Skip to content

Commit

Permalink
Simplify admin hash in the secret (apache#106)
Browse files Browse the repository at this point in the history 
Replaces the `password.ini` field in the internal secret resource with a field `adminHash`. This simplifies the management of the admin hash but breaks compatibility with the previous `password.ini` if `createAdminSecret` is set to `false`, hence the major version bump.
  • Loading branch information
@rileyai-dev @helbertonepoint
rileyai-dev authored and helbertonepoint committed Jan 9, 2023
1 parent 46e45b1 commit 60cb33e
Show file tree
Hide file tree
Showing 7 changed files with 165 additions and 92 deletions.
4 changes: 4 additions & 0 deletions couchdb/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
apiVersion: v1
name: couchdb
<<<<<<< HEAD
<<<<<<< HEAD
version: 4.0.1
=======
version: 3.6.4
>>>>>>> b8342f7 (add service.labels and fix ingress service reference)
=======
version: 4.0.0
>>>>>>> 3d244ba (Simplify admin hash in the secret (#106))
appVersion: 3.2.1
description: A database featuring seamless multi-master sync, that scales from
big data to mobile, with an intuitive HTTP/JSON API and designed for
Expand Down
7 changes: 7 additions & 0 deletions couchdb/NEWS.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
# NEWS

<<<<<<< HEAD
<<<<<<< HEAD
## 4.0.1
=======
=======
## 4.0.0

- Simplified the `adminHash` in the secret

>>>>>>> 3d244ba (Simplify admin hash in the secret (#106))
# 3.6.4

- Add `service.labels` value to pass along labels to the client-facing service
Expand Down
89 changes: 74 additions & 15 deletions couchdb/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# CouchDB

![Version: 3.6.4](https://img.shields.io/badge/Version-3.6.4-informational?style=flat-square) ![AppVersion: 3.2.1](https://img.shields.io/badge/AppVersion-3.2.1-informational?style=flat-square)
![Version: 4.0.0](https://img.shields.io/badge/Version-4.0.0-informational?style=flat-square) ![AppVersion: 3.2.1](https://img.shields.io/badge/AppVersion-3.2.1-informational?style=flat-square)

Apache CouchDB is a database featuring seamless multi-master sync, that scales
from big data to mobile, with an intuitive HTTP/JSON API and designed for
Expand All @@ -18,7 +18,7 @@ storage volumes to each Pod in the Deployment.
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
$ helm install couchdb/couchdb \
--version=3.6.4 \
--version=4.0.0 \
--set allowAdminParty=true \
--set couchdbConfig.couchdb.uuid=$(curl https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -)
```
Expand All @@ -44,7 +44,7 @@ Afterwards install the chart replacing the UUID
```bash
$ helm install \
--name my-release \
--version=3.6.4 \
--version=4.0.0 \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
```
Expand All @@ -64,28 +64,21 @@ $ kubectl create secret generic my-release-couchdb --from-literal=adminUsername
```

If you want to set the `adminHash` directly to achieve consistent salts between
different nodes you need to addionally add the key `password.ini` to the secret:
different nodes you need to add it to the secret:

```bash
$ kubectl create secret generic my-release-couchdb \
--from-literal=adminUsername=foo \
--from-literal=cookieAuthSecret=baz \
--from-file=./my-password.ini
```

With the following contents in `my-password.ini`:

```
[admins]
foo = <pbkdf2-hash>
--from-literal=adminHash=-pbkdf2-d4b887da....
```

and then install the chart while overriding the `createAdminSecret` setting:

```bash
$ helm install \
--name my-release \
--version=3.6.4 \
--version=4.0.0 \
--set createAdminSecret=false \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
Expand Down Expand Up @@ -116,7 +109,7 @@ incompatible breaking change needing manual actions.
### Upgrade to 3.0.0

Since version 3.0.0 setting the CouchDB server instance UUID is mandatory.
Therefore you need to generate a UUID and supply it as a value during the
Therefore, you need to generate a UUID and supply it as a value during the
upgrade as follows:

```bash
Expand All @@ -127,14 +120,20 @@ $ helm upgrade <release-name> \
couchdb/couchdb
```

### Upgrade to 4.0.0

Breaking change between v3 and v4 is the `adminHash` in the secret that no longer uses
the `password.ini`. It stores the `adminHash` only instead, make sure to change it if you
use your own secret.

## Migrating from stable/couchdb

This chart replaces the `stable/couchdb` chart previously hosted by Helm and continues the
version semantics. You can upgrade directly from `stable/couchdb` to this chart using:

```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
$ helm upgrade my-release --version=3.6.4 couchdb/couchdb
$ helm upgrade my-release --version=4.0.0 couchdb/couchdb
```

## Configuration
Expand Down Expand Up @@ -165,6 +164,7 @@ required options to set:
A variety of other parameters are also configurable. See the comments in the
`values.yaml` file for further details:

<<<<<<< HEAD
| Parameter | Default |
|--------------------------------------|----------------------------------------|
| `adminUsername` | admin |
Expand Down Expand Up @@ -223,6 +223,65 @@ A variety of other parameters are also configurable. See the comments in the
| `placementConfig.enabled` | false |
| `placementConfig.image.repository` | caligrafix/couchdb-autoscaler-placement-manager|
| `placementConfig.image.tag` | 0.1.0 |
=======
| Parameter | Default |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `adminUsername` | admin |
| `adminPassword` | auto-generated |
| `adminHash` | |
| `cookieAuthSecret` | auto-generated |
| `image.repository` | couchdb |
| `image.tag` | 3.2.1 |
| `image.pullPolicy` | IfNotPresent |
| `searchImage.repository` | kocolosk/couchdb-search |
| `searchImage.tag` | 0.1.0 |
| `searchImage.pullPolicy` | IfNotPresent |
| `initImage.repository` | busybox |
| `initImage.tag` | latest |
| `initImage.pullPolicy` | Always |
| `ingress.enabled` | false |
| `ingress.hosts` | chart-example.local |
| `ingress.annotations` | |
| `ingress.path` | / |
| `ingress.tls` | |
| `persistentVolume.accessModes` | ReadWriteOnce |
| `persistentVolume.storageClass` | Default for the Kube cluster |
| `persistentVolume.annotations` | {} |
| `podManagementPolicy` | Parallel |
| `affinity` | |
| `topologySpreadConstraints` | |
| `annotations` | |
| `tolerations` | |
| `resources` | |
| `service.annotations` | |
| `service.enabled` | true |
| `service.type` | ClusterIP |
| `service.externalPort` | 5984 |
| `dns.clusterDomainSuffix` | cluster.local |
| `networkPolicy.enabled` | true |
| `serviceAccount.enabled` | true |
| `serviceAccount.create` | true |
| `serviceAccount.imagePullSecrets` | |
| `sidecars` | {} |
| `livenessProbe.enabled` | true |
| `livenessProbe.failureThreshold` | 3 |
| `livenessProbe.initialDelaySeconds` | 0 |
| `livenessProbe.periodSeconds` | 10 |
| `livenessProbe.successThreshold` | 1 |
| `livenessProbe.timeoutSeconds` | 1 |
| `readinessProbe.enabled` | true |
| `readinessProbe.failureThreshold` | 3 |
| `readinessProbe.initialDelaySeconds` | 0 |
| `readinessProbe.periodSeconds` | 10 |
| `readinessProbe.successThreshold` | 1 |
| `readinessProbe.timeoutSeconds` | 1 |
| `prometheusPort.enabled` | false |
| `prometheusPort.port` | 17896 |
| `prometheusPort.bind_address` | 0.0.0.0 |
| `placementConfig.enabled` | false |
| `placementConfig.image.repository` | caligrafix/couchdb-autoscaler-placement-manager |
| `placementConfig.image.tag` | 0.1.0 |
>>>>>>> 3d244ba (Simplify admin hash in the secret (#106))
## Feedback, Issues, Contributing

Expand Down
Loading

0 comments on commit 60cb33e

Please sign in to comment.