feat: cleanup, fix postgres connection

.gitignore

@@ -1 +1,2 @@
 .idea
+terminfinder-chart/Chart.lock

README.md

@@ -10,16 +10,12 @@ Complete Helm Chart repository for deploying the Terminfinder to any kubernetes
 
 [SECURITY.md](./docs/SECURITY.md)
 
-## Components
+It's recommended to use a dedicated PostgreSQL instance for production usage.
 
-* Frontend: `registry.opencode.de/ig-bvc/demo-apps/terminfinder-sh/terminfinder-sh-frontend:v2.2.0`
-* Backend: `registry.opencode.de/ig-bvc/demo-apps/terminfinder-sh/terminfinder-sh-backend:V1.0.9`
-* Postgres (part of Backend):
-  Using [this public Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql/) as fundament, but can
-  be disabled through `values.yaml` of the backend file.
+## Local development
 
-Please modify the `values.yaml` files or use the CLI method for deployment and configuration. It's recommended to use a
-dedicated PostgreSQL instance for production usage.
+1. install and run minikube or other local K8s services https://kubernetes.io/docs/tasks/tools/
+2. use scripts in installation below
 
 ## Installation
 
@@ -38,31 +34,48 @@ dedicated PostgreSQL instance for production usage.
 
 ### Installation steps
 
-1. Prepare the value files for the backend and frontend each.
-2. Install the helm charts with `helm install ...` CLI Command
+1. Prepare the value files.
+2. Install the helm charts with `helm install ...` CLI Command:
 
 ```bash
 # Create a namespace (or use default), where to work in:
-$ kubectl create ns terminfinder-demo
+$ kubectl create namespace terminfinder-demo
 
 # First installing the helm chart, to the name
-$ helm install terminfinder-backend ./charts/terminfinder-backend -n terminfinder-demo -f demo-backend.values.yaml
-
-# Second installing the helm chart of the frontend
-$ helm install terminfinder-frontend ./charts/terminfinder-frontend -n terminfinder-demo -f demo-frontend.values.yaml
+$ helm install terminfinder-demo terminfinder-chart -n terminfinder-demo
 
 # Verify installation of helm charts:
 $ helm list -n terminfinder-demo
 $ kubectl get deploy -n terminfinder-demo
+```
+
+### Upgrade release
+
+To upgrade the helm chart, use the `helm upgrade ...` command:
 
-# Go to your configured ingress host domain (e.g. terminfinder.open-code.local) and test it out!
-# The URL of the ingresses you can get here:
-$ kubectl get ingress -n terminfinder-demo
+```bash
+# Upgrade HelmChart
+$ helm upgrade terminfinder-demo terminfinder-chart -n terminfinder-demo
 ```
 
-Your can upgrade the helm chart as usually with `helm upgrade ...` command.
+### Delete Release
+
+To delete the helm chart (release), use the `helm uninstall...` command.
+
+Note that the persistent volume may be available even if the helm release is uninstalled.
+
+```bash
+# Delete release
+$ helm uninstall terminfinder-demo -n terminfinder-demo
+```
+
+```bash
+# Delete PVCs and namespace
+$ kubectl delete pvc --all -n terminfinder-demo
+$ kubectl delete namespace terminfinder-demo
+```
 
-### Using an own PostgreSQL DB instance
+## Using an own PostgreSQL DB instance
 
 The helm chart deployment of the `terminfinder-frontend` will be kept untouched.
 

terminfinder-chart/charts/backend/Chart.lock → terminfinder-chart/charts/terminfinder-backend/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 12.1.2
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 2.2.4
-digest: sha256:55f16e9b5bade9e719e7e6673b24d182e9316e8669820cdc68b4c37f518c3e5b
-generated: "2023-03-23T11:14:06.498295+01:00"
+  version: 2.20.3
+digest: sha256:8fccf7c770b0e1a7a1f64fcd77a3afede13a967fe7c182ebbfe2d21f9cfed0b7
+generated: "2024-07-01T16:33:04.750757+02:00"

terminfinder-chart/charts/backend/templates/deployment.yaml → terminfinder-chart/charts/terminfinder-backend/templates/deployment.yaml

@@ -1,4 +1,4 @@
-{{- $svc := .Values.global.postgresql.service.name | default (printf "%s-postgresql-hl" (include "terminfinder-backend.fullname" .)) }}
+{{- $svc := .Values.global.postgresql.service.name | default (printf "%s-postgresql" (include "common.names.namespace" .)) }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -41,7 +41,7 @@ spec:
             - name: DB_PORT
               value: {{ .Values.global.postgresql.service.ports.postgresql | quote }}
             - name: DB_ADDRESS
-              value: {{ printf "%s.%s.svc" $svc .Release.Namespace }}
+              value: {{ printf "%s" $svc }}
             - name: DB_USERNAME
               value: {{ .Values.global.postgresql.auth.username }}
             - name: ASPNETCORE_URLS
@@ -50,7 +50,7 @@ spec:
             - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" (include "common.names.fullname" .)) }}
+                  name: {{ .Values.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" (include "common.names.namespace" .)) }}
                   key: {{ .Values.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }}
             # Patches
             - name: Terminfinder__UseHttps
@@ -60,12 +60,19 @@ spec:
             - name: Terminfinder__Log4NetConfigFilename
               value: log4net.Console.debug.config
             - name: ConnectionStrings__TerminfinderConnection
-              value: "Server=$(DB_ADDRESS);Port=$(DB_PORT);Database=$(DB_DATABASE);User ID=$(DB_USERNAME);password=$(DB_PASSWORD);"
+              value: "Server=$(DB_ADDRESS),$(DB_PORT);Database=$(DB_DATABASE);User ID=$(DB_USERNAME);password=$(DB_PASSWORD);"
           ports:
             - name: http
               containerPort: 8080
               protocol: TCP
+          startupProbe:
+            failureThreshold: 3
+            periodSeconds: 10
+            httpGet:
+              path: /app
+              port: http
           livenessProbe:
+            initialDelaySeconds: 10
             httpGet:
               path: /app
               port: http

terminfinder-chart/charts/backend/values.yaml → terminfinder-chart/charts/terminfinder-backend/values.yaml

@@ -9,8 +9,7 @@ global:
       database: terminfinder
       existingSecret: "" # if not set, default: "{{ Release.Name }}-postgres"
       secretKeys:
-        userPasswordKey: "terminfinder"
-
+        userPasswordKey: "password"
     service:
       name: "" # if not set, default: "{{ Release.Name }}-postgres"
       ports:
@@ -100,22 +99,13 @@ affinity: { }
 postgresql:
   enabled: true
 
-  #architecture: standalone
-
   serviceAccount:
     create: true
 
-  image:
-    registry: docker.io # Notice, may this is not allowed
-    repository: mxzinke/postgresql-rootless # This is an special image, which is based on bitnami/postgresql
-    tag: 15
-    pullPolicy: IfNotPresent
-    pullSecrets: [ ]
-
   ## Set permissions for the data volume
   ## Only needed when volume has not correct permissions
   volumePermissions:
-    enabled: false
+    enabled: true
 
     image:
       registry: docker.io # Notice, may this is not allowed
@@ -124,58 +114,6 @@ postgresql:
       # pullPolicy: Always
       # pullSecrets: []
 
-    resources:
-      requests:
-        memory: 64Mi
-        cpu: 250m
-      limits:
-        memory: 64Mi
-        cpu: 250m
-
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1001
-      runAsGroup: 1001
-      allowPrivilegeEscalation: false
-      runAsNonRoot: true
-      capabilities:
-        drop:
-          - ALL
-
-  primary:
-    ## Enable security context with non-root user
-    podSecurityContext:
-      enabled: true
-      runAsUser: 1001
-      runAsGroup: 1001
-      fsGroup: 1001
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1001
-      runAsGroup: 1001
-      allowPrivilegeEscalation: false
-      runAsNonRoot: true
-      capabilities:
-        drop:
-          - ALL
-
-    ## Enable persistence using Persistent Volume Claims
-    ## For BSI compliance, we need to use non-root user
-    persistence:
-      enabled: true
-      accessModes:
-        - ReadWriteOnce
-      size: 8Gi
-
-    # Resources (minimal)
-    resources:
-      requests:
-        memory: 256Mi
-        cpu: 250m
-      limits:
-        memory: 256Mi
-        cpu: 250m
-
     initdb:
       # Enabling the UUID-OSSP
       scripts:

terminfinder-chart/charts/frontend/templates/deployment.yaml → terminfinder-chart/charts/terminfinder-frontend/templates/deployment.yaml

@@ -36,25 +36,13 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
             - name: ADDRESSING
-              valueFrom:
-                configMapKeyRef:
-                  name: {{ .Release.Name }}-customer-config
-                  key: Anrede
+              value: {{ .Values.customerConfig.ADDRESSING }}
             - name: LOCALE
-              valueFrom:
-                configMapKeyRef:
-                  name: {{ .Release.Name }}-customer-config
-                  key: Sprache
+              value: {{ .Values.customerConfig.LOCALE }}
             - name: TITLE
-              valueFrom:
-                configMapKeyRef:
-                  name: {{ .Release.Name }}-customer-config
-                  key: Titel
+              value: {{ .Values.customerConfig.TITLE }}
             - name: EMAIL
-              valueFrom:
-                configMapKeyRef:
-                  name: {{ .Release.Name }}-customer-config
-                  key: email
+              value: {{ .Values.customerConfig.EMAIL }}
             - name: API_URL
               value: {{ .Values.app.backend_url }}
           ports: