Hawkbit chart v2

charts/hawkbit/.helmignore

@@ -20,3 +20,5 @@
 .idea/
 *.tmproj
 .vscode/
+# Packaged chart tarballs
+*.tgz

charts/hawkbit/Chart.yaml

@@ -11,7 +11,7 @@
 ---
 apiVersion: v2
 version: 1.7.0
-appVersion: "0.5.0-mysql"
+appVersion: "0.10.0"
 description: |
    Eclipse hawkBit™ is a domain independent back-end framework for rolling out software updates
    to constrained edge devices as well as more powerful controllers and gateways connected to
@@ -32,11 +32,11 @@ maintainers:
 - name: ctron
   email: ctron@dentrassi.de
 dependencies:
-- name: mysql
-  version: ^9.x
-  repository: "oci://registry-1.docker.io/bitnamicharts"
-  condition: mysql.enabled
+- name: mariadb
+  version: ^0.x
+  repository: "oci://registry-1.docker.io/cloudpirates"
+  condition: mariadb.enabled
 - name: rabbitmq
-  version: ^10.x
-  repository: "oci://registry-1.docker.io/bitnamicharts"
+  version: ^0.x
+  repository: "oci://registry-1.docker.io/cloudpirates"
   condition: rabbitmq.enabled

charts/hawkbit/templates/_helpers.tpl

@@ -54,3 +54,102 @@ Return the appropriate apiVersion for ingress.
 {{- print "networking.k8s.io/v1beta1" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Return the secret with the Hawkbit credentials.
+*/}}
+{{- define "hawkbit.secretName" -}}
+  {{- if .Values.auth.existingSecret -}}
+    {{ print (tpl .Values.auth.existingSecret $) -}}
+  {{- else -}}
+    {{ printf "%s" (include "hawkbit.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.userCredentialsSecretName" -}}
+  {{- if .Values.auth.existingSecret -}}
+    {{- .Values.auth.existingSecret -}}
+  {{- else -}}
+    {{- printf "%s-user" (include "hawkbit.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.dbCredentialsSecretName" -}}
+  {{- if .Values.externalDatabase.existingSecret -}}
+    {{- .Values.externalDatabase.existingSecret -}}
+  {{- else -}}
+    {{- printf "%s-db" (include "hawkbit.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.rabbitmqCredentialsSecretName" -}}
+  {{- if .Values.rabbitmq.credentialsSecret -}}
+    {{- .Values.rabbitmq.credentialsSecret -}}
+  {{- else -}}
+    {{- printf "%s-rabbitmq-creds" (include "hawkbit.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Database helpers — switch between externalDatabase and the bundled mariadb subchart.
+*/}}
+
+{{- define "hawkbit.database.url" -}}
+  {{- if .Values.externalDatabase.url -}}
+    {{- .Values.externalDatabase.url -}}
+  {{- else if and .Values.externalDatabase.host (eq (.Values.externalDatabase.type | default "mariadb") "postgresql") -}}
+    {{- printf "jdbc:postgresql://%s:%v/%s" .Values.externalDatabase.host (.Values.externalDatabase.port | default 5432) (.Values.externalDatabase.database | default "hawkbit") -}}
+  {{- else if .Values.externalDatabase.host -}}
+    {{- printf "jdbc:mariadb://%s:%v/%s" .Values.externalDatabase.host (.Values.externalDatabase.port | default 3306) (.Values.externalDatabase.database | default "hawkbit") -}}
+  {{- else if .Values.mariadb.enabled -}}
+    {{- printf "jdbc:mariadb://%s-mariadb:3306/%s" (include "hawkbit.fullname" .) .Values.mariadb.auth.database -}}
+  {{- else -}}
+    {{- fail "Either externalDatabase.host or mariadb.enabled must be set" -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.database.user" -}}
+  {{- if .Values.externalDatabase.user -}}
+    {{- .Values.externalDatabase.user -}}
+  {{- else if .Values.mariadb.enabled -}}
+    {{- "root" -}}
+  {{- else -}}
+    {{- fail "externalDatabase.user is required when mariadb.enabled=false" -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.database.secretName" -}}
+  {{- if .Values.externalDatabase.existingSecret -}}
+    {{- .Values.externalDatabase.existingSecret -}}
+  {{- else if .Values.mariadb.enabled -}}
+    {{- include "mariadb.secretName" .Subcharts.mariadb -}}
+  {{- else -}}
+    {{- printf "%s-external-db" (include "hawkbit.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.database.secretPasswordKey" -}}
+  {{- if .Values.externalDatabase.existingSecretPasswordKey -}}
+    {{- .Values.externalDatabase.existingSecretPasswordKey -}}
+  {{- else if .Values.mariadb.enabled -}}
+    {{- "mariadb-root-password" -}}
+  {{- else -}}
+    {{- "password" -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.database.secretUsernameKey" -}}
+  {{- if .Values.externalDatabase.existingSecretUsernameKey -}}
+    {{- .Values.externalDatabase.existingSecretUsernameKey -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "hawkbit.spring.profiles" -}}
+  {{- if .Values.spring.profiles -}}
+    {{- .Values.spring.profiles -}}
+  {{- else if eq (.Values.externalDatabase.type | default "mariadb") "postgresql" -}}
+    {{- "postgresql" -}}
+  {{- else -}}
+    {{- "mysql" -}}
+  {{- end -}}
+{{- end -}}

charts/hawkbit/templates/configmap.yaml

@@ -6,4 +6,44 @@ metadata:
 {{ include "hawkbit.labels" . | indent 4 }}
 data:
   application.yaml: |-
-{{ toYaml .Values.config.application | indent 4}}
+    {{- $rabbitmqConfig := dict -}}
+    {{- if .Values.rabbitmq.enabled -}}
+    {{- $rabbitmqConfig = dict "spring" (dict
+        "rabbitmq" (dict
+          "host" (printf "%s-rabbitmq" .Release.Name)
+          "listener" (dict "simple" (dict "missing-queues-fatal" false))
+        )
+        "cloud" (dict "stream" (dict "bindings" (dict
+          "default"        (dict "group" "hawkbit")
+          "device-created" (dict "destination" "device-registry.device-created")
+          "device-updated" (dict "destination" "device-registry.device-updated")
+          "device-deleted" (dict "destination" "device-registry.device-deleted")
+        )))
+      ) -}}
+    {{- else if .Values.rabbitmq.host -}}
+    {{- $rabbitmqConfig = dict "spring" (dict
+        "rabbitmq" (dict
+          "host" .Values.rabbitmq.host
+          "listener" (dict "simple" (dict "missing-queues-fatal" false))
+        )
+        "cloud" (dict "stream" (dict "bindings" (dict
+          "default"        (dict "group" "hawkbit")
+          "device-created" (dict "destination" "device-registry.device-created")
+          "device-updated" (dict "destination" "device-registry.device-updated")
+          "device-deleted" (dict "destination" "device-registry.device-deleted")
+        )))
+      ) -}}
+    {{- else if not .Values.microservices.enabled -}}
+    {{- $rabbitmqConfig = dict "spring" (dict "autoconfigure" (dict "exclude" "org.springframework.boot.autoconfigure.amqp.RabbitAutoConfiguration")) -}}
+    {{- end -}}
+    {{- $authConfig := dict "hawkbit" (dict "security" (dict "user" (dict (.Values.auth.username) (dict "tenant" "DEFAULT" "roles" (list "TENANT_ADMIN"))))) -}}
+    {{- $importConfig := dict "spring" (dict "config" (dict "import" (list "optional:file:/secret-config/application-user-credentials.yaml"))) -}}
+    {{- mergeOverwrite (deepCopy .Values.config.application) $rabbitmqConfig $authConfig $importConfig | toYaml | nindent 4 }}
+  application-mysql.yaml: |-
+    spring:
+      datasource:
+        url: {{ include "hawkbit.database.url" . | quote }}
+  application-postgresql.yaml: |-
+    spring:
+      datasource:
+        url: {{ include "hawkbit.database.url" . | quote }}

charts/hawkbit/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.microservices.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,6 +26,29 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      initContainers:
+        - name: hawkbit-init
+          image: "{{ .Values.image.initContainer }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: HAWKBIT_DB_MODE
+              value: "migrate"
+            - name: PROFILES
+              value: {{ include "hawkbit.spring.profiles" . | quote }}
+            - name: AND_THEN
+              value: "true"
+          envFrom:
+            - secretRef:
+                name: {{ include "hawkbit.dbCredentialsSecretName" . }}
+          volumeMounts:
+            - name: configmap
+              mountPath: {{ .Values.configMap.mountPath }}
+            - name: secret-config
+              mountPath: /secret-config
+              readOnly: true
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
     {{- with .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -34,36 +58,33 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
-            - name: SPRING_PROFILES_ACTIVE
-              value: "{{ .Values.spring.profiles }}"
-            - name: "SPRING_DATASOURCE_URL"
-              {{- if .Values.env.springDatasourceUrl }}
-              value: "{{ .Values.env.springDatasourceUrl }}"
-              {{- else }}
-              value: "jdbc:mariadb://{{ if .Values.mysql.enabled }}{{ .Release.Name }}-mysql{{ else }}{{ .Values.env.springDatasourceHost }}{{ end }}:3306/{{ .Values.env.springDatasourceDb }}"
-              {{- end }}
-            - name: "SPRING_APPLICATION_JSON"
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "hawkbit.fullname" . }}
-                  key: "SPRING_APPLICATION_JSON"
-            - name: "SPRING_RABBITMQ_HOST"
-              value: "{{ if .Values.rabbitmq.enabled }}{{ .Release.Name }}-rabbitmq{{ else }}{{ .Values.env.springRabbitmqHost }}{{ end }}"
-            - name: "SPRING_RABBITMQ_USERNAME"
-              value: "{{ .Values.env.springRabbitmqUsername }}"
-            - name: "SPRING_RABBITMQ_PASSWORD"
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ template "hawkbit.fullname" . }}-rabbitmq-pass"
-                  key: "rabbitmq-pass"
+            - name: PROFILES
+              value: {{ include "hawkbit.spring.profiles" . | quote }}
+            - name: SPRING_FLYWAY_ENABLED
+              value: "false"
             {{- if .Values.fileStorage.enabled }}
-            - name: "org.eclipse.hawkbit.repository.file.path"
+            - name: ORG_ECLIPSE_HAWKBIT_ARTIFACT_FS_PATH
               value: {{ .Values.fileStorage.mountPath }}
             {{- end }}
+            {{- if .Values.extraEnv }}
+            {{- if kindIs "slice" .Values.extraEnv }}
+            {{- toYaml .Values.extraEnv | nindent 12 }}
+            {{- else if kindIs "map" .Values.extraEnv }}
             {{- range $key, $value := .Values.extraEnv }}
             - name: "{{ $key }}"
               value: "{{ $value }}"
             {{- end }}
+            {{- else }}
+            # .Values.extraEnv of type {{kindOf .Values.extraEnv}} is ignored
+            {{- end }}
+            {{- end }}
+          envFrom:
+            - secretRef:
+                name: {{ include "hawkbit.dbCredentialsSecretName" . }}
+            {{- if .Values.rabbitmq.enabled }}
+            - secretRef:
+                name: {{ include "hawkbit.rabbitmqCredentialsSecretName" . }}
+            {{- end }}
           ports:
             - name: http
               containerPort: 8080
@@ -83,12 +104,15 @@ spec:
           volumeMounts:
             - name: configmap
               mountPath: {{ .Values.configMap.mountPath }}
+            - name: secret-config
+              mountPath: /secret-config
+              readOnly: true
             {{- if .Values.fileStorage.enabled }}
             - name: storage
               mountPath: {{ .Values.fileStorage.mountPath }}
             {{- end }}
             {{- if .Values.extraVolumeMounts }}
-            {{ toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
           resources:
 {{ toYaml .Values.resources | indent 12 }}
@@ -113,14 +137,23 @@ spec:
         {{- end }}
       {{- end }}
       volumes:
-      - name: configmap
-        configMap:
-          name: {{ include "hawkbit.fullname" . }}
+        - name: configmap
+          configMap:
+            name: {{ include "hawkbit.fullname" . }}
+        - name: secret-config
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "hawkbit.userCredentialsSecretName" . }}
+                  items:
+                    - key: application-user-credentials.yaml
+                      path: application-user-credentials.yaml
       {{- if .Values.fileStorage.enabled }}
-      - name: storage
-        persistentVolumeClaim:
-          claimName: {{ include "hawkbit.fullname" . }}-data
+        - name: storage
+          persistentVolumeClaim:
+            claimName: {{ include "hawkbit.fullname" . }}-data
       {{- end}}
       {{- if .Values.extraVolumes }}
-      {{ toYaml .Values.extraVolumes | nindent 6 }}
+      {{- toYaml .Values.extraVolumes | nindent 8 }}
       {{- end }}
+{{- end }}

charts/hawkbit/templates/gui-deployment.yaml

@@ -0,0 +1,73 @@
+{{- if .Values.gui.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "hawkbit.fullname" . }}-gui
+  labels:
+{{ include "hawkbit.labels" . | indent 4 }}
+    app.kubernetes.io/component: gui
+spec:
+  replicas: {{ .Values.gui.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "hawkbit.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/component: gui
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "hawkbit.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/component: gui
+      {{- with .Values.podTemplate.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- with .Values.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      containers:
+        - name: hawkbitgui
+          image: "{{ .Values.gui.image.repository }}:{{ .Values.gui.image.tag }}"
+          imagePullPolicy: {{ .Values.gui.image.pullPolicy }}
+          env:
+            - name: NEXTAUTH_URL
+              value: {{ .Values.gui.nextauth.url | quote }}
+            - name: NEXTAUTH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.gui.nextauth.existingSecret }}
+                  key: NEXTAUTH_SECRET
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 30
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 10
+            timeoutSeconds: 5
+          resources:
+{{ toYaml .Values.gui.resources | indent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- end }}