From 2d88c8abcd58861dac5b69c35f78a2aaaf7d3f89 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Tue, 24 Oct 2023 14:43:54 +0800 Subject: [PATCH 1/6] feat: Add superadmin secret to values. --- .github/workflows/values.template | 8 ++++++++ charts/agh2/values.yaml | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/.github/workflows/values.template b/.github/workflows/values.template index 88e94c56..938bd4e2 100644 --- a/.github/workflows/values.template +++ b/.github/workflows/values.template @@ -471,6 +471,14 @@ captain: enabled: true secretName: capt-jwt-secret secret: "" + ## @param captain.secret.superadmin.enabled Enable secret generate for Super Admin + ## @param captain.secret.superadmin.secretName Secret name for Super Admin + ## @param captain.secret.superadmin.secret Super Admin password + ## + superadmin: + enabled: true + secretName: capt-superadmin-password + password: "" ## @extra captain.service Captain service parameters ## service: diff --git a/charts/agh2/values.yaml b/charts/agh2/values.yaml index 4a0c2d0a..6ec16769 100644 --- a/charts/agh2/values.yaml +++ b/charts/agh2/values.yaml @@ -471,6 +471,14 @@ captain: enabled: true secretName: capt-jwt-secret secret: "" + ## @param captain.secret.superadmin.enabled Enable secret generate for Super Admin + ## @param captain.secret.superadmin.secretName Secret name for Super Admin + ## @param captain.secret.superadmin.secret Super Admin password + ## + superadmin: + enabled: true + secretName: capt-superadmin-secret + password: "" ## @extra captain.service Captain service parameters ## service: From cceee50b87a19057f893b27c244f3bd8f9f6c989 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Tue, 24 Oct 2023 14:44:39 +0800 Subject: [PATCH 2/6] feat: Impl capt-superadmin secret template. --- .../captain/captain-superadmin-secret.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 charts/agh2/templates/captain/captain-superadmin-secret.yml diff --git a/charts/agh2/templates/captain/captain-superadmin-secret.yml b/charts/agh2/templates/captain/captain-superadmin-secret.yml new file mode 100644 index 00000000..5657ec4e --- /dev/null +++ b/charts/agh2/templates/captain/captain-superadmin-secret.yml @@ -0,0 +1,24 @@ +{{- if and .Values.captain.enabled .Values.captain.secret.enabled .Values.captain.secret.superadmin.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.captain.secret.superadmin.secretName }} + labels: + {{- include "AGH2.labels" . | nindent 4 }} +stringData: + SUPERADMIN_PASSWORD: {{ + ( + default + .Values.captain.secret.superadmin.password + ( + include "specify-password" + ( + dict + "domain" (default .Values.ingress.host "app.argushack.com") + "token" .Values.keygen.apiToken + "prefix" .Values.captain.secret.superadmin.secretName + ) + ) + ) | quote + }} +{{- end }} From 216b3e419d5b2579ec9f1a68656540a5c1c96838 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Tue, 24 Oct 2023 14:45:36 +0800 Subject: [PATCH 3/6] feat: Add env on captain deployment template via refer superadmin secret. --- charts/agh2/templates/captain/captain-deployment.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/agh2/templates/captain/captain-deployment.yml b/charts/agh2/templates/captain/captain-deployment.yml index 4cb01052..3f48e5ac 100644 --- a/charts/agh2/templates/captain/captain-deployment.yml +++ b/charts/agh2/templates/captain/captain-deployment.yml @@ -70,6 +70,13 @@ spec: - name: TEMPLATE_URL value: "template.$(NAMESPACE).svc.cluster.local:50005" {{- end }} + {{- if .Values.captain.secret.superadmin.enabled }} + - name: SUPERADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.captain.secret.superadmin.secretName }} + key: SUPERADMIN_PASSWORD + {{- end }} - name: DB_Conn valueFrom: secretKeyRef: From 3fe833dd613efe5a4784039e4ad07bb7d4b430ad Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Tue, 24 Oct 2023 15:47:49 +0800 Subject: [PATCH 4/6] docs: Correct params key name. --- .github/workflows/values.template | 2 +- charts/agh2/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/values.template b/.github/workflows/values.template index 938bd4e2..1cef8825 100644 --- a/.github/workflows/values.template +++ b/.github/workflows/values.template @@ -473,7 +473,7 @@ captain: secret: "" ## @param captain.secret.superadmin.enabled Enable secret generate for Super Admin ## @param captain.secret.superadmin.secretName Secret name for Super Admin - ## @param captain.secret.superadmin.secret Super Admin password + ## @param captain.secret.superadmin.password Super Admin password ## superadmin: enabled: true diff --git a/charts/agh2/values.yaml b/charts/agh2/values.yaml index 6ec16769..6e593c09 100644 --- a/charts/agh2/values.yaml +++ b/charts/agh2/values.yaml @@ -473,7 +473,7 @@ captain: secret: "" ## @param captain.secret.superadmin.enabled Enable secret generate for Super Admin ## @param captain.secret.superadmin.secretName Secret name for Super Admin - ## @param captain.secret.superadmin.secret Super Admin password + ## @param captain.secret.superadmin.password Super Admin password ## superadmin: enabled: true From 4e83f58bfc2da3fdc679a685528c27bd7131a2ea Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Tue, 24 Oct 2023 15:48:10 +0800 Subject: [PATCH 5/6] docs: Modify Readme. --- charts/agh2/README.md | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/charts/agh2/README.md b/charts/agh2/README.md index 3a904881..4a975150 100644 --- a/charts/agh2/README.md +++ b/charts/agh2/README.md @@ -93,7 +93,9 @@ Leave as default if using external DB | `postgresql.auth.username` | Internal database initial user | `argushack` | | `postgresql.auth.password` | Internal database initial password | `""` | | `postgresql.auth.postgresPassword` | Internal database initial postgres admin password | `""` | -| `postgresql.primary.extendedConfiguration` | Extended configuration for the primary node | `max_connections = 32768 shared_buffers = 4GB` | +| `postgresql.primary.extendedConfiguration` | Extended configuration for the primary node | `max_connections = 32768 +shared_buffers = 4GB +` | | `postgresql.primary.initdb.enabled` | Enable initdb scripts generation | `true` | | `postgresql.primary.initdb.scriptsConfigMap` | Name of ConfigMap containing db-init scripts | `db-init-scripts` | | `postgresql.primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `argushack` | @@ -121,11 +123,11 @@ Leave as default if using external DB | --------------------------------- | --------------------------------------------------------- | ----------------------------- | | `minio.internal.enabled` | Enable internal minio | `true` | | `minio.image.repository` | Internal MinIO image repository | `docker/bitnami/minio` | -| `minio.image.tag` | Internal MinIO image tag (immutable tags are recommended) | `2022.12.2-debian-11-r0` | +| `minio.image.tag` | Internal MinIO image tag (immutable tags are recommended) | `2023.3.24` | | `minio.image.pullPolicy` | Internal MinIO image pull policy | `IfNotPresent` | | `minio.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `minio.clientImage.repository` | Internal MinIO image repository | `docker/bitnami/minio-client` | -| `minio.clientImage.tag` | Internal MinIO image tag (immutable tags are recommended) | `2022.11.17-debian-11-r4` | +| `minio.clientImage.tag` | Internal MinIO image tag (immutable tags are recommended) | `2023.4.12` | | `minio.clientImage.pullPolicy` | Internal MinIO image pull policy | `IfNotPresent` | | `minio.clientImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `minio.auth.rootUser` | Internal database root user | `argushack` | @@ -154,7 +156,7 @@ ref: https://github.com/Leukocyte-Lab/AGH2-ATTACK | --------------------------------------- | -------------------------------------------------------------- | ------------------------------------------ | | `attack.enabled` | Enable ATTACK module | `true` | | `attack.image.repository` | ATTACK image repository | `leukocyte-lab/argushack2/attack` | -| `attack.image.tag` | ATTACK image tag (immutable tags are recommended) | `v0.10.0` | +| `attack.image.tag` | ATTACK image tag (immutable tags are recommended) | `v0.12.0` | | `attack.image.pullPolicy` | ATTACK image pull policy | `IfNotPresent` | | `attack.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `attack.secret.enabled` | Enable secret generate for ATTACK | `true` | @@ -165,10 +167,10 @@ ref: https://github.com/Leukocyte-Lab/AGH2-ATTACK | `attack.service` | ATTACK service parameters | | | `attack.service.group.enabled` | Enable ATTACK Group worker | `true` | | `attack.service.group.image.repository` | ATTACK Group worker image repository | `leukocyte-lab/argushack2/group` | -| `attack.service.group.image.tag` | ATTACK Group worker image tag (immutable tags are recommended) | `v1.3.7` | +| `attack.service.group.image.tag` | ATTACK Group worker image tag (immutable tags are recommended) | `v1.6.2` | | `attack.service.ui.enabled` | Enable ATTACK UI | `true` | | `attack.service.ui.image.repository` | ATTACK UI image repository | `leukocyte-lab/argushack2/attack-frontend` | -| `attack.service.ui.image.tag` | ATTACK UI image tag (immutable tags are recommended) | `v0.3.1` | +| `attack.service.ui.image.tag` | ATTACK UI image tag (immutable tags are recommended) | `v0.3.2-rc.0` | | `attack.service.ui.image.pullPolicy` | ATTACK UI image pull policy | `IfNotPresent` | | `attack.service.ui.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `attack.service.redis.enabled` | Enable redis | `true` | @@ -201,7 +203,7 @@ ref: https://github.com/Leukocyte-Lab/AGH2-Captain | ------------------------------------------------- | --------------------------------------------------------- | ----------------------------------------- | | `captain.enabled` | Enable Captain module | `true` | | `captain.image.repository` | Captain image repository | `leukocyte-lab/argushack2/captain` | -| `captain.image.tag` | Captain image tag (immutable tags are recommended) | `v0.20.1-rc.0` | +| `captain.image.tag` | Captain image tag (immutable tags are recommended) | `v0.23.0` | | `captain.image.pullPolicy` | Captain image pull policy | `IfNotPresent` | | `captain.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `captain.secret.enabled` | Enable secret generate for Captain | `true` | @@ -216,6 +218,9 @@ ref: https://github.com/Leukocyte-Lab/AGH2-Captain | `captain.secret.jwt.enabled` | Enable secret generate for JWT | `true` | | `captain.secret.jwt.secretName` | Secret name for JWT | `capt-jwt-secret` | | `captain.secret.jwt.secret` | JWT secret | `""` | +| `captain.secret.superadmin.enabled` | Enable secret generate for Super Admin | `true` | +| `captain.secret.superadmin.secretName` | Secret name for Super Admin | `capt-superadmin-secret` | +| `captain.secret.superadmin.password` | Super Admin password | `""` | | `captain.service` | Captain service parameters | | | `captain.service.redis.enabled` | Enable redis | `true` | | `captain.service.checkinDaemon.enabled` | Enable checkin-daemon | `true` | @@ -236,7 +241,7 @@ ref: https://github.com/Leukocyte-Lab/AGH2-Core | ------------------------------ | ------------------------------------------------ | ------------------------------- | | `core.enabled` | Enable Core module | `true` | | `core.image.repository` | Core image repository | `leukocyte-lab/argushack2/core` | -| `core.image.tag` | Core image tag (immutable tags are recommended) | `v1.18.1-rc.0` | +| `core.image.tag` | Core image tag (immutable tags are recommended) | `v1.20.2` | | `core.image.pullPolicy` | Core image pull policy | `IfNotPresent` | | `core.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `core.secret.enabled` | Enable secret generate for Core | `true` | @@ -264,7 +269,7 @@ ref: https://github.com/Leukocyte-Lab/AGH2-Exploit-Manager | ---------------------------------- | ---------------------------------------------------------- | ------------------------------------- | | `exploitmgr.enabled` | Enable Exploit-Manager module | `true` | | `exploitmgr.image.repository` | Exploit-Manager image repository | `leukocyte-lab/argushack2/exploitmgr` | -| `exploitmgr.image.tag` | Exploit-Manager image tag (immutable tags are recommended) | `v0.14.0-rc.0` | +| `exploitmgr.image.tag` | Exploit-Manager image tag (immutable tags are recommended) | `v0.17.0` | | `exploitmgr.image.pullPolicy` | Exploit-Manager image pull policy | `IfNotPresent` | | `exploitmgr.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `exploitmgr.secret.enabled` | Enable secret generate for Exploit-Manager | `true` | @@ -342,7 +347,7 @@ ref: https://github.com/Leukocyte-Lab/AGH2-UI | ---------------------- | ------------------------------------------------ | ----------------------------------- | | `ui.enabled` | Enable UI module | `true` | | `ui.image.repository` | UI image repository | `leukocyte-lab/argushack2/frontend` | -| `ui.image.tag` | UI image tag (immutable tags are recommended) | `v2.20.1` | +| `ui.image.tag` | UI image tag (immutable tags are recommended) | `v2.22.0` | | `ui.image.pullPolicy` | UI image pull policy | `IfNotPresent` | | `ui.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `ui.extraEnv` | UI additional environment variables | `{}` | @@ -350,13 +355,13 @@ ref: https://github.com/Leukocyte-Lab/AGH2-UI ### System shared image parameters -| Name | Description | Value | -| ------------------------------- | ------------------------------------- | ---------------------------------------------------------------- | -| `shared.enabled` | Enable shared image config generation | `true` | -| `shared.configMapName` | Shared image configMap name | `system-image` | -| `shared.images.poster` | Poster image | `leukocyte-lab/argushack2/worker/poster:v2.0.0` | -| `shared.images.cronjob` | Cronjob image | `leukocyte-lab/argushack2/worker/cronjob:v1.0.0` | -| `shared.images.reportInit` | Report init image | `leukocyte-lab/argushack2/worker/report-init:v0.0.9` | -| `shared.images.reportGenerator` | Report generator image | `leukocyte-lab/argushack2/worker/report-generator:v0.0.7` | -| `shared.images.reportTemplate` | Report template image | `leukocyte-lab/argushack2/attack-report-template:v0.0.7-alpha.3` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------- | --------------------------------------------------------- | +| `shared.enabled` | Enable shared image config generation | `true` | +| `shared.configMapName` | Shared image configMap name | `system-image` | +| `shared.images.poster` | Poster image | `leukocyte-lab/argushack2/worker/poster:v2.0.0` | +| `shared.images.cronjob` | Cronjob image | `leukocyte-lab/argushack2/worker/cronjob:v1.0.0` | +| `shared.images.reportInit` | Report init image | `leukocyte-lab/argushack2/worker/report-init:v0.0.8` | +| `shared.images.reportGenerator` | Report generator image | `leukocyte-lab/argushack2/worker/report-generator:v0.0.7` | +| `shared.images.reportTemplate` | Report template image | `leukocyte-lab/argushack2/attack-report-template:v0.0.8` | From aa29699d6619a27dac59328292826e17005e6fea Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Tue, 24 Oct 2023 15:48:36 +0800 Subject: [PATCH 6/6] build: Update chart version. --- charts/agh2/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/agh2/Chart.yaml b/charts/agh2/Chart.yaml index f2129101..632d1239 100644 --- a/charts/agh2/Chart.yaml +++ b/charts/agh2/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.0.2 +version: 2.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to