diff --git a/.secrets.baseline b/.secrets.baseline index 880b6197..202af15b 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-02-16T19:19:56Z", + "generated_at": "2023-02-21T02:49:06Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -195,7 +195,7 @@ "type": "Secret Keyword" }, { - "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", + "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, "line_number": 224, @@ -262,18 +262,11 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1861, + "line_number": 1862, "type": "Secret Keyword" } ], "helm/gen3/README.md": [ - { - "hashed_secret": "f9db05bf9c2df78d6167ff9134c11eda23511de3", - "is_secret": false, - "is_verified": false, - "line_number": 64, - "type": "Secret Keyword" - }, { "hashed_secret": "4caa5dcab48a481e96f4352e45459c0ecd6f3cf7", "is_secret": false, @@ -285,14 +278,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 77, + "line_number": 78, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 79, + "line_number": 80, "type": "Secret Keyword" } ], @@ -301,14 +294,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 64, + "line_number": 62, "type": "Secret Keyword" } ], @@ -449,7 +442,7 @@ "type": "Basic Auth Credentials" } ], - "helm/peregrine/peregrine-secret/wsgi.py": [ + "helm/peregrine/peregrine-secret/settings.py": [ { "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3", "is_secret": false, diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 72e24230..9ee1e3bb 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index dc477c2d..c3e0975e 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index f5f4a4ca..33710fc9 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -18,7 +18,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- toYaml .Values.podLabels | nindent 8 }} + app: ambassador + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end}} spec: affinity: podAntiAffinity: diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index ce14c102..8bb66704 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -39,7 +39,6 @@ podAnnotations: # -- (map) Labels to add to the pod. podLabels: - # -- (map) Pod-level security context. podSecurityContext: runAsUser: 8888 diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 665662ee..60e58897 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.2 + version: 0.1.3 repository: file://../common diff --git a/helm/arborist/README.md b/helm/arborist/README.md index c38dfeec..b93a804d 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.2 | +| file://../common | common | 0.1.3 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 35a5b794..3f3f0037 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,5 +24,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.2 + version: 0.1.3 repository: file://../common diff --git a/helm/audit/README.md b/helm/audit/README.md index d4be733b..914b8c51 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.2 | +| file://../common | common | 0.1.3 | ## Values diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index b7e08e10..edc949dc 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 0cf87c63..4add2b67 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 8f2ef2b8..7acd75bb 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -122,11 +122,11 @@ spec: kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' else echo "database does not exist" - psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE $SERVICE_PGDB;" - gen3_log_info psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER $SERVICE_PGUSER WITH PASSWORD '$SERVICE_PGPASS';" - psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER $SERVICE_PGUSER WITH PASSWORD '$SERVICE_PGPASS';" - psql -c "GRANT ALL ON DATABASE $SERVICE_PGDB TO $SERVICE_PGUSER WITH GRANT OPTION;" - psql -d $SERVICE_PGDB -c "CREATE EXTENSION ltree; ALTER ROLE $SERVICE_PGUSER WITH LOGIN" + psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE \"$SERVICE_PGDB\";" + gen3_log_info psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER \"$SERVICE_PGUSER\" WITH PASSWORD '$SERVICE_PGPASS';" + psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER \"$SERVICE_PGUSER\" WITH PASSWORD '$SERVICE_PGPASS';" + psql -c "GRANT ALL ON DATABASE \"$SERVICE_PGDB\" TO \"$SERVICE_PGUSER\" WITH GRANT OPTION;" + psql -d $SERVICE_PGDB -c "CREATE EXTENSION ltree; ALTER ROLE \"$SERVICE_PGUSER\" WITH LOGIN" PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" # Update secret to signal that db has been created, and services can start diff --git a/helm/common/templates/_get_or_generate_secret.tpl b/helm/common/templates/_get_or_generate_secret.tpl new file mode 100644 index 00000000..43e3b74e --- /dev/null +++ b/helm/common/templates/_get_or_generate_secret.tpl @@ -0,0 +1,34 @@ +{{/* +Helper function to generate or retrieve a secret value. + +This function takes the following parameters: +- `value` (optional): The secret value to use if it's not empty. If this parameter is set, the function will return this value without looking up or generating a new one. +- `secretName` (optional): The name of the secret that contains the value. If `value` is not set, the function will attempt to retrieve the value from this secret. If this parameter is not set or the secret does not exist, a new value will be generated. +- `secretKey` (optional): The key in the secret that contains the value. If `value` is not set and `secretName` is set, the function will attempt to retrieve the value from this key in the secret. If this parameter is not set or the key does not exist in the secret, a new value will be generated. +- `secretLength` (optional, default 20): The length of the value to generate if it needs to be generated. + +Usage: +{{ include "common.getOrGenSecret" (list "mysecretvalue" "mysecret" "mysecretkey" 16 .) }} +*/}} +{{- define "common.getOrGenSecret" -}} +{{- $value := index . 0 -}} +{{- $secretName := index . 1 -}} +{{- $secretKey := index . 2 -}} +{{- $secretLength := index . 3 -}} +{{- $nameSpace := index . 4 -}} +{{- if $value -}} +{{- $value = $value | b64enc -}} +{{- end -}} +{{- if not $value -}} + {{- if $secret := lookup "v1" "Secret" $nameSpace $secretName -}} + {{- if hasKey $secret.data $secretKey -}} + {{- $value = index $secret.data $secretKey -}} + {{- end -}} + {{- end -}} + {{- if not $value -}} + {{- $value = randAlphaNum $secretLength -}} + {{- $value = $value | b64enc -}} + {{- end -}} +{{- end -}} +{{- $value -}} +{{- end -}} diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 5f04370d..e7cd5f43 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.2 + version: 0.1.3 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index ba04aebf..289d46d1 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.2 | +| file://../common | common | 0.1.3 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -221,7 +221,7 @@ A Helm chart for gen3 Fence | nodeSelector | map | `{}` | Node Selector for the pods | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{"fsGroup":101}` | Security context for the pod | -| postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | +| postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | | postgres.dbCreate | bool | `nil` | Whether the database should be created. Default to global.postgres.dbCreate | | postgres.host | string | `nil` | Hostname for postgres server. This is a service override, defaults to global.postgres.host | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index c6136467..298e1ccc 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -65,6 +65,7 @@ postgres: port: "5432" # -- (string) Password for Postgres. Will be autogenerated if left empty. password: + separate: false # -- (int) Number of desired replicas replicaCount: 1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index f2b71cdd..20e0928d 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,11 +5,11 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.2" + version: "0.1.3" repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: "0.1.2" + version: "0.1.3" repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper @@ -17,19 +17,22 @@ dependencies: repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.2" + version: "0.1.3" repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy version: "0.1.2" repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled +- name: common + version: 0.1.3 + repository: file://../common - name: fence - version: "0.1.2" + version: "0.1.3" repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.2" + version: "0.1.3" repository: "file://../guppy" condition: guppy.enabled - name: hatchery @@ -37,7 +40,7 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.2" + version: "0.1.3" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -45,15 +48,15 @@ dependencies: repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: "0.1.2" + version: "0.1.3" repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: "0.1.2" + version: "0.1.3" repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: "0.1.2" + version: "0.1.3" repository: "file://../pidgin" condition: pidgin.enabled - name: portal @@ -61,15 +64,15 @@ dependencies: repository: "file://../portal" condition: portal.enabled - name: requestor - version: "0.1.2" + version: "0.1.3" repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.2" + version: "0.1.3" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.2" + version: "0.1.3" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher @@ -77,23 +80,19 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts - version: "0.1.3" + version: "0.1.4" repository: "file://../wts" condition: wts.enabled -- name: common - version: 0.1.2 - repository: file://../common + - name: elasticsearch version: "0.1.1" repository: "file://../elasticsearch" - tags: - - dev + condition: global.dev - name: postgresql version: 11.9.13 repository: "https://charts.bitnami.com/bitnami" - tags: - - dev + condition: global.dev # A chart can be either an 'application' or a 'library' chart. # @@ -108,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 9dfd24f4..a093724a 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,27 +18,27 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.2 | -| file://../arborist | arborist | 0.1.2 | +| file://../ambassador | ambassador | 0.1.3 | +| file://../arborist | arborist | 0.1.3 | | file://../argo-wrapper | argo-wrapper | 0.1.0 | -| file://../audit | audit | 0.1.2 | +| file://../audit | audit | 0.1.3 | | file://../aws-es-proxy | aws-es-proxy | 0.1.2 | -| file://../common | common | 0.1.2 | +| file://../common | common | 0.1.3 | | file://../elasticsearch | elasticsearch | 0.1.1 | -| file://../fence | fence | 0.1.2 | -| file://../guppy | guppy | 0.1.2 | +| file://../fence | fence | 0.1.3 | +| file://../guppy | guppy | 0.1.3 | | file://../hatchery | hatchery | 0.1.2 | -| file://../indexd | indexd | 0.1.2 | +| file://../indexd | indexd | 0.1.3 | | file://../manifestservice | manifestservice | 0.1.2 | -| file://../metadata | metadata | 0.1.2 | -| file://../peregrine | peregrine | 0.1.2 | -| file://../pidgin | pidgin | 0.1.2 | +| file://../metadata | metadata | 0.1.3 | +| file://../peregrine | peregrine | 0.1.3 | +| file://../pidgin | pidgin | 0.1.3 | | file://../portal | portal | 0.1.1 | -| file://../requestor | requestor | 0.1.2 | -| file://../revproxy | revproxy | 0.1.2 | -| file://../sheepdog | sheepdog | 0.1.2 | +| file://../requestor | requestor | 0.1.3 | +| file://../revproxy | revproxy | 0.1.3 | +| file://../sheepdog | sheepdog | 0.1.3 | | file://../ssjdispatcher | ssjdispatcher | 0.1.1 | -| file://../wts | wts | 0.1.3 | +| file://../wts | wts | 0.1.4 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -57,18 +57,19 @@ Helm chart to deploy Gen3 Data Commons | audit.enabled | bool | `true` | | | audit.image.repository | string | `nil` | | | audit.image.tag | string | `nil` | | +| aws-es-proxy.enabled | bool | `false` | | | fence.enabled | bool | `true` | | | fence.image.repository | string | `nil` | | | fence.image.tag | string | `nil` | | -| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | -| global.aws | map | `{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false}` | AWS configuration | -| global.aws.account | map | `{"aws_access_key_id":null,"aws_secret_access_key":null}` | Credentials for AWS stuff. TBD on IAM permissions as we experiment more. | +| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global.aws.account | map | `{"aws_access_key_id":null,"aws_secret_access_key":null}` | Credentials for AWS | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.gcp | map | `true` | AWS configuration | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index ebf756dc..8a8c6fc2 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -5,10 +5,14 @@ # -- (map) Global configuration options. global: # -- (map) AWS configuration + gcp: true + tls: + cert: + key: aws: # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. enabled: false - # -- (map) Credentials for AWS stuff. TBD on IAM permissions as we experiment more. + # -- (map) Credentials for AWS account: # Prep move of these keys here. aws_access_key_id: @@ -88,6 +92,9 @@ audit: repository: tag: +aws-es-proxy: + enabled: false + fence: enabled: true image: diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 5a8e5ffb..851d1a1d 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,9 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.2 + version: 0.1.3 repository: file://../common -- name: elasticsearch - version: 0.1.1 - repository: file://../elasticsearch - condition: elasticsearch.separate diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 90a4a50b..c9ed4c9f 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -8,8 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.2 | -| file://../elasticsearch | elasticsearch | 0.1.1 | +| file://../common | common | 0.1.3 | ## Values @@ -40,7 +39,6 @@ A Helm chart for gen3 Guppy Service | ddTraceEnabled | string | `nil` | | | ddTraceSampleRate | string | `nil` | | | ddVersion | string | `nil` | | -| elasticsearch.separate | bool | `false` | | | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | | diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 20654317..aad50ed1 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -187,7 +187,3 @@ encryptWhitelist: test1 # -- (bool) Whether or not to restore elasticsearch indices from a snapshot in s3 dbRestore: true - - -elasticsearch: - separate: false diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 3cc86c71..08f97802 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,5 +26,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.2 + version: 0.1.3 repository: file://../common diff --git a/helm/indexd/README.md b/helm/indexd/README.md index ce1a8830..e6dc596b 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.2 | +| file://../common | common | 0.1.3 | ## Values @@ -69,7 +69,7 @@ A Helm chart for gen3 indexd | resources.limits.memory | string | `"512Mi"` | | | resources.requests.cpu | float | `0.1` | | | resources.requests.memory | string | `"12Mi"` | | -| secrets.userdb.fence | string | `nil` | | +| secrets.userdb.fence | string | `"test"` | | | secrets.userdb.gateway | string | `nil` | | | secrets.userdb.gdcapi | string | `nil` | | | securityContext | object | `{}` | | diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index c27b415e..391e9383 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -31,6 +31,8 @@ metadata: name: indexd-service-creds type: Opaque stringData: - fence: {{ include "indexd-fence-creds" . | quote }} - gdcapi: {{ include "indexd-sheepdog-creds" . | quote }} - gateway: {{ include "indexd-gateway-creds" . | quote }} \ No newline at end of file + fence: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.fence "indexd-service-creds" "fence" 20 .Release.Namespace) }} + gdcapi: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.gdcapi "indexd-service-creds" "gdcapi" 20 .Release.Namespace) }} + gateway: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.gateway "indexd-service-creds" "gateway" 20 .Release.Namespace) }} + + diff --git a/helm/indexd/templates/pre-install.yaml b/helm/indexd/templates/pre-install.yaml index 5551f879..bd3b7b1e 100644 --- a/helm/indexd/templates/pre-install.yaml +++ b/helm/indexd/templates/pre-install.yaml @@ -5,9 +5,7 @@ metadata: # A little helper jobs for creating new indexd # users with basic-auth access to indexd update # endpoints. - # Loads the list of users from the indexd - # creds.json - # + # Loads the list of users from env var. name: indexd-userdb spec: backoffLimit: 0 @@ -17,10 +15,10 @@ spec: app: gen3job spec: automountServiceAccountToken: false + {{- with .Values.volumes }} volumes: - - name: config-volume - secret: - secretName: "indexd-settings" + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: indexd image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -28,7 +26,50 @@ spec: - name: "config-volume" readOnly: true mountPath: "/var/www/indexd/local_settings.py" - subPath: "local_settings.py" + subPath: "local_settings.py" + env: + - name: PGHOST + valueFrom: + secretKeyRef: + name: indexd-dbcreds + key: host + optional: false + - name: PGUSER + valueFrom: + secretKeyRef: + name: indexd-dbcreds + key: username + optional: false + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: indexd-dbcreds + key: password + optional: false + - name: PGDB + valueFrom: + secretKeyRef: + name: indexd-dbcreds + key: database + optional: false + - name: DBREADY + valueFrom: + secretKeyRef: + name: indexd-dbcreds + key: dbcreated + optional: false + - name: FENCE_PASS + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: fence + optional: false + - name: SHEEPDOG_PASS + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: fence + optional: false imagePullPolicy: Always command: ["/bin/bash" ] args: @@ -36,22 +77,8 @@ spec: # Script always succeeds if it runs (echo exits with 0) # indexd image does not include jq, so use python - | - eval $(python 2> /dev/null <