From f23060bbb5297182c43ec67ff82b1966dd050e40 Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Thu, 14 Nov 2024 10:35:54 +0100 Subject: [PATCH 1/6] Bump chart version --- charts/opserver/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/opserver/Chart.yaml b/charts/opserver/Chart.yaml index 3b87b3dc..58a455ff 100644 --- a/charts/opserver/Chart.yaml +++ b/charts/opserver/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.14 +version: 1.0.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 1151417ed7250e2e27ab8fe85cf995a4ce4294d9 Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Thu, 14 Nov 2024 11:08:49 +0100 Subject: [PATCH 2/6] Add launch file --- .vscode/launch.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 00000000..9a27d674 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,15 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "Invoke-CNAB", + "type": "PowerShell", + "request": "launch", + "script": "${workspaceFolder}/cnab/Invoke-CNAB.ps1", + "args": [] + } + ] +} \ No newline at end of file From 9282143b4c914770a19dd4320e60b9b801ac41fe Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Thu, 14 Nov 2024 11:10:21 +0100 Subject: [PATCH 3/6] Setup different secrets for Exceptional and Status --- charts/opserver/templates/deployment.yaml | 62 ++++++++++++------- .../opserver/templates/fake-secretstore.yaml | 12 +++- .../opserver/templates/opserver-secret.yaml | 2 + .../templates/sql-external-secret.yaml | 17 ++++- charts/opserver/values.yaml | 7 ++- cnab/app/build-app-image.ps1 | 2 +- cnab/app/variables.DockerDesktop.json | 1 - cnab/app/variables.GCP.json | 2 +- 8 files changed, 72 insertions(+), 33 deletions(-) diff --git a/charts/opserver/templates/deployment.yaml b/charts/opserver/templates/deployment.yaml index c73abbf2..465547c3 100644 --- a/charts/opserver/templates/deployment.yaml +++ b/charts/opserver/templates/deployment.yaml @@ -97,23 +97,6 @@ spec: - name: TMPDIR #tell OS to use our read-write volume mount as its temp directory value: "/mnt/tmp" - - - name: SQL_EXCEPTIONAL_SERVERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.sqlExternalSecret.targetName }} - key: exceptionalServername - - name: SQL_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.sqlExternalSecret.targetName }} - key: exceptionalUsername - - name: SQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.sqlExternalSecret.targetName }} - key: exceptionalPassword - - name: Security__Provider value: {{ .Values.opserverSettings.security.provider }} @@ -155,22 +138,57 @@ spec: {{- end }} {{- if hasKey .Values.opserverSettings "sql" }} + - name: SQL_STATUS_SERVERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.sqlExternalSecret.targetName }} + key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusSqlServerName }} + + - name: SQL_STATUS_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.sqlExternalSecret.targetName }} + key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusUsername }} + - name: SQL_STATUS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.sqlExternalSecret.targetName }} + key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusPassword }} + - name: Modules__Sql__defaultConnectionString - value: "Server=$(SQL_EXCEPTIONAL_SERVERNAME);Database=master;User ID=$(SQL_USERNAME);Password=$(SQL_PASSWORD);TrustServerCertificate=True" + value: "Server=$(SQL_STATUS_SERVERNAME);Database=master;User ID=$(SQL_STATUS_USERNAME);Password=$(SQL_STATUS_PASSWORD);TrustServerCertificate=True" + {{- range $i, $instance := .Values.opserverSettings.sql }} - name: Modules__Sql__instances__{{ $i }}__name value: "{{ $instance.name }}" {{- end }} - - - name: EXCEPTIONAL__STORE__CONNECTIONSTRING - value: Server=$(SQL_EXCEPTIONAL_SERVERNAME),1433;Database={{ .Values.db.exceptionalDbName }};Persist Security Info=False;User ID=$(SQL_USERNAME);Password=$(SQL_PASSWORD);MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;MultiSubnetFailover=True {{- end }} {{- if hasKey .Values.opserverSettings "exceptions" }} + - name: SQL_EXCEPTIONAL_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.sqlExternalSecret.targetName }} + key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalUsername }} + - name: SQL_EXCEPTIONAL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.sqlExternalSecret.targetName }} + key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalPassword }} + {{- range $i, $instance := .Values.opserverSettings.exceptions }} - name: Modules__Exceptions__stores__{{ $i }}__connectionString - value: "Server={{ $instance.serverName}};Database={{ $instance.database}};User ID=$(SQL_USERNAME);Password=$(SQL_PASSWORD);TrustServerCertificate=True" + value: "Server={{ $instance.serverName}};Database={{ $instance.database}};User ID=$(SQL_EXCEPTIONAL_USERNAME);Password=$(SQL_EXCEPTIONAL_PASSWORD);TrustServerCertificate=True" {{- end }} + + - name: SQL_EXCEPTIONAL_SERVERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.sqlExternalSecret.targetName }} + key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalServerName }} + + - name: EXCEPTIONAL__STORE__CONNECTIONSTRING + value: Server=$(SQL_EXCEPTIONAL_SERVERNAME),1433;Database={{ .Values.db.exceptionalDbName }};Persist Security Info=False;User ID=$(SQL_EXCEPTIONAL_USERNAME);Password=$(SQL_EXCEPTIONAL_PASSWORD);MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;MultiSubnetFailover=True {{- end }} topologySpreadConstraints: diff --git a/charts/opserver/templates/fake-secretstore.yaml b/charts/opserver/templates/fake-secretstore.yaml index 63de5192..72ecac32 100644 --- a/charts/opserver/templates/fake-secretstore.yaml +++ b/charts/opserver/templates/fake-secretstore.yaml @@ -10,10 +10,16 @@ spec: provider: fake: data: - - key: "ExceptionsSqlServerName" + - key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusSqlServerName }} value: "host.docker.internal" - - key: "db-opserver-User" + - key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusUsername }} value: "opserver" - - key: "db-opserver-Password" + - key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusPassword }} + value: "opserver" + - key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalServerName }} + value: "host.docker.internal" + - key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalUsername }} + value: "opserver" + - key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalPassword }} value: "opserver" {{ end }} diff --git a/charts/opserver/templates/opserver-secret.yaml b/charts/opserver/templates/opserver-secret.yaml index 6df7eef7..b242ee6f 100644 --- a/charts/opserver/templates/opserver-secret.yaml +++ b/charts/opserver/templates/opserver-secret.yaml @@ -1,3 +1,4 @@ +{{- if eq .Values.opserverSettings.security.provider "OIDC" }} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: @@ -16,3 +17,4 @@ spec: - secretKey: oktaClientSecret remoteRef: key: {{ .Values.opserverExternalSecret.remoteRefs.oktaClientSecret }} +{{- end }} \ No newline at end of file diff --git a/charts/opserver/templates/sql-external-secret.yaml b/charts/opserver/templates/sql-external-secret.yaml index e083b82c..b9141605 100644 --- a/charts/opserver/templates/sql-external-secret.yaml +++ b/charts/opserver/templates/sql-external-secret.yaml @@ -10,12 +10,23 @@ spec: target: name: {{ .Values.sqlExternalSecret.targetName }} data: - - secretKey: exceptionalServername + # These secrets are used by the Sql module of OpServer + - secretKey: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusSqlServerName }} + remoteRef: + key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusSqlServerName }} + - secretKey: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusUsername }} + remoteRef: + key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusUsername }} + - secretKey: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusPassword }} + remoteRef: + key: {{ .Values.sqlExternalSecret.remoteRefs.sqlStatusPassword }} + # These secrets are used for the Exceptional module of OpServer + - secretKey: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalServerName }} remoteRef: key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalServerName }} - - secretKey: exceptionalUsername + - secretKey: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalUsername }} remoteRef: key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalUsername }} - - secretKey: exceptionalPassword + - secretKey: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalPassword }} remoteRef: key: {{ .Values.sqlExternalSecret.remoteRefs.exceptionalPassword }} diff --git a/charts/opserver/values.yaml b/charts/opserver/values.yaml index 43125849..c09ef14b 100644 --- a/charts/opserver/values.yaml +++ b/charts/opserver/values.yaml @@ -68,8 +68,11 @@ sqlExternalSecret: storeRefName: fakeopserversecretstore targetName: sql-secret remoteRefs: + sqlStatusSqlServerName: SqlStatusSqlServerName + sqlStatusUsername: db-opserver-sql-status-User + sqlStatusPassword: db-opserver-sql-status-Password exceptionalServerName: ExceptionsSqlServerName - exceptionalUsername: db-opserver-User - exceptionalPassword: db-opserver-Password + exceptionalUsername: db-exceptions-User + exceptionalPassword: db-exceptions-Password nodeScheduling: {} diff --git a/cnab/app/build-app-image.ps1 b/cnab/app/build-app-image.ps1 index fea45573..559cf372 100644 --- a/cnab/app/build-app-image.ps1 +++ b/cnab/app/build-app-image.ps1 @@ -1,5 +1,5 @@ function Build-Local-App-Image() { - docker build -t local.software/stackeng/opserver/opserver -t cr.stackoverflow.software/stackeng/opserver/opserver:local . + # docker build -t local.software/stackeng/opserver/opserver -t cr.stackoverflow.software/stackeng/opserver/opserver:local . } \ No newline at end of file diff --git a/cnab/app/variables.DockerDesktop.json b/cnab/app/variables.DockerDesktop.json index 5e5084c0..8bc65e32 100644 --- a/cnab/app/variables.DockerDesktop.json +++ b/cnab/app/variables.DockerDesktop.json @@ -40,7 +40,6 @@ "viewGroups": "", "provider": "EveryonesAnAdmin" } - } } } \ No newline at end of file diff --git a/cnab/app/variables.GCP.json b/cnab/app/variables.GCP.json index 01a1487a..26d3a740 100644 --- a/cnab/app/variables.GCP.json +++ b/cnab/app/variables.GCP.json @@ -3,7 +3,7 @@ "environment": "dev", "product": "pubplat", "project": "opserver", - "releaseTag": "2024.11.4.107" + "releaseTag": "pr-18" }, "runtime": { "cd": false, From 0d532bb6322a5352821069c28c5f6f72adb38aaa Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Thu, 14 Nov 2024 11:45:41 +0100 Subject: [PATCH 4/6] Fix casing to align with GCP --- charts/opserver/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/opserver/values.yaml b/charts/opserver/values.yaml index c09ef14b..6f54816e 100644 --- a/charts/opserver/values.yaml +++ b/charts/opserver/values.yaml @@ -69,10 +69,10 @@ sqlExternalSecret: targetName: sql-secret remoteRefs: sqlStatusSqlServerName: SqlStatusSqlServerName - sqlStatusUsername: db-opserver-sql-status-User - sqlStatusPassword: db-opserver-sql-status-Password + sqlStatusUsername: db-Opserver-Sql-Status-User + sqlStatusPassword: db-Opserver-Sql-Status-Password exceptionalServerName: ExceptionsSqlServerName - exceptionalUsername: db-exceptions-User - exceptionalPassword: db-exceptions-Password + exceptionalUsername: db-Exceptions-User + exceptionalPassword: db-Exceptions-Password nodeScheduling: {} From e7a80ead54be534e8ae1345c7e23562558b7498d Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Thu, 14 Nov 2024 11:47:46 +0100 Subject: [PATCH 5/6] Restore --- cnab/app/variables.DockerDesktop.json | 1 + 1 file changed, 1 insertion(+) diff --git a/cnab/app/variables.DockerDesktop.json b/cnab/app/variables.DockerDesktop.json index 8bc65e32..5e5084c0 100644 --- a/cnab/app/variables.DockerDesktop.json +++ b/cnab/app/variables.DockerDesktop.json @@ -40,6 +40,7 @@ "viewGroups": "", "provider": "EveryonesAnAdmin" } + } } } \ No newline at end of file From ef051507dd8c647c2a3fa0ec8239be7453acbcb8 Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Thu, 14 Nov 2024 17:06:56 +0100 Subject: [PATCH 6/6] Revert --- cnab/app/build-app-image.ps1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cnab/app/build-app-image.ps1 b/cnab/app/build-app-image.ps1 index 559cf372..f5073625 100644 --- a/cnab/app/build-app-image.ps1 +++ b/cnab/app/build-app-image.ps1 @@ -1,5 +1,3 @@ function Build-Local-App-Image() { - - - # docker build -t local.software/stackeng/opserver/opserver -t cr.stackoverflow.software/stackeng/opserver/opserver:local . + docker build -t local.software/stackeng/opserver/opserver -t cr.stackoverflow.software/stackeng/opserver/opserver:local . } \ No newline at end of file