From 6c689280f33107268f0789c243db1f3dca561485 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 12 Dec 2023 12:56:06 +0100 Subject: [PATCH 1/3] feat(helm): add pgadmin4 as dependency to the chart --- .../charts/pgadmin4/Chart.yaml | 17 ++ .../charts/pgadmin4/README.md | 137 +++++++++++ .../charts/pgadmin4/templates/NOTES.txt | 21 ++ .../charts/pgadmin4/templates/_helpers.tpl | 108 +++++++++ .../pgadmin4/templates/auth-secret.yaml | 13 + .../charts/pgadmin4/templates/deployment.yaml | 226 ++++++++++++++++++ .../charts/pgadmin4/templates/ingress.yaml | 60 +++++ .../charts/pgadmin4/templates/pvc.yaml | 27 +++ .../charts/pgadmin4/templates/service.yaml | 29 +++ .../pgadmin4/templates/serviceaccount.yaml | 14 ++ .../charts/pgadmin4/values.yaml | 202 ++++++++++++++++ 11 files changed, 854 insertions(+) create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/README.md create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/values.yaml diff --git a/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml b/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml new file mode 100644 index 000000000..0845449b1 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +description: pgAdmin4 is a web based administration tool for PostgreSQL database +name: pgadmin4 +version: 1.19.0 +appVersion: "7.8" +keywords: + - pgadmin + - postgres + - database + - sql +home: https://www.pgadmin.org/ +icon: https://wiki.postgresql.org/images/3/30/PostgreSQL_logo.3colors.120x120.png +sources: + - https://github.com/rowanruseler/helm-charts +maintainers: + - name: rowanruseler + email: rowanruseler@gmail.com diff --git a/charts/managed-identity-wallet/charts/pgadmin4/README.md b/charts/managed-identity-wallet/charts/pgadmin4/README.md new file mode 100644 index 000000000..7a3aa7b8f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/README.md @@ -0,0 +1,137 @@ +###### based on [dpage/pgadmin4] + +# pgAdmin 4 + +[pgAdmin4](https://www.pgadmin.org/) is the leading Open Source management tool for Postgres, the world’s most advanced Open Source database. pgAdmin4 is designed to meet the needs of both novice and experienced Postgres users alike, providing a powerful graphical interface that simplifies the creation, maintenance and use of database objects. + +## TL;DR; + +```console +helm repo add runix https://helm.runix.net +helm install runix/pgadmin4 +``` + +## Introduction + +This chart bootstraps a [pgAdmin4](https://www.pgadmin.org/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Install the Chart + +To install the chart with the release name `my-release`: + +```console +$ # Helm 2 +helm install --name my-release runix/pgadmin4 +$ # Helm 3 +helm install my-release runix/pgadmin4 +``` + +The command deploys pgAdmin4 on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstall the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete --purge my-release +``` + +The command removes nearly all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `replicaCount` | Number of pgadmin4 replicas | `1` | +| `image.registry` | Docker image registry | `docker.io` | +| `image.repository` | Docker image | `dpage/pgadmin4` | +| `image.tag` | Docker image tag | `""` | +| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | +| `annotations` | Deployment Annotations | `{}` | +| `priorityClassName` | Deployment priorityClassName | `""` | +| `command` | Deployment command override | `""` | +| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | +| `service.clusterIP` | Service type Cluster IP | `""` | +| `service.loadBalancerIP` | Service Load Balancer IP | `""` | +| `service.annotations` | Service Annotations | `{}` | +| `service.port` | Service port | `80` | +| `service.portName` | Name of the port on the service | `http` | +| `service.targetPort` | Internal service port | `http` | +| `service.nodePort` | Kubernetes service nodePort | `` | +| `serviceAccount.create` | Creates a ServiceAccount for the pod. | `false` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | The name of the service account. Otherwise uses the fullname. | `` | +| `serviceAccount.automountServiceAccountToken` | Opt out of API credential automounting. | `false` | +| `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.ingressClassName` | Ingress class name | `""` | +| `ingress.hosts.host` | Ingress accepted hostname | `nil` | +| `ingress.hosts.paths` | Ingress paths list | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `extraConfigmapMounts` | Additional configMap volume mounts for pgadmin4 pod | `[]` | +| `extraSecretMounts` | Additional secret volume mounts for pgadmin4 pod | `[]` | +| `extraContainers` | Sidecar containers to add to the pgadmin4 pod | `"[]"` | +| `existingSecret` | The name of an existing secret containing the pgadmin4 default password. | `""` | +| `secretKeys.pgadminPasswordKey` | Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. | `"password"` | +| `extraInitContainers` | Sidecar init containers to add to the pgadmin4 pod | `"[]"` | +| `env.email` | pgAdmin4 default email. Needed chart reinstall for apply changes | `chart@domain.com` | +| `env.password` | pgAdmin4 default password. Needed chart reinstall for apply changes | `SuperSecret` | +| `env.pgpassfile` | Path to pgpasssfile (optional). Needed chart reinstall for apply changes | `` | +| `env.enhanced_cookie_protection` | Allows pgAdmin4 to create session cookies based on IP address | `"False"` | +| `env.contextPath` | Context path for accessing pgadmin (optional) | `` | +| `envVarsFromConfigMaps` | Array of ConfigMap names to load as environment variables | `[]` | +| `envVarsFromSecrets` | Array of Secret names to load as environment variables | `[]` | +| `persistentVolume.enabled` | If true, pgAdmin4 will create a Persistent Volume Claim | `true` | +| `persistentVolume.accessMode` | Persistent Volume access Mode | `ReadWriteOnce` | +| `persistentVolume.size` | Persistent Volume size | `10Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `unset` | +| `persistentVolume.existingClaim` | Persistent Volume existing claim name | | `unset` | +| `persistentVolume.subPath` | Subdirectory of the volume to mount at | `unset` | +| `securityContext` | Custom [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 pod | `` | +| `containerSecurityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 container | `` | +| `livenessProbe` | [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `startupProbe` | [startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `readinessProbe` | [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `VolumePermissions.enabled` | Enables init container that changes volume permissions in the data directory | `false` | +| `extraInitContainers` | Init containers to launch alongside the app | `[]` | +| `containerPorts.http` | Sets http port inside pgadmin container | `80` | +| `resources` | CPU/memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Node tolerations for pod assignment | `[]` | +| `affinity` | Node affinity for pod assignment | `{}` | +| `podAnnotations` | Annotations for pod | `{}` | +| `podLabels` | Labels for pod | `{}` | +| `namespace` | Namespace where to deploy resources | `null` | +| `init.resources` | Init container CPU/memory resource requests/limits | `{}` | + +> The values for "extraConfigmapMounts.[].configMap" and "extraSecretMounts.[].secret" can be either a simple string +> or a template string. +> Then it will be resolved for you. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```console +$ # Helm 2 +helm install runix/pgadmin4 --name my-release \ + --set env.password=SuperSecret +$ # Helm 3 +helm install my-release runix/pgadmin4 \ + --set env.password=SuperSecret +``` + +Alternatively, a YAML file that specifies the values for the parameters can be +provided while installing the chart. For example: + +```console +$ # Helm 2 +helm install runix/pgadmin4 --name my-release -f values.yaml +$ # Helm 3 +helm install my-release runix/pgadmin4 -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/values.yaml) and look on [examples](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/). + +[dpage/pgadmin4]: https://hub.docker.com/r/dpage/pgadmin4 diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt b/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt new file mode 100644 index 000000000..67b0bdcb4 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pgadmin.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pgadmin.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pgadmin.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pgadmin.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl b/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl new file mode 100644 index 000000000..22129b2c7 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pgadmin.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pgadmin.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pgadmin.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pgadmin.labels" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/name: {{ include "pgadmin.name" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +helm.sh/chart: {{ include "pgadmin.chart" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pgadmin.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pgadmin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Generate chart secret name +*/}} +{{- define "pgadmin.secretName" -}} +{{ default (include "pgadmin.fullname" .) .Values.existingSecret }} +{{- end -}} + +{{/* +Defines a JSON file containing server definitions. This allows connection information to be pre-loaded into the instance of pgAdmin in the container. Note that server definitions are only loaded on first launch, i.e. when the configuration database is created, and not on subsequent launches using the same configuration database. +*/}} +{{- define "pgadmin.serverDefinitions" -}} +{ + "Servers": {{ .Values.serverDefinitions.servers | toJson }} +} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- if semverCompare "<1.9.0-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for network policy. +*/}} +{{- define "networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.8.0-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Create the name of the namespace +*/}} +{{- define "pgadmin.namespaceName" -}} +{{- default .Release.Namespace .Values.namespace }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml new file mode 100644 index 000000000..aecd2efac --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.existingSecret }} +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +type: Opaque +data: + password: {{ default "SuperSecret" .Values.env.password | b64enc | quote }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml new file mode 100644 index 000000000..58cdb0f24 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml @@ -0,0 +1,226 @@ +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: {{ template "deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +{{- if .Values.annotations }} + annotations: + {{- if .Values.annotations }} + {{- .Values.annotations | toYaml | nindent 4 }} + {{- end }} +{{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pgadmin.selectorLabels" . | nindent 6 }} +{{- if .Values.strategy }} + strategy: + {{- .Values.strategy | toYaml | nindent 4 }} +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "pgadmin.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or (not .Values.existingSecret) .Values.podAnnotations }} + annotations: + {{- if .Values.podAnnotations }} + {{- .Values.podAnnotations | toYaml | nindent 8 }} + {{- end }} + {{- if not .Values.existingSecret }} + checksum/secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum }} + {{- end }} + {{- end }} + + spec: + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ default $fullName .Values.serviceAccount.name }} + {{- end }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} + {{- if or (.Values.VolumePermissions.enabled) .Values.extraInitContainers }} + initContainers: + {{- if .Values.VolumePermissions.enabled }} + - name: init-chmod-data + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"] + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + subPath: {{ .Values.persistentVolume.subPath | default "" }} + securityContext: + runAsUser: 0 + resources: + {{- .Values.init.resources | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.extraInitContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: + {{- toYaml .Values.command | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: + {{- toYaml .Values.args | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + {{- if .Values.livenessProbe }} + livenessProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.livenessProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe }} + startupProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.startupProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe }} + readinessProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.readinessProbe | toYaml | nindent 12 }} + {{- end }} + env: + - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION + value: {{ .Values.env.enhanced_cookie_protection | quote }} + - name: PGADMIN_DEFAULT_EMAIL + value: {{ .Values.env.email }} + {{- if .Values.env.pgpassfile }} + - name: PGPASSFILE + value: {{ .Values.env.pgpassfile }} + {{- end }} + - name: PGADMIN_DEFAULT_PASSWORD + valueFrom: + secretKeyRef: + {{- if not .Values.existingSecret }} + name: {{ $fullName }} + key: password + {{- else }} + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.pgadminPasswordKey }} + {{- end }} + {{- if .Values.env.contextPath }} + - name: SCRIPT_NAME + value: {{ .Values.env.contextPath }} + {{- end }} + {{- range .Values.env.variables }} + - name: {{ .name | quote }} + value: {{ .value | quote }} + {{- end }} + {{- if or .Values.envVarsFromConfigMaps .Values.envVarsFromSecrets }} + envFrom: + {{- range .Values.envVarsFromConfigMaps }} + - configMapRef: + name: {{ . | quote }} + {{- end }} + {{- range .Values.envVarsFromSecrets }} + - secretRef: + name: {{ . | quote }} + {{- end }} + {{- end }} + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + subPath: {{ .Values.persistentVolume.subPath | default "" }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- .Values.extraVolumeMounts | toYaml | nindent 12 }} + {{- end }} + resources: + {{- .Values.resources | toYaml | nindent 12 }} + {{- with .Values.extraContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + volumes: + - name: pgadmin-data + {{- if .Values.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ $fullName }}{{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl (.configMap) $ }} + defaultMode: {{ .defaultMode | default 256 }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl (.secret) $ }} + defaultMode: {{ .defaultMode | default 256 }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- .Values.extraVolumes | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- .Values.imagePullSecrets | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: + {{- .Values.securityContext | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- .Values.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- .Values.tolerations | toYaml | nindent 8 }} + {{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml new file mode 100644 index 000000000..ca181fdea --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pgadmin.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.19-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare "<=1.13-0" $kubeVersion -}} +apiVersion: extensions/v1beta1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" $kubeVersion) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl (.) $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl (.host) $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $kubeVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $kubeVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml new file mode 100644 index 000000000..c088652e9 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistentVolume.enabled (not .Values.persistentVolume.existingClaim) }} +{{- $fullName := include "pgadmin.fullname" . -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.persistentVolume.annotations }} + annotations: + {{- .Values.persistentVolume.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- .Values.persistentVolume.accessModes | toYaml | nindent 4 }} +{{- if .Values.persistentVolume.storageClass }} +{{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" +{{- end }} +{{- end }} + resources: + requests: + storage: {{ .Values.persistentVolume.size }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml new file mode 100644 index 000000000..f6399b1d8 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pgadmin.fullname" . }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.service.annotations }} + annotations: + {{- .Values.service.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP)) }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + protocol: TCP + name: {{ .Values.service.portName }} + selector: + {{- include "pgadmin.selectorLabels" . | nindent 4 }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml new file mode 100644 index 000000000..877dc9031 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if and (.Values.serviceAccount.create) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pgadmin.fullname" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{- .Values.serviceAccount.annotations | toYaml | nindent 4 }} + {{- end }} + namespace: {{ include "pgadmin.namespaceName" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml new file mode 100644 index 000000000..d13dd3fbb --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml @@ -0,0 +1,202 @@ +replicaCount: 1 + +image: + registry: docker.io + repository: dpage/pgadmin4 + tag: "" + pullPolicy: IfNotPresent + +annotations: {} + +priorityClassName: "" + +service: + type: ClusterIP + clusterIP: "" + loadBalancerIP: "" + port: 80 + targetPort: 80 + portName: http + + annotations: {} + +serviceAccount: + create: false + annotations: {} + name: "" + automountServiceAccountToken: false + +strategy: {} + +ingress: + enabled: false + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/ssl/certs + # subPath: ca-certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + +extraSecretMounts: [] + # - name: pgpassfile + # secret: pgpassfile + # subPath: pgpassfile + # mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass" + # readOnly: true + +extraVolumeMounts: [] + +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +existingSecret: "" +secretKeys: + pgadminPasswordKey: password + +env: + email: chart@domain.com + password: SuperSecret + # pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass + + # set context path for application (e.g. /pgadmin4/*) + # contextPath: /pgadmin4 + + ## If True, allows pgAdmin4 to create session cookies based on IP address + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html + ## + enhanced_cookie_protection: "False" + + ## Add custom environment variables that will be injected to deployment + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html + ## + variables: [] + # - name: PGADMIN_LISTEN_ADDRESS + # value: "0.0.0.0" + # - name: PGADMIN_LISTEN_PORT + # value: "8080" + +envVarsFromConfigMaps: [] + # - array-of + # - config-map-names + +envVarsFromSecrets: [] + # - array-of + # - secret-names + +persistentVolume: + ## If true, pgAdmin4 will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## pgAdmin4 Persistent Volume Claim annotations + ## + annotations: {} + + ## pgAdmin4 Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + accessModes: + - ReadWriteOnce + + ## pgAdmin4 Persistent Volume Size + ## + size: 10Gi + + ## pgAdmin4 Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + # existingClaim: "" + ## Sub-directory of the PV to mount + # subPath: "" + +extraVolumes: [] + +securityContext: + runAsUser: 5050 + runAsGroup: 5050 + fsGroup: 5050 + +containerSecurityContext: + enabled: false + allowPrivilegeEscalation: false + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +VolumePermissions: + ## If true, enables an InitContainer to set permissions on /var/lib/pgadmin. + ## + enabled: false + +extraInitContainers: | +# - name: add-folder-for-pgpass +# image: "dpage/pgadmin4:latest" +# command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"] +# volumeMounts: +# - name: pgadmin-data +# mountPath: /var/lib/pgadmin +# securityContext: +# runAsUser: 5050 + +containerPorts: + http: 80 + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +podAnnotations: {} + +podLabels: {} + # key1: value1 + # key2: value2 + +namespace: null + +init: + resources: {} From 7f5987ab2f8f596bb191dd89bc88cddb68af92a7 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 13 Dec 2023 10:04:36 +0100 Subject: [PATCH 2/3] chore(ci): fix the PR pipeline --- .github/workflows/chart-verification.yml | 4 ++-- charts/managed-identity-wallet/.helmdocsignore | 1 + charts/managed-identity-wallet/.helmignore | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 charts/managed-identity-wallet/.helmdocsignore diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml index ffdc2c8ca..a75cec444 100644 --- a/.github/workflows/chart-verification.yml +++ b/.github/workflows/chart-verification.yml @@ -87,7 +87,7 @@ jobs: with: image: jnorwood/helm-docs:v1.11.3 options: -v ${{ github.workspace }}/charts:/helm-docs - run: helm-docs + run: helm-docs -i managed-identity-wallet/.helmdocsignore - name: Verify that no changes are required run: | @@ -133,7 +133,7 @@ jobs: - name: Install Helm unittest plugin run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git + helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 0.3.5 - name: Run Helm unittests run: task helm:unittest diff --git a/charts/managed-identity-wallet/.helmdocsignore b/charts/managed-identity-wallet/.helmdocsignore new file mode 100644 index 000000000..ee3892e87 --- /dev/null +++ b/charts/managed-identity-wallet/.helmdocsignore @@ -0,0 +1 @@ +charts/ diff --git a/charts/managed-identity-wallet/.helmignore b/charts/managed-identity-wallet/.helmignore index 0886f15ef..70181f49b 100644 --- a/charts/managed-identity-wallet/.helmignore +++ b/charts/managed-identity-wallet/.helmignore @@ -24,5 +24,5 @@ tests/ values-*.yaml README.md.gotmpl +.helmdocsignore ci/ -argocd/ From a12c4f05528210dac02b56f65f499c03946abd41 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 13 Dec 2023 11:24:42 +0100 Subject: [PATCH 3/3] chore(helm): ignore pgadmin temporally --- charts/managed-identity-wallet/.helmignore | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/managed-identity-wallet/.helmignore b/charts/managed-identity-wallet/.helmignore index 70181f49b..93fabc264 100644 --- a/charts/managed-identity-wallet/.helmignore +++ b/charts/managed-identity-wallet/.helmignore @@ -26,3 +26,4 @@ values-*.yaml README.md.gotmpl .helmdocsignore ci/ +charts/pgadmin4