diff --git a/CHANGELOG.md b/CHANGELOG.md index 09cb72a196d4d5592405f27a40f625edad6efb54..819ad4b7da53263c9983bb897cc1a8a089d46291 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [0.1.3-bb.2] - 2021-04-19 +### Changed +- Pulled in official BB Minio via kpt +- Refactored the Minio connection secret + ## [0.1.3-bb.1] - 2021-04-15 ### Added - Added Minio security context diff --git a/chart/Chart.lock b/chart/Chart.lock index 3b5e6f3cde38b27b734adde628ad2d7e098b8f00..9c022842efbabf1342d164fac34b759b43bd2cd8 100644 --- a/chart/Chart.lock +++ b/chart/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 10.3.5 - name: minio-instance repository: file://./deps/minio - version: 2.0.9-bb.5 -digest: sha256:e14a571d09ffdc66826b46a727ead36511ea5a6b0e349cda36d217bafcd26210 -generated: "2021-03-22T15:12:25.740669-06:00" + version: 2.0.9-bb.9 +digest: sha256:655a9483cf53a24afb867a32f3bcdaedced200bb5cdefb93b5889f79486e8b55 +generated: "2021-04-19T09:54:43.894362-06:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 58137f04a628710b38ed0d5ba015506ce23fd06a..4c7ffe9e0c4d4930825c7ec1e3c2038bcbe995b7 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mattermost type: application -version: "0.1.3-bb.1" +version: "0.1.3-bb.2" appVersion: "5.32.1" description: "Deployment of mattermost" keywords: @@ -17,7 +17,7 @@ dependencies: condition: postgresql.install repository: file://./deps/postgresql - name: minio-instance - version: 2.0.9-bb.5 + version: 2.0.9-bb.9 alias: minio condition: minio.install repository: file://./deps/minio diff --git a/chart/charts/minio-instance-2.0.9-bb.5.tgz b/chart/charts/minio-instance-2.0.9-bb.5.tgz deleted file mode 100644 index 126ad8893e08192f7565eb8e5b42cf41d1def3f2..0000000000000000000000000000000000000000 Binary files a/chart/charts/minio-instance-2.0.9-bb.5.tgz and /dev/null differ diff --git a/chart/charts/minio-instance-2.0.9-bb.9.tgz b/chart/charts/minio-instance-2.0.9-bb.9.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c3f8d1aa9a9210e25ff9b58c9ea4778a74b0a975 Binary files /dev/null and b/chart/charts/minio-instance-2.0.9-bb.9.tgz differ diff --git a/chart/charts/postgresql-10.3.5.tgz b/chart/charts/postgresql-10.3.5.tgz index 9be125567d07edd81328f5a69e790deb89ce8836..e5e8457b930a4ca53624745d752d18708bc059b6 100644 Binary files a/chart/charts/postgresql-10.3.5.tgz and b/chart/charts/postgresql-10.3.5.tgz differ diff --git a/chart/deps/minio/Chart.yaml b/chart/deps/minio/Chart.yaml index 7f1461cb90b3db7ce5e5fc8535a41e52fe592527..42df286241f9d1427f12b2e72cd2eb17e9c1dd95 100644 --- a/chart/deps/minio/Chart.yaml +++ b/chart/deps/minio/Chart.yaml @@ -9,7 +9,7 @@ description: |- type: application -version: 2.0.9-bb.5 +version: 2.0.9-bb.9 appVersion: RELEASE.2020-11-19T23-48-16Z diff --git a/chart/deps/minio/Kptfile b/chart/deps/minio/Kptfile index ce3391e9c903788e31b7d3c750102070a1c6dd35..521d9164c2fcb4d2583212057c7b4f002b1a66f7 100644 --- a/chart/deps/minio/Kptfile +++ b/chart/deps/minio/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: 99d751b096154d9c5820af4a84ff4a0f99f4f7b7 + commit: a8ef3702468317396a58ed94bb1823f9d4ae59cf repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio directory: /chart - ref: 2.0.9-bb.5 + ref: 2.0.9-bb.9 diff --git a/chart/deps/minio/cypress/cypress.json b/chart/deps/minio/cypress/cypress.json new file mode 100644 index 0000000000000000000000000000000000000000..e36f98472bbfea7bfc965e1a081f0b002af04859 --- /dev/null +++ b/chart/deps/minio/cypress/cypress.json @@ -0,0 +1,5 @@ +{ + "pluginsFile": false, + "supportFile": false, + "fixturesFolder": false +} diff --git a/chart/deps/minio/cypress/minio-health.spec.js b/chart/deps/minio/cypress/minio-health.spec.js new file mode 100644 index 0000000000000000000000000000000000000000..6778cf9b1975182d923a0a73b0296935cabc272a --- /dev/null +++ b/chart/deps/minio/cypress/minio-health.spec.js @@ -0,0 +1,5 @@ +describe('Basic Minio', function() { + it('Check Minio UI is accessible', function() { + cy.visit(Cypress.env('url')) + }) +}) diff --git a/chart/deps/minio/cypress/minio-login.js b/chart/deps/minio/cypress/minio-login.js new file mode 100644 index 0000000000000000000000000000000000000000..d64096b0dea0bbfb50203442aa179433cad51eb7 --- /dev/null +++ b/chart/deps/minio/cypress/minio-login.js @@ -0,0 +1,24 @@ +describe('Minio Login', function() { + it('Check Minio Login', function() { + cy.visit(Cypress.env('url')+"/minio/login") + // Fill the username + cy.get('[name="username"]') + .type(Cypress.env('accesskey')) + .should('have.value', Cypress.env('accesskey')); + + // Fill the password + cy.get('[name="password"]') + .type(Cypress.env('secretkey')) + .should('have.value', Cypress.env('secretkey')); + + // Locate and submit the form + cy.get('form').submit(); + + // Verify the app redirected you to the homepage + cy.location('pathname', { timeout: 10000 }).should('eq', '/minio/'); + + // Verify the page title is "Home" + cy.title().should('eq', 'MinIO Browser'); + + }) +}) diff --git a/chart/deps/minio/templates/default-secret.yaml b/chart/deps/minio/templates/default-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c79e87de13e6aad205d6dd03a06e327dd3e2d964 --- /dev/null +++ b/chart/deps/minio/templates/default-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: default-minio-creds-secret + namespace: {{ .Release.Namespace }} +type: Opaque +data: + accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) + secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) +--- diff --git a/chart/deps/minio/templates/minio-vs.yaml b/chart/deps/minio/templates/minio-vs.yaml index 29e214f066f57a831609200f4bc92efe7ba824d7..0fbee17d32a9dd3228e11ec22de4721828eb6643 100644 --- a/chart/deps/minio/templates/minio-vs.yaml +++ b/chart/deps/minio/templates/minio-vs.yaml @@ -4,11 +4,25 @@ kind: VirtualService metadata: name: {{ template "minio.fullname" . }} namespace: {{ .Release.Namespace }} + labels: + app: {{ template "minio.fullname" . }} + {{- include "minio.labels" . | nindent 4 }} + {{- if .Values.istio.virtualService.labels }} + {{ toYaml .Values.istio.virtualservice.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.virtualService.annotations }} + annotations: + {{ toYaml .Values.istio.virtualService.annotations | indent 2 }} + {{- end }} spec: gateways: - - istio-system/main + {{- range .Values.istio.virtualService.gateways }} + - {{ . }} + {{- end }} hosts: - - {{ .Values.istio.virtualService.name }}.{{ .Values.hostname }} + {{- range .Values.istio.virtualService.hosts }} + - {{ tpl . $}} + {{- end }} http: - match: - uri: @@ -32,4 +46,3 @@ spec: port: number: {{ .Values.service.port }} {{- end }} - diff --git a/chart/deps/minio/templates/minioinstance.yaml b/chart/deps/minio/templates/minioinstance.yaml index 93131e29b7a916bde45a8ad5137a888b59bec9c2..b79519ad4b978902da4401a993201134a99d5802 100644 --- a/chart/deps/minio/templates/minioinstance.yaml +++ b/chart/deps/minio/templates/minioinstance.yaml @@ -19,6 +19,14 @@ spec: prometheus.io/scrape: "true" {{- toYaml . | nindent 6 }} {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} ## Registry location and Tag to download MinIO Server image image: {{ .Values.image.name }}:{{ .Values.image.tag }} diff --git a/chart/deps/minio/templates/secret.yaml b/chart/deps/minio/templates/secret.yaml deleted file mode 100644 index 76b3a538ba6d8fed9b312395085509c3e03563e4..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: minio-creds-secret - namespace: {{ .Release.Namespace }} -type: Opaque -data: - accesskey: {{ .Values.accessKey | b64enc }} - secretkey: {{ .Values.secretKey | b64enc }} diff --git a/chart/deps/minio/templates/tests/test-ui-configmap.yaml b/chart/deps/minio/templates/tests/test-ui-configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d3b0c95717b623009a2f87dac2a4e748ff2ac26c --- /dev/null +++ b/chart/deps/minio/templates/tests/test-ui-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Release.Name }}-cypress-test-configmap" + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "5" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled + {{- include "minio.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +data: +{{ (.Files.Glob "cypress/*").AsConfig | indent 2 }} + diff --git a/chart/deps/minio/templates/tests/test-ui.yaml b/chart/deps/minio/templates/tests/test-ui.yaml new file mode 100644 index 0000000000000000000000000000000000000000..86dc8e6feb1f782d3987152687d5ef2a19dbba76 --- /dev/null +++ b/chart/deps/minio/templates/tests/test-ui.yaml @@ -0,0 +1,69 @@ +kind: Pod +apiVersion: v1 +metadata: + name: "{{ .Release.Name }}-ui-test" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "20" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled + {{- include "minio.labels" . | nindent 4 }} +spec: + initContainers: + - name: copier + image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/cypress/included:5.0.0 + command: + - "/bin/bash" + - "-c" + - | + + ls -la /src/ + cp /src/cypress.json /dest/ + mkdir -p /dest/cypress/integration/ + cp /src/*.js /dest/cypress/integration/ + ls -la /dest/ + ls -la /dest/cypress/integration/ + volumeMounts: + - name: cypress-tests + mountPath: /src + - name: workdir + mountPath: /dest + containers: + - name: {{ .Release.Name }}-ui-test + image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/cypress/included:5.0.0 + imagePullPolicy: {{ .Values.image.imagePullPolicy | quote }} + workingDir: /e2e + env: + - name: HOST + value: {{ .Values.service.port | quote }} + - name: MINIO_HOST + value: {{ include "minio.serviceName" . }} + - name: cypress_secretkey + valueFrom: + secretKeyRef: + name: {{ .Values.minioRootCreds }} + key: secretkey + - name: cypress_accesskey + valueFrom: + secretKeyRef: + name: {{ .Values.minioRootCreds }} + key: accesskey + - name: cypress_url + value: "http://{{ include "minio.serviceName" . }}:{{ .Values.service.port }}" + args: + - "--" + - "--reporter-options=list" + - "--reporter=spec" + volumeMounts: + - name: workdir + mountPath: /e2e/ + restartPolicy: Never + volumes: + - name: cypress-tests + configMap: + name: "{{ .Release.Name }}-cypress-test-configmap" + - name: workdir + emptyDir: {} + diff --git a/chart/deps/minio/templates/tests/test-write.yaml b/chart/deps/minio/templates/tests/test-write.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e352bc62023921bafa8fbb6989b8192edb7afd2e --- /dev/null +++ b/chart/deps/minio/templates/tests/test-write.yaml @@ -0,0 +1,54 @@ +kind: Pod +apiVersion: v1 +metadata: + name: "{{ .Release.Name }}-access-test" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-weight": "10" + sidecar.istio.io/inject: "false" + labels: + helm-test: enabled + {{- include "minio.labels" . | nindent 4 }} +spec: + containers: + - name: {{ .Release.Name }}-credentials-test + image: {{.Values.mcImage }} + imagePullPolicy: {{ .Values.image.imagePullPolicy | quote }} + env: + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + - name: MINIO_HOST + value: {{ include "minio.serviceName" . }} + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.minioRootCreds }} + key: secretkey + - name: ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.minioRootCreds }} + key: accesskey + command: + - /bin/bash + - -ec + - |- + set -x + mc config host add bigbang http://${MINIO_HOST}:${MINIO_PORT} ${ACCESS_KEY} ${SECRET_KEY} + # cleanup from pervious runs + mc rb bigbang/foobar --force || true + mc mb bigbang/foobar + mc ls bigbang/foobar + base64 /dev/urandom | head -c 10000000 > /tmp/file.txt + md5sum /tmp/file.txt > /tmp/filesig + mc cp /tmp/file.txt bigbang/foobar/file.txt + mc ls bigbang/foobar/file.txt + mc cp bigbang/foobar/file.txt /tmp/file.txt + mc rb bigbang/foobar --force + md5sum -c /tmp/filesig + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 4}} + {{- end }} + restartPolicy: Never \ No newline at end of file diff --git a/chart/deps/minio/values.yaml b/chart/deps/minio/values.yaml index afb3156268904d672577d9c5c5ee8b8e7ba0755f..e51cc84d1471039f7671066bc632ab1410fe6cfe 100644 --- a/chart/deps/minio/values.yaml +++ b/chart/deps/minio/values.yaml @@ -6,9 +6,7 @@ replicas: count: 1 -accessKey: minio -secretKey: minio#123 # default key, change this! - +hostname: bigbang.dev nameOverride: "" fullnameOverride: "" @@ -29,7 +27,7 @@ volumeClaimTemplate: accessModes: ReadWriteOnce storage: 1Gi # scale down for dev -minioRootCreds: minio-creds-secret +minioRootCreds: default-minio-creds-secret imagePullSecrets: [ ] @@ -55,8 +53,18 @@ istio: enabled: false virtualService: enabled: true - name: minio + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - minio.{{ .Values.hostname }} + service: "" + port: "" + monitoring: enabled: false namespace: monitoring + +mcImage: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2021-03-23T05-46-11Z \ No newline at end of file diff --git a/chart/templates/mattermost.yaml b/chart/templates/mattermost.yaml index d625eb4c413e077ff7d81ae4f21ccb4373067deb..353c9bb4e55fffa596692244349dd43bb88804ba 100644 --- a/chart/templates/mattermost.yaml +++ b/chart/templates/mattermost.yaml @@ -105,4 +105,4 @@ spec: external: url: {{ .Values.fileStore.url | default (printf "%s:9000" .Values.minio.service.nameOverride) }} bucket: {{ .Values.fileStore.bucket | default "mattermost" }} - secret: {{ .Values.fileStore.secret | default "minio-creds-secret" }} + secret: {{ .Values.fileStore.secret | default "mattermost-objstore-creds" }} diff --git a/chart/templates/objectstorage-credentials.yaml b/chart/templates/objectstorage-credentials.yaml index fc2ca134da6bdaab36709ce447fcf6443743a173..00acf7ebc7d4b918db72129ef62f19689adeb22c 100644 --- a/chart/templates/objectstorage-credentials.yaml +++ b/chart/templates/objectstorage-credentials.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret type: Opaque metadata: - name: {{ include "mattermost.fullname" . }}-objstore-creds + name: mattermost-objstore-creds namespace: {{ .Release.Namespace }} labels: {{ include "mattermost.labels" . | nindent 4 }} diff --git a/chart/values.yaml b/chart/values.yaml index 10f87f41ec6f7c731f47f17bb1a16253f91564e1..293e31447e559f7e2e0ac3330111e5aa3c5ccb05 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -102,6 +102,10 @@ minio: service: nameOverride: "minio-mattermost-service" + # Specify the secret to the Mattermost created secret + minioRootCreds: mattermost-objstore-creds + + # Credentials to populate the secret with accessKey: minio secretKey: minio#123 # default key, change this!