Merge branch 'release/0.5.0'

CHANGELOG.md

@@ -3,25 +3,39 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/0.4.4...HEAD)
+## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/0.5.0...HEAD)
+
+## [0.5.0] - 2023-11-15
+
+### Fixed
+
+- [#56](https://github.com/passbolt/charts-passbolt/issues/56) Cronjob "cron-proc-email" and few other resources doesn't take imageRegistry global parameter
+
+### Added
+
+- [#55](https://github.com/passbolt/charts-passbolt/issues/55) Deploying with postgres db
 
 ## [0.4.4] - 2023-10-09
 
 ### Fixed
+
 - [#52](https://github.com/passbolt/charts-passbolt/issues/52) pullPolicy incorrect rendering
 
 ## [0.4.3] - 2023-10-06
 
 ### Added
+
 - New values tls.existingSecret and tls.autogenerate to control injecting ssl certificates in passbolt containers and ingress
 
 ### Fixed
+
 - [#51](https://github.com/passbolt/charts-passbolt/issues/51) ability to use external tls secret
 - [#49](https://github.com/passbolt/charts-passbolt/issues/49) ability to use custom registries and custom pullSecrets
 
 ## [0.4.2] - 2023-08-31
 
 ### Added
+
 - Bump passbolt version 4.1.2-1-ce
 
 ## [0.4.1] - 2023-06-11
@@ -76,7 +90,6 @@ This release includes breaking changes .Values.redisProxyResources now is .Value
 
 - Added tests for disabled redis proxy
 
-
 ## [0.3.0] - 2023-05-03
 
 ### Fixed

Chart.lock

@@ -8,5 +8,8 @@ dependencies:
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
   version: 11.5.7
-digest: sha256:2b667ef711638e19c9541150634312e835a86608ba730c139408d98f85be6cc7
-generated: "2023-08-10T18:47:01.974503483+02:00"
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 13.2.3
+digest: sha256:541a5a0685f8f792ef99c2de7c29b73ae543563f4ff4f795797d65bfc88c3222
+generated: "2023-11-09T16:43:25.437028891+01:00"

Chart.yaml

@@ -15,12 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.4
+version: 0.5.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.3.0-1-ce
+appVersion: 4.4.0-1-ce
 dependencies:
   - name: passbolt-library
     version: 0.2.7
@@ -33,3 +33,7 @@ dependencies:
     version: 11.5.7
     repository: "https://charts.bitnami.com/bitnami"
     condition: mariadbDependencyEnabled
+  - name: postgresql
+    version: 13.2.3
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: postgresqlDependencyEnabled

README.md.gotmpl

@@ -11,14 +11,21 @@ collaboration.
 
 ## TL;DR
 
-The following command is not recommended for production deployments as it will
+The following commands are not recommended for production deployments as they will
 use default passwords for internal databases:
 
 ```bash
 helm repo add my-repo https://download.passbolt.com/charts/passbolt
 helm install my-release my-repo/passbolt
 ```
 
+In case you prefer to use postgresql intead of mariadb, a sample config is provided in the examples directory:
+
+```
+helm repo add my-repo https://download.passbolt.com/charts/passbolt
+helm install my-release my-repo/passbolt -f examples/postgresql.yaml
+```
+
 Production workloads should change the fields with values 'CHANGEME' on values.yaml
 and deploy the chart as follows:
 

RELEASE_NOTES.md

@@ -1,5 +1,11 @@
-This is a small hotfix release that fixes issues reported
-by the community regarding the imagePullPolicy on the
-deployment resource.
+We are happy to announce the availability of the version 0.5.0 of
+the official Passbolt helm chart.
+This release comes with a well requested feature: PostgreSQL support.
+Users will be able to plug their external PostgreSQL instances or
+use the bundled dependency in this chart.
+PostgreSQL is an opt-in feature, by default Passbolt helm chart
+still relies on MariaDB. However, it should be easy for users to plug
+one or the other.
+Thanks to all the community members for your feedback and support.
 
-For more information please check our [changelog](https://github.com/passbolt/charts-passbolt/blob/0.4.4/CHANGELOG.md)
+For more information please check our [changelog](https://github.com/passbolt/charts-passbolt/blob/0.5.0/CHANGELOG.md)

examples/postgresql.yaml

@@ -0,0 +1,14 @@
+postgresqlDependencyEnabled: true
+mariadbDependencyEnabled: false
+
+postgresql:
+  auth:
+    # -- Configure postgresql auth username
+    username: CHANGEME
+    # -- Configure postgresql auth password
+    password: CHANGEME
+    # -- Configure postgresql auth database
+    database: passbolt
+app:
+  database:
+    kind: postgresql

templates/_helpers.tpl

@@ -65,11 +65,19 @@ Create the name of the service account to use
 Render the value of the database service
 */}}
 {{- define "passbolt.databaseServiceName" -}}
+{{- if and ( eq .Values.mariadbDependencyEnabled true ) (or ( eq .Values.app.database.kind "mariadb") ( eq .Values.app.database.kind "mysql") ) }}
 {{- if eq .Values.mariadb.architecture "replication" }}
 {{- default ( printf "%s-%s-primary" .Release.Name "mariadb" ) .Values.passboltEnv.plain.DATASOURCES_DEFAULT_HOST | quote }}
 {{- else }}
 {{- default ( printf "%s-%s" .Release.Name "mariadb" ) .Values.passboltEnv.plain.DATASOURCES_DEFAULT_HOST | quote }}
 {{- end -}}
+{{- else if and ( eq .Values.postgresqlDependencyEnabled true ) ( eq .Values.app.database.kind "postgresql" ) }}
+{{- default ( printf "%s-postgresql" .Release.Name ) .Values.passboltEnv.plain.DATASOURCES_DEFAULT_HOST | quote }}
+{{- else if ( hasKey .Values.passboltEnv.plain "DATASOURCES_DEFAULT_HOST" )  -}}
+{{- printf "%s" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_HOST }}
+{{- else }}
+{{- fail "DATASOURCES_DEFAULT_HOST can't be empty when mariadbDependencyEnabled and postgresqlDependencyEnabled are disabled"}}
+{{- end }}
 {{- end }}
 
 {{/*
@@ -116,18 +124,49 @@ Show error message if the user didn't set the gpg key after upgrade
 {{- $repositoryName := .imageRoot.repository -}}
 {{- $separator := ":" -}}
 {{- $termination := .imageRoot.tag | toString -}}
-{{- if .global }}
-  {{- if .global.imageRegistry }}
+{{- if .global -}}
+  {{- if .global.imageRegistry -}}
     {{- $registryName = .global.imageRegistry -}}
   {{- end -}}
 {{- end -}}
-{{- if $registryName }}
+{{- if $registryName -}}
     {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
 {{- else -}}
     {{- printf "%s%s%s"  $repositoryName $separator $termination -}}
 {{- end -}}
 {{- end -}}
 
+{{- define "passbolt.initImage" -}}
+{{- $registryName := "" -}}
+{{- $repositoryName := "" -}}
+{{- $image := "" -}}
+{{- $imagePullPolicy := "" -}}
+{{- if .Values.app.initImage }}
+  {{- $image = (include "passbolt.image" (dict "imageRoot" .Values.app.initImage "global" .Values.global)) }}
+  {{- $imagePullPolicy = (default "IfNotPresent" .Values.app.initImage.pullPolicy) }}
+{{- else -}}
+  {{- if .Values.global -}}
+    {{- if .Values.global.imageRegistry -}}
+      {{- $registryName = .Values.global.imageRegistry -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if or (eq .Values.app.database.kind "mariadb" ) ( eq .Values.app.database.kind "mysql" ) }}
+    {{- $repositoryName = "mariadb" -}}
+  {{- else if eq .Values.app.database.kind "postgresql" }}
+    {{- $repositoryName = "postgres" -}}
+  {{- end }}
+  {{- if not (eq $registryName "") }}
+    {{- $image = printf "%s/%s" $registryName $repositoryName }}
+    {{- $imagePullPolicy = default "IfNotPresent" .Values.global.imagePullPolicy }}
+  {{- else }}
+    {{- $image = printf "%s" $repositoryName }}
+    {{- $imagePullPolicy = default "IfNotPresent" .Values.global.imagePullPolicy }}
+  {{- end -}}
+{{- end -}}
+image: {{ printf "%s" $image }}
+imagePullPolicy: {{ printf "%s" $imagePullPolicy }}
+{{- end -}}
+
 {{- define "passbolt.pullSecrets" -}}
   {{- $pullSecrets := list }}
 
@@ -150,3 +189,13 @@ imagePullSecrets:
     {{- end }}
   {{- end }}
 {{- end -}}
+
+{{- define "passbolt.databaseClient" -}}
+{{- $client := "mariadb" -}}
+{{- if .Values.app.initImage -}}
+  {{- $client = (default $client .Values.app.initImage.client ) }}
+{{- else if eq .Values.app.database.kind "postgresql" -}}
+  {{- $client = "pg_isready" -}}
+{{- end -}}
+{{- printf "%s" $client }}
+{{- end -}}

templates/configmap-env.yaml

@@ -16,3 +16,7 @@ metadata:
     {{- include "passbolt-library.typelabels" (dict "action" $action "type" $type) | nindent 4 }}
 data:
 {{ include "passbolt-library.configmap-envvar.tpl" .Values.passboltEnv.plain | nindent 2 }}
+{{- if eq .Values.app.database.kind "postgresql" }}
+    DATASOURCES_DEFAULT_DRIVER: 'Cake\Database\Driver\Postgres'
+    DATASOURCES_DEFAULT_ENCODING: "utf8"
+{{- end -}}

templates/cronjob-proc-email.yaml

@@ -31,7 +31,8 @@ spec:
             fsGroup: 33
           containers:
             - name: {{ $fullName }}
-          {{ include "passbolt-library.container-repositories.tpl" (dict "Values" . "Image" .Values.app.image) | nindent 14 }}
+              image: {{ include "passbolt.image" (dict "imageRoot" .Values.app.image "global" .Values.global) }}
+              imagePullPolicy: {{ .Values.app.image.pullPolicy }}
               command:
                 - "/bin/bash"
               args:
@@ -63,7 +64,8 @@ spec:
                   readOnly: true
             {{- if .Values.app.cache.redis.sentinelProxy.enabled }}
             - name: {{ $fullName }}-redisproxy
-              {{ include "passbolt-library.container-repositories.tpl" (dict "Values" . "Image" .Values.app.cache.redis.sentinelProxy.image) | nindent 14 }}
+              image: {{ include "passbolt.image" (dict "imageRoot" .Values.app.cache.redis.sentinelProxy.image "global" .Values.global) }}
+              imagePullPolicy: {{ .Values.app.cache.redis.sentinelProxy.pullPolicy }}
               command:
                 - "/bin/bash"
               args:

templates/deployment.yaml

@@ -40,13 +40,15 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: {{ $fullName }}-init
-          image: {{ include "passbolt.image" (dict "imageRoot" .Values.app.initImage "global" .Values.global) }}
-          imagePullPolicy: {{ .Values.app.initImage.pullPolicy }}
+          {{ include "passbolt.initImage" . | nindent 10 }}
           command:
             - "/bin/bash"
           args:
             - "-c"
             - |
+              set -e 
+              client="{{- include "passbolt.databaseClient" . }}"
+              {{- if or ( eq .Values.app.database.kind "mysql" ) ( eq .Values.app.database.kind "mariadb" ) }}
               cat <<-EOF > /tmp/defaultsfile.cnf
               [client]
               user=${DATASOURCES_DEFAULT_USERNAME}
@@ -55,10 +57,26 @@ spec:
               connect-timeout=2
               EOF
               userhost="%"
-              while ! {{ .Values.app.initImage.client }} --defaults-file=/tmp/defaultsfile.cnf -e "SELECT 1" > /dev/null 2>&1; do
+              client="{{- include "passbolt.databaseClient" . }}"
+              while ! ${client} --defaults-file=/tmp/defaultsfile.cnf -e "SELECT 1" > /dev/null 2>&1; do
                 echo "Waiting for database connection..."
                 sleep 2
               done
+              {{- end -}}
+              {{ if eq .Values.app.database.kind "postgresql" }}
+              apt update
+              apt install -y postgresql-client
+              cat <<-EOF > /tmp/.pgpass
+              ${DATASOURCES_DEFAULT_HOST}:5432:*:${DATASOURCES_DEFAULT_USERNAME}:${DATASOURCES_DEFAULT_PASSWORD}
+              EOF
+              chmod 600 /tmp/.pgpass
+              cat /tmp/.pgpass
+              export PGPASSFILE='/tmp/.pgpass'
+              while ! ${client} -h ${DATASOURCES_DEFAULT_HOST} ; do
+                echo "Waiting for postgresql database connection..."
+                sleep 2
+              done
+              {{- end }}
           env:
             - name: DATASOURCES_DEFAULT_HOST
               value: {{ include "passbolt.databaseServiceName" . }}

templates/job-create-gpg.yaml

@@ -28,6 +28,7 @@ spec:
       containers:
         - name: {{ $fullName }}
           image: {{ include "passbolt.image" (dict "imageRoot" .Values.app.image "global" .Values.global) }}
+          imagePullPolicy: {{ .Values.app.image.pullPolicy }}
           command:
             - "/bin/bash"
           args:

templates/secret-env.yaml

@@ -17,3 +17,12 @@ metadata:
 type: Opaque
 data:
 {{ include "passbolt-library.secret-range.tpl" .Values.passboltEnv.secret | nindent 2 }}
+{{- if eq .Values.app.database.kind "postgresql" }}
+    {{- $username := .Values.passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME }}
+    {{- $password := .Values.passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD }}
+    {{- $database := .Values.passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE }}
+    {{- $schema := ( default "passbolt" .Values.passboltEnv.secret.DATASOURCES_DEFAULT_SCHEMA ) }}
+    {{- $host := ( default (printf "%s-postgresql" .Release.Name ) .Values.passboltEnv.secret.DATASOURCES_DEFAULT_HOST ) }}
+    {{- $port := ( default "5432" .Values.passboltEnv.secret.DATASOURCES_DEFAULT_PORT ) }}
+    DATASOURCES_DEFAULT_URL: {{ printf "postgres://%s:%s@%s:%s/%s?schema=%s" $username $password $host $port $database $schema | toString | b64enc }}
+{{- end -}}

tests/cronjob_images.yaml

@@ -0,0 +1,33 @@
+---
+suite: images
+release:
+  name: test
+values:
+  - values-test.yaml
+tests:
+  - it: should have the correct pull policy
+    templates:
+      - cronjob-proc-email.yaml
+    set:
+      redis.auth.enabled: true
+      redis.replica.replicaCount: 2
+      autoscaling.enabled: false
+      app.cache.redis.sentinelProxy.enabled: true
+      app.cache.redis.sentinelProxy.image.repository: haproxy
+      app.cache.redis.sentinelProxy.image.tag: latest
+      app.cache.redis.sentinelProxy.pullPolicy: always
+      app.image.pullPolicy: always
+      app.initImage.pullPolicy: always
+    asserts:
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers
+          content:
+            image: passbolt/passbolt:4.1.2-1-ce
+          count: 1
+          any: true
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers
+          content:
+            image: haproxy:latest
+          count: 1
+          any: true

tests/default_config_env_test.yaml

@@ -1,11 +1,11 @@
 ---
-suite: default config cache pointing to proxy
+suite: default config
 release:
   name: test
 values:
   - values-test.yaml
 tests:
-  - it: default should point to localhost for cache
+  - it: should point to localhost for cache
     templates:
       - configmap-env.yaml
     set:
@@ -19,3 +19,24 @@ tests:
       - equal:
           path: data.CACHE_CAKE_DEFAULT_SERVER
           value: 127.0.0.1
+  - it: should not have a custom database driver
+    templates:
+      - configmap-env.yaml
+    set:
+      app.database.kind: "mariadb"
+      postgresqlDependencyEnabled: false
+      mariadbDependencyEnabled: true
+    asserts:
+      - isNull:
+          path: data.DATASOURCES_DEFAULT_DRIVER
+  - it: should have a postgresql database driver when postgresql is enabled
+    templates:
+      - configmap-env.yaml
+    set:
+      app.database.kind: "postgresql"
+      postgresqlDependencyEnabled: true
+      mariadbDependencyEnabled: false
+    asserts:
+      - equal:
+          path: data.DATASOURCES_DEFAULT_DRIVER
+          value: 'Cake\Database\Driver\Postgres'