Merge pull request #49 from bbkz/dev

Version 0.2.0-rc.1
see [Releasenotes.md](Releasenotes.md)

README.md

@@ -219,8 +219,8 @@ wger-app requires for the django database migrations the superuser privileges, s
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
 | `redis.enabled` | Enable the redis chart | Boolean | `true` |
-| `redis.auth.enabled` | Whether to enable redis login. Currently, only `false` is supported | Boolean | `false` |
-| `redis.auth.password` | Password for redis login. Not required if `redis.auth.enabled` is `false` | String | `wger` |
+| `redis.auth.enabled` | Whether to enable redis login. | Boolean | `false` |
+| `redis.auth.password` | Password for redis login. Not required if `redis.auth.enabled` is `false` | String | `randAlphaNum 25` |
 | `redis.service.serverPort` | Redis server service port | Integer | `6379` |
 | `redis.storage.persistentVolumeClaimName` | PVC name when existing storage volume should be used | String | `Nil` |
 | `redis.storage.requestedSize` | Size for new PVC, when no existing PVC is used | String | `Nil` |

RELEASENOTES.md

@@ -1,3 +1,60 @@
+## 0.2.0
+
+* redis upgrade
+* postgres minor upgrade
+* setting a redis password is now possible
+
+### Upgrade
+
+#### Postgres values change
+
+Upgraded chart from groundhog2k for postgres requires changes to the `values.yml`:
+
+```yaml
+postgres:
+  settings:
+    superuser:
+      value: postgres
+    superuserPassword:
+      value: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+  userDatabase:
+    name:
+      value: wger
+    user:
+      value: wger
+    password:
+      value: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+```
+
+#### Redis password
+
+When enabling the redis password after the installation (upgrade), it is required to set the password once in the `values.yml`, as soon as the secret is created it can be removed.
+
+```yaml
+redis:
+  auth:
+    enabled: true
+    password: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+```
+
+Enabling redis authentication, requires you to set the following `env` and `args`, for the redis container:
+
+```yaml
+redis:
+  auth:
+    enabled: true
+  # Additional environment variables (Redis server and Sentinel)
+  env:
+    - name: REDIS_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: redis
+          key: redis-password
+  # Arguments for the container entrypoint process (Redis server)
+  args:
+    - "--requirepass $(REDIS_PASSWORD)"
+```
+
 ## 0.1.6
 
 * get the database credentials from the secret, like the postgres chart does

charts/wger/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: postgres
   repository: https://groundhog2k.github.io/helm-charts
-  version: 0.4.5
+  version: 1.3.1
 - name: redis
   repository: https://groundhog2k.github.io/helm-charts
-  version: 0.6.14
-digest: sha256:19881f3f3425a4b56c047feb0529f2e0729eafb73b294b8770e7fccbb4ba802f
-generated: "2023-07-26T10:55:01.686592589+02:00"
+  version: 1.2.0
+digest: sha256:6a2d1e1a702d88285fce9e5dfcf72d4fa78c42a9b255fa77a8264e1df41c065f
+generated: "2024-05-05T14:31:11.163945533+02:00"

charts/wger/Chart.yaml

@@ -1,6 +1,6 @@
 ---
 apiVersion: v2
-version: 0.1.12
+version: 0.2.0-rc.1
 appVersion: latest
 name: wger
 description: A Helm chart for Wger installation on Kubernetes
@@ -14,11 +14,11 @@ dependencies:
     condition: postgres.enabled
     tags:
       - groundhog2k
-    version: 0.4.5
+    version: 1.3.1
     repository: https://groundhog2k.github.io/helm-charts
   - name: redis
     condition: redis.enabled
     tags:
       - groundhog2k
-    version: 0.6.14
+    version: 1.2.0
     repository: https://groundhog2k.github.io/helm-charts

charts/wger/templates/deployment.yaml

@@ -64,6 +64,17 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            # to enable redis authentication
+            # additional settings in the values
+            # must be made, passed to the redis
+            # container
+            {{- if .Values.redis.auth.enabled }}
+            - name: DJANGO_CACHE_CLIENT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "redis"
+                  key: "redis-password"
+            {{- end }}
             {{- if .Values.celery.flower.enabled }}
             - name: CELERY_FLOWER_PASSWORD
               valueFrom:
@@ -224,6 +235,17 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            # to enable redis authentication
+            # additional settings in the values
+            # must be made, passed to the redis
+            # container
+            {{- if .Values.redis.auth.enabled }}
+            - name: DJANGO_CACHE_CLIENT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "redis"
+                  key: "redis-password"
+            {{- end }}
             {{- if .Values.celery.flower.enabled }}
             - name: CELERY_FLOWER_PASSWORD
               valueFrom:
@@ -273,6 +295,17 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            # to enable redis authentication
+            # additional settings in the values
+            # must be made, passed to the redis
+            # container
+            {{- if .Values.redis.auth.enabled }}
+            - name: DJANGO_CACHE_CLIENT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "redis"
+                  key: "redis-password"
+            {{- end }}
             - name: CELERY_FLOWER_PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -383,6 +416,17 @@ spec:
                 secretKeyRef:
                   name: "{{.Release.Name}}-postgres"
                   key: "POSTGRES_DB"
+            # to enable redis authentication
+            # additional settings in the values
+            # must be made, passed to the redis
+            # container
+            {{- if .Values.redis.auth.enabled }}
+            - name: DJANGO_CACHE_CLIENT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "redis"
+                  key: "redis-password"
+            {{- end }}
             {{- if .Values.celery.flower.enabled }}
             - name: CELERY_FLOWER_PASSWORD
               valueFrom:

charts/wger/templates/secret-redis.yaml

@@ -6,11 +6,15 @@ kind: Secret
 metadata:
   name: redis
   namespace: {{ .Release.Namespace }}
-stringData:
-  {{ if .Values.redis.auth.password }}
+data:
+  {{- if .Values.redis.auth.password }}
   redis-password: {{ .Values.redis.auth.password | b64enc | quote }}
   {{ else }}
-  redis-password: {{ randAlphaNum 10 | b64enc | quote }}
-  {{ end }}
+  {{- if .Release.IsUpgrade }}
+  redis-password: {{ index (lookup "v1" "Secret" .Release.Namespace "redis").data "redis-password" | quote }}
+  {{ else }}
+  redis-password: {{ randAlphaNum 25 | b64enc | quote }}
+  {{- end }}
+  {{- end }}
 {{- end }}
 {{- end }}

charts/wger/values.yaml

@@ -121,12 +121,17 @@ postgres:
   # changes to the superuser and userDatabase passwords will update
   # the secret where they are save in
   settings:
-    superuser: postgres
-    superuserPassword: postgres
+    superuser:
+      value: postgres
+    superuserPassword:
+      value: postgres
   userDatabase:
-    name: wger
-    user: wger
-    password: wger
+    name:
+      value: wger
+    user:
+      value: wger
+    password:
+      value: wger
   # the user from the user database will be turned into a superuser
   # some database migration in django requires this
   # otherwise it was not able to create the database
@@ -154,9 +159,29 @@ postgres:
 redis:
   # Note: keep these variables present as the chart uses them for the Deployment
   enabled: true
+  # auth: is used in wger-helm-charts to auto-create a secret for redis
+  #
+  # if you enable auth it will create new secret from auth.password
+  # if auth.password is missing it will randomly generate one.
+  #
+  # to enable authentication in the redis container, you need
+  # to enable the env and args mentioned below
   auth:
     enabled: false
-    password: wger
+    # default no password set, this will randomly create
+    # one upon first installation
+    # password: XXXXXXXXXXXXXXXXXX
+  # Uncomment the following to enable password authentication:
+  # # Additional environment variables (Redis server and Sentinel)
+  # env:
+  #   - name: REDIS_PASSWORD
+  #     valueFrom:
+  #       secretKeyRef:
+  #         name: redis
+  #         key: redis-password
+  # # Arguments for the container entrypoint process (Redis server)
+  # args:
+  #   - "--requirepass $(REDIS_PASSWORD)"
   storage:
     ##  Set persistentVolumenClaimName to reference an existing PVC
     persistentVolumeClaimName:

example/prod_values.yaml

@@ -66,12 +66,17 @@ ingress:
 postgres:
   enabled: true
   settings:
-    superuser: postgres
-    superuserPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    superuser:
+      value: postgres
+    superuserPassword:
+      value: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
   userDatabase:
-    name: wger
-    user: wger
-    password: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    name:
+      value: wger
+    user:
+      value: wger
+    password:
+      value: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
   service:
     port: 5432
   storage:
@@ -81,8 +86,17 @@ postgres:
 redis:
   enabled: true
   auth:
-    enabled: false
-    password: wger
+    enabled: true
+  # Additional environment variables (Redis server and Sentinel)
+  env:
+    - name: REDIS_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: redis
+          key: redis-password
+  # Arguments for the container entrypoint process (Redis server)
+  args:
+    - "--requirepass $(REDIS_PASSWORD)"
   storage:
     persistentVolumeClaimName: wger-redis
     className: "csi-cephfs-sc"