Merge pull request #3 from catenax-ng/main

[Chore:v0.0.3] sde helm chart version bump

.github/workflows/helm-lint.yml

@@ -17,18 +17,33 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 ################################################################################
-name: "Lint helm charts"
+name:  SDE Lint and Test Charts
 
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'charts/**'
+    push:
+      branches:
+       - main
+      paths:
+       - 'charts/**'
 
-  pull_request:
-    paths:
-      - charts/**  
+    pull_request:
+      paths:
+       - charts/** 
+
+    workflow_dispatch:
+      inputs:
+        node_image:
+          description: 'kindest/node image for k8s kind cluster'
+          # k8s version from 3.1 release as default
+          default: 'kindest/node:v1.24.6'
+          required: false
+          type: string
+        upgrade_from:
+          description: 'chart version to upgrade from'
+          # chart version from 3.1 release as default
+          default: '2.0.0'
+          required: false
+          type: string
 
 jobs:
   lint-test:
@@ -74,3 +89,19 @@ jobs:
       - name: Run chart-testing (install)
         run: ct install --charts charts/simpledataexchanger --config charts/chart-testing-config.yaml
         if: ${{ env.CHART_CHANGED == 'true' }}
+
+      - name: Run helm install
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+          helm install simpledataexchanger charts/simpledataexchanger --namespace install --create-namespace
+        if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
+
+#      - name: Run helm upgrade
+#        run: |
+#          helm repo add bitnami https://charts.bitnami.com/bitnami
+#          helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+#          helm install simpledataexchanger tractusx-dev/simpledataexchanger --version ${{ github.event.inputs.upgrade_from || '2.0.0' }} --namespace upgrade --create-namespace
+#          helm dependency update charts/simpledataexchanger
+#          helm upgrade simpledataexchanger charts/simpledataexchanger --namespace upgrade
+#        if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'

CHANGELOG.md

@@ -2,9 +2,17 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Simple-Data-Exchanger helm chart.
 
-## 0.0.2
-
+## 0.0.3
 ### Change
+* changed to v2.0.1 docker image version.
+* enabled usage of existing secret values if secret exists: stops regeneration of random secret values.
 
+### Technical Support
+* added chart test workflow for lint and install.
+
+## 0.0.2
+### Change
 * added product helm chart for SDE, combining frontend and backend chart.
 * moved repository to eclipse-tractusx.
+
+

README.md

@@ -12,7 +12,7 @@ To install the chart with the release name portal:
 
 ``` $ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev ```
 
-```$ helm install sde tractusx-dev/sde```
+```$ helm install simpledataexchanger tractusx-dev/simpledataexchanger```
 
 ## Requirements
 

charts/simpledataexchanger/Chart.yaml

@@ -32,12 +32,12 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.2
+version: 0.0.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.0.0"
+appVersion: "2.0.1"
 
 dependencies:
   - condition: sdepostgresql.enabled

charts/simpledataexchanger/README.md

@@ -1,6 +1,6 @@
 # sde
 
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.3](https://img.shields.io/badge/AppVersion-0.0.3-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 
@@ -45,8 +45,15 @@ A Helm chart for Kubernetes
 | backend.podAnnotations | object | `{}` |  |
 | backend.podSecurityContext.fsGroup | int | `2000` |  |
 | backend.portContainer | int | `8080` |  |
-| backend.resources | object | `{}` |  |
+| backend.resources.limits.cpu | string | `"600m"` |  |
+| backend.resources.limits.memory | string | `"2Gi"` |  |
+| backend.resources.requests.cpu | string | `"600m"` |  |
+| backend.resources.requests.memory | string | `"2Gi"` |  |
 | backend.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| backend.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| backend.securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| backend.securityContext.runAsNonRoot | bool | `true` |  |
+| backend.securityContext.runAsUser | int | `1001` |  |
 | backend.service.port | int | `7070` |  |
 | backend.service.targetPort | int | `8080` |  |
 | backend.service.type | string | `"ClusterIP"` |  |
@@ -75,10 +82,17 @@ A Helm chart for Kubernetes
 | frontend.podAnnotations | object | `{}` |  |
 | frontend.podSecurityContext.fsGroup | int | `2000` |  |
 | frontend.portContainer | int | `8080` |  |
-| frontend.resources | object | `{}` |  |
+| frontend.resources.limits.cpu | string | `"600m"` |  |
+| frontend.resources.limits.memory | string | `"2Gi"` |  |
+| frontend.resources.requests.cpu | string | `"600m"` |  |
+| frontend.resources.requests.memory | string | `"2Gi"` |  |
 | frontend.sde.endpoints.default.path | string | `"/"` | The path mapping the "default" api is going to be exposed at |
 | frontend.sde.endpoints.default.port | string | `"80"` | The network port, which the "default" api is going to be exposed by the container, pod and service |
 | frontend.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| frontend.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| frontend.securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| frontend.securityContext.runAsNonRoot | bool | `true` |  |
+| frontend.securityContext.runAsUser | int | `1000` |  |
 | frontend.service.port | int | `80` |  |
 | frontend.service.targetPort | int | `8080` |  |
 | frontend.service.type | string | `"ClusterIP"` |  |

charts/simpledataexchanger/templates/deployment-backend.yaml

@@ -51,6 +51,7 @@ spec:
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
+            runAsUser: {{ .Values.backend.securityContext.runAsUser }}
             {{- toYaml .Values.backend.securityContext | nindent 12 }}
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy }}
@@ -60,12 +61,10 @@ spec:
             - name: SPRING_DATASOURCE_URL
               value: "jdbc:postgresql://{{ .Values.sdepostgresql.fullnameOverride }}:{{ .Values.sdepostgresql.auth.port }}/{{ .Values.sdepostgresql.auth.database }}"
             - name: SPRING_DATASOURCE_USERNAME
-              value: {{ .Values.sdepostgresql.auth.username }}
+              value: {{ .Values.sdepostgresql.auth.username | required ".Values.sdepostgresql.auth.username is required" | quote }}             
             - name: SPRING_DATASOURCE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: sde-postgresql-secrets 
-                  key: password
+              value: {{ .Values.sdepostgresql.auth.password | required ".Values.sdepostgresql.auth.password is required" | quote}}
+
           envFrom:
             - configMapRef:
                 name: {{ include "sde.fullname" . }}-backend-configmap

charts/simpledataexchanger/templates/deployment-frontend.yaml

@@ -47,6 +47,7 @@ spec:
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
+            runAsUser: {{ .Values.frontend.securityContext.runAsUser }}
             {{- toYaml .Values.frontend.securityContext | nindent 12 }}
           image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.frontend.image.pullPolicy }}

charts/simpledataexchanger/values.yaml

@@ -26,13 +26,12 @@ sdepostgresql:
   enabled: true
   fullnameOverride: "product-sde-postgres"
   auth:
+    postgresPassword: "default"
     username: "sdeuser"
-    port: 5432
+    password: "default"
     database: "sdedb"
-    existingSecret: "sde-postgresql-secrets"
-    secretKeys:
-      adminPasswordKey: "postgres-password"
-      userPasswordKey: "password"
+    port: 5432
+    existingSecret: ""
 
 backend:
   image:
@@ -51,17 +50,16 @@ backend:
 
   podAnnotations: {}
 
-  podSecurityContext:
-    fsGroup: 2000
+  podSecurityContext: {}
 
   securityContext:
     allowPrivilegeEscalation: false
     capabilities:
       drop:
         - ALL
-    readOnlyRootFilesystem: true
     runAsNonRoot: true
     runAsUser: 1001
+    fsGroup: 1001
 
   service:
     type: ClusterIP
@@ -181,17 +179,16 @@ frontend:
   portContainer: 8080
   podAnnotations: {}
 
-  podSecurityContext:
-    fsGroup: 2000
+  podSecurityContext: {}
 
   securityContext:
     allowPrivilegeEscalation: false
     capabilities:
       drop:
         - ALL
-    readOnlyRootFilesystem: true
     runAsNonRoot: true
-    runAsUser: 1000
+    runAsUser: 101
+    fsGroup: 101
 
   service:
     type: ClusterIP