From f8128ed579693fd1b29f76738357293bc0a8e97a Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 16 Feb 2021 10:54:05 -0800 Subject: [PATCH 01/18] Removing enterprise flags form rbac configs --- templates/configmaps_rbac.yaml | 16 ++++----- values.yaml | 64 +++++++++++++++++----------------- 2 files changed, 39 insertions(+), 41 deletions(-) diff --git a/templates/configmaps_rbac.yaml b/templates/configmaps_rbac.yaml index 3366ecb2..be059e9c 100644 --- a/templates/configmaps_rbac.yaml +++ b/templates/configmaps_rbac.yaml @@ -1,4 +1,3 @@ -{{ if .Values.enterprise.enabled }} --- apiVersion: v1 kind: ConfigMap @@ -10,12 +9,12 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: enterprise + support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.enterprise.rbac.roles | indent 2 }} +{{ toYaml .Values.rbac.roles | indent 2 }} --- apiVersion: v1 @@ -28,12 +27,12 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: enterprise + support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.enterprise.rbac.assignments | indent 2 }} +{{ toYaml .Values.rbac.assignments | indent 2 }} --- apiVersion: v1 @@ -46,14 +45,13 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: enterprise + support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{- if .Values.enterprise.rbac.mappings }} -{{ toYaml .Values.enterprise.rbac.mappings | indent 2 }} +{{- if .Values.rbac.mappings }} +{{ toYaml .Values.rbac.mappings | indent 2 }} {{ else }} {} {{ end }} -{{ end }} diff --git a/values.yaml b/values.yaml index 6eafb7c3..ef59745c 100644 --- a/values.yaml +++ b/values.yaml @@ -28,40 +28,40 @@ enterprise: # Don't have one? Obtain 90-day free trial at https://stackstorm.com/#product license: "" - # StackStorm Role Based Access Control settings (https://docs.stackstorm.com/rbac.html) - rbac: - # Custom StackStorm RBAC roles, shipped in '/opt/stackstorm/rbac/roles/' - # See https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants - roles: - sample.yaml: | - # sample RBAC role file, see https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants - --- - name: "sample" - description: "Example Role which contains no permission grants and serves for demonstration purposes" +# StackStorm Role Based Access Control settings (https://docs.stackstorm.com/rbac.html) +rbac: + # Custom StackStorm RBAC roles, shipped in '/opt/stackstorm/rbac/roles/' + # See https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants + roles: + sample.yaml: | + # sample RBAC role file, see https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants + --- + name: "sample" + description: "Example Role which contains no permission grants and serves for demonstration purposes" - # Custom StackStorm RBAC role assignments, shipped in '/opt/stackstorm/rbac/assignments/' - # See: https://docs.stackstorm.com/rbac.html#defining-user-role-assignments - assignments: - st2admin.yaml: | - --- - username: st2admin - roles: - - system_admin - stanley.yaml: | - --- - username: stanley - roles: - - admin + # Custom StackStorm RBAC role assignments, shipped in '/opt/stackstorm/rbac/assignments/' + # See: https://docs.stackstorm.com/rbac.html#defining-user-role-assignments + assignments: + st2admin.yaml: | + --- + username: st2admin + roles: + - system_admin + stanley.yaml: | + --- + username: stanley + roles: + - admin - # StackStorm RBAC LDAP groups-to-roles mapping rules, shipped in '/opt/stackstorm/rbac/mappings/' - # See RBAC Roles Based on LDAP Groups: https://docs.stackstorm.com/rbac.html#automatically-granting-roles-based-on-ldap-group-membership - mappings: - #stormers.yaml: | - # --- - # group: "CN=stormers,OU=groups,DC=stackstorm,DC=net" - # description: "Automatically grant admin role to all stormers group members." - # roles: - # - "admin" + # StackStorm RBAC LDAP groups-to-roles mapping rules, shipped in '/opt/stackstorm/rbac/mappings/' + # See RBAC Roles Based on LDAP Groups: https://docs.stackstorm.com/rbac.html#automatically-granting-roles-based-on-ldap-group-membership + mappings: + #stormers.yaml: | + # --- + # group: "CN=stormers,OU=groups,DC=stackstorm,DC=net" + # description: "Automatically grant admin role to all stormers group members." + # roles: + # - "admin" ## ## Service Account From 513fef8b3ab1dd135e08488c1c7286acdff96fda Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 16 Feb 2021 11:02:15 -0800 Subject: [PATCH 02/18] Updating deployments to remove enterprise flags --- templates/configmaps_st2-conf.yaml | 2 +- templates/configmaps_st2-urls.yaml | 6 +- templates/deployments.yaml | 139 ++++++++++------------------- templates/tests/st2tests-pod.yaml | 6 +- 4 files changed, 52 insertions(+), 101 deletions(-) diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index cad674fa..56a03b0b 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -19,7 +19,7 @@ data: # The order of merging: st2.conf < st2.docker.conf < st2.user.conf st2.docker.conf: | [auth] - api_url = http://{{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }}:9101/ + api_url = http://{{ .Release.Name }}-st2api:9101/ {{- if index .Values "redis" "enabled" }} [coordination] url = redis://{{ template "redis-nodes" $ }} diff --git a/templates/configmaps_st2-urls.yaml b/templates/configmaps_st2-urls.yaml index 9348c1a3..0088e423 100644 --- a/templates/configmaps_st2-urls.yaml +++ b/templates/configmaps_st2-urls.yaml @@ -14,6 +14,6 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - ST2_AUTH_URL: http://{{ .Release.Name }}-st2auth{{ template "enterpriseSuffix" . }}:9100/ - ST2_API_URL: http://{{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }}:9101/ - ST2_STREAM_URL: http://{{ .Release.Name }}-st2stream{{ template "enterpriseSuffix" . }}:9102/ + ST2_AUTH_URL: http://{{ .Release.Name }}-st2auth:9100/ + ST2_API_URL: http://{{ .Release.Name }}-st2api:9101/ + ST2_STREAM_URL: http://{{ .Release.Name }}-st2stream:9102/ diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 37134b31..867ac83a 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2auth{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2auth labels: app: st2auth tier: backend @@ -35,9 +35,6 @@ spec: checksum/auth: {{ include (print $.Template.BasePath "/secrets_st2auth.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -46,7 +43,7 @@ spec: {{ include "init-containers-wait-for-mq" . | indent 6 }} # Sidecar container for generating .htpasswd with st2 username & password pair and sharing produced file with the main st2auth container - name: generate-htpasswd - image: "{{ template "imageRepository" . }}/st2auth{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2auth:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: ST2_AUTH_USERNAME @@ -67,8 +64,8 @@ spec: - '-ec' - printf "${ST2_AUTH_USERNAME}:$(openssl passwd -apr1 "${ST2_AUTH_PASSWORD}")\n" > /tmp/st2/htpasswd containers: - - name: st2auth{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2auth{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2auth + image: "{{ template "imageRepository" . }}/st2auth:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 9100 @@ -118,7 +115,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2api labels: app: st2api tier: backend @@ -151,9 +148,6 @@ spec: checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.st2.packs.image.pullSecret }} - name: {{ .Values.st2.packs.image.pullSecret }} {{- end }} @@ -182,7 +176,7 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol @@ -197,8 +191,8 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared {{- end }} containers: - - name: st2api{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2api{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2api + image: "{{ template "imageRepository" . }}/st2api:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 9101 @@ -268,7 +262,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2stream{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2stream labels: app: st2stream tier: backend @@ -300,9 +294,6 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -310,8 +301,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2stream{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2stream{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2stream + image: "{{ template "imageRepository" . }}/st2stream:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 9102 @@ -354,7 +345,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2web labels: app: st2web tier: frontend @@ -384,15 +375,12 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2web.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} containers: - - name: st2web{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2web{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2web + image: "{{ template "imageRepository" . }}/st2web:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 80 @@ -456,7 +444,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2rulesengine{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2rulesengine labels: app: st2rulesengine tier: backend @@ -488,9 +476,6 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -498,8 +483,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2rulesengine{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2rulesengine{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2rulesengine + image: "{{ template "imageRepository" . }}/st2rulesengine:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -548,7 +533,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2timersengine{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2timersengine labels: app: st2timersengine tier: backend @@ -581,9 +566,6 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -591,8 +573,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2timersengine{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2timersengine{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2timersengine + image: "{{ template "imageRepository" . }}/st2timersengine:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -633,7 +615,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2workflowengine{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2workflowengine labels: app: st2workflowengine tier: backend @@ -666,9 +648,6 @@ spec: checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -676,8 +655,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2workflowengine{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2workflowengine{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2workflowengine + image: "{{ template "imageRepository" . }}/st2workflowengine:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -731,7 +710,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2scheduler{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2scheduler labels: app: st2scheduler tier: backend @@ -763,9 +742,6 @@ spec: checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -773,8 +749,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2scheduler{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2scheduler{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2scheduler + image: "{{ template "imageRepository" . }}/st2scheduler:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -828,7 +804,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2notifier{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2notifier labels: app: st2notifier tier: backend @@ -860,9 +836,6 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -870,8 +843,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2notifier{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2notifier{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2notifier + image: "{{ template "imageRepository" . }}/st2notifier:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -913,7 +886,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ $.Release.Name }}-st2sensorcontainer{{ template "hyphenPrefix" .name }}{{ template "enterpriseSuffix" $ }} + name: {{ $.Release.Name }}-st2sensorcontainer{{ template "hyphenPrefix" .name }} labels: app: st2sensorcontainer{{ template "hyphenPrefix" .name }} tier: backend @@ -952,9 +925,6 @@ spec: {{- end }} spec: imagePullSecrets: - {{- if $.Values.enterprise.enabled }} - - name: {{ $.Release.Name }}-st2-license - {{- end }} {{- if $.Values.st2.packs.image.pullSecret }} - name: {{ $.Values.st2.packs.image.pullSecret }} {{- end }} @@ -983,7 +953,7 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" $ }}/st2actionrunner{{ template "enterpriseSuffix" $ }}:{{ $.Chart.AppVersion }}" + image: "{{ template "imageRepository" $ }}/st2actionrunner:{{ $.Chart.AppVersion }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol @@ -996,8 +966,8 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared {{- end }} containers: - - name: st2sensorcontainer{{ template "hyphenPrefix" .name }}{{ template "enterpriseSuffix" $ }} - image: "{{ template "imageRepository" $ }}/st2sensorcontainer{{ template "enterpriseSuffix" $ }}:{{ $.Chart.AppVersion }}" + - name: st2sensorcontainer{{ template "hyphenPrefix" .name }} + image: "{{ template "imageRepository" $ }}/st2sensorcontainer:{{ $.Chart.AppVersion }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} {{- with .readinessProbe }} # Probe to check if app is running. Failure will lead to a pod restart. @@ -1081,7 +1051,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2actionrunner{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2actionrunner labels: app: st2actionrunner tier: backend @@ -1123,9 +1093,6 @@ spec: {{ toYaml .Values.st2actionrunner.hostAliases | indent 8 }} {{- end }} imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.st2.packs.image.pullSecret }} - name: {{ .Values.st2.packs.image.pullSecret }} {{- end }} @@ -1154,7 +1121,7 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol @@ -1167,8 +1134,8 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared {{- end }} containers: - - name: st2actionrunner{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2actionrunner + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -1247,7 +1214,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2garbagecollector{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2garbagecollector labels: app: st2garbagecollector tier: backend @@ -1279,9 +1246,6 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -1289,8 +1253,8 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} {{ include "init-containers-wait-for-mq" . | indent 6 }} containers: - - name: st2garbagecollector{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2garbagecollector{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2garbagecollector + image: "{{ template "imageRepository" . }}/st2garbagecollector:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: Add liveness/readiness probes (#3) #livenessProbe: @@ -1331,7 +1295,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2client{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2client labels: app: st2client tier: backend @@ -1359,18 +1323,13 @@ spec: heritage: {{ .Release.Service }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} - {{- if .Values.enterprise.enabled }} checksum/rbac: {{ include (print $.Template.BasePath "/configmaps_rbac.yaml") . | sha256sum }} - {{- end }} checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} checksum/auth: {{ include (print $.Template.BasePath "/secrets_st2auth.yaml") . | sha256sum }} checksum/ssh: {{ include (print $.Template.BasePath "/secrets_ssh.yaml") . | sha256sum }} checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.st2.packs.image.pullSecret }} - name: {{ .Values.st2.packs.image.pullSecret }} {{- end }} @@ -1397,7 +1356,7 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol @@ -1411,7 +1370,7 @@ spec: {{- end }} # Sidecar container for generating st2client config with st2 username & password pair and sharing produced file with the main container - name: generate-st2client-config - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - configMapRef: @@ -1441,8 +1400,8 @@ spec: password = ${ST2_AUTH_PASSWORD} EOT containers: - - name: st2client{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + - name: st2client + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: ST2CLIENT @@ -1457,14 +1416,12 @@ spec: - name: st2-config-vol mountPath: /etc/st2/st2.user.conf subPath: st2.user.conf - {{- if .Values.enterprise.enabled }} - name: st2-rbac-roles-vol mountPath: /opt/stackstorm/rbac/roles/ - name: st2-rbac-assignments-vol mountPath: /opt/stackstorm/rbac/assignments/ - name: st2-rbac-mappings-vol mountPath: /opt/stackstorm/rbac/mappings/ - {{- end }} - name: st2-pack-configs-vol mountPath: /opt/stackstorm/configs/ - name: st2client-config-vol @@ -1505,7 +1462,6 @@ spec: - name: st2-config-vol configMap: name: {{ .Release.Name }}-st2-config - {{- if .Values.enterprise.enabled }} - name: st2-rbac-roles-vol configMap: name: {{ .Release.Name }}-st2-rbac-roles @@ -1515,7 +1471,6 @@ spec: - name: st2-rbac-mappings-vol configMap: name: {{ .Release.Name }}-st2-rbac-mappings - {{- end }} - name: st2-pack-configs-vol configMap: name: {{ .Release.Name }}-st2-pack-configs @@ -1542,7 +1497,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2chatops labels: app: st2chatops tier: backend @@ -1577,7 +1532,7 @@ spec: - name: {{ .Values.image.pullSecret }} {{- end }} containers: - - name: st2chatops{{ template "enterpriseSuffix" . }} + - name: st2chatops image: "{{ .Values.st2chatops.image.repository | default "stackstorm" }}/{{ .Values.st2chatops.image.name | default "st2chatops" }}:{{ tpl (.Values.st2chatops.image.tag | default .Chart.AppVersion) . }}" imagePullPolicy: {{ .Values.st2chatops.image.pullPolicy | default .Values.image.pullPolicy }} env: diff --git a/templates/tests/st2tests-pod.yaml b/templates/tests/st2tests-pod.yaml index fce08b28..cbdc5108 100644 --- a/templates/tests/st2tests-pod.yaml +++ b/templates/tests/st2tests-pod.yaml @@ -14,10 +14,6 @@ metadata: "helm.sh/hook": test-success "helm.sh/hook-delete-policy": hook-succeeded spec: - {{- if .Values.enterprise.enabled }} - imagePullSecrets: - - name: {{ .Release.Name }}-st2-license - {{- end }} initContainers: # Sidecar container to copy BATS framework to the main container - name: test-framework @@ -33,7 +29,7 @@ spec: # Run the actual BATS tests containers: - name: st2tests - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - configMapRef: From 31242c501c79b4523501cfe2d3add8738e9231c9 Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 16 Feb 2021 11:09:24 -0800 Subject: [PATCH 03/18] Update remaining templates to remove enterprise support --- templates/NOTES.txt | 10 +++++----- templates/ingress.yaml | 4 ++-- templates/jobs.yaml | 29 +++++++++-------------------- templates/secrets_st2license.yaml | 22 ---------------------- templates/services.yaml | 10 +++++----- values.yaml | 13 +------------ 6 files changed, 22 insertions(+), 66 deletions(-) delete mode 100644 templates/secrets_st2license.yaml diff --git a/templates/NOTES.txt b/templates/NOTES.txt index bd4546b0..4599e243 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -1,4 +1,4 @@ -Congratulations! You have just deployed StackStorm {{ if .Values.enterprise.enabled }}Enterprise {{ end }}HA! +Congratulations! You have just deployed StackStorm HA! ███████╗████████╗██████╗ ██╗ ██╗ █████╗ ██████╗ ██╗ ██╗ ██╔════╝╚══██╔══╝╚════██╗ ██║ ██║██╔══██╗ ██╔═══██╗██║ ██╔╝ @@ -11,20 +11,20 @@ Congratulations! You have just deployed StackStorm {{ if .Values.enterprise.enab {{- if contains "LoadBalancer" .Values.st2web.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with "kubectl get service {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'" + Watch the status with "kubectl get service {{ .Release.Name }}-st2web -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'" -export ST2WEB_IP=$(kubectl get service {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') +export ST2WEB_IP=$(kubectl get service {{ .Release.Name }}-st2web -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') echo https://${ST2WEB_IP}/ {{- else if contains "ClusterIP" .Values.st2web.service.type }} echo http://127.0.0.1:8080 -kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} 8080:80 +kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ .Release.Name }}-st2web 8080:80 {{- else if contains "NodePort" .Values.st2web.service.type }} export ST2WEB_IP=$(minikube ip 2>/dev/null || kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -export ST2WEB_PORT="$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }})" +export ST2WEB_PORT="$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Release.Name }}-st2web)" echo http://${ST2WEB_IP}:${ST2WEB_PORT}/ {{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 623fc8b6..048d9cc1 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }}-ingress + name: {{ .Release.Name }}-st2web-ingress labels: app: ingress tier: frontend @@ -39,7 +39,7 @@ spec: paths: - path: "/" backend: - serviceName: {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} + serviceName: {{ .Release.Name }}-st2web servicePort: 80 {{- end }} {{- if .Values.ingress.tls }} diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 0cbff255..5b3414ca 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -1,4 +1,3 @@ -{{ if .Values.enterprise.enabled }} --- apiVersion: batch/v1 kind: Job @@ -8,7 +7,7 @@ metadata: app: st2-apply-rbac-definitions tier: backend vendor: stackstorm - support: enterprise + support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -24,7 +23,7 @@ spec: app: st2-apply-rbac-definitions tier: backend vendor: stackstorm - support: enterprise + support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -40,7 +39,7 @@ spec: {{- end }} containers: - name: st2-apply-rbac-definitions - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - st2-apply-rbac-definitions @@ -77,7 +76,6 @@ spec: configMap: name: {{ .Release.Name }}-st2-rbac-mappings restartPolicy: OnFailure -{{ end }} --- apiVersion: batch/v1 @@ -114,9 +112,6 @@ spec: checksum/apikeys: {{ include (print $.Template.BasePath "/secrets_st2apikeys.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -133,7 +128,7 @@ spec: done # Sidecar container for generating st2client config with st2 username & password pair and sharing produced file with the main container - name: generate-st2client-config - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - configMapRef: @@ -164,7 +159,7 @@ spec: EOT containers: - name: st2-apikey-load - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - st2 @@ -226,9 +221,6 @@ spec: checksum/urls: {{ include (print $.Template.BasePath "/configmaps_st2-urls.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -236,7 +228,7 @@ spec: {{ include "init-containers-wait-for-db" . | indent 6 }} # Sidecar container for generating st2client config with st2 username & password pair and sharing produced file with the main container - name: generate-st2client-config - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - configMapRef: @@ -267,7 +259,7 @@ spec: EOT containers: - name: st2-key-load - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - st2 @@ -338,9 +330,6 @@ spec: checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.st2.packs.image.pullSecret }} - name: {{ .Values.st2.packs.image.pullSecret }} {{- end }} @@ -368,7 +357,7 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol @@ -382,7 +371,7 @@ spec: {{ end }} containers: - name: st2-register-content - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - st2-register-content diff --git a/templates/secrets_st2license.yaml b/templates/secrets_st2license.yaml deleted file mode 100644 index 815a6c27..00000000 --- a/templates/secrets_st2license.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.enterprise.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-st2-license - annotations: - description: StackStorm Enterprise license, used to authenticate to private docker.stackstorm.com Docker Hub - labels: - app: st2 - tier: backend - vendor: stackstorm - support: enterprise - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: kubernetes.io/dockerconfigjson -data: - # Ensure that secret 'enterprise.license' is required and was really specified - st2_license: {{ required "Secret 'enterprise.license' is required to pull StackStorm Enterprise images! Don't have one? Obtain 90-day free trial at https://stackstorm.com/#product" .Values.enterprise.license }} - .dockerconfigjson: {{ template "imagePullSecret" . }} -{{- end }} diff --git a/templates/services.yaml b/templates/services.yaml index 915f0099..1f4cfe59 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: - name: {{ .Release.Name }}-st2auth{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2auth annotations: description: StackStorm st2auth - all authentication is managed by this service. labels: @@ -27,7 +27,7 @@ spec: kind: Service apiVersion: v1 metadata: - name: {{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2api annotations: description: StackStorm st2api - service hosts the REST API endpoints that serve requests from WebUI, CLI, ChatOps and other st2 services. labels: @@ -52,7 +52,7 @@ spec: kind: Service apiVersion: v1 metadata: - name: {{ .Release.Name }}-st2stream{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2stream annotations: description: StackStorm st2stream - exposes a server-sent event stream, used by the clients like WebUI and ChatOps to receive update from the st2stream server. labels: @@ -77,7 +77,7 @@ spec: kind: Service apiVersion: v1 metadata: - name: {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2web annotations: description: StackStorm st2web, - an admin Web UI and main entry point for external API requests {{- if .Values.st2web.service.hostname }} @@ -114,7 +114,7 @@ spec: kind: Service apiVersion: v1 metadata: - name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} + name: {{ .Release.Name }}-st2chatops annotations: description: StackStorm st2chatops, - conversation-driven automation service exposed as hubot instance with predefined list of chat adapters labels: diff --git a/values.yaml b/values.yaml index ef59745c..7c191879 100644 --- a/values.yaml +++ b/values.yaml @@ -7,7 +7,7 @@ image: # Image pull policy pullPolicy: IfNotPresent - # st2 image repository. Set this to override the default ("stackstorm") or enterprise + # st2 image repository. Set this to override the default ("stackstorm") # docker image repository ("docker.stackstorm.com"). Applies to all st2 containers except # st2chatops and st2packs (which have their own override). This also does not impact # dependencies such as mongo or redis, which have their own helm chart settings. @@ -17,17 +17,6 @@ image: # See: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ #pullSecret: "your-pull-secret" - -## -## StackStorm Enterprise settings (Optional) -## -enterprise: - # Enable/Disable StackStorm Enterprise. Enabling will download StackStorm Enterprise Docker images. - enabled: false - # Required StackStorm Enterprise license key. - # Don't have one? Obtain 90-day free trial at https://stackstorm.com/#product - license: "" - # StackStorm Role Based Access Control settings (https://docs.stackstorm.com/rbac.html) rbac: # Custom StackStorm RBAC roles, shipped in '/opt/stackstorm/rbac/roles/' From fa35a3e03da0ab06fd77cd3fe274cc037dcede9a Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 16 Feb 2021 11:13:59 -0800 Subject: [PATCH 04/18] Updating helpers.tpl to remove enterprise flags --- templates/_helpers.tpl | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index e9f084e2..6a4e29ad 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,32 +3,18 @@ {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -# Image pull secret used to access private docker.stackstorm.com Docker registry with Enterprise images -{{- define "imagePullSecret" }} -{{- if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled -}} -{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" "docker.stackstorm.com" (printf "%s:%s" .Values.enterprise.license .Values.enterprise.license | b64enc) | b64enc }} -{{- end -}} -{{- end }} - # Generate support method used in labels. This is based on community/enterprise {{- define "supportMethod" -}} -{{- if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled -}} -enterprise -{{- else -}} community -{{- end -}} {{- end }} # Generate Docker image repository: Private 'docker.stackstorm.com' for Enterprise vs Public Docker Hub 'stackstorm' for FOSS version {{- define "imageRepository" -}} -{{- if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled -}} -docker.stackstorm.com -{{- else if .Values.image.repository -}} +{{- if .Values.image.repository -}} {{ .Values.image.repository }} {{- else -}} stackstorm {{- end -}} -{{- end -}} {{/* Create the name of the stackstorm-ha service account to use @@ -37,11 +23,6 @@ Create the name of the stackstorm-ha service account to use {{- default .Chart.Name .Values.serviceAccount.serviceAccountName -}} {{- end -}} -# Generate '-enterprise' suffix only when it's needed for resource names, docker images, etc -{{- define "enterpriseSuffix" -}} -{{ if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled }}-enterprise{{ end }} -{{- end -}} - # Generate '-' prefix only when the variable is defined {{- define "hyphenPrefix" -}} {{ if . }}-{{ . }}{{end}} From d8918368756d87ae0f0c9cb362751ac88ceb171d Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 16 Feb 2021 11:16:17 -0800 Subject: [PATCH 05/18] Updating helpers.tpl to fix linting error --- templates/_helpers.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 6a4e29ad..132a4317 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -15,6 +15,7 @@ community {{- else -}} stackstorm {{- end -}} +{{- end -}} {{/* Create the name of the stackstorm-ha service account to use From e9a07e4d18d226869d82a8734f92f18015ada00a Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 16 Feb 2021 11:18:41 -0800 Subject: [PATCH 06/18] Updating chart version --- CHANGELOG.md | 1 + Chart.yaml | 2 +- templates/_helpers.tpl | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fccdc318..df2c5deb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## In Development * Implemented initContainers to wait for DB/MQ to be available for St2 Pods (#178) * Add option to define config.js for st2web (#165) (by @moonrail) +* Removed enterprise flags to enable rbac (#182 by @hnanchahal) ## v0.51.0 * Added Redis with Sentinel to replace etcd as a coordination backend (#169) diff --git a/Chart.yaml b/Chart.yaml index 292bce19..9b3321bb 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 # StackStorm version which refers to Docker images tag appVersion: 3.4dev name: stackstorm-ha -version: 0.51.0 +version: 0.52.0 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. home: https://stackstorm.com/ icon: https://landscape.cncf.io/logos/stack-storm.svg diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 132a4317..8c10d540 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,7 +3,7 @@ {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -# Generate support method used in labels. This is based on community/enterprise +# Generate support method used in labels. This is based on community {{- define "supportMethod" -}} community {{- end }} From 12dea23540b93789d95992653135198a11a02c5f Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 23 Feb 2021 13:49:48 -0800 Subject: [PATCH 07/18] Removing Support Method tags Moving rbac under st2 and adding flags to enable/disable rbac --- templates/_helpers.tpl | 7 +- templates/configmaps_packs.yaml | 1 - templates/configmaps_rbac.yaml | 5 +- templates/configmaps_st2-conf.yaml | 1 - templates/configmaps_st2-urls.yaml | 1 - templates/configmaps_st2web.yaml | 1 - templates/deployments.yaml | 46 ++----------- templates/ingress.yaml | 1 - templates/jobs.yaml | 10 +-- templates/secrets_datastore_crypto_key.yaml | 1 - templates/secrets_rabbitmq.yaml | 1 - templates/secrets_ssh.yaml | 1 - templates/secrets_st2apikeys.yaml | 1 - templates/secrets_st2auth.yaml | 1 - templates/secrets_st2chatops.yaml | 1 - templates/secrets_st2kv.yaml | 1 - templates/services.yaml | 10 --- templates/tests/st2tests-pod.yaml | 1 - values.yaml | 72 +++++++++++---------- 19 files changed, 48 insertions(+), 115 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8c10d540..cb8373c6 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,12 +3,7 @@ {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -# Generate support method used in labels. This is based on community -{{- define "supportMethod" -}} -community -{{- end }} - -# Generate Docker image repository: Private 'docker.stackstorm.com' for Enterprise vs Public Docker Hub 'stackstorm' for FOSS version +# Generate Docker image repository: Public Docker Hub 'stackstorm' for FOSS version {{- define "imageRepository" -}} {{- if .Values.image.repository -}} {{ .Values.image.repository }} diff --git a/templates/configmaps_packs.yaml b/templates/configmaps_packs.yaml index d63ee89f..b87e9998 100644 --- a/templates/configmaps_packs.yaml +++ b/templates/configmaps_packs.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/configmaps_rbac.yaml b/templates/configmaps_rbac.yaml index be059e9c..e35158df 100644 --- a/templates/configmaps_rbac.yaml +++ b/templates/configmaps_rbac.yaml @@ -1,3 +1,4 @@ +{{- if .Values.st2.rbac.enabled -}} --- apiVersion: v1 kind: ConfigMap @@ -9,7 +10,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -27,7 +27,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -45,7 +44,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -55,3 +53,4 @@ data: {{ else }} {} {{ end }} +{{- end }} diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index 56a03b0b..925f8dd6 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/configmaps_st2-urls.yaml b/templates/configmaps_st2-urls.yaml index 0088e423..9810ecd6 100644 --- a/templates/configmaps_st2-urls.yaml +++ b/templates/configmaps_st2-urls.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/configmaps_st2web.yaml b/templates/configmaps_st2web.yaml index c861a812..63ed6c99 100644 --- a/templates/configmaps_st2web.yaml +++ b/templates/configmaps_st2web.yaml @@ -10,7 +10,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 867ac83a..9998fc71 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -7,7 +7,6 @@ metadata: app: st2auth tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -15,7 +14,6 @@ spec: selector: matchLabels: app: st2auth - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2auth # Multiple st2auth processes can be behind a load balancer in an active-active configuration. @@ -26,7 +24,6 @@ spec: app: st2auth tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -120,7 +117,6 @@ metadata: app: st2api tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -128,7 +124,6 @@ spec: selector: matchLabels: app: st2api - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2api # Multiple st2api process can be behind a load balancer in an active-active configuration. @@ -139,7 +134,6 @@ spec: app: st2api tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -267,7 +261,6 @@ metadata: app: st2stream tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -275,7 +268,6 @@ spec: selector: matchLabels: app: st2stream - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2stream # Multiple st2stream process can be behind a load balancer in an active-active configuration. @@ -286,7 +278,6 @@ spec: app: st2stream tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -350,7 +341,6 @@ metadata: app: st2web tier: frontend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -358,7 +348,6 @@ spec: selector: matchLabels: app: st2web - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} replicas: {{ default 2 .Values.st2web.replicas }} template: @@ -367,7 +356,6 @@ spec: app: st2web tier: frontend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -449,7 +437,6 @@ metadata: app: st2rulesengine tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -457,7 +444,6 @@ spec: selector: matchLabels: app: st2rulesengine - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2rulesengine # Multiple st2rulesengine processes can run in active-active with only connections to MongoDB and RabbitMQ. All these will share the TriggerInstance load and naturally pick up more work if one or more of the processes becomes unavailable. @@ -468,7 +454,6 @@ spec: app: st2rulesengine tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -538,7 +523,6 @@ metadata: app: st2timersengine tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -546,7 +530,6 @@ spec: selector: matchLabels: app: st2timersengine - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2timersengine # Only single replica is created as timersengine can't work in active-active mode at the moment and it relies on @@ -558,7 +541,6 @@ spec: app: st2timersengine tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -620,7 +602,6 @@ metadata: app: st2workflowengine tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -628,7 +609,6 @@ spec: selector: matchLabels: app: st2workflowengine - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2workflowengine # Multiple st2workflowengine processes can run in active-active mode and will share the load and pick up more work if one or more of the processes become available. @@ -639,7 +619,6 @@ spec: app: st2workflowengine tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -715,7 +694,6 @@ metadata: app: st2scheduler tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -723,7 +701,6 @@ spec: selector: matchLabels: app: st2scheduler - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2scheduler replicas: {{ default 2 .Values.st2scheduler.replicas }} @@ -733,7 +710,6 @@ spec: app: st2scheduler tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -809,7 +785,6 @@ metadata: app: st2notifier tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -817,7 +792,6 @@ spec: selector: matchLabels: app: st2notifier - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2notifier # st2notifier runs in active-active mode and requires for that coordination backend like Redis or Zookeeper @@ -828,7 +802,6 @@ spec: app: st2notifier tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -891,7 +864,6 @@ metadata: app: st2sensorcontainer{{ template "hyphenPrefix" .name }} tier: backend vendor: stackstorm - support: {{ template "supportMethod" $ }} chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} release: {{ $.Release.Name }} heritage: {{ $.Release.Service }} @@ -899,7 +871,6 @@ spec: selector: matchLabels: app: st2sensorcontainer{{ template "hyphenPrefix" .name }} - support: {{ template "supportMethod" $ }} release: {{ $.Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer # It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. Each sensor node needs to be @@ -912,7 +883,6 @@ spec: app: st2sensorcontainer{{ template "hyphenPrefix" .name }} tier: backend vendor: stackstorm - support: {{ template "supportMethod" $ }} chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} release: {{ $.Release.Name }} heritage: {{ $.Release.Service }} @@ -1056,7 +1026,6 @@ metadata: app: st2actionrunner tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1064,7 +1033,6 @@ spec: selector: matchLabels: app: st2actionrunner - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2actionrunner # Multiple st2actionrunner processes can run in active-active with only connections to MongoDB and RabbitMQ. Work gets naturally @@ -1076,7 +1044,6 @@ spec: app: st2actionrunner tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1219,7 +1186,6 @@ metadata: app: st2garbagecollector tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1227,7 +1193,6 @@ spec: selector: matchLabels: app: st2garbagecollector - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2garbagecollector # Having 1 st2garbagecollector unique replica is enough for periodic task like st2 history garbage collection @@ -1238,7 +1203,6 @@ spec: app: st2garbagecollector tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1300,7 +1264,6 @@ metadata: app: st2client tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1308,7 +1271,6 @@ spec: selector: matchLabels: app: st2client - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} replicas: 1 template: @@ -1317,7 +1279,6 @@ spec: app: st2client tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1416,12 +1377,14 @@ spec: - name: st2-config-vol mountPath: /etc/st2/st2.user.conf subPath: st2.user.conf + {{- if .Values.st2.rbac.enabled -}} - name: st2-rbac-roles-vol mountPath: /opt/stackstorm/rbac/roles/ - name: st2-rbac-assignments-vol mountPath: /opt/stackstorm/rbac/assignments/ - name: st2-rbac-mappings-vol mountPath: /opt/stackstorm/rbac/mappings/ + {{- end }} - name: st2-pack-configs-vol mountPath: /opt/stackstorm/configs/ - name: st2client-config-vol @@ -1462,6 +1425,7 @@ spec: - name: st2-config-vol configMap: name: {{ .Release.Name }}-st2-config + {{- if .Values.st2.rbac.enabled -}} - name: st2-rbac-roles-vol configMap: name: {{ .Release.Name }}-st2-rbac-roles @@ -1471,6 +1435,7 @@ spec: - name: st2-rbac-mappings-vol configMap: name: {{ .Release.Name }}-st2-rbac-mappings + {{- end }} - name: st2-pack-configs-vol configMap: name: {{ .Release.Name }}-st2-pack-configs @@ -1502,7 +1467,6 @@ metadata: app: st2chatops tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -1510,7 +1474,6 @@ spec: selector: matchLabels: app: st2chatops - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} # As hubot can't be HA scaled properly, we deploy only single replica of st2chatops replicas: 1 @@ -1520,7 +1483,6 @@ spec: app: st2chatops tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 048d9cc1..3891907b 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -8,7 +8,6 @@ metadata: app: ingress tier: frontend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 5b3414ca..1c3b9d0d 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -1,3 +1,4 @@ +{{- if .Values.st2.rbac.enabled -}} --- apiVersion: batch/v1 kind: Job @@ -7,7 +8,6 @@ metadata: app: st2-apply-rbac-definitions tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -23,7 +23,6 @@ spec: app: st2-apply-rbac-definitions tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -77,6 +76,7 @@ spec: name: {{ .Release.Name }}-st2-rbac-mappings restartPolicy: OnFailure +{{- end }} --- apiVersion: batch/v1 kind: Job @@ -86,7 +86,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -102,7 +101,6 @@ spec: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -195,7 +193,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -211,7 +208,6 @@ spec: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -304,7 +300,6 @@ metadata: app: st2-register-content tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -320,7 +315,6 @@ spec: app: st2-register-content tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/secrets_datastore_crypto_key.yaml b/templates/secrets_datastore_crypto_key.yaml index 0bf17bbb..0ab890d7 100644 --- a/templates/secrets_datastore_crypto_key.yaml +++ b/templates/secrets_datastore_crypto_key.yaml @@ -10,7 +10,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/secrets_rabbitmq.yaml b/templates/secrets_rabbitmq.yaml index 5872cea4..0933f5d1 100644 --- a/templates/secrets_rabbitmq.yaml +++ b/templates/secrets_rabbitmq.yaml @@ -12,7 +12,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/secrets_ssh.yaml b/templates/secrets_ssh.yaml index e2723a78..42e6294b 100644 --- a/templates/secrets_ssh.yaml +++ b/templates/secrets_ssh.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/secrets_st2apikeys.yaml b/templates/secrets_st2apikeys.yaml index 820e264c..6a2bd7cd 100644 --- a/templates/secrets_st2apikeys.yaml +++ b/templates/secrets_st2apikeys.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/secrets_st2auth.yaml b/templates/secrets_st2auth.yaml index 2c152e31..83693974 100644 --- a/templates/secrets_st2auth.yaml +++ b/templates/secrets_st2auth.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/secrets_st2chatops.yaml b/templates/secrets_st2chatops.yaml index 44ffbeeb..d50d4f45 100644 --- a/templates/secrets_st2chatops.yaml +++ b/templates/secrets_st2chatops.yaml @@ -10,7 +10,6 @@ metadata: app: st2chatops tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/templates/secrets_st2kv.yaml b/templates/secrets_st2kv.yaml index fae744ae..c7952934 100644 --- a/templates/secrets_st2kv.yaml +++ b/templates/secrets_st2kv.yaml @@ -9,7 +9,6 @@ metadata: app: st2 tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" diff --git a/templates/services.yaml b/templates/services.yaml index 1f4cfe59..0770c0db 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -9,14 +9,12 @@ metadata: app: st2auth tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: selector: app: st2auth - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} type: ClusterIP ports: @@ -34,14 +32,12 @@ metadata: app: st2api tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: selector: app: st2api - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} type: ClusterIP ports: @@ -59,14 +55,12 @@ metadata: app: st2stream tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: selector: app: st2stream - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} type: ClusterIP ports: @@ -90,14 +84,12 @@ metadata: app: st2web tier: frontend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: selector: app: st2web - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} type: {{ .Values.st2web.service.type }} {{- if contains "ExternalName" .Values.st2web.service.type }} @@ -121,14 +113,12 @@ metadata: app: st2chatops tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: selector: app: st2chatops - support: {{ template "supportMethod" . }} release: {{ .Release.Name }} type: ClusterIP ports: diff --git a/templates/tests/st2tests-pod.yaml b/templates/tests/st2tests-pod.yaml index cbdc5108..7ae62bed 100644 --- a/templates/tests/st2tests-pod.yaml +++ b/templates/tests/st2tests-pod.yaml @@ -6,7 +6,6 @@ metadata: app: st2tests tier: tests vendor: stackstorm - support: {{ template "supportMethod" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/values.yaml b/values.yaml index 7c191879..fae8eb5c 100644 --- a/values.yaml +++ b/values.yaml @@ -17,40 +17,7 @@ image: # See: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ #pullSecret: "your-pull-secret" -# StackStorm Role Based Access Control settings (https://docs.stackstorm.com/rbac.html) -rbac: - # Custom StackStorm RBAC roles, shipped in '/opt/stackstorm/rbac/roles/' - # See https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants - roles: - sample.yaml: | - # sample RBAC role file, see https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants - --- - name: "sample" - description: "Example Role which contains no permission grants and serves for demonstration purposes" - # Custom StackStorm RBAC role assignments, shipped in '/opt/stackstorm/rbac/assignments/' - # See: https://docs.stackstorm.com/rbac.html#defining-user-role-assignments - assignments: - st2admin.yaml: | - --- - username: st2admin - roles: - - system_admin - stanley.yaml: | - --- - username: stanley - roles: - - admin - - # StackStorm RBAC LDAP groups-to-roles mapping rules, shipped in '/opt/stackstorm/rbac/mappings/' - # See RBAC Roles Based on LDAP Groups: https://docs.stackstorm.com/rbac.html#automatically-granting-roles-based-on-ldap-group-membership - mappings: - #stormers.yaml: | - # --- - # group: "CN=stormers,OU=groups,DC=stackstorm,DC=net" - # description: "Automatically grant admin role to all stormers group members." - # roles: - # - "admin" ## ## Service Account @@ -71,6 +38,10 @@ st2: config: | [api] allow_origin = '*' + {{- if .Values.st2.rbac.enabled -}} + [rbac] + sync_remote_groups = True + {{- end}} # Custom pack configs and image settings. # @@ -138,6 +109,41 @@ st2: # metadata: {"comment": "Example unsecure ST2 API key from K8s HA Helm values.yaml"} # uid: api_key:56928c2d9637ce44338e9564d4b939df8b258410db23b5a80f8ad69d58e648b574f35f9293c3a76bde263738be9aa8379a81553cd55513ad672540b7b0ec0cac # user: st2admin + # StackStorm Role Based Access Control settings (https://docs.stackstorm.com/rbac.html) + rbac: + enabled: false + # Custom StackStorm RBAC roles, shipped in '/opt/stackstorm/rbac/roles/' + # See https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants + roles: + sample.yaml: | + # sample RBAC role file, see https://docs.stackstorm.com/rbac.html#defining-roles-and-permission-grants + --- + name: "sample" + description: "Example Role which contains no permission grants and serves for demonstration purposes" + + # Custom StackStorm RBAC role assignments, shipped in '/opt/stackstorm/rbac/assignments/' + # See: https://docs.stackstorm.com/rbac.html#defining-user-role-assignments + assignments: + st2admin.yaml: | + --- + username: st2admin + roles: + - system_admin + stanley.yaml: | + --- + username: stanley + roles: + - admin + + # StackStorm RBAC LDAP groups-to-roles mapping rules, shipped in '/opt/stackstorm/rbac/mappings/' + # See RBAC Roles Based on LDAP Groups: https://docs.stackstorm.com/rbac.html#automatically-granting-roles-based-on-ldap-group-membership + mappings: + #stormers.yaml: | + # --- + # group: "CN=stormers,OU=groups,DC=stackstorm,DC=net" + # description: "Automatically grant admin role to all stormers group members." + # roles: + # - "admin" ## ## StackStorm HA Ingress From f4bb60de765ff161d5d0f9b2425c8faeffdbe6f9 Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 23 Feb 2021 14:54:24 -0800 Subject: [PATCH 08/18] Update st2.user.conf config --- templates/configmaps_st2-conf.yaml | 5 +++++ values.yaml | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index 925f8dd6..ad89ad58 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -48,3 +48,8 @@ data: # The order of merging: st2.conf < st2.docker.conf < st2.user.conf st2.user.conf: | {{ .Values.st2.config | indent 4 }} + + {{- if .Values.st2.rbac.enabled - }} + [rbac] + sync_remote_groups = True + {{- end}} diff --git a/values.yaml b/values.yaml index 7baef345..81ace8d4 100644 --- a/values.yaml +++ b/values.yaml @@ -38,10 +38,6 @@ st2: config: | [api] allow_origin = '*' - {{- if .Values.st2.rbac.enabled -}} - [rbac] - sync_remote_groups = True - {{- end}} # Custom pack configs and image settings. # From 1483334955fe7d873ad58bb94de810768c3fd984 Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 23 Feb 2021 14:58:33 -0800 Subject: [PATCH 09/18] Fixing linting errors --- templates/configmaps_st2-conf.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index ad89ad58..0eedc63c 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -47,9 +47,8 @@ data: # User-defined st2 config with custom settings applied on top of everything else. # The order of merging: st2.conf < st2.docker.conf < st2.user.conf st2.user.conf: | -{{ .Values.st2.config | indent 4 }} - - {{- if .Values.st2.rbac.enabled - }} + {{ .Values.st2.config | indent 4 }} + {{- if .Values.st2.rbac.enabled }} [rbac] sync_remote_groups = True - {{- end}} + {{- end }} From 98692a58580388860a321e4953a630846e38851e Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 23 Feb 2021 15:08:27 -0800 Subject: [PATCH 10/18] linting check --- templates/configmaps_st2-conf.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index 0eedc63c..9bdcdf5f 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -47,8 +47,10 @@ data: # User-defined st2 config with custom settings applied on top of everything else. # The order of merging: st2.conf < st2.docker.conf < st2.user.conf st2.user.conf: | - {{ .Values.st2.config | indent 4 }} - {{- if .Values.st2.rbac.enabled }} + {{- if .Values.st2.rbac.enabled }} [rbac] sync_remote_groups = True - {{- end }} + {{- end }} + +{{ .Values.st2.config | indent 4 }} + From bd5c6e2dcca1a41be325512bb3fabdbaf13097f6 Mon Sep 17 00:00:00 2001 From: hanancha Date: Tue, 23 Feb 2021 21:57:05 -0800 Subject: [PATCH 11/18] Updating rbac references to rbac configmaps --- templates/configmaps_rbac.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/configmaps_rbac.yaml b/templates/configmaps_rbac.yaml index e35158df..8508d6e8 100644 --- a/templates/configmaps_rbac.yaml +++ b/templates/configmaps_rbac.yaml @@ -1,4 +1,4 @@ -{{- if .Values.st2.rbac.enabled -}} +{{- if .Values.st2.rbac.enabled }} --- apiVersion: v1 kind: ConfigMap @@ -14,7 +14,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.rbac.roles | indent 2 }} +{{ toYaml .Values.st2.rbac.roles | indent 2 }} --- apiVersion: v1 @@ -31,7 +31,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.rbac.assignments | indent 2 }} +{{ toYaml .Values.st2.rbac.assignments | indent 2 }} --- apiVersion: v1 @@ -48,8 +48,8 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{- if .Values.rbac.mappings }} -{{ toYaml .Values.rbac.mappings | indent 2 }} +{{- if .Values.st2.rbac.mappings }} +{{ toYaml .Values.st2.rbac.mappings | indent 2 }} {{ else }} {} {{ end }} From 1d75f39b059a29446d19862ace211faf01f8dfcc Mon Sep 17 00:00:00 2001 From: hanancha Date: Fri, 5 Mar 2021 14:03:41 -0800 Subject: [PATCH 12/18] Adding rbac config support --- templates/configmaps_st2-conf.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index 9bdcdf5f..8d694808 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -49,6 +49,8 @@ data: st2.user.conf: | {{- if .Values.st2.rbac.enabled }} [rbac] + enable = True + backend = default sync_remote_groups = True {{- end }} From f0db028d4cc4b826dc8196c1f6cdc298fcefc499 Mon Sep 17 00:00:00 2001 From: hanancha Date: Fri, 5 Mar 2021 14:08:08 -0800 Subject: [PATCH 13/18] Update rbac configs --- templates/configmaps_st2-conf.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/templates/configmaps_st2-conf.yaml b/templates/configmaps_st2-conf.yaml index 8d694808..98f326dc 100644 --- a/templates/configmaps_st2-conf.yaml +++ b/templates/configmaps_st2-conf.yaml @@ -43,16 +43,14 @@ data: [keyvalue] encryption_key_path = /etc/st2/keys/datastore_key.json {{- end }} - - # User-defined st2 config with custom settings applied on top of everything else. - # The order of merging: st2.conf < st2.docker.conf < st2.user.conf - st2.user.conf: | - {{- if .Values.st2.rbac.enabled }} + {{- if .Values.st2.rbac.enabled }} [rbac] enable = True backend = default - sync_remote_groups = True - {{- end }} + {{- end }} + # User-defined st2 config with custom settings applied on top of everything else. + # The order of merging: st2.conf < st2.docker.conf < st2.user.conf + st2.user.conf: | {{ .Values.st2.config | indent 4 }} From 45c9245aa034f2fec7d37ed2db10c36fead83fb9 Mon Sep 17 00:00:00 2001 From: hanancha Date: Thu, 11 Mar 2021 11:40:02 -0800 Subject: [PATCH 14/18] Updating appVersion --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 9b3321bb..0d242577 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 # StackStorm version which refers to Docker images tag -appVersion: 3.4dev +appVersion: 3.4 name: stackstorm-ha version: 0.52.0 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. From 1d9c1cb86d958e1d0133ec3b170e9078b21b3c7b Mon Sep 17 00:00:00 2001 From: hanancha Date: Thu, 11 Mar 2021 11:45:36 -0800 Subject: [PATCH 15/18] Fix linting error --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 0d242577..80ade761 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 # StackStorm version which refers to Docker images tag -appVersion: 3.4 +appVersion: "3.4" name: stackstorm-ha version: 0.52.0 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. From fcc5222c78bc4a7c6c26f3e22ef263b3aae24167 Mon Sep 17 00:00:00 2001 From: hanancha Date: Mon, 22 Mar 2021 13:13:41 -0700 Subject: [PATCH 16/18] Removing enterprise flag --- templates/jobs.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/templates/jobs.yaml b/templates/jobs.yaml index d491fe0b..fe40d2c9 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -324,9 +324,6 @@ spec: checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} From bb464c45d84ab5b18ffed026a284cd3d2d48829e Mon Sep 17 00:00:00 2001 From: hanancha Date: Mon, 22 Mar 2021 13:15:06 -0700 Subject: [PATCH 17/18] Removing enterprise flag --- templates/deployments.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 747ae108..d68650ce 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -870,9 +870,6 @@ spec: {{- end }} spec: imagePullSecrets: - {{- if $.Values.enterprise.enabled }} - - name: {{ $.Release.Name }}-st2-license - {{- end }} {{- if $.Values.image.pullSecret }} - name: {{ $.Values.image.pullSecret }} {{- end }} From 7b0135bc8cca02b641e9b31e8275e660f1f00940 Mon Sep 17 00:00:00 2001 From: hanancha Date: Mon, 22 Mar 2021 13:17:13 -0700 Subject: [PATCH 18/18] Removing enterprise flag --- templates/deployments.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index d68650ce..d4e021cd 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -147,9 +147,6 @@ spec: checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -1004,9 +1001,6 @@ spec: {{ toYaml .Values.st2actionrunner.hostAliases | indent 8 }} {{- end }} imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} @@ -1207,9 +1201,6 @@ spec: checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }} spec: imagePullSecrets: - {{- if .Values.enterprise.enabled }} - - name: {{ .Release.Name }}-st2-license - {{- end }} {{- if .Values.st2.packs.images }} {{- include "packs-pullSecrets" . | indent 6 }} {{- end }}