptyDir:
@ -353,10 +353,10 @@ spec:
            secretName: "{{ .Values.fleet.secretName }}"
            {{- end }}
        {{- end }}
-        {{- if .Values.mysql.tls.enabled }}
+        {{- if .Values.database.tls.enabled }}
        - name: mysql-tls
          secret:
-            secretName: "{{ .Values.mysql.secretName }}"
+            secretName: "{{ .Values.database.secretName }}"
        {{- end }}
        {{- if or (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
        - name: osquery-logs
--- a/charts/fleet/templates/job-migration.yaml
+++ b/charts/fleet/templates/job-migration.yaml
@ -10,9 +10,13 @@ metadata:
  name: fleet-migration
  namespace: {{ .Release.Namespace }}
  annotations:
+    {{- if .Values.mysql.enabled }}
+    {}
+    {{- else }}
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "1"
    "helm.sh/hook-delete-policy": hook-succeeded
+    {{- end }}
 spec:
  template:
    metadata:
@ -73,39 +77,39 @@ spec:
          ## END FLEET SECTION
          ## BEGIN MYSQL SECTION
          - name: FLEET_MYSQL_ADDRESS
-            value: "{{ .Values.mysql.address }}"
+            value: "{{ .Values.database.address }}"
          - name: FLEET_MYSQL_DATABASE
-            value: "{{ .Values.mysql.database }}"
+            value: "{{ .Values.database.database }}"
          - name: FLEET_MYSQL_USERNAME
-            value: "{{ .Values.mysql.username }}"
+            value: "{{ .Values.database.username }}"
          - name: FLEET_MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ .Values.mysql.secretName }}
-                key: {{ .Values.mysql.passwordKey }}
+                name: {{ .Values.database.secretName }}
+                key: {{ .Values.database.passwordKey }}
          - name: FLEET_MYSQL_MAX_OPEN_CONNS
-            value: "{{ .Values.mysql.maxOpenConns }}"
+            value: "{{ .Values.database.maxOpenConns }}"
          - name: FLEET_MYSQL_MAX_IDLE_CONNS
-            value: "{{ .Values.mysql.maxIdleConns }}"
+            value: "{{ .Values.database.maxIdleConns }}"
          - name: FLEET_MYSQL_CONN_MAX_LIFETIME
-            value: "{{ .Values.mysql.connMaxLifetime }}"
-          {{- if .Values.mysql.tls.enabled }}
-          {{- if .Values.mysql.tls.caCertKey }}
+            value: "{{ .Values.database.connMaxLifetime }}"
+          {{- if .Values.database.tls.enabled }}
+          {{- if .Values.database.tls.caCertKey }}
          - name: FLEET_MYSQL_TLS_CA
-            value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.caCertKey }}"
          {{- end }}
-          {{- if .Values.mysql.tls.certKey }}
+          {{- if .Values.database.tls.certKey }}
          - name: FLEET_MYSQL_TLS_CERT
-            value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.certKey }}"
          {{- end }}
-          {{- if .Values.mysql.tls.keyKey }}
+          {{- if .Values.database.tls.keyKey }}
          - name: FLEET_MYSQL_TLS_KEY
-            value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.keyKey }}"
          {{- end }}
          - name: FLEET_MYSQL_TLS_CONFIG
-            value: "{{ .Values.mysql.tls.config }}"
+            value: "{{ .Values.database.tls.config }}"
          - name: FLEET_MYSQL_TLS_SERVER_NAME
-            value: "{{ .Values.mysql.tls.serverName }}"
+            value: "{{ .Values.database.tls.serverName }}"
          {{- end }}
          ## END MYSQL SECTION
        securityContext:
@ -118,16 +122,16 @@ spec:
          runAsUser: 3333
          runAsNonRoot: true
        volumeMounts:
-          {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.database.tls.enabled }}
          - name: mysql-tls
            readOnly: true
            mountPath: /secrets/mysql
          {{- end }}
      volumes:
-        {{- if .Values.mysql.tls.enabled }}
+        {{- if .Values.database.tls.enabled }}
        - name: mysql-tls
          secret:
-            secretName: "{{ .Values.mysql.secretName }}"
+            secretName: "{{ .Values.database.secretName }}"
        {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
--- a/charts/fleet/templates/rbac.yaml
+++ b/charts/fleet/templates/rbac.yaml
@ -14,8 +14,8 @@ rules:
  resources:
  - secrets
  resourceNames:
-  - {{ .Values.mysql.secretName }}
-  - {{ .Values.redis.secretName }}
+  - {{ .Values.database.secretName }}
+  - {{ .Values.cache.secretName }}
  - {{ .Values.fleet.secretName }}
  - {{ .Values.osquery.secretName }}
  verbs:
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@ -39,17 +39,19 @@ ingress:
  enabled: false
  className: ""
  annotations: {}
-    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
+    # nginx.ingress.kubernetes.io/proxy-body-size: 10m
+    # kubernetes.io/ingress.class: nginx
+    # cert-manager.io/cluster-issuer: letsencrypt
  hosts:
    - host: chart-example.local
      paths:
        - path: /
          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  tls:
+    - secretName: chart-example-tls
+      hosts:
+        - chart-example.local

 ## Section: Fleet
 # All of the settings relating to configuring the Fleet server
@ -146,9 +148,9 @@ osquery:
      statusTopic: ""
      resultTopic: ""

-## Section: MySQL
+## Section: database
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -168,9 +170,9 @@ mysql:
    config: ""
    serverName: ""

-## Section: Redis
+## Section: cache
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
@ -204,3 +206,9 @@ environments:
  FLEET_MDM_APPLE_APNS_KEY_BYTES: ""
  FLEET_MDM_APPLE_SCEP_CERT_BYTES: ""
  FLEET_MDM_APPLE_SCEP_KEY_BYTES: ""
+
+mysql:
+  enabled: false
+
+redis:
+  enabled: false
--- a/tools/ci/helm-values/custom-annotations.yaml
+++ b/tools/ci/helm-values/custom-annotations.yaml
@ -100,7 +100,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -120,7 +120,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
--- a/tools/ci/helm-values/disable-fleet-tls.yaml
+++ b/tools/ci/helm-values/disable-fleet-tls.yaml
@ -97,7 +97,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -117,7 +117,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
--- a/tools/ci/helm-values/enable-cloudsql-proxy.yaml
+++ b/tools/ci/helm-values/enable-cloudsql-proxy.yaml
@ -97,7 +97,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -117,7 +117,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
--- a/tools/ci/helm-values/enable-mysql-tls.yaml
+++ b/tools/ci/helm-values/enable-mysql-tls.yaml
@ -97,7 +97,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -117,7 +117,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
--- a/tools/ci/helm-values/logger-firehose-accesssid.yaml
+++ b/tools/ci/helm-values/logger-firehose-accesssid.yaml
@ -97,7 +97,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -117,7 +117,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
--- a/tools/ci/helm-values/logger-firehose-sts.yaml
+++ b/tools/ci/helm-values/logger-firehose-sts.yaml
@ -97,7 +97,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -117,7 +117,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false
--- a/tools/ci/helm-values/logger-pubsub.yaml
+++ b/tools/ci/helm-values/logger-pubsub.yaml
@ -97,7 +97,7 @@ osquery:

 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
  # Name of the Secret resource containing MySQL password and TLS secrets
  secretName: mysql
  address: 127.0.0.1:3306
@ -117,7 +117,7 @@ mysql:

 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
  address: 127.0.0.1:6379
  database: "0"
  usePassword: false