This is an automated email from the ASF dual-hosted git repository.
klesh pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-devlake-helm-chart.git
The following commit(s) were added to refs/heads/main by this push:
new acfc375 Feat: Support AWS Cognito OAuth (#125)
acfc375 is described below
commit acfc37565aa79a43118c297666603773a9a81b00
Author: Tiexin Guo <[email protected]>
AuthorDate: Sat May 6 17:18:07 2023 +0800
Feat: Support AWS Cognito OAuth (#125)
* chore: clean up helm chart
* test
* update
* update
* update
* update
* Delete lint-chart-and-app-versions.yml
* reformat
* docs: update values file and helm setup doc
* feat: update chart version in readme
* bug: add GF_SERVER_ROOT_URL back when oauth is not enabled for grafana
* bug: add GF_SERVER_ROOT_URL back when oauth is not enabled for grafana
* bump chart version
* bump app version
* update image version in values
* bump version to beta4
* update chart version to temporary 3.1
---------
Co-authored-by: Warren Chen <[email protected]>
Co-authored-by: Tiexin Guo <[email protected]>
Co-authored-by: Klesh Wong <[email protected]>
---
.github/workflows/lint-chart-and-app-versions.yml | 79 --------
HelmSetup.md | 221 ++++++++++++----------
README.md | 22 ++-
charts/devlake/Chart.yaml | 5 +-
charts/devlake/templates/NOTES.txt | 2 +-
charts/devlake/templates/_helpers.tpl | 2 +-
charts/devlake/templates/configmaps.yaml | 44 +++--
charts/devlake/templates/deployments.yaml | 11 +-
charts/devlake/templates/ingresses.yaml | 2 +
charts/devlake/templates/statefulsets.yaml | 116 +-----------
charts/devlake/values.yaml | 179 +++++++++++-------
11 files changed, 295 insertions(+), 388 deletions(-)
diff --git a/.github/workflows/lint-chart-and-app-versions.yml
b/.github/workflows/lint-chart-and-app-versions.yml
deleted file mode 100644
index ec28be3..0000000
--- a/.github/workflows/lint-chart-and-app-versions.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-name: Lint for chart versions
-on:
- pull_request:
- branches:
- - main
- paths:
- - charts/**
- - '!**.md'
-jobs:
- check_chart_version_matches_app_version:
- name: chart version matches app version
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: install yq
- run: echo yq should already in github ubuntu-latest
- - name: chart version align with app version
- run: |
- set -e
- chart_version_text=$(yq .version
${GITHUB_WORKSPACE}/charts/devlake/Chart.yaml)
- app_version_text=$(yq .appVersion
${GITHUB_WORKSPACE}/charts/devlake/Chart.yaml)
- if [[ "v$chart_version_text" == "$app_version_text" ]] ; then
- echo version check for app and chart pass,
chart:$chart_version_text and app:$app_version_text
- echo version check for app and chart pass,
chart:$chart_version_text and app:$app_version_text :green_heart: >>
$GITHUB_STEP_SUMMARY
- else
- echo chart version: $chart_version_text not align with app
version: $app_version_text
- echo chart version: $chart_version_text not align with app
version: $app_version_text :broken_heart: >> $GITHUB_STEP_SUMMARY
- exit 1
- fi
- check_chart_version_should_be_increased:
- name: char version should be increased
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- with:
- ref: ${{ github.base_ref }}
- - name: get base chart version
- id: get-base-chart-version
- run:
- echo "CHART_VERSION=$(yq .version
${GITHUB_WORKSPACE}/charts/devlake/Chart.yaml)" >> $GITHUB_OUTPUT
- - uses: actions/checkout@v3
- with:
- ref: ${{ github.ref }}
- - name: chart version should be promoted
- run: |
- set -e
- base_chart_version_text="${{
steps.get-base-chart-version.outputs.CHART_VERSION }}"
- chart_version_text=$(yq .version
${GITHUB_WORKSPACE}/charts/devlake/Chart.yaml)
- pip3 install semver
- if python3 -c "from semver import VersionInfo as vi ;
vi.parse('${chart_version_text}')" ; then
- echo "version ${chart_version_text} is a valid version string"
:green_heart: >> $GITHUB_STEP_SUMMARY
- else
- echo "version ${chart_version_text} is not a valid version string"
:broken_heart: >> $GITHUB_STEP_SUMMARY
- exit 1
- fi
- if python3 -c "from semver import VersionInfo as vi ; assert
vi.parse('${chart_version_text}') > vi.parse('${base_chart_version_text}')" ;
then
- echo "version ${chart_version_text} > ${base_chart_version_text}"
:green_heart: >> $GITHUB_STEP_SUMMARY
- else
- echo "version ${chart_version_text} <= ${base_chart_version_text}"
:broken_heart: >> $GITHUB_STEP_SUMMARY
- exit 1
- fi
- check_image_version_matches_app_version:
- name: image vesion matches app version
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: install yq
- run: echo yq should already in github ubuntu-latest
- - name: chart version align with image version
- run: |
- set -e
- app_version_text=$(yq .appVersion
${GITHUB_WORKSPACE}/charts/devlake/Chart.yaml)
- image_version_text=$(yq .imageTag
${GITHUB_WORKSPACE}/charts/devlake/values.yaml)
- if [[ $app_version_text != $image_version_text ]] ; then
- echo chart version $app_version_text is not equal to image tag
$image_version_text :broken_heart: >> $GITHUB_STEP_SUMMARY
- exit 1
- else
- echo all images version are equal to app version :green_heart: >>
$GITHUB_STEP_SUMMARY
- fi
diff --git a/HelmSetup.md b/HelmSetup.md
index cbc9969..4719bbf 100644
--- a/HelmSetup.md
+++ b/HelmSetup.md
@@ -10,7 +10,6 @@ sidebar_position: 2
- Helm >= 3.6.0
- Kubernetes >= 1.19.0
-
## Quick Start
#### You can also check https://github.com/apache/incubator-devlake-helm-chart
to make contribution
@@ -29,12 +28,16 @@ And visit your devlake from the node port (32001 by
default).
http://YOUR-NODE-IP:32001
-#### Tips:
+#### Tips:
+
If you are using minikube inside your mac, please use the following command to
forward the port:
+
```shell
kubectl port-forward service/devlake-ui 30090:4000
```
+
and open another terminal:
+
```shell
kubectl port-forward service/devlake-grafana 30091:3000
```
@@ -58,14 +61,14 @@ To uninstall/delete the `devlake` release:
helm uninstall devlake
```
-
## Some example deployments
### Deploy with NodePort
Conditions:
- - IP Address of Kubernetes node: 192.168.0.6
- - Want to visit devlake with port 30000.
+
+- IP Address of Kubernetes node: 192.168.0.6
+- Want to visit devlake with port 30000.
```
helm install devlake devlake/devlake --set service.uiPort=30000
@@ -76,8 +79,9 @@ After deployed, visit devlake: http://192.168.0.6:30000
### Deploy with Ingress
Conditions:
- - I have already configured default ingress for the Kubernetes cluster
- - I want to use http://devlake.example.com for visiting devlake
+
+- I have already configured default ingress for the Kubernetes cluster
+- I want to use http://devlake.example.com for visiting devlake
```
helm install devlake devlake/devlake --set
"ingress.enabled=true,ingress.hostname=devlake.example.com"
@@ -88,16 +92,19 @@ After deployed, visit devlake: http://devlake.example.com,
and grafana at http:/
### Deploy with Ingress (Https)
Conditions:
- - I have already configured ingress(class: nginx) for the Kubernetes cluster,
and the https using 8443 port.
- - I want to use https://devlake-0.example.com:8443 for visiting devlake.
- - The https certificates are generated by letsencrypt.org, and the
certificate and key files: `cert.pem` and `key.pem`
+
+- I have already configured ingress(class: nginx) for the Kubernetes cluster,
and the https using 8443 port.
+- I want to use https://devlake-0.example.com:8443 for visiting devlake.
+- The https certificates are generated by letsencrypt.org, and the certificate
and key files: `cert.pem` and `key.pem`
First, create the secret:
+
```
kubectl create secret tls ssl-certificate --cert cert.pem --key secret.pem
```
Then, deploy the devlake:
+
```
helm install devlake devlake/devlake \
--set
"ingress.enabled=true,ingress.enableHttps=true,ingress.hostname=devlake-0.example.com"
\
@@ -107,110 +114,120 @@ helm install devlake devlake/devlake \
After deployed, visit devlake: https://devlake-0.example.com:8443, and grafana
at https://devlake-0.example.com:8443/grafana
-
## Parameters
Some useful parameters for the chart, you could also check them in values.yaml
-| Parameter | Description
| Default |
-| --------------------------------- |
-------------------------------------------------------- |
-------------------------- |
-| replicaCount | Replica Count for devlake, currently not
used | 1 |
-| imageTag | The version tag for all images
| see Values.yaml |
-| mysql.useExternal | If use external mysql server, set true
| false |
-| mysql.externalServer | External mysql server address
| 127.0.0.1 |
-| mysql.externalPort | External mysql server port
| 3306 |
-| mysql.username | username for mysql
| merico |
-| mysql.password | password for mysql
| merico |
-| mysql.database | database for mysql
| lake |
-| mysql.rootPassword | root password for mysql
| admin |
-| mysql.storage.class | storage class for mysql's volume
| "" |
-| mysql.storage.size | volume size for mysql's data
| 5Gi |
-| mysql.image.repository | repository for mysql's image
| mysql |
-| mysql.image.tag | image tag for mysql's image
| 8 |
-| mysql.image.pullPolicy | pullPolicy for mysql's image
| IfNotPresent |
-| mysql.extraLabels | extra labels for mysql's statefulset
| {} |
-| mysql.securityContext | pod security context values
| {} |
-| mysql.containerSecurityContext | container security context values
| {} |
-| grafana.image.repository | repository for grafana's image
| apache/devlake-dashboard |
-| grafana.image.pullPolicy | pullPolicy for grafana's image
| Always |
-| grafana.useExternal | If use external grafana server
| false |
-| grafana.externalUrl | external grafana server if use external
| "" |
-| grafana.extraLabels | extra labels for grafana's statefulset
| {} |
-| grafana.securityContext | pod security context values
| {} |
-| grafana.containerSecurityContext | container security context values
| {} |
-| lake.storage.class | storage class for lake's volume
| "" |
-| lake.storage.size | volume size for lake's data
| 100Mi |
-| lake.image.repository | repository for lake's image
| apache/devlake |
-| lake.image.pullPolicy | pullPolicy for lake's image
| Always |
-| lake.loggingDir | log dir for the lake server
| /app/logs |
-| lake.loggingLevel | log level for the lake server
| info |
-| lake.dotenv | initial configurations for injecting to
lake's .env | see Values.yaml |
-| lake.extraLabels | extra labels for lake's statefulset
| {} |
-| lake.securityContext | pod security context values
| {} |
-| lake.containerSecurityContext | container security context values
| {} |
-| ui.image.repository | repository for ui's image
| apache/devlake-config-ui |
-| ui.image.pullPolicy | pullPolicy for ui's image
| Always |
-| ui.basicAuth.enabled | If the basic auth in ui is enabled
| false |
-| ui.basicAuth.user | The user name for the basic auth
| "admin" |
-| ui.basicAuth.password | The password for the basic auth
| "admin" |
-| ui.basicAuth.useSecret | If use secret instead of configmap for
basic auth | false |
-| ui.basicAuth.autoCreateSecret | If let the helm chart create the secret
| true |
-| ui.basicAuth.secretName | The basic auth secret name
| devlake-auth |
-| ui.extraLabels | extra labels for ui's statefulset
| {} |
-| ui.securityContext | pod security context values
| {} |
-| ui.containerSecurityContext | container security context values
| {} |
-| service.type | Service type for exposed service
| NodePort |
-| service.uiPort | Node port for config ui
| 32001 |
-| service.ingress.enabled | If enable ingress
| false |
-| service.ingress.enableHttps | If enable https
| false |
-| service.ingress.className | Name for ingressClass. leave empty for
using default | "" |
-| service.ingress.hostname | The hostname/domainname for ingress
| localhost |
-| service.ingress.prefix | The prefix for endpoints, currently not
used | / |
-| service.ingress.tlsSecretName | The secret name for tls's certificate
for https | "" |
-| service.ingress.httpPort | The http port for ingress
| 80 |
-| service.ingress.httpsPort | The https port for ingress
| 443 |
-| option.localtime | The hostpath for mount as /etc/localtime
| /etc/localtime |
-| option.database | The database type, valids: mysql
| mysql |
-| option.useConnectionDetailsSecret | If use secret instead of configmap for
db connection | false |
-| option.connectionSecretName | The database connection details secret
name | devlake-db-connection |
-| option.autoCreateSecret | If let the helm chart create the secret
| true |
+| Parameter | Description
| Default |
+| ----------------------------------------- |
---------------------------------------------------- | ------------------------
|
+| replicaCount | Replica Count for devlake,
currently not used | 1 |
+| imageTag | The version tag for all images
| see Values.yaml |
+| mysql.useExternal | If use external mysql server,
set true | false |
+| mysql.externalServer | External mysql server address
| 127.0.0.1 |
+| mysql.externalPort | External mysql server port
| 3306 |
+| mysql.username | username for mysql
| merico |
+| mysql.password | password for mysql
| merico |
+| mysql.database | database for mysql
| lake |
+| mysql.rootPassword | root password for mysql
| admin |
+| mysql.storage.class | storage class for mysql's volume
| "" |
+| mysql.storage.size | volume size for mysql's data
| 5Gi |
+| mysql.image.repository | repository for mysql's image
| mysql |
+| mysql.image.tag | image tag for mysql's image
| 8 |
+| mysql.image.pullPolicy | pullPolicy for mysql's image
| IfNotPresent |
+| mysql.extraLabels | extra labels for mysql's
statefulset | {} |
+| mysql.securityContext | pod security context values
| {} |
+| mysql.containerSecurityContext | container security context
values | {} |
+| grafana.image.repository | repository for grafana's image
| apache/devlake-dashboard |
+| grafana.image.pullPolicy | pullPolicy for grafana's image
| Always |
+| grafana.useExternal | If use external grafana server
| false |
+| grafana.externalUrl | external grafana server if use
external | "" |
+| grafana.extraLabels | extra labels for grafana's
statefulset | {} |
+| grafana.securityContext | pod security context values
| {} |
+| grafana.containerSecurityContext | container security context
values | {} |
+| grafana.oauthEnabled | enable oauth for grafana
| false |
+| grafana.oauthConfig | a list of env vars used for
oauth | {} |
+| lake.storage.class | storage class for lake's volume
| "" |
+| lake.storage.size | volume size for lake's data
| 100Mi |
+| lake.image.repository | repository for lake's image
| apache/devlake |
+| lake.image.pullPolicy | pullPolicy for lake's image
| Always |
+| lake.loggingDir | log dir for the lake server
| /app/logs |
+| lake.loggingLevel | log level for the lake server
| info |
+| lake.dotenv | initial configurations for
injecting to lake's .env | see Values.yaml |
+| lake.extraLabels | extra labels for lake's
statefulset | {} |
+| lake.securityContext | pod security context values
| {} |
+| lake.containerSecurityContext | container security context
values | {} |
+| ui.image.repository | repository for ui's image
| apache/devlake-config-ui |
+| ui.image.pullPolicy | pullPolicy for ui's image
| Always |
+| ui.basicAuth.enabled | If the basic auth in ui is
enabled | false |
+| ui.basicAuth.user | The user name for the basic auth
| "admin" |
+| ui.basicAuth.password | The password for the basic auth
| "admin" |
+| ui.basicAuth.useSecret | If use secret instead of
configmap for basic auth | false |
+| ui.basicAuth.autoCreateSecret | If let the helm chart create the
secret | true |
+| ui.basicAuth.secretName | The basic auth secret name
| devlake-auth |
+| ui.extraLabels | extra labels for ui's
statefulset | {} |
+| ui.securityContext | pod security context values
| {} |
+| ui.containerSecurityContext | container security context
values | {} |
+| service.type | Service type for exposed service
| NodePort |
+| service.uiPort | Node port for config ui
| 32001 |
+| service.ingress.enabled | If enable ingress
| false |
+| service.ingress.enableHttps | If enable https
| false |
+| service.ingress.className | Name for ingressClass. leave
empty for using default | "" |
+| service.ingress.hostname | The hostname/domainname for
ingress | localhost |
+| service.ingress.prefix | The prefix for endpoints,
currently not used | / |
+| service.ingress.tlsSecretName | The secret name for tls's
certificate for https | "" |
+| service.ingress.httpPort | The http port for ingress
| 80 |
+| service.ingress.httpsPort | The https port for ingress
| 443 |
+| option.localtime | The hostpath for mount as
/etc/localtime | /etc/localtime |
+| option.database | The database type, valids: mysql
| mysql |
+| option.useConnectionDetailsSecret | If use secret instead of
configmap for db connection | false |
+| option.connectionSecretName | The database connection details
secret name | devlake-db-connection |
+| option.autoCreateSecret | If let the helm chart create the
secret | true |
+| awsCognitoAuth.enabled | use AWS cognito for
authentication | false |
+| awsCognitoAuth.awsAuthRegion | aws Cognito auth region
| "" |
+| awsCognitoAuth.awsAuthUserPoolID | aws Cognito user pool ID
| "" |
+| awsCognitoAuth.awsAuthUserPoolWebClientID | aws Cognito web client ID for
the user pool | "" |
## FAQ
+
1. Can I use a managed Cloud database service instead of running database in
docker?
- Yes, it just set useExternal value to true while you deploy devlake with
helm chart. Below we'll use MySQL on AWS RDS as an example.
- 1. (Optional) Create a MySQL instance on AWS RDS following this
[doc](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.MySQL.html),
skip this step if you'd like to use an existing instance
- 2. Proviede below values while install from helm:
- * `mysql.useExternal`: this should be `true`
- * `mysql.externalServer`: use your RDS instance's IP address or domain
name.
- * `mysql.externalPort`: use your RDS instance's database port.
- * `mysql.username`: use your `username` for access RDS instance's DB
- * `mysql.password`: use your `password` for access RDS instance's DB
- * `mysql.database`: use your RDS instance's DB name, you may need to
create a database first with `CREATE DATABASE <DB name>;`
-
- Here is the example:
- ```
- helm repo add devlake https://apache.github.io/incubator-devlake-helm-chart
- helm repo update
- helm install devlake devlake/devlake \
- --set mysql.useExternal=true \
- --set mysql.externalServer=db.example.com \
- --set mysql.externalPort=3306 \
- --set mysql.username=admin \
- --set mysql.password=password_4_admin \
- --set mysql.database=devlake
- ```
+Yes, it just set useExternal value to true while you deploy devlake with helm
chart. Below we'll use MySQL on AWS RDS as an example.
+
+1. (Optional) Create a MySQL instance on AWS RDS following this
[doc](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.MySQL.html),
skip this step if you'd like to use an existing instance
+2. Proviede below values while install from helm:
+
+ - `mysql.useExternal`: this should be `true`
+ - `mysql.externalServer`: use your RDS instance's IP address or domain name.
+ - `mysql.externalPort`: use your RDS instance's database port.
+ - `mysql.username`: use your `username` for access RDS instance's DB
+ - `mysql.password`: use your `password` for access RDS instance's DB
+ - `mysql.database`: use your RDS instance's DB name, you may need to create
a database first with `CREATE DATABASE <DB name>;`
+
+Here is the example:
+
+```
+helm repo add devlake https://apache.github.io/incubator-devlake-helm-chart
+helm repo update
+helm install devlake devlake/devlake \
+ --set mysql.useExternal=true \
+ --set mysql.externalServer=db.example.com \
+ --set mysql.externalPort=3306 \
+ --set mysql.username=admin \
+ --set mysql.password=password_4_admin \
+ --set mysql.database=devlake
+```
2. Can I use a secret to store the database connection details?
- Yes, to do so, you need to have a secret in your Kubernetes Cluster that
contains the following values:
- * `MYSQL_USER`: The user to connect to your DB.
- * `MYSQL_PASSWORD`: The password to connect to your DB.
- * `MYSQL_DATABASE`: The database to connect to your DB.
- * `MYSQL_ROOT_PASSWORD`: The root password to connect to your DB.
- * `DB_URL`:
mysql://`username`:`password`@`dbserver`:`port`/`database`?charset=utf8mb4&parseTime=True
+Yes, to do so, you need to have a secret in your Kubernetes Cluster that
contains the following values:
+
+- `MYSQL_USER`: The user to connect to your DB.
+- `MYSQL_PASSWORD`: The password to connect to your DB.
+- `MYSQL_DATABASE`: The database to connect to your DB.
+- `MYSQL_ROOT_PASSWORD`: The root password to connect to your DB.
+- `DB_URL`:
mysql://`username`:`password`@`dbserver`:`port`/`database`?charset=utf8mb4&parseTime=True
- The secret name needs to be the same as the value
`option.connectionSecretName`
+The secret name needs to be the same as the value `option.connectionSecretName`
## Troubleshooting
diff --git a/README.md b/README.md
index e12c496..2a4b83b 100644
--- a/README.md
+++ b/README.md
@@ -28,27 +28,30 @@ To install the chart with release name `devlake`:
```shell
helm repo add devlake https://apache.github.io/incubator-devlake-helm-chart
helm repo update
-helm install devlake devlake/devlake --version=0.16.1-beta1
+helm install devlake devlake/devlake --version=0.17.0-beta3.1
```
If you are using minikube inside your mac, please use the following command to
forward the port:
+
```shell
kubectl port-forward service/devlake-ui 30090:4000
```
+
and open another terminal:
+
```shell
kubectl port-forward service/devlake-grafana 30091:3000
```
Then you can visit:
- config-ui by url `http://YOUR-NODE-IP:30090`
- grafana by url `http://YOUR-NODE-IP:30091`
+config-ui by url `http://YOUR-NODE-IP:30090`
+grafana by url `http://YOUR-NODE-IP:30091`
## Update
```shell
helm repo update
-helm upgrade --install devlake devlake/devlake --version=0.16.1-beta1
+helm upgrade --install devlake devlake/devlake --version=0.17.0-beta3.1
```
## Uninstall
@@ -60,18 +63,21 @@ helm uninstall devlake
```
## Original pr in apache/incubator-devlake
+
https://github.com/apache/incubator-devlake/pulls?q=is%3Apr+helm+is%3Aclosed
## How to upgrade helm chart after releasing new devlake images
+
1. In
[values.yaml](https://github.com/apache/incubator-devlake-helm-chart/blob/main/charts/devlake/values.yaml),
change {{ imageTag }} to current image tag
2. In
[chart.yaml](https://github.com/apache/incubator-devlake-helm-chart/blob/main/charts/devlake/Chart.yaml),
change {{ version }}, {{ appVersion }} to current image tag
-3. If we want to release a new chart without new release of devlake, we should
increase both chart version and image tag.
- - For example, right now both versions are 0.15.1-beta3, if we make change
on chart, we should set chart-version to 0.15.1-beta4, also, we need to crate
new images for devlake with tag 0.15.1-beta4
+3. If we want to release a new chart without new release of devlake, we should
increase both chart version and image tag.
+ - For example, right now both versions are 0.15.1-beta4, if we make change
on chart, we should set chart-version to 0.15.1-beta4, also, we need to crate
new images for devlake with tag 0.15.1-beta4
4. If we release any new image for devlake, we just need to set a new version
for chart.
## Original pr in apache/incubator-devlake
-https://github.com/apache/incubator-devlake/pulls?q=is%3Apr+helm+is%3Aclosed
+https://github.com/apache/incubator-devlake/pulls?q=is%3Apr+helm+is%3Aclosed
## More
-You could find more examples and details in [HelmSetup.md](HelmSetup.md)
\ No newline at end of file
+
+You could find more examples and details in [HelmSetup.md](HelmSetup.md)
diff --git a/charts/devlake/Chart.yaml b/charts/devlake/Chart.yaml
index 123783b..550e57d 100644
--- a/charts/devlake/Chart.yaml
+++ b/charts/devlake/Chart.yaml
@@ -27,9 +27,8 @@ keywords:
type: application
-
# Chart version
-version: 0.17.0-beta3
+version: 0.17.0-beta3.1
# devlake version
-appVersion: v0.17.0-beta3
+appVersion: v0.17.0-beta3.1
diff --git a/charts/devlake/templates/NOTES.txt
b/charts/devlake/templates/NOTES.txt
index bcea5dd..2ed0957 100644
--- a/charts/devlake/templates/NOTES.txt
+++ b/charts/devlake/templates/NOTES.txt
@@ -25,4 +25,4 @@ Now please get the URL by running these commands:
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o
jsonpath="{.spec.ports[0].nodePort}" services {{ include "devlake.fullname" .
}}-ui)
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o
jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/devlake/templates/_helpers.tpl
b/charts/devlake/templates/_helpers.tpl
index a121738..bc80aa3 100644
--- a/charts/devlake/templates/_helpers.tpl
+++ b/charts/devlake/templates/_helpers.tpl
@@ -167,4 +167,4 @@ The probe for check database connection
sleep 2
done
echo database is ready
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/devlake/templates/configmaps.yaml
b/charts/devlake/templates/configmaps.yaml
index b31b125..c5d263b 100644
--- a/charts/devlake/templates/configmaps.yaml
+++ b/charts/devlake/templates/configmaps.yaml
@@ -26,11 +26,6 @@ data:
MYSQL_DATABASE: "{{ .Values.mysql.database }}"
MYSQL_ROOT_PASSWORD: "{{ .Values.mysql.rootPassword }}"
DB_URL: "{{ include "database.url" . }}"
-#{{- else if and (eq .Values.option.database "pgsql") (not
.Values.option.useConnectionDetailsSecret) }}
-# POSTGRES_USER: "{{ .Values.pgsql.username }}"
-# POSTGRES_PASSWORD: "{{ .Values.pgsql.password }}"
-# POSTGRES_DB: "{{ .Values.pgsql.database }}"
-# DB_URL: "{{ include "database.url" . }}"
{{- end }}
LOGGING_DIR: "{{ .Values.lake.loggingDir }}"
LOGGING_LEVEL: "{{ .Values.lake.loggingLevel }}"
@@ -38,7 +33,6 @@ data:
ADMIN_USER: "{{ .Values.ui.basicAuth.user }}"
ADMIN_PASS: "{{ .Values.ui.basicAuth.password }}"
{{- end }}
-
---
{{- if not .Values.grafana.useExternal }}
apiVersion: v1
@@ -58,20 +52,28 @@ data:
secureJsonData:
password: $MYSQL_PASSWORD
editable: false
-#{{- else if eq .Values.option.database "pgsql" }}
-# grafana-datasource.yml: |
-# apiVersion: 1
-# datasources:
-# - name: postgres
-# type: postgres
-# url: $POSTGRES_URL
-# database: $POSTGRES_DB
-# user: $POSTGRES_USER
-# secureJsonData:
-# password: $POSTGRES_PASSWORD
-# jsonData:
-# sslmode: 'disable'
-# postgresVersion: 1000 # support pgsql 10.0 and above
-# timescaledb: false
{{- end }}
{{- end }}
+---
+{{- if .Values.grafana.oauthEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "devlake.fullname" . }}-grafana-oauth-config
+data:
+ {{- with .Values.grafana.oauthConfig }}
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+{{- end }}
+---
+{{- if .Values.awsCognitoAuth.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "devlake.fullname" . }}-cognito-config
+data:
+ AWS_ENABLE_COGNITO: "true"
+ AWS_AUTH_REGION: "{{ .Values.awsCognitoAuth.awsAuthRegion }}"
+ AWS_AUTH_USER_POOL_ID: "{{ .Values.awsCognitoAuth.awsAuthUserPoolID }}"
+ AWS_AUTH_USER_POOL_WEB_CLIENT_ID: "{{
.Values.awsCognitoAuth.awsAuthUserPoolWebClientID }}"
+{{- end }}
diff --git a/charts/devlake/templates/deployments.yaml
b/charts/devlake/templates/deployments.yaml
index d381490..1d673e5 100644
--- a/charts/devlake/templates/deployments.yaml
+++ b/charts/devlake/templates/deployments.yaml
@@ -14,7 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
---
{{- if not .Values.grafana.useExternal }}
# grafana
@@ -72,13 +71,19 @@ spec:
envFrom:
- configMapRef:
name: {{ include "devlake.fullname" . }}-config
+ {{- if .Values.grafana.oauthEnabled }}
+ - configMapRef:
+ name: {{ include "devlake.fullname" . }}-grafana-oauth-config
+ {{- end }}
{{- if .Values.option.useConnectionDetailsSecret }}
- secretRef:
name: {{ .Values.option.connectionSecretName }}
{{- end }}
env:
+ {{ if not .Values.grafana.oauthEnabled }}
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
+ {{ end }}
- name: MYSQL_URL
value: {{ include "mysql.server" . }}:{{ include "mysql.port" .
}}
{{- with .Values.grafana.resources }}
@@ -140,7 +145,11 @@ spec:
{{- end }}
containers:
- name: config-ui
+{{- if .Values.ui.image.tag }}
+ image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
+{{- else }}
image: "{{ .Values.ui.image.repository }}:{{ .Values.imageTag }}"
+{{- end }}
imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
ports:
- containerPort: 4000
diff --git a/charts/devlake/templates/ingresses.yaml
b/charts/devlake/templates/ingresses.yaml
index dafde05..ef206ac 100644
--- a/charts/devlake/templates/ingresses.yaml
+++ b/charts/devlake/templates/ingresses.yaml
@@ -56,6 +56,7 @@ spec:
- host: {{ .Values.ingress.hostname | quote }}
http:
paths:
+ {{- if not .Values.grafana.oauthEnabled }}
{{- if not .Values.grafana.useExternal }}
{{- if .Values.ingress.useDefaultNginx }}
- path: /{{ include "devlake.grafanaEndpointPrefix" . }}(/|$)(.*)
@@ -76,6 +77,7 @@ spec:
servicePort: 3000
{{- end }}
{{- end }}
+ {{- end }}
{{- if .Values.ingress.useDefaultNginx }}
- path: /{{ include "devlake.uiEndpointPrefix" . }}(/?|$)(.*)
{{- else }}
diff --git a/charts/devlake/templates/statefulsets.yaml
b/charts/devlake/templates/statefulsets.yaml
index 7418865..25fb011 100644
--- a/charts/devlake/templates/statefulsets.yaml
+++ b/charts/devlake/templates/statefulsets.yaml
@@ -125,114 +125,8 @@ spec:
resources:
requests:
storage: "{{ .Values.mysql.storage.size }}"
-#{{- end }}
-#{{- else if eq .Values.option.database "pgsql" }}
-#{{- if not .Values.pgsql.useExternal }}
-#apiVersion: apps/v1
-#kind: StatefulSet
-#metadata:
-# name: {{ include "devlake.fullname" . }}-pgsql
-# labels:
-# {{- include "devlake.labels" . | nindent 4 }}
-#spec:
-# replicas: 1
-# serviceName: {{ include "devlake.fullname" . }}-pgsql
-# selector:
-# matchLabels:
-# {{- include "devlake.selectorLabels" . | nindent 6 }}
-# template:
-# metadata:
-# labels:
-# {{- include "devlake.selectorLabels" . | nindent 8 }}
-# devlakeComponent: pgsql
-# {{- with .Values.pgsql.extraLabels }}
-# {{- toYaml . | nindent 8 }}
-# {{- end }}
-# spec:
-# {{- with .Values.pgsql.securityContext }}
-# securityContext:
-# {{- toYaml . | nindent 8 }}
-# {{- end }}
-# containers:
-# - name: pgsql
-# image: "{{ .Values.pgsql.image.repository }}:{{
.Values.pgsql.image.tag }}"
-# imagePullPolicy: {{ .Values.pgsql.image.pullPolicy }}
-# ports:
-# - name: pgsql
-# containerPort: 5432
-# protocol: TCP
-# livenessProbe:
-# exec:
-# command:
-# - "sh"
-# - "-c"
-# - "pg_isready -U postgres -h 127.0.0.1 -p 5432"
-# initialDelaySeconds: 60
-# timeoutSeconds: 30
-# readinessProbe:
-# exec:
-# command:
-# - "sh"
-# - "-c"
-# - "pg_isready -U postgres -h 127.0.0.1 -p 5432"
-# initialDelaySeconds: 5
-# timeoutSeconds: 10
-# {{- with .Values.pgsql.resources }}
-# resources:
-# {{- toYaml . | nindent 12 }}
-# {{- end }}
-# envFrom:
-# - configMapRef:
-# name: {{ include "devlake.fullname" . }}-config
-# {{- if .Values.option.useConnectionDetailsSecret }}
-# - secretRef:
-# name: {{ .Values.pgsql.secretName }}
-# {{- end }}
-# volumeMounts:
-# - mountPath: /var/lib/postgresql
-# name: {{ include "devlake.fullname" . }}-pgsql-data
-# {{- if ne .Values.option.localtime "" }}
-# - name: {{ include "devlake.fullname" . }}-pgsql-localtime
-# mountPath: /etc/localtime
-# readOnly: true
-# {{- end }}
-# {{- with .Values.pgsql.containerSecurityContext }}
-# securityContext:
-# {{- toYaml . | nindent 12 }}
-# {{- end }}
-# {{- with .Values.pgsql.nodeSelector }}
-# nodeSelector:
-# {{- toYaml . | nindent 8 }}
-# {{- end }}
-# {{- with .Values.pgsql.affinity }}
-# affinity:
-# {{- toYaml . | nindent 8 }}
-# {{- end }}
-# {{- with .Values.pgsql.tolerations }}
-# tolerations:
-# {{- toYaml . | nindent 8 }}
-# {{- end }}
-# volumes:
-# {{- if ne .Values.option.localtime "" }}
-# - name: {{ include "devlake.fullname" . }}-pgsql-localtime
-# hostPath:
-# path: {{ .Values.option.localtime }}
-# type: File
-# {{- end }}
-# volumeClaimTemplates:
-# - metadata:
-# name: {{ include "devlake.fullname" . }}-pgsql-data
-# spec:
-# accessModes: ["ReadWriteOnce"]
-# {{- with .Values.pgsql.storage.class }}
-# storageClassName: "{{ . }}"
-# {{- end }}
-# resources:
-# requests:
-# storage: "{{ .Values.pgsql.storage.size }}"
{{- end }}
{{- end }}
-
---
# devlake
apiVersion: apps/v1
@@ -300,13 +194,17 @@ spec:
{{- end }}
containers:
- name: lake
+{{- if .Values.lake.image.tag }}
+ image: "{{ .Values.lake.image.repository }}:{{
.Values.lake.image.tag }}"
+{{- else }}
image: "{{ .Values.lake.image.repository }}:{{ .Values.imageTag }}"
+{{- end }}
imagePullPolicy: {{ .Values.lake.image.pullPolicy }}
ports:
- containerPort: 8080
livenessProbe:
httpGet:
- path: /blueprints
+ path: /ping
port: 8080
scheme: HTTP
initialDelaySeconds: 60
@@ -318,6 +216,10 @@ spec:
- secretRef:
name: {{ .Values.option.connectionSecretName }}
{{- end }}
+ {{- if .Values.awsCognitoAuth.enabled }}
+ - configMapRef:
+ name: {{ include "devlake.fullname" . }}-cognito-config
+ {{- end }}
env:
- name: ENV_PATH
value: /app/config/.env
diff --git a/charts/devlake/values.yaml b/charts/devlake/values.yaml
index 4cf15f4..e8474c0 100644
--- a/charts/devlake/values.yaml
+++ b/charts/devlake/values.yaml
@@ -65,7 +65,7 @@ mysql:
# affinity config for mysql if have
affinity: {}
-
+
extraLabels: {}
securityContext: {}
@@ -73,53 +73,53 @@ mysql:
containerSecurityContext: {}
# pgsql:
-# # if use external pgsql server, please set true
-# # by default using false, chart will create a single pgsql instance
-# useExternal: false
-#
-# # the external pgsql server address
-# externalServer: 127.0.0.1
-#
-# # external pgsql port
-# externalPort: 5432
-# # the username for devlake database
-# username: merico
-#
-# # the password for devlake database
-# password: merico
-#
-# # the database for devlake
-# database: lake
-#
-# # storage for pgsql
-# storage:
-# # the storage class for pv, leave empty will using default
-# class: ""
-# size: 5Gi
-#
-# # image for pgsql
-# image:
-# repository: postgres
-# tag: 14.5
-# pullPolicy: IfNotPresent
-#
-# # resources config for pgsql if have
-# resources: {}
-#
-# # nodeSelector config for pgsql if have
-# nodeSelector: {}
-#
-# # tolerations config for pgsql if have
-# tolerations: []
-#
-# # affinity config for pgsql if have
-# affinity: {}
-#
-# extraLabels: {}
-#
-# securityContext: {}
-#
-# containerSecurityContext: {}
+# # if use external pgsql server, please set true
+# # by default using false, chart will create a single pgsql instance
+# useExternal: false
+
+# # the external pgsql server address
+# externalServer: 127.0.0.1
+
+# # external pgsql port
+# externalPort: 5432
+# # the username for devlake database
+# username: merico
+
+# # the password for devlake database
+# password: merico
+
+# # the database for devlake
+# database: lake
+
+# # storage for pgsql
+# storage:
+# # the storage class for pv, leave empty will using default
+# class: ""
+# size: 5Gi
+
+# # image for pgsql
+# image:
+# repository: postgres
+# tag: 14.5
+# pullPolicy: IfNotPresent
+
+# # resources config for pgsql if have
+# resources: {}
+
+# # nodeSelector config for pgsql if have
+# nodeSelector: {}
+
+# # tolerations config for pgsql if have
+# tolerations: []
+
+# # affinity config for pgsql if have
+# affinity: {}
+
+# extraLabels: {}
+
+# securityContext: {}
+
+# containerSecurityContext: {}
grafana:
# image for grafana
@@ -132,7 +132,7 @@ grafana:
# to add the ingress with the permanent redirect.
useExternal: false
- externalUrl: ''
+ externalUrl: ""
resources: {}
@@ -141,19 +141,55 @@ grafana:
tolerations: []
affinity: {}
-
+
extraLabels: {}
securityContext: {}
containerSecurityContext: {}
-
+ # Enable oauth, defaults to false
+ oauthEnabled: false
+ # grafana oauth related env vars, see the example below for aws cognito oauth
+ oauthConfig:
+ {}
+ # GF_SERVER_ROOT_URL: "https://demo.devlake.pro/grafana/";
+ # GF_AUTH_JWT_ENABLED: "true"
+ # GF_AUTH_JWT_HEADER_NAME: X-Forwarded-Access-Token
+ # GF_AUTH_JWT_USERNAME_CLAIM: username
+ # GF_AUTH_JWT_SKIP_ORG_ROLE_SYNC: "true"
+ # GF_AUTH_JWT_ROLE_ATTRIBUTE_PATH: contains("cognito:groups"[*], 'Admin')
&& 'Admin'
+ # GF_AUTH_JWT_CACHE_TTL: "60m"
+ # GF_AUTH_EXPECTED_CLAIMS: '{"iss":
"https://cognito-idp.us-east-2.amazonaws.com/us-east-2_xxx"}'
+ # GF_AUTH_JWT_JWK_SET_URL:
https://cognito-idp.us-east-2.amazonaws.com/us-east-2_xxx/.well-known/jwks.json
+ # GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+ # GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: "true"
+ # GF_AUTH_GENERIC_OAUTH_NAME: Amazon
+ # GF_AUTH_GENERIC_OAUTH_SCOPES: "email profile
aws.cognito.signin.user.admin openid"
+ # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xxx
+ # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ""
+ # GF_AUTH_GENERIC_OAUTH_AUTH_URL:
https://xxx.auth.us-east-2.amazoncognito.com/oauth2/authorize
+ # GF_AUTH_GENERIC_OAUTH_TOKEN_URL:
https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token
+ # GF_AUTH_GENERIC_OAUTH_API_URL:
https://xxx.auth.us-east-2.amazoncognito.com/oauth2/userInfo
+ # GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
+ # GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL:
https://xxx.auth.us-east-2.amazoncognito.com/logout?client_id=$GF_AUTH_GENERIC_OAUTH_CLIENT_ID&logout_uri=https://demo.devlake.pro/grafana/login
+ # GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains("cognito:groups"[*],
'Admin') && 'Admin'
+ # GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: "true"
+
+awsCognitoAuth:
+ # by default, AWS Cognito auth is disabled
+ # if enabled, please set the following 3 awsXXX variables
+ enabled: false
+ awsAuthRegion: ""
+ awsAuthUserPoolID: ""
+ awsAuthUserPoolWebClientID: ""
lake:
image:
repository: apache/devlake
pullPolicy: Always
+ # defaults to imageTag; if set, lake.image.tag will override imageTag
+ # tag:
# storage for config
storage:
# the storage class for pv, leave empty will using default
@@ -191,7 +227,8 @@ ui:
image:
repository: apache/devlake-config-ui
pullPolicy: Always
-
+ # defaults to imageTag; if set, lake.image.tag will override imageTag
+ # tag:
resources: {}
nodeSelector: {}
@@ -207,13 +244,14 @@ ui:
useSecret: false
autoCreateSecret: true
secretName: devlake-auth
-
+
extraLabels: {}
## SecurityContext holds pod-level security attributes and common container
settings.
## This defaults to non root user with uid 101 and gid 1000.
*v1.PodSecurityContext false
## ref:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- securityContext: {}
+ securityContext:
+ {}
# fsGroup: 101
# runAsGroup: 1000
# runAsNonRoot: true
@@ -221,13 +259,13 @@ ui:
## K8s containers' Security Context
## ref:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
- containerSecurityContext: {}
+ containerSecurityContext:
+ {}
# allowPrivilegeEscalation: false
# capabilities:
- # drop:
+ # drop:
# - all
-
# alpine image for some init containers
alpine:
image:
@@ -240,20 +278,32 @@ service:
type: NodePort
# node port for devlake-ui if NodePort is enabled
uiPort: 32001
- grafanaPort : 32002
+ grafanaPort: 32002
ingress:
enabled: false
enableHttps: false
- className: ""
# Set to false if you want to use a different ingress controller
useDefaultNginx: true
- # Add annotations required for your ingress controller. Uncomment for Nginx.
- annotations: {}
+ # ingress class name, example: alb for AWS load balancer controller
+ className:
+ # domain name for hosting devlake, must be set if ingress is enabled
+ hostname: localhost
+ # annotations required for your ingress controller; see the examples below
+ # for nginx, use the first two lines of annotations
+ # for alb (w/ external-dns), use the last 5 (6) lines of annotations
+ annotations:
+ {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
- # domain name for hosting devlake
- hostname: localhost
+ #
+ # alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect",
"RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode":
"HTTP_301"}}'
+ # alb.ingress.kubernetes.io/certificate-arn:
arn:aws:acm:us-east-2:xxx:certificate/xxx-xxx-xxx
+ # alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
+ # alb.ingress.kubernetes.io/scheme: internet-facing
+ # alb.ingress.kubernetes.io/target-type: ip
+ # external-dns.alpha.kubernetes.io/hostname: www.example.com
+
# url prefix, not works right now, keep "/"
prefix: /
# if using https provides the certificates secret name
@@ -263,7 +313,6 @@ ingress:
# ingress https port
httpsPort: 443
-
option:
# localtime zone info from host path.
localtime: /etc/localtime
@@ -271,7 +320,7 @@ option:
# database type, supported: [mysql]
database: mysql
- # if true, will not add the database connection details
+ # if true, will not add the database connection details
# to the configmap and will let them be obtained from a secret.
useConnectionDetailsSecret: false
