From f3cff6736486dbc061a0e3dd3624d8aa95e97fe3 Mon Sep 17 00:00:00 2001 From: Siddhant N Trivedi <68370997+siddhant-deepsource@users.noreply.github.com> Date: Tue, 29 Aug 2023 13:16:30 +0530 Subject: [PATCH] chore: add support for adding manually created secrets and sentry (#7) --- charts/runner/Chart.yaml | 4 +- charts/runner/README.md | 43 +++++++++++-------- charts/runner/templates/artifact-secret.yaml | 4 +- charts/runner/templates/deployment.yaml | 20 ++++++++- .../runner/templates/image-pull-secret.yaml | 6 ++- charts/runner/templates/secret.yaml | 2 + charts/runner/values.schema.json | 10 ++++- charts/runner/values.yaml | 26 ++++++++++- 8 files changed, 88 insertions(+), 27 deletions(-) diff --git a/charts/runner/Chart.yaml b/charts/runner/Chart.yaml index 7fe17ed..3ef48b3 100644 --- a/charts/runner/Chart.yaml +++ b/charts/runner/Chart.yaml @@ -18,10 +18,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.2 +version: 1.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v1.0.0-beta.2" +appVersion: "v1.0.0-beta.3" diff --git a/charts/runner/README.md b/charts/runner/README.md index 83ff2ca..04a2e51 100644 --- a/charts/runner/README.md +++ b/charts/runner/README.md @@ -2,24 +2,29 @@ ### Runner configuration Parameters -| Name | Description | Value | -| --------------------------------- | -------------------------------------------------------------- | ------- | -| `config.apps` | Configuration values for the VCS apps to be used by the runner | `[]` | -| `config.deepsource.host` | The host of the deepsource remote | `""` | -| `config.deepsource.publicKey` | The public key to use for the deepsource remote | `""` | -| `config.objectStorage.backend` | The backend to use for the object storage (e.g gcs) | `""` | -| `config.objectStorage.bucket` | The bucket to use for the object storage | `""` | -| `config.objectStorage.credential` | The credentials value to use for the object storage | `""` | -| `config.runner.id` | The id of the runner | `""` | -| `config.runner.host` | The host of the runner to use | `""` | -| `config.runner.clientId` | The client id to use for the runner | `""` | -| `config.runner.clientSecret` | The client secret to use for the runner | `""` | -| `config.runner.privateKey` | The private key to use for the runner | `""` | -| `config.runner.webhookSecret` | The webhook secret to use for the runner | `""` | -| `config.saml.enabled` | Whether to enable SAML2.0 authentication | `false` | -| `config.saml.certificate` | The certificate to use for the runner as service provider | `""` | -| `config.saml.key` | The private key to use for the runner as service provider | `""` | -| `config.saml.metadataUrl` | The metadata url to use for the identity provider | `""` | +| Name | Description | Value | +| ----------------------------------- | --------------------------------------------------------------------------- | ------- | +| `config.createSecret` | Whether to create a secret for the runner config | `true` | +| `config.secretName` | The name of the secret to use for the runner, if created externally | `""` | +| `config.apps` | Configuration values for the VCS apps to be used by the runner | `[]` | +| `config.deepsource.host` | The host of the deepsource remote | `""` | +| `config.deepsource.publicKey` | The public key to use for the deepsource remote | `""` | +| `config.objectStorage.createSecret` | Whether to create a secret for the object storage | `true` | +| `config.objectStorage.secretName` | The name of the secret to use for the object storage, if created externally | `""` | +| `config.objectStorage.provider` | The provider to use for the object storage (e.g gcs, s3) | `""` | +| `config.objectStorage.bucket` | The bucket to use for the object storage | `""` | +| `config.objectStorage.credential` | The credentials value to use for the object storage | `""` | +| `config.runner.id` | The id of the runner | `""` | +| `config.runner.host` | The host of the runner to use | `""` | +| `config.runner.clientId` | The client id to use for the runner | `""` | +| `config.runner.clientSecret` | The client secret to use for the runner | `""` | +| `config.runner.privateKey` | The private key to use for the runner | `""` | +| `config.runner.webhookSecret` | The webhook secret to use for the runner | `""` | +| `config.saml.enabled` | Whether to enable SAML2.0 authentication | `false` | +| `config.saml.certificate` | The certificate to use for the runner as service provider | `""` | +| `config.saml.key` | The private key to use for the runner as service provider | `""` | +| `config.saml.metadataUrl` | The metadata url to use for the identity provider | `""` | +| `config.sentry.dsn` | The DSN to use for the sentry integration | `""` | ### Common Parameters @@ -29,6 +34,8 @@ | `image.repository` | deepsource runner image repository | `proxy.deepsource.com/images/deepsource-production/runner` | | `image.pullPolicy` | deepsource runner image pull policy | `Always` | | `image.tag` | deepsource runner image tag | `""` | +| `imageRegistry.createSecret` | Whether to create a secret for the image registry | `true` | +| `imageRegistry.secretName` | The name of the secret to use for the image registry, if created externally | `""` | | `imageRegistry.registryUrl` | The registry url to use for the task images | `""` | | `imageRegistry.username` | The username to use for the image registry | `""` | | `imageRegistry.password` | The password to use for the image registry | `""` | diff --git a/charts/runner/templates/artifact-secret.yaml b/charts/runner/templates/artifact-secret.yaml index a8693b2..88e5f18 100644 --- a/charts/runner/templates/artifact-secret.yaml +++ b/charts/runner/templates/artifact-secret.yaml @@ -1,8 +1,10 @@ +{{ if .Values.config.objectStorage.createSecret }} apiVersion: v1 kind: Secret metadata: - name: "artifacts-credentials" + name: {{ include "runner.fullname" . }}-object-storage namespace: {{ .Release.Namespace }} type: Opaque data: credentials: {{ .Values.config.objectStorage.credential | b64enc | indent 2 }} +{{ end }} diff --git a/charts/runner/templates/deployment.yaml b/charts/runner/templates/deployment.yaml index a258366..cda8cac 100644 --- a/charts/runner/templates/deployment.yaml +++ b/charts/runner/templates/deployment.yaml @@ -21,7 +21,11 @@ spec: {{- include "runner.selectorLabels" . | nindent 8 }} spec: imagePullSecrets: + {{- if .Values.imageRegistry.createSecret }} - name: {{ include "runner.fullname" . }}-image-registry + {{- else }} + - name: {{ .Values.imageRegistry.secretName }} + {{- end }} serviceAccountName: {{ include "runner.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -39,13 +43,23 @@ spec: - name: RQLITE_PORT value: "4001" - name: TASK_IMAGE_PULL_SECRET_NAME + {{- if .Values.imageRegistry.createSecret }} value: {{ include "runner.fullname" . }}-image-registry + {{- else }} + value: {{ .Values.imageRegistry.secretName }} + {{- end }} - name: TASK_IMAGE_REGISTRY_URL value: {{ .Values.imageRegistry.registryUrl }} - name: TASK_NAMESPACE value: {{ .Release.Namespace }} - name: TASK_NODE_SELECTOR value: {{ .Values.nodeSelector | toYaml | toString | quote }} + - name: TASK_ARTIFACT_SECRET_NAME + {{- if .Values.config.objectStorage.createSecret }} + value: {{ include "runner.fullname" . }}-object-storage + {{- else }} + value: {{ .Values.config.objectStorage.secretName }} + {{- end }} ports: - name: http containerPort: 8080 @@ -71,7 +85,11 @@ spec: volumes: - name: secret secret: + {{- if .Values.config.createSecret}} secretName: {{ include "runner.fullname" . }} + {{- else }} + secretName: {{ .Values.config.secretName }} + {{- end }} items: - key: config - path: config.yaml \ No newline at end of file + path: config.yaml diff --git a/charts/runner/templates/image-pull-secret.yaml b/charts/runner/templates/image-pull-secret.yaml index 5a1452d..9818934 100644 --- a/charts/runner/templates/image-pull-secret.yaml +++ b/charts/runner/templates/image-pull-secret.yaml @@ -1,6 +1,7 @@ +{{ if .Values.imageRegistry.createSecret }} apiVersion: v1 kind: Secret -metadata: +metadata: name: {{ include "runner.fullname" . }}-image-registry namespace: {{ .Release.Namespace }} type: kubernetes.io/dockerconfigjson @@ -9,10 +10,11 @@ stringData: {{- $auth := printf "%s:%s" .Values.imageRegistry.username .Values.imageRegistry.password | b64enc }} { "auths": { - "{{ .Values.imageRegistry.registryUrl }}": { + "proxy.deepsource.com": { "username": "{{ .Values.imageRegistry.username }}", "password": "{{ .Values.imageRegistry.password }}", "auth": "{{ $auth }}" } } } +{{ end }} diff --git a/charts/runner/templates/secret.yaml b/charts/runner/templates/secret.yaml index d33da85..ccb37a8 100644 --- a/charts/runner/templates/secret.yaml +++ b/charts/runner/templates/secret.yaml @@ -1,3 +1,4 @@ +{{ if .Values.config.createSecret }} apiVersion: v1 kind: Secret metadata: @@ -7,3 +8,4 @@ type: Generic data: config: | {{ .Values.config | toYaml | toString | b64enc | indent 4 }} +{{ end }} diff --git a/charts/runner/values.schema.json b/charts/runner/values.schema.json index 68d6596..56b59d8 100644 --- a/charts/runner/values.schema.json +++ b/charts/runner/values.schema.json @@ -62,7 +62,7 @@ "objectStorage": { "type": "object", "properties": { - "backend": { + "provider": { "type": "string" }, "bucket": { @@ -72,6 +72,14 @@ "type": "string" } } + }, + "sentry": { + "type": "object", + "properties": { + "dsn": { + "type": "string" + } + } } } }, diff --git a/charts/runner/values.yaml b/charts/runner/values.yaml index dcb54fd..4028e16 100644 --- a/charts/runner/values.yaml +++ b/charts/runner/values.yaml @@ -4,6 +4,12 @@ ## The configuration values for deepsource runner, this will create a secret to be used by the runner ## config: + ## @param config.createSecret Whether to create a secret for the runner config + ## + createSecret: true + ## @param config.secretName The name of the secret to use for the runner, if created externally + ## + secretName: "" ## @param config.apps Configuration values for the VCS apps to be used by the runner ## apps: ## - id: app1 @@ -29,9 +35,15 @@ config: ## Configuration values for the object storage to use for the runner ## objectStorage: - ## @param config.objectStorage.backend The backend to use for the object storage (e.g gcs) + ## @param config.objectStorage.createSecret Whether to create a secret for the object storage + ## + createSecret: true + ## @param config.objectStorage.secretName The name of the secret to use for the object storage, if created externally ## - backend: "" + secretName: "" + ## @param config.objectStorage.provider The provider to use for the object storage (e.g gcs, s3) + ## + provider: "" ## @param config.objectStorage.bucket The bucket to use for the object storage ## bucket: "" @@ -73,6 +85,12 @@ config: key: "" ## @param config.saml.metadataUrl The metadata url to use for the identity provider metadataUrl: "" + ## Configuration values for the sentry integration + ## + sentry: + ## @param config.sentry.dsn The DSN to use for the sentry integration + ## + dsn: "" ## @section Common Parameters ## @@ -92,10 +110,14 @@ image: tag: "" ## Deepsource runner image registry configuration +## @param imageRegistry.createSecret Whether to create a secret for the image registry +## @param imageRegistry.secretName The name of the secret to use for the image registry, if created externally ## @param imageRegistry.registryUrl The registry url to use for the task images ## @param imageRegistry.username The username to use for the image registry ## @param imageRegistry.password The password to use for the image registry imageRegistry: + createSecret: true + secretName: "" registryUrl: "" username: "" password: ""