Modifying chart to include dependencies (#14758)

.gitignore

@@ -37,6 +37,7 @@ mysqldata/
 
 # test helm charts
 helm-temp
+charts/fleet/charts
 
 #editors
 .idea

charts/example-skaffold.yaml

@@ -0,0 +1,35 @@
+apiVersion:  skaffold/v2beta28
+kind: Config
+deploy:
+  helm:
+    releases:
+    - name: fleet
+      imageStrategy:
+        helm: {}
+      chartPath: ./fleet
+      valuesFiles:
+      - ./fleet/values.yaml
+      recreatePods: false
+      setValues:
+        image.pullPolicy: Never
+        imageTag: main
+        replicas: 1
+        hostName: fleet.example.com
+        database.secretName: fleet-mysql
+        database.address: fleet-mysql:3306
+        cache.secretName: fleet-redis
+        cache.address: fleet-redis-master:6379
+        ingress.enabled: true
+        ingress.hosts[0].host: fleet.example.com
+        ingress.tls[0].secretName: fleet-web-tls
+        ingress.tls[0].hosts: ["fleet.example.com"]
+        fleet.tls.enabled: false
+        mysql.enabled: true
+        mysql.auth.username: fleet
+        mysql.auth.database: fleet
+        mysql.primary.livenessProbe.enabled: false
+        mysql.primary.readinessProbe.enabled: false
+        mysql.primary.startupProbe.enabled: false
+        redis.enabled: true
+        redis.architecture: standalone
+        redis.auth.enabled: false

charts/fleet/Chart.yaml

@@ -4,8 +4,17 @@ name: fleet
 keywords:
   - fleet
   - osquery
-version: v5.0.1
+version: v6.0.1
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
 appVersion: v4.40.0
+dependencies:
+- name: mysql
+  condition: mysql.enabled
+  version: 9.12.5
+  repository: https://charts.bitnami.com/bitnami
+- name: redis
+  condition: redis.enabled
+  version: 18.1.6
+  repository: https://charts.bitnami.com/bitnami

charts/fleet/requirements.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: mysql
+  repository: https://charts.bitnami.com/bitnami
+  version: 9.12.5
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 18.1.6
+digest: sha256:f0b4e3397c22afafde5a56c3a78beecf72c2604ae5bdcad83c5ce9920fd2ea9a
+generated: "2023-10-20T12:53:32.721448425-05:00"

charts/fleet/templates/deployment.yaml

@@ -99,52 +99,52 @@ spec:
           ## END FLEET SECTION
           ## BEGIN MYSQL SECTION
           - name: FLEET_MYSQL_ADDRESS
-            value: "{{ .Values.mysql.address }}"
+            value: "{{ .Values.database.address }}"
           - name: FLEET_MYSQL_DATABASE
-            value: "{{ .Values.mysql.database }}"
+            value: "{{ .Values.database.database }}"
           - name: FLEET_MYSQL_USERNAME
-            value: "{{ .Values.mysql.username }}"
+            value: "{{ .Values.database.username }}"
           - name: FLEET_MYSQL_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ .Values.mysql.secretName }}
+                name: {{ .Values.database.secretName }}
-                key: {{ .Values.mysql.passwordKey }}
+                key: {{ .Values.database.passwordKey }}
           - name: FLEET_MYSQL_MAX_OPEN_CONNS
-            value: "{{ .Values.mysql.maxOpenConns }}"
+            value: "{{ .Values.database.maxOpenConns }}"
           - name: FLEET_MYSQL_MAX_IDLE_CONNS
-            value: "{{ .Values.mysql.maxIdleConns }}"
+            value: "{{ .Values.database.maxIdleConns }}"
           - name: FLEET_MYSQL_CONN_MAX_LIFETIME
-            value: "{{ .Values.mysql.connMaxLifetime }}"
+            value: "{{ .Values.database.connMaxLifetime }}"
-          {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.database.tls.enabled }}
-          {{- if .Values.mysql.tls.caCertKey }}
+          {{- if .Values.database.tls.caCertKey }}
           - name: FLEET_MYSQL_TLS_CA
-            value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.caCertKey }}"
           {{- end }}
-          {{- if .Values.mysql.tls.certKey }}
+          {{- if .Values.database.tls.certKey }}
           - name: FLEET_MYSQL_TLS_CERT
-            value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.certKey }}"
           {{- end }}
-          {{- if .Values.mysql.tls.keyKey }}
+          {{- if .Values.database.tls.keyKey }}
           - name: FLEET_MYSQL_TLS_KEY
-            value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.keyKey }}"
           {{- end }}
           - name: FLEET_MYSQL_TLS_CONFIG
-            value: "{{ .Values.mysql.tls.config }}"
+            value: "{{ .Values.database.tls.config }}"
           - name: FLEET_MYSQL_TLS_SERVER_NAME
-            value: "{{ .Values.mysql.tls.serverName }}"
+            value: "{{ .Values.database.tls.serverName }}"
           {{- end }}
           ## END MYSQL SECTION
           ## BEGIN REDIS SECTION
           - name: FLEET_REDIS_ADDRESS
-            value: "{{ .Values.redis.address }}"
+            value: "{{ .Values.cache.address }}"
           - name: FLEET_REDIS_DATABASE
-            value: "{{ .Values.redis.database }}"
+            value: "{{ .Values.cache.database }}"
-          {{- if .Values.redis.usePassword }}
+          {{- if .Values.cache.usePassword }}
           - name: FLEET_REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: "{{ .Values.redis.secretName }}"
+                name: "{{ .Values.cache.secretName }}"
-                key: "{{ .Values.redis.passwordKey }}"
+                key: "{{ .Values.cache.passwordKey }}"
           {{- end }}
           ## END REDIS SECTION
           ## BEGIN OSQUERY SECTION
@@ -290,7 +290,7 @@ spec:
             {{- if .Values.fleet.tls.enabled }}
             scheme: HTTPS
             {{- end }}
-        {{- if or (.Values.fleet.tls.enabled) (.Values.mysql.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
+        {{- if or (.Values.fleet.tls.enabled) (.Values.database.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
         volumeMounts:
           - name: tmp
             mountPath: /tmp
@@ -299,7 +299,7 @@ spec:
             readOnly: true
             mountPath: /secrets/tls
           {{- end }}
-          {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.database.tls.enabled }}
           - name: mysql-tls
             readOnly: true
             mountPath: /secrets/mysql
@@ -340,7 +340,7 @@ spec:
       hostNetwork: false
       hostIPC: false
       serviceAccountName: fleet
-      {{- if or (.Values.fleet.tls.enabled) (.Values.mysql.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
+      {{- if or (.Values.fleet.tls.enabled) (.Values.database.tls.enabled) (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
       volumes:
         - name: tmp
           emptyDir:
@@ -353,10 +353,10 @@ spec:
             secretName: "{{ .Values.fleet.secretName }}"
             {{- end }}
         {{- end }}
-        {{- if .Values.mysql.tls.enabled }}
+        {{- if .Values.database.tls.enabled }}
         - name: mysql-tls
           secret:
-            secretName: "{{ .Values.mysql.secretName }}"
+            secretName: "{{ .Values.database.secretName }}"
         {{- end }}
         {{- if or (eq .Values.osquery.logging.statusPlugin "filesystem") (eq .Values.osquery.logging.resultPlugin "filesystem") }}
         - name: osquery-logs

charts/fleet/templates/job-migration.yaml

@@ -10,9 +10,13 @@ metadata:
   name: fleet-migration
   namespace: {{ .Release.Namespace }}
   annotations:
+    {{- if .Values.mysql.enabled }}
+    {}
+    {{- else }}
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-weight": "1"
     "helm.sh/hook-delete-policy": hook-succeeded
+    {{- end }}
 spec:
   template:
     metadata:
@@ -73,39 +77,39 @@ spec:
           ## END FLEET SECTION
           ## BEGIN MYSQL SECTION
           - name: FLEET_MYSQL_ADDRESS
-            value: "{{ .Values.mysql.address }}"
+            value: "{{ .Values.database.address }}"
           - name: FLEET_MYSQL_DATABASE
-            value: "{{ .Values.mysql.database }}"
+            value: "{{ .Values.database.database }}"
           - name: FLEET_MYSQL_USERNAME
-            value: "{{ .Values.mysql.username }}"
+            value: "{{ .Values.database.username }}"
           - name: FLEET_MYSQL_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ .Values.mysql.secretName }}
+                name: {{ .Values.database.secretName }}
-                key: {{ .Values.mysql.passwordKey }}
+                key: {{ .Values.database.passwordKey }}
           - name: FLEET_MYSQL_MAX_OPEN_CONNS
-            value: "{{ .Values.mysql.maxOpenConns }}"
+            value: "{{ .Values.database.maxOpenConns }}"
           - name: FLEET_MYSQL_MAX_IDLE_CONNS
-            value: "{{ .Values.mysql.maxIdleConns }}"
+            value: "{{ .Values.database.maxIdleConns }}"
           - name: FLEET_MYSQL_CONN_MAX_LIFETIME
-            value: "{{ .Values.mysql.connMaxLifetime }}"
+            value: "{{ .Values.database.connMaxLifetime }}"
-          {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.database.tls.enabled }}
-          {{- if .Values.mysql.tls.caCertKey }}
+          {{- if .Values.database.tls.caCertKey }}
           - name: FLEET_MYSQL_TLS_CA
-            value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.caCertKey }}"
           {{- end }}
-          {{- if .Values.mysql.tls.certKey }}
+          {{- if .Values.database.tls.certKey }}
           - name: FLEET_MYSQL_TLS_CERT
-            value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.certKey }}"
           {{- end }}
-          {{- if .Values.mysql.tls.keyKey }}
+          {{- if .Values.database.tls.keyKey }}
           - name: FLEET_MYSQL_TLS_KEY
-            value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
+            value: "/secrets/mysql/{{ .Values.database.tls.keyKey }}"
           {{- end }}
           - name: FLEET_MYSQL_TLS_CONFIG
-            value: "{{ .Values.mysql.tls.config }}"
+            value: "{{ .Values.database.tls.config }}"
           - name: FLEET_MYSQL_TLS_SERVER_NAME
-            value: "{{ .Values.mysql.tls.serverName }}"
+            value: "{{ .Values.database.tls.serverName }}"
           {{- end }}
           ## END MYSQL SECTION
         securityContext:
@@ -118,16 +122,16 @@ spec:
           runAsUser: 3333
           runAsNonRoot: true
         volumeMounts:
-          {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.database.tls.enabled }}
           - name: mysql-tls
             readOnly: true
             mountPath: /secrets/mysql
           {{- end }}
       volumes:
-        {{- if .Values.mysql.tls.enabled }}
+        {{- if .Values.database.tls.enabled }}
         - name: mysql-tls
           secret:
-            secretName: "{{ .Values.mysql.secretName }}"
+            secretName: "{{ .Values.database.secretName }}"
         {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:

charts/fleet/templates/rbac.yaml

@@ -14,8 +14,8 @@ rules:
   resources:
   - secrets
   resourceNames:
-  - {{ .Values.mysql.secretName }}
+  - {{ .Values.database.secretName }}
-  - {{ .Values.redis.secretName }}
+  - {{ .Values.cache.secretName }}
   - {{ .Values.fleet.secretName }}
   - {{ .Values.osquery.secretName }}
   verbs:

charts/fleet/values.yaml

@@ -39,17 +39,19 @@ ingress:
   enabled: false
   className: ""
   annotations: {}
-    # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
+    # nginx.ingress.kubernetes.io/proxy-body-size: 10m
+    # kubernetes.io/ingress.class: nginx
+    # cert-manager.io/cluster-issuer: letsencrypt
   hosts:
     - host: chart-example.local
       paths:
         - path: /
           pathType: ImplementationSpecific
-  tls: []
+  tls:
-  #  - secretName: chart-example-tls
+    - secretName: chart-example-tls
-  #    hosts:
+      hosts:
-  #      - chart-example.local
+        - chart-example.local
 
 ## Section: Fleet
 # All of the settings relating to configuring the Fleet server
@@ -146,9 +148,9 @@ osquery:
       statusTopic: ""
       resultTopic: ""
 
-## Section: MySQL
+## Section: database
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -168,9 +170,9 @@ mysql:
     config: ""
     serverName: ""
 
-## Section: Redis
+## Section: cache
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false
@@ -204,3 +206,9 @@ environments:
   FLEET_MDM_APPLE_APNS_KEY_BYTES: ""
   FLEET_MDM_APPLE_SCEP_CERT_BYTES: ""
   FLEET_MDM_APPLE_SCEP_KEY_BYTES: ""
+
+mysql:
+  enabled: false
+
+redis:
+  enabled: false

tools/ci/helm-values/custom-annotations.yaml

@@ -100,7 +100,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -120,7 +120,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false

tools/ci/helm-values/disable-fleet-tls.yaml

@@ -97,7 +97,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -117,7 +117,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false

tools/ci/helm-values/enable-cloudsql-proxy.yaml

@@ -97,7 +97,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -117,7 +117,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false

tools/ci/helm-values/enable-mysql-tls.yaml

@@ -97,7 +97,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -117,7 +117,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false

tools/ci/helm-values/logger-firehose-accesssid.yaml

@@ -97,7 +97,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -117,7 +117,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false

tools/ci/helm-values/logger-firehose-sts.yaml

@@ -97,7 +97,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -117,7 +117,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false

tools/ci/helm-values/logger-pubsub.yaml

@@ -97,7 +97,7 @@ osquery:
 
 ## Section: MySQL
 # All of the connection settings for MySQL
-mysql:
+database:
   # Name of the Secret resource containing MySQL password and TLS secrets
   secretName: mysql
   address: 127.0.0.1:3306
@@ -117,7 +117,7 @@ mysql:
 
 ## Section: Redis
 # All of the connection settings for Redis
-redis:
+cache:
   address: 127.0.0.1:6379
   database: "0"
   usePassword: false