Skip to content

Commit

Permalink
Improve postgreSQL deployment: (#33)
Browse files Browse the repository at this point in the history 
* Improve postgreSQL deployment:

- Update Chart version to 1.2.0
- Update bitnami/postgresql to 15.x.x to use Openshift SCC
- Use of a global values to use Openshift SCC. Dependency common added for this purpose.
- It's possible to use an external database
- Update NOTES.txt with new text after deployment
- Update README

* Clean code
  • Loading branch information
@trispera
trispera authored May 31, 2024
1 parent cf197e5 commit c3a7897
Show file tree
Hide file tree
Showing 6 changed files with 74 additions and 264 deletions.
9 changes: 7 additions & 2 deletions charts/hedgedoc/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,17 @@ apiVersion: v2
name: hedgedoc
description: Hedgedoc Helm Chart for Rahti platform
Link to the repo https://github.com/CSCfi/helm-charts
version: 1.1.2
version: 1.2.0
sources:
- https://github.com/CSCfi/helm-charts
icon: https://raw.githubusercontent.com/hedgedoc/hedgedoc/develop/frontend/src/app/icon.png
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
version: 13.x.x
version: 15.x.x
36 changes: 24 additions & 12 deletions charts/hedgedoc/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ If you want to use it with different values, you can edit `values.yaml` file and
helm upgrade --install hedgedoc . -f {custom_values.yaml}
```

By default, this Helm Chart deployed a postgreSQL database along Hedgedoc. If you want to connect Hedgedoc to an existing external database, you have to enable the parameters
`postgresqlExternal.enabled` and disable the default one `postgresql.enabled`. More information below in the table.

## Parameters
### Common parameters

Expand All @@ -22,26 +25,35 @@ helm upgrade --install hedgedoc . -f {custom_values.yaml}

### HedgeDoc parameters

| Name | Description | Value |
| -------------------------------------- | ------------------------------------------------------- | --------------------------------- |
| `hedgedoc.appname` | Name of your app. Used for the creation of the `route` | `my-hedgedoc` |
| `hedgedoc.domain` | Name of your domain where the Helm is deployed | `rahtiapp.fi` |
| `hedgedoc.image` | Name of the `hedgedoc` image | `quay.io/hedgedoc/hedgedoc:1.9.4` |
| `hedgedoc.podSecurityContext` | Set SecurityContext for the pod | `{}` |
| Name | Description | Value |
| -------------------------------------- | ------------------------------------------------------- | ------------------------------------------ |
| `hedgedoc.appname` | Name of your app. Used for the creation of the `route` | `my-hedgedoc` |
| `hedgedoc.domain` | Name of your domain where the Helm is deployed | `rahtiapp.fi` |
| `hedgedoc.image` | Name of the `hedgedoc` image | `quay.io/hedgedoc/hedgedoc:1.9.4` |
| `hedgedoc.podSecurityContext` | Set SecurityContext for the pod | `{}` |
| `hedgedoc.containerSecurityContext` | Set SecurityContext for the container | `allowPrivilegeEscalation: false`<br>`runAsUser:`<br>`runAsGroup:`<br>`capabilities:`<br>&nbsp;&nbsp;`drop:`<br>&nbsp;&nbsp;`- ALL`<br>`runAsNonRoot: true`<br>`seccompProfile:`<br>&nbsp;&nbsp;`type: RuntimeDefault` |
| `hedgedoc.pvc.storageSpace` | Storage space for the PersistentVolume | `5Gi` |
| `hedgedoc.service.type` | Set the Service type | `ClusterIP` |
| `hedgedoc.random_pw_secret_key` | Key to store the password | `database-password` |
| `hedgedoc.secret.database-name` | Name of the database | `postgres` |
| `hedgedoc.secret.database-user` | Name of the postgres user | `postgres` |
| `hedgedoc.pvc.storageSpace` | Storage space for the PersistentVolume | `5Gi` |
| `hedgedoc.service.type` | Set the Service type | `ClusterIP` |
| `hedgedoc.random_pw_secret_key` | Key to store the password | `database-password` |
| `hedgedoc.secret.database-name` | Name of the database | `postgres` |
| `hedgedoc.secret.database-user` | Name of the postgres user | `postgres` |
| `hedgedoc.secret.database-password` | Function that retrieve the generated password | `'{{- include "random_pw_reusable" . -}}'` |

### PostgreSQL parameters

Since we are using the `bitnami/postgresql` Helm Chart as a dependency, you can take a look to the [PostgreSQL ArtifactHub](https://artifacthub.io/packages/helm/bitnami/postgresql/13.4.4) to check the different values.
Since we are using the `bitnami/postgresql` Helm Chart as a dependency, you can take a look to the [PostgreSQL ArtifactHub](https://artifacthub.io/packages/helm/bitnami/postgresql/15.5.0) to check the different values.

The postgres database password is generated randomly and won't change if you upgrade the Chart.

### HedgeDoc parameters

It's possible to use an external database if you have one ready. Here are the parameters:

| Name | Description | Value |
| -------------------------------------- | -------------------------------------------------------------------- | ---------- |
| `postgresqlExternal.enabled` | If you want to use an existing external database | `false` |
| `postgresqlExternal.externalDatabase` | If you enable an external, enter its DNS name or public address IP | `` |

## Cleanup
To delete all the resources, simply uninstall the Helm Chart:
```sh
Expand Down
12 changes: 12 additions & 0 deletions charts/hedgedoc/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,18 @@ and then you could access it through this URL:

https://{{ .Values.hedgedoc.appname }}.{{ .Values.hedgedoc.domain }}

{{ if .Values.postgresql.enabled }}
The postgresql database password is generated automatically. To check its value, run this command:

echo PostgreSQL Password: $(oc get secret --namespace={{ .Release.Namespace }} postgres -o jsonpath="{.data.database-password}" | base64 -d)

{{ else if .Values.postgresqlExternal.enabled }}
You decided to use an external database named {{ index .Values.hedgedoc.secret "database-name" }} reachable through {{ .Values.postgresqlExternal.externalDatabase }}
{{ else }}
!!! WARNING !!!
No PostgreSQL database is deployed.
Your pod may fail.

Enable either the values postgresql.enabled
If you want to use an existing external database, enable the value postgresqlExternal.enabled
{{ end }}
5 changes: 5 additions & 0 deletions charts/hedgedoc/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,13 @@ spec:
secretKeyRef:
key: database-name
name: postgres
{{- if .Values.postgresql.enabled }}
- name: CMD_DB_HOST
value: {{ include "postgresql.v1.primary.fullname" . }}-postgresql
{{- else if .Values.postgresqlExternal.enabled }}
- name: CMD_DB_HOST
value: {{ .Values.postgresqlExternal.externalDatabase }}
{{- end }}
- name: CMD_DB_PORT
value: "5432"
- name: CMD_DB_DIALECT
Expand Down
209 changes: 15 additions & 194 deletions charts/hedgedoc/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,217 +109,38 @@
},
"type": "object"
},
"backup": {
"properties": {
"cronjob": {
"properties": {
"containerSecurityContext": {
"properties": {
"allowPrivilegeEscalation": {
"type": "boolean"
},
"capabilities": {
"properties": {
"drop": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"runAsNonRoot": {
"type": "boolean"
},
"seccompProfile": {
"properties": {
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"podSecurityContext": {
"properties": {
"enabled": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"metrics": {
"tls": {
"properties": {
"containerSecurityContext": {
"properties": {
"allowPrivilegeEscalation": {
"type": "boolean"
},
"capabilities": {
"properties": {
"drop": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"runAsNonRoot": {
"type": "boolean"
},
"seccompProfile": {
"properties": {
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
"enabled": {
"type": "boolean"
}
},
"type": "object"
},
"primary": {
"compatibility": {
"properties": {
"containerSecurityContext": {
"properties": {
"allowPrivilegeEscalation": {
"type": "boolean"
},
"capabilities": {
"properties": {
"drop": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"runAsNonRoot": {
"type": "boolean"
},
"seccompProfile": {
"properties": {
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"persistence": {
"properties": {
"size": {
"type": "string"
}
},
"type": "object"
},
"podSecurityContext": {
"properties": {
"enabled": {
"type": "boolean"
}
},
"type": "object"
},
"service": {
"openshift": {
"properties": {
"type": {
"adaptSecurityContext": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"readReplicas": {
"properties": {
"containerSecurityContext": {
"properties": {
"allowPrivilegeEscalation": {
"type": "boolean"
},
"capabilities": {
"properties": {
"drop": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"runAsNonRoot": {
"type": "boolean"
},
"seccompProfile": {
"properties": {
"type": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"podSecurityContext": {
"properties": {
"enabled": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
},
"tls": {
"properties": {
"enabled": {
"type": "boolean"
}
}
},
"type": "object"
}
}
},
"type": "object"
},
"postgresqlExternal": {
"properties": {
"enabled": {
"type": "boolean"
}
}
},
"route": {
"properties": {
"insecureEdgeTerminationPolicy": {
Expand Down
Loading

0 comments on commit c3a7897

Please sign in to comment.