chore: work towards a more production ready chart

trustification · Nov 19, 2024 · ab52d5a · ab52d5a
1 parent d5d0e1b
commit ab52d5a
Show file tree

Hide file tree

Showing 8 changed files with 142 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -18,6 +18,12 @@ Create a new namespace:
 kubectl create ns trustify
 ```
 
+Use it as default:
+
+```bash
+kubectl config set-context --current --namespace=trustify
+```
+
 Install the infrastructure services:
 
 ```bash

diff --git a/charts/trustify/templates/helpers/_common.tpl b/charts/trustify/templates/helpers/_common.tpl
@@ -32,5 +32,5 @@ Byte-size as a string value.
 Arguments: int or string
 */}}
 {{- define "trustification.common.byteSizeValue" }}
-{{ . | quote }}
+{{- . | quote }}
 {{- end }}
diff --git a/charts/trustify/templates/helpers/_storage.tpl b/charts/trustify/templates/helpers/_storage.tpl
@@ -6,46 +6,98 @@ Arguments (dict):
   * module - module object
 */}}
 {{ define "trustification.storage.envVars" -}}
-{{- if .module.storage}}
+{{- if .module.storage }}
 {{- include "_trustification.storage.envVars" ( set (deepCopy .) "storage" .module.storage ) }}
 {{- else }}
 {{- include "_trustification.storage.envVars" ( set (deepCopy .) "storage" .root.Values.storage ) }}
 {{- end }}
 {{- end }}
 
+{{/* Internal: env-vars for the evaluated storage */}}
 {{ define "_trustification.storage.envVars"}}
-{{- if .storage.filessytem }}
+
+{{- include "_trustification.storage.common.envVars" ( set (deepCopy .) "storage" .storage ) }}
+
+{{- if .storage.filesystem }}
 {{- include "_trustification.storage.filesystem.envVars" ( set (deepCopy .) "storage" .storage.filesystem ) }}
 {{- else if .storage.s3 }}
 {{- include "_trustification.storage.s3.envVars" ( set (deepCopy .) "storage" .storage.s3 ) }}
+{{- else }}
+{{- fail "Storage must either be set to .filesystem or .s3" }}
 {{- end }}
 {{- end }}
 
+{{/* common storage configuration */}}
+{{- define "_trustification.storage.common.envVars" -}}
+{{- with .storage.compression }}
+- name: TRUSTD_STORAGE_COMPRESSION
+  value: {{ . | quote }}
+{{- end }}
+{{- end }}
 
 {{/* filesystem storage configuration */}}
-{{- define "_trustification.storage.s3.envVars" -}}
+{{- define "_trustification.storage.filesystem.envVars" -}}
+- name: TRUSTD_STORAGE_STRATEGY
+  value: fs
+
+- name: TRUSTD_STORAGE_FS_PATH
+  value: /data/storage
 {{- end }}
 
 {{/* S3 storage configuration */}}
 {{- define "_trustification.storage.s3.envVars" -}}
 
-- name: STORAGE_ACCESS_KEY
-  {{- include "trustification.common.envVarValue" .storage.accessKey | nindent 2 }}
+- name: TRUSTD_STORAGE_STRATEGY
+  value: s3
 
-- name: STORAGE_SECRET_KEY
+- name: TRUSTD_S3_ACCESS_KEY
+  {{- include "trustification.common.envVarValue" .storage.accessKey | nindent 2 }}
+- name: TRUSTD_S3_SECRET_KEY
   {{- include "trustification.common.envVarValue" .storage.secretKey | nindent 2 }}
 
 {{ if .storage.endpoint }}
-- name: STORAGE_ENDPOINT
+- name: TRUSTD_S3_ENDPOINT
   value: {{ .storage.endpoint | quote }}
-- name: STORAGE_REGION
+- name: TRUSTD_S3_REGION
   value: "eu-west-1" # just a dummy value
 {{ else }}
-- name: STORAGE_REGION
+- name: TRUSTD_S3_REGION
   value: "{{ .storage.region }}"
 {{ end }}
 
-- name: STORAGE_BUCKET
+- name: TRUSTD_S3_BUCKET
   value: {{ .storage.bucket | quote }}
 
 {{- end }}
+
+{{/*
+Volume mounts for the filesystem storage.
+
+Arguments (dict):
+  * root - .
+  * module - module object
+*/}}
+{{- define "trustification.storage.volumeMount" }}
+{{ $storage := .module.storage | default .root.Values.storage }}
+{{- if $storage.filesystem }}
+- name: storage
+  mountPath: /data/storage
+{{- end }}
+{{- end }}
+
+{{/*
+Volume for the filesystem storage.
+
+Arguments (dict):
+  * root - .
+  * name - name of the service
+  * module - module object
+*/}}
+{{- define "trustification.storage.volume" }}
+{{ $storage := .module.storage | default .root.Values.storage }}
+{{- if $storage.filesystem }}
+- name: storage
+  persistentVolumeClaim:
+    claimName: {{ include "trustification.common.name" ( set (deepCopy .) "name" "storage" ) }}
+{{- end }}
+{{- end }}
diff --git a/charts/trustify/templates/services/server/010-PersistentVolumeClaim-storage.yaml b/charts/trustify/templates/services/server/010-PersistentVolumeClaim-storage.yaml
@@ -0,0 +1,25 @@
+{{- if and .Values.modules.server.enabled }}
+{{- $res := dict "root" . "name" "storage" -}}
+
+{{- if .Values.storage }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "trustification.common.name" $res }}
+  labels:
+    {{- include "trustification.common.labels" $res | nindent 4 }}
+
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ include "trustification.common.byteSizeValue" .Values.storage.filesystem.size }}
+
+{{- with .Values.storage.filesystem.storageClassName }}
+  storageClassName: {{ . | quote }}
+{{- end }}
+
+{{- end }}
+
+{{- end }}
diff --git a/charts/trustify/templates/services/server/030-Deployment.yaml b/charts/trustify/templates/services/server/030-Deployment.yaml
@@ -36,6 +36,8 @@ spec:
             - api
             - --auth-configuration
             - "/etc/config/auth.yaml"
+            - --working-dir
+            - "/data/workdir"
 
           env:
 
@@ -56,9 +58,17 @@ spec:
             - name: UI_CLIENT_ID
               value: {{ include "trustification.oidc.frontendClientId" . }}
 
-            {{/* FIXME: adapt env-var */}}
+            {{- with $mod.module.analyticsWriteKey }}
+            - name: UI_ANALYTICS_WRITE_KEY
+              value: {{ . | quote }}
+            {{- end }}
+
             {{- with $mod.module.uploadLimit }}
-            - name: PUBLISH_LIMIT
+            - name: TRUSTD_SBOM_UPLOAD_LIMIT
+              value: {{ include "trustification.common.byteSizeValue" . }}
+            - name: TRUSTD_ADVISORY_UPLOAD_LIMIT
+              value: {{ include "trustification.common.byteSizeValue" . }}
+            - name: TRUSTD_DATASET_ENTRY_LIMIT
               value: {{ include "trustification.common.byteSizeValue" . }}
             {{- end }}
 
@@ -75,13 +85,19 @@ spec:
               protocol: TCP
 
           volumeMounts:
+            - name: workdir
+              mountPath: /data/workdir
             {{- include "trustification.application.httpServerVolumesMounts" $mod | nindent 12 }}
             {{- include "trustification.authenticator.volumeMount" $mod | nindent 12 }}
+            {{- include "trustification.storage.volumeMount" $mod | nindent 12 }}
             {{- include "trustification.application.extraVolumeMounts" $mod | nindent 12 }}
 
       volumes:
+        - name: workdir
+          emptyDir: {}
         {{- include "trustification.application.httpServerVolumes" $mod | nindent 8 }}
         {{- include "trustification.authenticator.volume" $mod | nindent 8 }}
+        {{- include "trustification.storage.volume" $mod | nindent 8 }}
         {{- include "trustification.application.extraVolumes" $mod | nindent 8 }}
 
 {{ end }}
diff --git a/charts/trustify/values.schema.json b/charts/trustify/values.schema.json
@@ -90,6 +90,11 @@
         "port": {
           "type": "integer",
           "description": "Port on which infrastructure services are exposed.\n"
+        },
+        "initialDelaySeconds": {
+          "type": "integer",
+          "minimum": 0,
+          "description": "The initial delay seconds for the infrastructure probes.\n"
         }
       }
     },
@@ -167,6 +172,17 @@
             },
             {
               "$ref": "#/definitions/Postgres"
+            },
+            {
+              "type": "object",
+              "properties": {
+                "analyticsWriteKey": {
+                  "type": "string"
+                },
+                "uploadLimit": {
+                  "$ref": "#/definitions/ByteSize"
+                }
+              }
             }
           ]
         },
@@ -701,7 +717,10 @@
           ],
           "properties": {
             "size": {
-              "$ref": "#/definitions/ByteSize"
+              "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.0/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity"
+            },
+            "storageClassName": {
+              "type": "string"
             }
           }
         }

diff --git a/charts/trustify/values.schema.yaml b/charts/trustify/values.schema.yaml
@@ -153,6 +153,12 @@ properties:
           - $ref: "#/definitions/Tracing"
           - $ref: "#/definitions/HttpApplication"
           - $ref: "#/definitions/Postgres"
+          - type: object
+            properties:
+              analyticsWriteKey:
+                type: string
+              uploadLimit:
+                $ref: "#/definitions/ByteSize"
 
       createDatabase:
         description: |
@@ -553,7 +559,9 @@ definitions:
           - size
         properties:
           size:
-            $ref: "#/definitions/ByteSize"
+            $ref: "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.0/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity"
+          storageClassName:
+            type: string
 
   S3StorageConfig:
     type: object
@@ -659,4 +667,3 @@ definitions:
         $ref: "#/definitions/ByteSize"
       jsonLimit:
         $ref: "#/definitions/ByteSize"
-
diff --git a/values-minikube.yaml b/values-minikube.yaml
@@ -4,7 +4,7 @@ tracing: { }
 
 storage:
   filesystem:
-    size: 32GiB
+    size: 32Gi
 
 database:
   host: infrastructure-postgresql