diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 07398cd12c823dbcad2932aca2185a210b24bd65..8c2defd2e10d583276b01ba396acb7cd8fdd7811 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,13 +13,14 @@ version-bump-dev:
before_script:
- git config user.email 'renovate@nmaas.eu'
- git config user.name 'NMaaS Renovate'
- - git config pull.rebase true
+ # - git config pull.rebase true
script:
- git fetch
- git checkout master
- export MASTER_CHART_VERSION=$(yq e '.version' charts/$CHART_NAME/Chart.yaml)
- git checkout $CI_COMMIT_REF_NAME
- git branch --set-upstream-to=origin/$CI_COMMIT_REF_NAME $CI_COMMIT_REF_NAME
+ - git status
- git pull
- export CURRENT_CHART_VERSION=$(yq e '.version' charts/$CHART_NAME/Chart.yaml)
- export CURRENT_DOCKER_IMAGE_VERSION=$(yq e '.platform.image.tag' charts/$CHART_NAME/values.yaml)
@@ -93,7 +94,7 @@ helm-docs:
- git pull https://root:$RENOVATE_ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git $CI_COMMIT_REF_NAME
- git config user.email 'renovate@nmaas.eu'
- git config user.name 'NMaaS Renovate'
- - git config pull.rebase true
+ # - git config pull.rebase true
script:
- helm-docs --output-file '../../README.md'
- git status
diff --git a/README.md b/README.md
index 4fe1ac6f6557e3fe8b70d8538fba4d39ca0789be..541921e2ec1dac6e71c264d159971dc9588d5755 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# nmaas
- 
+ 
GÉANT Network Management as a Service Helm chart for Kubernetes
@@ -34,23 +34,6 @@ GÉANT Network Management as a Service Helm chart for Kubernetes
| global.nmaasDomain | string | `"nmaas.example.com"` | |
| global.registrysecret | string | `"nmaas-registry"` | currently not needed, for future use |
| global.wildcardCertificateName | string | `"wildcard-tls"` | |
-| helm.clusterRoleBindingName | string | `"nmaas-helm-admin"` | |
-| helm.clusterRoleName | string | `"cluster-admin"` | |
-| helm.enabled | bool | `true` | |
-| helm.image.pullPolicy | string | `"Always"` | |
-| helm.image.repository | string | `"artifactory.software.geant.org/nmaas-docker-local/nmaas-helm-3"` | |
-| helm.image.tag | string | `"3.9.3"` | |
-| helm.name | string | `"nmaas-helm"` | |
-| helm.persistence.accessMode | string | `"ReadWriteOnce"` | |
-| helm.persistence.enabled | bool | `true` | |
-| helm.persistence.existingClaim | string | `""` | name of an existing claim to be used. If empty, a new one is provisioned. |
-| helm.persistence.size | string | `"1Gi"` | |
-| helm.persistence.storageClass | string | `""` | |
-| helm.port | int | `22` | |
-| helm.properties.users | string | `"helm:1000:1000"` | |
-| helm.serviceAccountName | string | `"nmaas-helm"` | |
-| helm.targetPort | int | `22` | |
-| helm.type | string | `"ClusterIP"` | |
| janitor.clusterRoleBindingName | string | `"nmaas-janitor"` | |
| janitor.clusterRoleName | string | `"janitor-role"` | |
| janitor.enabled | bool | `true` | |
@@ -69,11 +52,11 @@ GÉANT Network Management as a Service Helm chart for Kubernetes
| platform.apiSecret.secret.key | string | `"secret"` | |
| platform.apiSecret.secret.name | string | `"nmaas-api-secret"` | must be created manually if literal is empty |
| platform.clusterRoleBindingName | string | `"nmaas-platform"` | |
-| platform.clusterRoleName | string | `"nmaas-shell-role"` | |
+| platform.clusterRoleName | string | `"cluster-admin"` | name of ClusterRole to associate to nmaas-platform. Must exist beforehand |
| platform.enabled | bool | `true` | |
| platform.image.pullPolicy | string | `"IfNotPresent"` | |
| platform.image.repository | string | `"artifactory.software.geant.org/nmaas-docker-local/nmaas-platform"` | |
-| platform.image.tag | string | `"1.7.1"` | |
+| platform.image.tag | string | `"latest"` | |
| platform.ingress.className | string | `""` | defaults to .Values.platform.properties.k8s.ingress.controller.ingressClass if not set |
| platform.initscripts.enabled | bool | `true` | |
| platform.initscripts.image.pullPolicy | string | `"Always"` | |
@@ -100,16 +83,10 @@ GÉANT Network Management as a Service Helm chart for Kubernetes
| platform.properties.captchaSecret.secret.name | string | `"nmaas-captcha-secret-secret"` | |
| platform.properties.defaultLanguage | string | `"en"` | |
| platform.properties.environment | string | `"prod"` | |
-| platform.properties.helm.address | string | `"nmaas-helm"` | |
| platform.properties.helm.asyncUpdateCron | string | `"0 0 * * * ?"` | |
| platform.properties.helm.asyncUpdateEnabled | bool | `true` | |
-| platform.properties.helm.chartsDirectory | string | `"/home/nmaas/charts"` | |
-| platform.properties.helm.enableTls | bool | `true` | |
| platform.properties.helm.repositoryName | string | `"nmaas"` | |
| platform.properties.helm.repositoryUrl | string | `"https://artifactory.software.geant.org/artifactory/nmaas-helm"` | |
-| platform.properties.helm.useLocalCharts | bool | `false` | |
-| platform.properties.helm.username | string | `"helm"` | |
-| platform.properties.helm.version | string | `"v3"` | |
| platform.properties.jwt.resetKey.literal | string | `""` | leave empty to use existing secret, length at least 96 characters |
| platform.properties.jwt.resetKey.secret.key | string | `"jwtResetKey"` | |
| platform.properties.jwt.secretName | string | `"nmaas-jwt"` | |
@@ -167,7 +144,7 @@ GÉANT Network Management as a Service Helm chart for Kubernetes
| portal.enabled | bool | `true` | |
| portal.image.pullPolicy | string | `"IfNotPresent"` | |
| portal.image.repository | string | `"artifactory.software.geant.org/nmaas-docker-local/nmaas-portal"` | |
-| portal.image.tag | string | `"1.7.1"` | |
+| portal.image.tag | string | `"latest"` | |
| portal.ingress.className | string | `""` | defaults to .Values.platform.properties.k8s.ingress.controller.ingressClass if not set |
| portal.name | string | `"nmaas-portal"` | |
| portal.port | int | `9009` | |
diff --git a/charts/nmaas/Chart.yaml b/charts/nmaas/Chart.yaml
index 6a2614255d55caaf3fe9af9c69dddd9835b5a45a..2e4b26030e421220fcf324186a1cd6d054fd3d0d 100644
--- a/charts/nmaas/Chart.yaml
+++ b/charts/nmaas/Chart.yaml
@@ -1,8 +1,8 @@
apiVersion: v2
name: nmaas
description: GÉANT Network Management as a Service Helm chart for Kubernetes
-version: 2.0.1
-appVersion: 1.7.1
+version: 2.0.2-alpha.5
+appVersion: latest
keywords:
- Network Management
- Cloud Deployment
diff --git a/charts/nmaas/templates/nmaas-helm-clusterRoleBinding.yaml b/charts/nmaas/templates/nmaas-helm-clusterRoleBinding.yaml
deleted file mode 100644
index e92642b77159ab30d95f82a2ead20a2d9f0f915f..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-helm-clusterRoleBinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ .Values.helm.clusterRoleBindingName }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: {{ .Values.helm.clusterRoleName }}
-subjects:
-- kind: ServiceAccount
- name: {{ .Values.helm.serviceAccountName }}
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/nmaas/templates/nmaas-helm-deployment.yaml b/charts/nmaas/templates/nmaas-helm-deployment.yaml
deleted file mode 100644
index 3ebf9ebac5130df125491ec917ac74eb08b486ab..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-helm-deployment.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-{{- if .Values.helm.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ .Values.helm.name }}
- labels:
- app: {{ .Values.helm.name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
-spec:
- selector:
- matchLabels:
- app: {{ .Values.helm.name }}
- strategy:
- type: Recreate
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ .Values.helm.name }}
- spec:
- volumes:
- - name: {{ .Values.helm.persistence.existingClaim | default (printf "%s-helm" (include "fullname" .)) | quote }}
- {{- if .Values.helm.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Values.helm.persistence.existingClaim | default (printf "%s-helm" (include "fullname" .)) | quote }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: helm-access-key
- secret:
- secretName: {{ .Values.global.helmAccessKeyPublic }}
- {{- if .Values.helm.serviceAccountName }}
- serviceAccountName: {{ .Values.helm.serviceAccountName }}
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- securityContext:
- capabilities:
- add:
- - SYS_CHROOT
- image: "{{ .Values.helm.image.repository }}:{{ .Values.helm.image.tag }}"
- imagePullPolicy: {{ .Values.helm.image.pullPolicy }}
- ports:
- - containerPort: {{ .Values.helm.port }}
- protocol: TCP
- env:
- - name: SSH_USERS
- value: {{ .Values.helm.properties.users }}
- volumeMounts:
- - name: helm-access-key
- mountPath: /keys
- - mountPath: /home/helm/.config/helm
- name: {{ .Values.helm.persistence.existingClaim | default (printf "%s-helm" (include "fullname" .)) | quote }}
- subPath: helm-config
- imagePullSecrets:
- - name: {{ .Values.global.registrysecret }}
-{{- end -}}
diff --git a/charts/nmaas/templates/nmaas-helm-pvc.yaml b/charts/nmaas/templates/nmaas-helm-pvc.yaml
deleted file mode 100644
index 806afbfb00e9e51a255353f1f65aab2f32d2cf41..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-helm-pvc.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if and (.Values.helm.persistence.enabled) (not .Values.helm.persistence.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: "{{ template "fullname" . }}-helm"
- labels:
- app: nmaas-helm
-spec:
- accessModes:
- - "{{ .Values.helm.persistence.accessMode }}"
- {{- if .Values.helm.persistence.storageClass }}
- storageClassName: "{{ .Values.helm.persistence.storageClass }}"
- {{- end}}
- resources:
- requests:
- storage: "{{ .Values.helm.persistence.size }}"
-{{- end }}
\ No newline at end of file
diff --git a/charts/nmaas/templates/nmaas-helm-service.yaml b/charts/nmaas/templates/nmaas-helm-service.yaml
deleted file mode 100644
index c2a9956f8fa3c3ad1a890419707208e9c04228f1..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-helm-service.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{- if .Values.helm.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.helm.name }}
- labels:
- app: {{ .Values.helm.name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
-spec:
- type: {{ .Values.helm.type }}
- ports:
- - port: {{ .Values.helm.port }}
- targetPort: {{ .Values.helm.targetPort }}
- protocol: TCP
- selector:
- app: {{ .Values.helm.name }}
-{{- end -}}
diff --git a/charts/nmaas/templates/nmaas-helm-serviceAccount.yaml b/charts/nmaas/templates/nmaas-helm-serviceAccount.yaml
deleted file mode 100644
index ed68363b92141150b960a6d9a8fae5c6060875e1..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-helm-serviceAccount.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
-metadata:
- name: {{ .Values.helm.serviceAccountName }}
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/nmaas/templates/nmaas-platform-clusterRole.yaml b/charts/nmaas/templates/nmaas-platform-clusterRole.yaml
deleted file mode 100644
index 790a32e7458d03e659390543d2ca27668658ccc4..0000000000000000000000000000000000000000
--- a/charts/nmaas/templates/nmaas-platform-clusterRole.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: {{ .Values.platform.clusterRoleName }}
-rules:
-- apiGroups: [""]
- resources: ["pods"]
- verbs: ["get", "list", "watch"]
-- apiGroups: [""]
- resources: ["pods/exec"]
- verbs: ["create", "get", "watch"]
diff --git a/charts/nmaas/templates/nmaas-platform-deployment.yaml b/charts/nmaas/templates/nmaas-platform-deployment.yaml
index 59be106caabcb4c2ff9f62a59b6439a5170e3333..9ab6ca992fd8ffc08c82f20ba269d1eb2d56b295 100644
--- a/charts/nmaas/templates/nmaas-platform-deployment.yaml
+++ b/charts/nmaas/templates/nmaas-platform-deployment.yaml
@@ -53,8 +53,9 @@ spec:
- name: platform-data
mountPath: /nmaas/files
subPath: platform-logs
- - name: helm-access-key
- mountPath: /nmaas/.ssh
+ - name: platform-data
+ mountPath: /home/nmaas/.config/helm
+ subPath: helm
env:
- name: ENVIRONMENT
value: "{{ .Values.platform.properties.environment }}"
@@ -137,23 +138,11 @@ spec:
- name: USE_LOGIN_PASSWORD
value: {{ and .Values.platform.properties.smtp.login .Values.platform.properties.smtp.password }}
- name: USE_STARTTLS
- value: {{ .Values.platform.properties.smtp.useStartTLS | default "false" | quote}}
- - name: HELM_ADDRESS
- value: "{{ .Values.platform.properties.helm.address }}"
- - name: HELM_USERNAME
- value: "{{ .Values.platform.properties.helm.username }}"
- - name: HELM_USELOCALCHARTS
- value: "{{ .Values.platform.properties.helm.useLocalCharts }}"
+ value: {{ .Values.platform.properties.smtp.useStartTLS | default "false" | quote }}
- name: HELM_REPOSITORY
value: "{{ .Values.platform.properties.helm.repositoryName }}"
- name: HELM_REPOSITORY_URL
value: "{{ .Values.platform.properties.helm.repositoryUrl }}"
- - name: HELM_LOCALCHARTSDIR
- value: "{{ .Values.platform.properties.helm.chartsDirectory }}"
- - name: HELM_ENABLETLS
- value: "{{ .Values.platform.properties.helm.enableTls }}"
- - name: HELM_VERSION
- value: "{{ .Values.platform.properties.helm.version }}"
- name: HELM_UPDATE_ASYNC_ENABLED
value: "{{ .Values.platform.properties.helm.asyncUpdateEnabled }}"
- name: HELM_UPDATE_ASYNC_CRON
@@ -218,6 +207,7 @@ spec:
value: {{ .Values.platform.properties.autoNamespaceCreationForDomains | quote }}
- name: PORTAL_SSO_ALLOWED_FLAG
value: {{ .Values.platform.properties.oidc.enabled | quote }}
+ {{- if .Values.platform.properties.oidc.enabled }}
- name: OIDC_CLIENT_ID
value: {{ .Values.platform.properties.oidc.clientId | quote }}
- name: OIDC_ISSUER_URI
@@ -231,6 +221,7 @@ spec:
secretKeyRef:
name: {{ .Values.platform.properties.oidc.secretName }}
key: {{ .Values.platform.properties.oidc.clientSecret.secret.key }}
+ {{- end }}
- name: JWT_SIGNING_KEY
valueFrom:
secretKeyRef:
diff --git a/charts/nmaas/templates/nmaas-populate-job.yaml b/charts/nmaas/templates/nmaas-populate-job.yaml
index d032780c4ba3b6d2a2678c839702f73623eaf461..698174cf573cc589fc1b42658a121f23db44081c 100644
--- a/charts/nmaas/templates/nmaas-populate-job.yaml
+++ b/charts/nmaas/templates/nmaas-populate-job.yaml
@@ -11,6 +11,8 @@ spec:
image: "{{ .Values.platform.initscripts.image.repository }}:{{ .Values.platform.initscripts.image.tag }}"
imagePullPolicy: {{ .Values.platform.initscripts.image.pullPolicy }}
env:
+ - name: TEST_INSTANCE_FLAG
+ value: {{ .Values.platform.properties.testInstance | quote }}
- name: PLATFORM_PORT
value: "{{ .Values.platform.port }}"
- name: PLATFORM_HOST
diff --git a/charts/nmaas/values.yaml b/charts/nmaas/values.yaml
index c8f1bbccc5a7c7e44a07b92c1d80100df30cdb8d..022346ec647d145b0064086956681c7f403f66b4 100644
--- a/charts/nmaas/values.yaml
+++ b/charts/nmaas/values.yaml
@@ -26,7 +26,8 @@ platform:
enabled: true
name: nmaas-platform
serviceAccountName: nmaas-platform
- clusterRoleName: nmaas-shell-role
+ # -- name of ClusterRole to associate to nmaas-platform. Must exist beforehand
+ clusterRoleName: cluster-admin
clusterRoleBindingName: nmaas-platform
ingress:
# -- defaults to .Values.platform.properties.k8s.ingress.controller.ingressClass if not set
@@ -61,7 +62,7 @@ platform:
timeoutSeconds: 10
image:
repository: artifactory.software.geant.org/nmaas-docker-local/nmaas-platform
- tag: "1.7.1"
+ tag: "latest"
pullPolicy: IfNotPresent
port: 9001
targetPort: 9001
@@ -121,14 +122,8 @@ platform:
name: nmaas-postgresql-secret
key: secret
helm:
- address: nmaas-helm
- username: helm
- useLocalCharts: false
repositoryName: nmaas
repositoryUrl: https://artifactory.software.geant.org/artifactory/nmaas-helm
- chartsDirectory: /home/nmaas/charts
- enableTls: true
- version: v3
asyncUpdateEnabled: true
asyncUpdateCron: "0 0 * * * ?"
smtp:
@@ -201,7 +196,7 @@ portal:
name: nmaas-portal
image:
repository: artifactory.software.geant.org/nmaas-docker-local/nmaas-portal
- tag: "1.7.1"
+ tag: "latest"
pullPolicy: IfNotPresent
ingress:
# -- defaults to .Values.platform.properties.k8s.ingress.controller.ingressClass if not set
@@ -255,29 +250,6 @@ postfix:
secret:
key: smtpPassword
-helm:
- enabled: true
- name: nmaas-helm
- serviceAccountName: nmaas-helm
- clusterRoleBindingName: nmaas-helm-admin
- clusterRoleName: cluster-admin
- image:
- repository: artifactory.software.geant.org/nmaas-docker-local/nmaas-helm-3
- tag: "3.9.3"
- pullPolicy: Always
- port: 22
- targetPort: 22
- type: ClusterIP
- properties:
- users: helm:1000:1000
- persistence:
- enabled: true
- # -- name of an existing claim to be used. If empty, a new one is provisioned.
- existingClaim: ""
- accessMode: ReadWriteOnce
- size: 1Gi
- storageClass: ""
-
janitor:
enabled: true
name: nmaas-janitor