charts/turbinia Lock tag by release version, Make ingress more genera…

…lized, remove values-production.yaml, README updates, allow multiple instances of Turbinia (#167) * Remove values-production.yaml, update servicemonitor, documentation fixes * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Fix checksum configs, service account lookups * update readme * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Update README * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Try again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Try again * And again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * And again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * And again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Final fix hopefully for README lint errors by updating the headers the double indentation caused readme-generator to remove content after the table * Final fix hopefully for README lint errors by updating the headers the double indentation caused readme-generator to remove content after the table * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Update README * Partially add back section to see if it will get deleted * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Try again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Try again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Try again * Try again * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Try again * Fix README * update README * Update term grace period * Update ingress to be more generic, remove monitoring to instead just have in doc, remove deprecated controller, remove config.override * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Update monitoring documentation * Lock by Turbinia release version * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Disable ingress * Update README.md with readme-generator-for-helm Signed-off-by: wajihyassine <[email protected]> * Update README with upgrade instructions, image update and general cleanup of docs * Markdown lint fix * Update README review comments --------- Signed-off-by: wajihyassine <[email protected]> Co-authored-by: wajihyassine <[email protected]>
google · Sep 27, 2024 · 4965d07 · 4965d07
1 parent 11f18a3
commit 4965d07
Show file tree

Hide file tree

Showing 16 changed files with 236 additions and 997 deletions.
diff --git a/charts/turbinia/Chart.lock b/charts/turbinia/Chart.lock
@@ -8,8 +8,5 @@ dependencies:
 - name: dfdewey
   repository: https://google.github.io/osdfir-infrastructure/
   version: 1.0.0
-- name: kube-prometheus-stack
-  repository: https://prometheus-community.github.io/helm-charts
-  version: 60.3.0
-digest: sha256:4541a72c66cf8ea1bf728dabc3cdabecb0013e04ac4568babc0f82fb59470c58
-generated: "2024-07-15T13:19:48.514639-07:00"
+digest: sha256:6c0c5f81d133cf28a6504d01571d17b1fed42b7908bfa3ef0b4d1a913b62fc03
+generated: "2024-09-23T10:08:20.718691-07:00"
diff --git a/charts/turbinia/Chart.yaml b/charts/turbinia/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: turbinia
-version: 1.1.2
+version: 1.1.3
 description: A Helm chart for Turbinia Kubernetes deployments.
 keywords:
 - turbinia
@@ -23,19 +23,14 @@ dependencies:
   name: dfdewey
   repository: https://google.github.io/osdfir-infrastructure/
   version: 1.0.0
-- condition: monitoring.deployKubePrometheus
-  name: kube-prometheus-stack
-  alias: monitoring
-  repository: https://prometheus-community.github.io/helm-charts
-  version: 60.3.0
 maintainers:
   - name: Open Source DFIR
     email: [email protected]
     url: https://github.com/google/osdfir-infrastructure
 sources:
 - https://github.com/google/osdfir-infrastructure
 icon: https://raw.githubusercontent.com/google/turbinia/master/web/src/assets/turbinia-logo-mark.png
-appVersion: "latest"
+appVersion: "20240820"
 annotations:
   category: Security
   licenses: Apache-2.0
diff --git a/charts/turbinia/README.md b/charts/turbinia/README.md
diff --git a/charts/turbinia/templates/_helpers.tpl b/charts/turbinia/templates/_helpers.tpl
@@ -60,11 +60,10 @@ Return the proper persistence volume claim name
 */}}
 {{- define "turbinia.pvc.name" -}}
 {{- $pvcName := .Values.persistence.name -}}
-{{- if .Values.global -}}
-    {{- if .Values.global.existingPVC -}}
-        {{- $pvcName = .Values.global.existingPVC -}}
-    {{- end -}}
-{{- printf "%s-%s" $pvcName "claim" }}
+{{- if and .Values.global .Values.global.existingPVC -}}
+{{- .Values.global.existingPVC -}}
+{{- else -}}
+{{- printf "%s-%s-claim" .Release.Name $pvcName }}
 {{- end -}}
 {{- end -}}
 

diff --git a/charts/turbinia/templates/api-deployment.yaml b/charts/turbinia/templates/api-deployment.yaml
@@ -15,8 +15,8 @@ spec:
   template:
     metadata:
       annotations:
-        # Have Deployment restart after each upgrade
-        roll: {{ randAlphaNum 5 | quote }}
+        # Restart pod if values.yaml parameters that affect the config were changed
+        checksum/config: {{  include (print $.Template.BasePath "/init-configmap.yaml") . | sha256sum }}
         {{- if .Values.metrics.enabled }}
         prometheus.io/port: {{ .Values.metrics.port | quote }}
         prometheus.io/scrape: "true"

diff --git a/charts/turbinia/templates/certs/tls-secrets.yaml b/charts/turbinia/templates/certs/tls-secrets.yaml
@@ -1,5 +1,4 @@
 {{- if and .Values.ingress.enabled (or .Values.ingress.selfSigned .Values.ingress.certManager) }}
-{{- $secretName := printf "%s-tls" (include "turbinia.fullname" .) }}
 {{- $ca := genCA "turbinia-ca" 365 }}
 {{- $cert := genSignedCert "turbinia-apps" nil (list .Values.ingress.host) 365 $ca }}
 apiVersion: v1

diff --git a/charts/turbinia/templates/configmap.yaml b/charts/turbinia/templates/configmap.yaml
diff --git a/charts/turbinia/templates/controller-deployment.yaml b/charts/turbinia/templates/controller-deployment.yaml
diff --git a/charts/turbinia/templates/crds/servicemonitor.yaml b/charts/turbinia/templates/crds/servicemonitor.yaml
@@ -2,7 +2,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: turbinia-metrics-servicemonitor
+  name: {{ printf "%s-%s" .Release.Name "turbinia-metrics-servicemonitor" }}
 spec:
   selector:
     matchLabels:

diff --git a/charts/turbinia/templates/gcp/managedcertificate.yaml b/charts/turbinia/templates/gcp/managedcertificate.yaml
@@ -1,4 +1,4 @@
-{{- if and (.Values.ingress.enabled) (eq .Values.ingress.className "gce") }}
+{{- if and (.Values.ingress.enabled) (.Values.ingress.gcp.managedCertificates) }}
 apiVersion: networking.gke.io/v1
 kind: ManagedCertificate
 metadata:

diff --git a/charts/turbinia/templates/ingress.yaml b/charts/turbinia/templates/ingress.yaml
@@ -19,8 +19,6 @@ metadata:
     {{- if .Values.ingress.gcp.staticIPName }}
     kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingress.gcp.staticIPName }}
     networking.gke.io/v1beta1.FrontendConfig: {{ include "turbinia.fullname" . }}-frontend-config
-    {{- else }}
-    {{- fail "A valied .Values.ingress.gcp.staticIPName entry is required when using the GCE Ingress" }}
     {{- end }}
     {{- end }}
 spec:
@@ -31,7 +29,7 @@ spec:
       secretName: {{ include "turbinia.fullname" . }}-tls
   {{- end }}
   rules:
-    - host: {{ required "A valid .Values.ingress.host entry is required!" .Values.ingress.host }}
+    - host: {{ .Values.ingress.host }}
       http:
         paths:
           - path: /
@@ -72,14 +70,14 @@ metadata:
     kubernetes.io/ingressClassName: {{ .Values.ingress.className }}
     {{- if .Values.ingress.gcp.managedCertificates }}
     networking.gke.io/managed-certificates: {{ include "turbinia.fullname" . }}-managed-ssl
+    networking.gke.io/v1beta1.FrontendConfig: {{ include "turbinia.fullname" . }}-frontend-config
     {{- end }}
     {{- if .Values.ingress.certManager }}
     kubernetes.io/tls-acme: "true"
     cert-manager.io/issuer: {{ include "turbinia.fullname" . }}-letsencrypt-production
     {{- end }}
-    {{- if (eq .Values.ingress.className "gce") }}
+    {{- if .Values.ingress.gcp.staticIPV6Name }}
     kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingress.gcp.staticIPV6Name }}
-    networking.gke.io/v1beta1.FrontendConfig: {{ include "turbinia.fullname" . }}-frontend-config
     {{- end }}
 spec:
   {{- if or .Values.ingress.selfSigned .Values.ingress.certManager }}
@@ -89,7 +87,7 @@ spec:
       secretName: {{ include "turbinia.fullname" . }}-tls
   {{- end }}
   rules:
-    - host: {{ required "A valid .Values.ingress.host entry is required!" .Values.ingress.host }}
+    - host: {{ .Values.ingress.host }}
       http:
         paths:
           - path: /

diff --git a/charts/turbinia/templates/server-deployment.yaml b/charts/turbinia/templates/server-deployment.yaml
@@ -15,8 +15,8 @@ spec:
   template:
     metadata:
       annotations:
-        # Have Deployment restart after each upgrade
-        roll: {{ randAlphaNum 5 | quote }}
+        # Restart pod if values.yaml parameters that affect the config were changed the config
+        checksum/config: {{  include (print $.Template.BasePath "/init-configmap.yaml") . | sha256sum }}
         {{- if .Values.metrics.enabled }}
         prometheus.io/port: {{ .Values.metrics.port | quote }}
         prometheus.io/scrape: "true"

diff --git a/charts/turbinia/templates/serviceaccount.yaml b/charts/turbinia/templates/serviceaccount.yaml
@@ -1,4 +1,5 @@
 {{- if .Values.serviceAccount.create -}}
+{{- if not (lookup "v1" "ServiceAccount" .Release.Namespace .Values.serviceAccount.name) -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -11,3 +12,4 @@ metadata:
     iam.gke.io/gcp-service-account: {{ .Values.serviceAccount.gcpName }}@{{ .Values.gcp.projectID }}.iam.gserviceaccount.com
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/turbinia/templates/worker-deployment.yaml b/charts/turbinia/templates/worker-deployment.yaml
@@ -17,8 +17,8 @@ spec:
   template:
     metadata:
       annotations:
-        # Have Deployment restart after each upgrade
-        roll: {{ randAlphaNum 5 | quote }}
+        # Restart pod if values.yaml parameters that affect the config were changed
+        checksum/config: {{  include (print $.Template.BasePath "/init-configmap.yaml") . | sha256sum }}
         {{- if .Values.metrics.enabled }}
         prometheus.io/port: {{ .Values.metrics.port | quote }}
         prometheus.io/scrape: "true"
@@ -33,8 +33,8 @@ spec:
       initContainers:
       {{- include "turbinia.initContainer" . | nindent 8 }} 
       # The grace period needs to be set to the largest task timeout as
-      # set in the turbinia configuration file.
-      terminationGracePeriodSeconds: 86400
+      # set in the turbinia configuration file plus five seconds.
+      terminationGracePeriodSeconds: 86405
       containers:
         - name: worker
           securityContext: