FROST deployment improvements for lifecycle actions (#2038)

* fix: chown cacerts to tomcat to allow for cert updates
* feat: allow to add lifecycle information and volumes
* ci: update helm built for kernblick fork (tmp)
* chore: bump version
* ci: make sure that the develop chart is released as snapshot
* fix: allow to set ClusterIP serviceType without ingress
* feat: allow to specify an optional securityContext for the containers
* fix: confused objects and lists
* fix: removed unnecessary operand
* fix: corrected yaml objects from values in deploments
* Fix auth_db_url with external DBs
* Fix MQTT Auth DB

---------

Co-authored-by: DerLinne <[email protected]>

FROST-Server.HTTP/Dockerfile

@@ -13,6 +13,7 @@ RUN unzip -d ${CATALINA_HOME}/webapps/FROST-Server /tmp/FROST-Server.war \
     && groupadd --system --gid 1001 tomcat \
     && useradd --system --uid 1001 --gid 1001 tomcat \
     && chgrp -R 0 $CATALINA_HOME \
-    && chmod -R g=u $CATALINA_HOME
+    && chmod -R g=u $CATALINA_HOME \
+    && chown tomcat:tomcat $JAVA_HOME/lib/security/cacerts
 
 USER tomcat

FROST-Server.MQTTP/Dockerfile

@@ -13,6 +13,7 @@ RUN unzip -d ${CATALINA_HOME}/webapps/FROST-Server /tmp/FROST-Server.war \
     && groupadd --system --gid 1001 tomcat \
     && useradd --system --uid 1001 --gid 1001 tomcat \
     && chgrp -R 0 $CATALINA_HOME \
-    && chmod -R g=u $CATALINA_HOME
+    && chmod -R g=u $CATALINA_HOME \
+    && chown tomcat:tomcat $JAVA_HOME/lib/security/cacerts
 
 USER tomcat

helm/frost-server/templates/http-deployment.yaml

@@ -32,10 +32,22 @@ spec:
       imagePullSecrets:
         - name: {{ .Values.frost.http.image.imagePullSecret }}
       {{- end}}
+      {{- if .Values.frost.http.volumes }}
+      volumes: {{ toYaml .Values.frost.http.volumes | nindent 12 }}
+      {{- end}}
       containers:
         - name: {{ $fullName }}
           image: "{{ .Values.frost.http.image.registry }}/{{ .Values.frost.http.image.repository }}:{{ .Values.frost.http.image.tag }}"
           imagePullPolicy: {{ .Values.frost.http.image.pullPolicy | quote }}
+          {{- if .Values.frost.http.lifecycle }}
+          lifecycle: {{ toYaml .Values.frost.http.lifecycle | nindent 12 }}
+          {{- end}}
+          {{- if .Values.frost.http.securityContext }}
+          securityContext: {{ toYaml .Values.frost.http.securityContext | nindent 12 }}
+          {{- end}}
+          {{- if .Values.frost.http.volumeMounts }}
+          volumeMounts: {{ toYaml .Values.frost.http.volumeMounts | nindent 12 }}
+          {{- end}}
           ports:
             - name: tomcat
               containerPort: 8080

helm/frost-server/templates/http-service.yaml

@@ -17,13 +17,13 @@ spec:
     helm.sh/chart: {{ include "frost-server.chart" . }}
     app: {{ include "frost-server.name" . }}
     component: {{ $tier }}
-  {{- if not .Values.frost.http.ingress.enabled }}
+  {{- if eq .Values.frost.mqtt.serviceType "NodePort" }}
   type: NodePort
   {{- end }}
   ports:
     - name: http
       port: {{ .Values.frost.http.ports.http.servicePort }}
-      {{- if not .Values.frost.http.ingress.enabled }}
+      {{- if eq .Values.frost.mqtt.serviceType "NodePort" }}
       nodePort: {{ .Values.frost.http.ports.http.nodePort }}
       {{- end }}
       targetPort: tomcat

helm/frost-server/templates/mqtt-deployment.yaml

@@ -32,10 +32,22 @@ spec:
       imagePullSecrets:
         - name: {{ .Values.frost.mqtt.image.imagePullSecret }}
       {{- end}}
+      {{- if .Values.frost.mqtt.volumes }}
+      volumes: {{ toYaml .Values.frost.mqtt.volumes | nindent 12 }}
+      {{- end}}
       containers:
         - name: {{ $fullName }}
           image: "{{ .Values.frost.mqtt.image.registry }}/{{ .Values.frost.mqtt.image.repository }}:{{ .Values.frost.mqtt.image.tag }}"
           imagePullPolicy: {{ .Values.frost.mqtt.image.pullPolicy | quote }}
+          {{- if .Values.frost.mqtt.lifecycle }}
+          lifecycle: {{ toYaml .Values.frost.mqtt.lifecycle | nindent 12 }}
+          {{- end}}
+          {{- if .Values.frost.mqtt.volumeMounts }}
+          volumeMounts: {{ toYaml .Values.frost.mqtt.volumeMounts | nindent 12 }}
+          {{- end}}
+          {{- if .Values.frost.mqtt.securityContext }}
+          securityContext: {{ toYaml .Values.frost.mqtt.securityContext | nindent 12 }}
+          {{- end}}
           ports:
             - name: mqtt
               containerPort: 1883
@@ -330,8 +342,13 @@ spec:
               value: ""
             - name: auth_db_driver
               value: "{{ .Values.frost.db.driver }}"
+            {{ if .Values.frost.db.enableIntegratedDb }}
             - name: auth_db_url
               value: {{ printf "jdbc:postgresql://%s:5432/%s" (include "frost-server.fullName" (merge (dict "tier" "db") .)) .Values.frost.db.database | quote }}
+            {{ else }}
+            - name: auth_db_url
+              value: "{{ .Values.frost.db.dbExternalConnectionString }}"
+            {{ end }}
             - name: auth_autoUpdateDatabase
               value: "{{tpl .Values.frost.auth.db.autoUpdate . }}"
             - name: auth_db_conn_max

helm/frost-server/values.yaml

@@ -120,6 +120,7 @@ frost:
       imagePullSecret:
     # FROST-Server HTTP deployment settings
     replicas: 1
+    serviceType: ClusterIP
     ports:
       http:
         nodePort:
@@ -147,6 +148,16 @@ frost:
         cpu: 500m
         memory: 1Gi
 
+    # FROST-Server HTTP lifecycle options.
+    lifecycle:
+
+    # FROST-Server HTTP volumeMounts options.
+    volumeMounts:
+
+    # FROST-Server HTTP volumes.
+    volumes:
+
+    securityContext:
 
     # FROST-Server HTTP business settings
     serviceHost: frost-server
@@ -276,6 +287,17 @@ frost:
       recvQueueSize: 2000
       maxInFlight: 50
 
+    # FROST-Server MQTT lifecycle options.
+    lifecycle:
+
+    # FROST-Server MQTT volumeMounts options.
+    volumeMounts:
+
+    # FROST-Server MQTT volumes.
+    volumes:
+
+    securityContext:
+
     # Extra environment variables added to MQTT pods.
     envExtra: