Release/v0.10.0 into main

.github/workflows/code-checks.yaml

@@ -14,7 +14,7 @@ on:
 
 jobs:  
   check-code:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
 

.gitignore

@@ -132,3 +132,6 @@ dmypy.json
 static/open-iconic/
 
 repos/
+
+#Other
+values-local*

README.md

@@ -4,8 +4,9 @@ This repository contains Helm charts maintained by Scaleout Systems AB. The repo
 
 **Note:** The main branch is now the new default branch. For getting the latest version of these charts  please clone the main branch and not the master.
 
+
 ## Getting started
-To be able to deploy Helm chrats from this repository you first need to add this repository as a source of charts.
+To be able to deploy Helm charts from this repository you first need to add this repository as a source of charts.
 
 ```bash
 $ helm repo add scaleout https://scaleoutsystems.github.io/charts/scaleout/stackn

scaleout/stackn/.helmignore

@@ -25,3 +25,5 @@ stackn-*.tgz
 .vscode/
 modules/
 examples/
+# Values file
+.values-*

scaleout/stackn/Chart.yaml

@@ -1,10 +1,8 @@
 apiVersion: v1
-appVersion: "0.6.0"
-description: A Helm chart for deploying STACKn by Scaleout
-name: stackn
-version: 0.2.0
+appVersion: "0.17.0"
+description: A Helm chart for deploying studio
+name: studio
+version: 0.5.6
 maintainers:
-  - email: [email protected]
-    name: Morgan Ekmefjord
   - email: [email protected]
     name: Fredrik Wrede

scaleout/stackn/README.md

@@ -7,38 +7,42 @@ STACKn
 
 A Helm chart for deploying STACKn by Scaleout
 
-Current chart version is 0.2.0
+Current chart version is 0.4.1
 
 ## Chart Requirements
 
 | Repository | Name | Version | Optional |
 |------------|------|---------|----------|
-| https://charts.bitnami.com/bitnami | postgresql | 11.6.14 | No
-| https://charts.bitnami.com/bitnami | postgresql-ha | 9.2.0 | Yes
-| https://grafana.github.io/helm-charts | grafana | 6.8.4 | Yes
-| https://prometheus-community.github.io/helm-charts | prometheus | 13.8.0 | Yes
-| https://stakater.github.io/stakater-charts | reloader | v0.0.86 | No
-
+| https://charts.bitnami.com/bitnami | postgresql | 12.2.7 | No
+| https://charts.bitnami.com/bitnami | redis | 17.7.4 | No
+| https://charts.bitnami.com/bitnami | rabbitmq | 11.9.1 | No
+| https://charts.bitnami.com/bitnami | common | 2.0.4 | No
+| https://stakater.github.io/stakater-charts | reloader | v1.0.15 | Yes
+
+## Notes
+When using PVC's together with postgres, rabbitmq and and redis, credentials will to not sync if secrets are updated (for example if password values are left blank). If this happens, the solution 
+is to redeploy and delete previous created PVCs. To avoid the same problem again, either set password values or use existing secrets. The subcharts for postgres, rabbitmq and redis all come with a value
+to set existing secret. Existing secrets is the recommended approch if are going to version control your values (GitOps) to avoid raw passwords in your version history.
+
+You can read more about the issue here: https://github.com/bitnami/charts/issues/2061
+Obs that stakater/reloader does not solve the issue.
 ## Configuration
 
 By default STACKn has been configured with a dns wildcard domain for localhost. To change this replace all occurences of studio.127.0.0.1.nip.io in values.yaml.
 
-STACKn requires access to manipulate and create recourses in the k8s cluster. Thus, it needs the cluster config as a secret in ./templates/chart-controller-secret.yaml.
-
 By default no StorageClassName is set and needs to provided in the values.yaml or by using `--set` argument.
 
 ### Quick deployment
 
 ```bash
-# Generate k8s cluster config file - NOTE: we assume a k8s cluster is already installed and configured
-cluster_config=$(cat ~/.kube/config  | base64 | tr -d '\n')
-
 # Deploy STACKn from this repository
-helm install --set kubeconfig=$cluster_config --set global.postgresql.storageClass=<your-storage-class> stackn .
+helm install --set global.postgresql.storageClass=<your-storage-class> studio .
 ```
 
 All resources will by default be created in the Namescape "default".
-STACKn studio will be avaliable at http://studio.127.0.0.1.nip.io
+STACKn studio will be avaliable at https://studio.127.0.0.1.nip.io
+Obs that you might have to make changes to your particular ingress controller (nginx is supported in this chart) to connect to the URL.
+If the ingress does not work for any reason, you can try to port-forward the studio service port to your localhost. 
 
 ## Deploy an SSL certificate
 
@@ -47,132 +51,85 @@ For production you need a domain name with a wildcard SSL certificate. If your d
 kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem
 ```
 
-## Global values
-Minimal requirement: `global.postgresql.storageClass`
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| global.studio.existingSecret | string | `""` | Use existing secret. See basic-secrets.yaml. |
-| global.studio.storageClass | string | `""` | StorageClassName for PVC. Overrides `studio.storage.storageClass`. If `studio.storage.storageClass` is unset (default) will inherent from `global.postgresql.storageClass`  |
-| global.studio.superUser | string | `admin` | Django superUser. Obs will always be `admin` until fixed. |
-| global.studio.superuserEmail | string | `'[email protected]'` | Django superUser email. Obs will always be `[email protected]` until fixed. |
-| global.studio.superuserPassword | string | `""` | Django superUser password. If left empty, will generate. |
-| global.postgresql.auth.username | string | `stackn` | Postgres user will be created |
-| global.postgresql.auth.password | string | `""` | Postgres password for user above. If empty, will be generated and stored in secret `stackn-studio-postgres` |
-| global.postgresql.auth.database | string | `stackn` | Postgres database will be created |
-| global.postgresql.auth.postgresPassword | string | `""` | Postgres password for postgres user If empty, will be generated and stored in secret `stackn-studio-postgres` |
-| global.postgresql.auth.existingSecret | string | `""` | will not create secret `stackn-studio-postgres`. Instead use existing secret for postgres|
-| global.postgresql.storageClass | string | `""` | StorageClassName for PVC |
-
-
-
-## Values
-
-Minimal requirement: `kubeconfig`
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| celeryWorkers.replicas | int | `2` |  |
-| celeryWorkers.resources.limits.cpu | string | `"1000m"` |  |
-| celeryWorkers.resources.limits.memory | string | `"8Gi"` |  |
-| celeryWorkers.resources.requests.cpu | string | `"100m"` |  |
-| celeryWorkers.resources.requests.memory | string | `"1Gi"` |  |
-| chartcontroller.branch | string | `"develop"` |  |
-| chartcontroller.enabled | bool | `false` |  |
-| chartcontroller.image.pullPolicy | string | `"Always"` |  |
-| chartcontroller.image.repository | string | `"registry.<your-domain.com>/chart-controller:develop"` |  |
-| kubeconfig | string | `""` | Encoded (base64) kubernetes config  |
-| docker-registry.enabled | bool | `false` |  |
-| docker-registry.ingress.enabled | bool | `true` |  |
-| docker-registry.ingress.hosts[0] | string | `"registry.<your-domain.com>"` |  |
-| docker-registry.ingress.tls[0].hosts[0] | string | `"registry.<your-domain.com>"` |  |
-| docker-registry.ingress.tls[0].secretName | string | `"prod-ingress"` |  |
-| docker-registry.persistence.accessMode | string | `"ReadWriteOnce"` |  |
-| docker-registry.persistence.enabled | bool | `true` |  |
-| docker-registry.persistence.size | string | `"2Gi"` |  |
-| docker-registry.persistence.storageClass | string | `"microk8s-hostpath"` |  |
-| domain | string | `studio.<your-domain.com>` |  |
-| auth_domain | string | `"stackn-studio.default.svc.cluster.local"` |  |
-| session_cookie_domain | string | `.<your-domain.com>` |  |
-| existingSecret | string | `""` |  |
-| fixtures | string | `""` |  |
-| grafana."grafana.ini".server.domain | string | `"grafana.<your-domain.com>"` |  |
-| grafana."grafana.ini".server.root_url | string | `"%(protocol)s://%(domain)s/"` |  |
-| grafana."grafana.ini".server.serve_from_sub_path | bool | `true` |  |
-| grafana.enabled | bool | `false` |  |
-| grafana.ingress.enabled | bool | `true` |  |
-| grafana.ingress.hosts[0] | string | `"grafana.<your-domain.com>"` |  |
-| grafana.ingress.path | string | `"/"` |  |
-| grafana.ingress.tls[0].hosts[0] | string | `"grafana.<your-domain.com>"` |  |
-| grafana.ingress.tls[0].secretName | string | `"prod-ingress"` |  |
-| grafana.persistence.enabled | bool | `true` |  |
-| grafana.persistence.size | string | `"2Gi"` |  |
-| grafana.persistence.storageClassName | string | `"microk8s-hostpath"` |  |
-| grafana.persistence.type | string | `"pvc"` |  |
-| imagePullSecrets[0].name | string | `"regcred"` |  |
-| ingress.annotations | object | `{}` |  |
-| ingress.enabled | bool | `true` |  |
-| ingress.hosts[0].host | string | `"studio.<your-domain.com>"` |  |
-| ingress.image.pullPolicy | string | `"Always"` |  |
-| ingress.image.repository | string | `"scaleoutsystems/ingress:develop"` |  |
-| ingress.tls[0].hosts[0] | string | `"studio.<your-domain.com>"` |  |
-| ingress.tls[0].secretName | string | `"prod-ingress"` |  |
-| namespace | string | `"default"` |  |
-| postgresql-ha.enabled | bool | `false` |  |
-| postgresql.enabled | bool | `true` |  |
-| postgresql.existingSecret | string | `""` |  |
-| postgresql.fullnameOverride | string | `"stackn-studio-postgres"` |  |
-| postgresql.persistence.accessModes[0] | string | `"ReadWriteMany"` |  |
-| postgresql.persistence.enabled | bool | `true` |  |
-| postgresql.persistence.size | string | `"20Gi"` |  |
-| postgresql.persistence.storageClass | string | `"microk8s-hostpath"` |  |
-| postgresql.postgresqlDatabase | string | `"stackn"` |  |
-| postgresql.postgresqlPassword | string | `""` |  |
-| postgresql.postgresqlUsername | string | `"stackn"` |  |
-| prometheus.enabled | bool | `false` |  |
-| prometheus.server.ingress.enabled | bool | `true` |  |
-| prometheus.server.ingress.hosts[0] | string | `"prometheus.<your-domain.com>"` |  |
-| prometheus.server.ingress.tls[0].hosts[0] | string | `"prometheus.<your-domain.com>"` |  |
-| prometheus.server.ingress.tls[0].secretName | string | `"prod-ingress"` |  |
-| prometheus.server.persistentVolume.size | string | `"2Gi"` |  |
-| prometheus.server.persistentVolume.storageClass | string | `"microk8s-hostpath"` |  |
-| rabbit.password | string | `""` |  |
-| rabbit.username | string | `"admin"` |  |
-| reloader.enabled | bool | `true` |  |
-| reloader.namespace | string | `"default"` |  |
-| reloader.reloader.watchGlobally | bool | `false` |  |
-| service.type | string | `"ClusterIP"` |  |
-| storageClassName | string | `"microk8s-hostpath"` |  |
-| studio.debug | bool | `true` |  |
-| studio.init | bool | `true` |  |
-| studio.kubeconfig_file | string | `/app/chartcontroller/kubeconfig/config` |  |
-| studio.kubeconfig_dir | string | `/app/chartcontroller/kubeconfig/` |  |
-| studio.image.pullPolicy | string | `"Always"` |  |
-| studio.image.repository | string | `"ghcr.io/scaleoutsystems/stackn/studio:develop"` |  |
-| studio.media.storage.accessModes | string | `"ReadWriteMany"` |  |
-| studio.media.storage.size | string | `"5Gi"` |  |
-| studio.media.storage.storageClassName | string | `"microk8s-hostpath"` |  |
-| studio.replicas | int | `1` |  |
-| studio.resources.limits.cpu | string | `"1000m"` |  |
-| studio.resources.limits.memory | string | `"4Gi"` |  |
-| studio.resources.requests.cpu | string | `"400m"` |  |
-| studio.resources.requests.memory | string | `"2Gi"` |  |
-| studio.servicename | string | `"studio"` |  |
-| studio.static.image | string | `"ghcr.io/scaleoutsystems/stackn/ingress:develop"` |  |
-| studio.static.replicas | int | `1` |  |
-| studio.static.resources.limits.cpu | int | `1` |  |
-| studio.static.resources.limits.memory | string | `"512Mi"` |  |
-| studio.static.resources.requests.cpu | string | `"100m"` |  |
-| studio.static.resources.requests.memory | string | `"256Mi"` |  |
-| studio.storage.StorageClassName | string | `"microk8s-hostpath"` |  |
-| studio.storage.size | string | `"2Gi"` |  |
-| studio.superUser | string | `"admin"` |  |
-| studio.superuserEmail | string | `"[email protected]"` |  |
-| studio.superuserPassword | string | `""` |  |
+This secret should be in the same namespace as studio deployment.
+
+## Enabling network policies
+If networkPolicy.enable = true, you have to make sure the correct kubernetes endpoint IP is provided in networkPolicy.kubernetes.cidr, and the correct port networkPolicy.kubernetes.port. This is to enable access of some services to the kubernetes API server through a created Service Account. To get your cluster's kubernetes endpoint run:
+```
+kubectl get endpoints kubernetes
+```
+
+Further, for ingress resources you need to set  networkPolicy.ingress_controller_namespace. If value can vary depending on your cluster configuration, but for NGINX ingress controller it's usually "ingress-nginx".
+
+## Example deployment
+```
+global:
+  studio:
+    superuserPassword: adminstudio # Django superuser password, username is admin
+  postgresql:
+      auth:
+        username: studio
+        password: studiopostgrespass
+        postgresPassword: postgres
+        database: studio
+      storageClass: local-path 
+
+namespace: default
+networkPolicy:
+  enable: true
+  kubernetes:
+    cidr: 127.0.0.1/32 # To get kubernetes api server endpoints run: $ kubectl get endpoints kubernetes
+    port: 6443
+  internal_cidr: # in-cluster IpBlock cidr, used in allow-internet-[egress|ingress] policy, e.g:
+    - 10.0.0.0/8
+    - 192.168.0.0/16
+    - 172.0.0.0/20
+
+studio:
+  debug: false
+  inactive_users: false #Users that sign-up can be inactive by default if desired
+  csrf_trusted_origins: "https://studio.127.0.0.1.nip.io:8082" #extra trusted origin for django server, for example if you port-forward to port 8082
+  image: # using a local image registry with hostname k3d-registry
+    repository: k3d-registry:35187/stackn:develop #This image can be built from Dockerfile (https://github.com/scaleoutsystems/stackn)
+    pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image
+  static:
+    image: k3d-registry:35187/stackn-nginx:develop #This image can be built from Dockerfile.nginx (https://github.com/scaleoutsystems/stackn)
+  media:
+    storage:
+      accessModes: ReadWriteOnce
+
+accessmode: ReadWriteOnce
+
+# Postgres deploy with a single-pod database:
+postgresql:
+  primary:
+    persistence:
+      size: "2Gi"
+      accessModes:
+        - ReadWriteOnce
+      storageClass: local-path
+
+rabbit:
+  password: rabbitmqpass
+
+redis:
+  master:
+    persistence:
+      enabled: false
+  replica:
+    persistence:
+      enabled: false
+
+celeryFlower:
+  enabled: false
+
+reloader:
+  enabled: true
+```
+
 
 ## Maintainers
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| Morgan Ekmefjord | [email protected] |  |
 | Fredrik Wrede | [email protected] |  |

scaleout/stackn/requirements.yaml

@@ -1,41 +1,23 @@
 # version x.x.x corresponds to "latest"
 dependencies:
-  # - name: openfaas
-  #   version: 5.6.5
-  #   repository: "https://openfaas.github.io/faas-netes/"
-  #   condition: openfaas.enabled
-
-  # - name: argo-events
-  #   version: 0.14.0
-  #   repository: "https://argoproj.github.io/argo-helm"
-  #   condition: argo-events.enabled
-
-  # - name: argo
-  #   version: 0.7.3
-  #   repository: "https://argoproj.github.io/argo-helm"
-  #   condition: argo.enabled
-
-  - name: prometheus
-    version: 13.8.0
-    repository: https://prometheus-community.github.io/helm-charts
-    condition: prometheus.enabled
-
-  - name: grafana
-    version: 6.8.4
-    repository: https://grafana.github.io/helm-charts
-    condition: grafana.enabled
 
   - name: reloader
-    version: v0.0.86
+    version: v1.0.15
     repository: https://stakater.github.io/stakater-charts
     condition: reloader.enabled
 
-  - name: postgresql-ha
-    version: 9.2.0
-    repository: https://charts.bitnami.com/bitnami
-    condition: postgresql-ha.enabled
-
   - name: postgresql
-    version: 11.6.14
+    version: 12.2.7
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
+
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 2.14.1
+
+  - name: mongodb
+    repository: https://charts.bitnami.com/bitnami
+    version: 14.4.6
+    condition: mongodb.enabled