Merge pull request #93 from tahmmee/2.3.x

2.3.x
couchbase-partners · Jul 12, 2022 · 87e8764 · 87e8764
2 parents f2c09a4 + 68cc563
commit 87e8764
Show file tree

Hide file tree

Showing 13 changed files with 597 additions and 47 deletions.
diff --git a/.github/workflows/publish-ci.yml b/.github/workflows/publish-ci.yml
@@ -7,8 +7,7 @@ on:
   # Triggers the workflow on push or pull request events but only for the main branch
   push:
     branches:
-      - master
-      - main
+      - 2.3.x
     # Ignore anything unrelated to a chart release
     paths-ignore:
       - 'charts/couchbase-operator/examples/**'

diff --git a/.github/workflows/validate-ci.yml b/.github/workflows/validate-ci.yml
@@ -5,8 +5,6 @@ name: Validate CI
 on:
   pull_request:
     branches:
-      - master
-      - main
       - 2.3.x
     # Ignore anything unrelated to a chart release
     paths-ignore:

diff --git a/charts/couchbase-operator/Chart.yaml b/charts/couchbase-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: couchbase-operator
 description: A Helm chart to deploy the Couchbase Autonomous Operator for easily deploying, managing, and maintaining Couchbase Clusters. Couchbase Server is a NoSQL document database with a distributed architecture for performance, scalability, and availability. It enables developers to build applications easier and faster by leveraging the power of SQL with the flexibility of JSON.
-version: 2.3.002
+version: 2.30.4
 appVersion: 2.3.0
 type: application
 keywords:

diff --git a/charts/couchbase-operator/README.md b/charts/couchbase-operator/README.md
diff --git a/charts/couchbase-operator/README.md.adoc b/charts/couchbase-operator/README.md.adoc
diff --git a/charts/couchbase-operator/examples/rbac-scope-values.yaml b/charts/couchbase-operator/examples/rbac-scope-values.yaml
@@ -0,0 +1,57 @@
+cluster:
+  servers:
+    default:
+      size: 1
+      services:
+      - data
+
+
+scopes:
+  default:
+    collections:
+      managed: false
+      preserveDefaultCollection: false
+      resources:
+      - kind: CouchbaseCollection
+        name: "default"
+      - kind: CouchbaseCollectionGroup
+        name: "default"
+    defaultScope: false
+    name: "x"
+
+scopegroups:
+  default:
+    collections:
+      managed: false
+      preserveDefaultCollection: false
+      resources:
+      - kind: CouchbaseCollection
+        name: "default"
+      - kind: CouchbaseCollectionGroup
+        name: "default"
+    names: ["y", "z"]
+
+
+scopes:
+  default:
+    collections:
+      managed: false
+      preserveDefaultCollection: false
+      resources:
+      - kind: CouchbaseCollection
+        name: "default"
+      - kind: CouchbaseCollectionGroup
+        name: "default"
+    defaultScope: false
+    name: ""
+
+
+collections:
+  default:
+    name: "a"
+
+collectiongroups:
+  default:
+    names: ["b", "c", "d"]
+
+
diff --git a/charts/couchbase-operator/templates/_helpers.tpl b/charts/couchbase-operator/templates/_helpers.tpl
@@ -350,22 +350,36 @@ Get nodeToNodeEncryption value
 {{- end -}}
 
 {{/*
-Name of tls operator secret
+Get or generate name of tls operator secret
 */}}
 {{- define  "couchbase-cluster.tls.operator-secret" -}}
 {{- if .Values.cluster.networking.tls -}}
-{{- .Values.cluster.networking.tls.static.operatorSecret -}}
+
+  {{/* secret may be legacy or native format */}}
+  {{- if (include "couchbase-cluster.tls.is-legacy" .) -}}
+    {{- .Values.cluster.networking.tls.static.operatorSecret -}}
+  {{- else -}}
+    {{- .Values.cluster.networking.tls.secretSource.clientSecretName -}}
+  {{- end -}}
+
 {{- else -}}
 {{- (printf "%s-operator-tls" (include "couchbase-cluster.fullname" .)) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
-Name of tls server secret
+Get or generate name of tls server secret
 */}}
 {{- define  "couchbase-cluster.tls.server-secret" -}}
 {{- if .Values.cluster.networking.tls -}}
-{{- .Values.cluster.networking.tls.static.serverSecret -}}
+
+  {{/* secret may be legacy or native format */}}
+  {{- if (include "couchbase-cluster.tls.is-legacy" .) -}}
+    {{- .Values.cluster.networking.tls.static.serverSecret -}}
+  {{- else -}}
+    {{- .Values.cluster.networking.tls.secretSource.serverSecretName -}}
+  {{- end -}}
+
 {{- else -}}
 {{- (printf "%s-server-tls" (include "couchbase-cluster.fullname" .)) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@@ -407,10 +421,12 @@ Generate certificates for couchbase-cluster with native TLS formatting.
 {{- define "couchbase-cluster.tls" -}}
 {{- $serverSecret := (lookup "v1" "Secret" .Release.Namespace (include "couchbase-cluster.tls.server-secret" .)) -}}
 {{- $clientSecret := (lookup "v1" "Secret" .Release.Namespace (include "couchbase-cluster.tls.operator-secret" .)) -}}
+{{- $caSecret := (lookup "v1" "Secret" .Release.Namespace (include "couchbase-cluster.tls.ca-secret" .)) -}}
 {{- if (and $serverSecret $clientSecret ) -}}
+caCert: {{ index $caSecret.data "tls.crt" }}
 serverCert: {{ index $serverSecret.data "tls.crt" }}
 serverKey: {{ index $serverSecret.data "tls.key" }}
-clientCert: {{ index $clientSecret.data "tls.pem" }}
+clientCert: {{ index $clientSecret.data "tls.crt" }}
 clientKey: {{ index $clientSecret.data "tls.key" }}
 {{- else -}}
 {{- $expiration := (.Values.tls.expiration | int) -}}

diff --git a/charts/couchbase-operator/templates/couchbase-rbac.yaml b/charts/couchbase-operator/templates/couchbase-rbac.yaml
@@ -0,0 +1,128 @@
+{{- if .Values.cluster.backup.managed -}}
+{{- $clusterName := (include "couchbase-cluster.clustername" .) -}}
+
+
+
+{{/* List of Groups */}}
+{{- if .Values.groups }}
+---
+apiVersion: couchbase.com/v2
+kind: CouchbaseGroupList
+items:
+{{- range $name, $spec := .Values.groups }}
+{{- if typeIs "map[string]interface {}" $spec }}
+- apiVersion: couchbase.com/v2
+  kind: CouchbaseGroup
+  metadata:
+    name: {{ default $name $spec.name}}
+    labels:
+      cluster: {{ $clusterName }}
+  spec:
+{{ omit $spec "name" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{/* List of RoleBindings */}}
+{{- if .Values.rolebindings }}
+---
+apiVersion: couchbase.com/v2
+kind: CouchbaseRoleBindingList
+items:
+{{- range $name, $spec := .Values.rolebindings }}
+{{- if typeIs "map[string]interface {}" $spec }}
+- apiVersion: couchbase.com/v2
+  kind: CouchbaseRoleBinding
+  metadata:
+    name: {{ default $name $spec.name}}
+    labels:
+      cluster: {{ $clusterName }}
+  spec:
+{{ omit $spec "name" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/* List of Scopes */}}
+{{- if .Values.scopes }}
+---
+apiVersion: couchbase.com/v2
+kind: CouchbaseScopeList
+items:
+{{- range $name, $spec := .Values.scopes}}
+{{- if typeIs "map[string]interface {}" $spec }}
+- apiVersion: couchbase.com/v2
+  kind: CouchbaseScope
+  metadata:
+    name: {{ default $name $spec.name}}
+    labels:
+      cluster: {{ $clusterName }}
+  spec:
+{{ omit $spec "name" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/* List of Scope Groups */}}
+{{- if .Values.scopegroups }}
+---
+apiVersion: couchbase.com/v2
+kind: CouchbaseScopeGroupList
+items:
+{{- range $name, $spec := .Values.scopegroups }}
+{{- if typeIs "map[string]interface {}" $spec }}
+- apiVersion: couchbase.com/v2
+  kind: CouchbaseScopeGroup
+  metadata:
+    name: {{ default $name $spec.name}}
+    labels:
+      cluster: {{ $clusterName }}
+  spec:
+{{ omit $spec "name" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{/* List of Collections */}}
+{{- if .Values.collectiongroups }}
+---
+apiVersion: couchbase.com/v2
+kind: CouchbaseCollectionGroupList
+items:
+{{- range $name, $spec := .Values.collectiongroups }}
+{{- if typeIs "map[string]interface {}" $spec }}
+- apiVersion: couchbase.com/v2
+  kind: CouchbaseCollectionGroup
+  metadata:
+    name: {{ default $name $spec.name}}
+    labels:
+      cluster: {{ $clusterName }}
+  spec:
+{{ omit $spec "name" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/* List of Collection Groups */}}
+{{- if .Values.collectiongroups }}
+---
+apiVersion: couchbase.com/v2
+kind: CouchbaseCollectionList
+items:
+{{- range $name, $spec := .Values.collections }}
+{{- if typeIs "map[string]interface {}" $spec }}
+- apiVersion: couchbase.com/v2
+  kind: CouchbaseCollection
+  metadata:
+    name: {{ default $name $spec.name}}
+    labels:
+      cluster: {{ $clusterName }}
+  spec:
+{{ omit $spec "name" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/couchbase-operator/templates/couchbase-users.yaml b/charts/couchbase-operator/templates/couchbase-users.yaml
@@ -9,7 +9,11 @@ kind: List
 items:
 {{- range $user, $spec := .Values.users }}
 {{- if typeIs "map[string]interface {}" $spec }}
+
 {{- $userName := (printf "%s-%s" $user $clusterName) }}
+{{- /* Only create Group and Rolebinding when autobind is enabled */ -}} 
+{{- if $spec.autobind }}
+
 - apiVersion: couchbase.com/v2
   kind: CouchbaseGroup
   metadata:
@@ -32,6 +36,9 @@ items:
     roleRef:
       kind: CouchbaseGroup
       name: {{ $userName }}
+{{- end }}
+
+{{- /* Create user secret if name of secret to use is not provided */ -}}
 {{- if not $spec.authSecret }}
 - apiVersion: v1
   kind: Secret

diff --git a/charts/couchbase-operator/values-all.yaml b/charts/couchbase-operator/values-all.yaml
@@ -168,13 +168,22 @@ backuprestores: {}
 #     backoffLimit: 2
 #     logRetention: 24h
 
-# RBAC users to create
+# Users to create for couchbase RBAC.
+# If 'autobind' is set, then Users are automatically created
+# alongside groups with specified roles.  To manually create
+# groups and bind users then set 'autobind' to 'false' and
+# specify 'groups' and 'rolebindings' resources
 # (requires couchbase server 6.5.0 and higher)
 users: {}
 #
 # Uncomment to create an example user named 'developer'
 #
 #   developer:
+#     # Automatically bind user to a Group resource.
+#     # See example below of 'developer' user.
+#     # When autobind is 'true' then the user is
+#     # created and automatically bound to a group named 'developer'.
+#     autobind: true
 #     # password to use for user authentication
 #     # (alternatively use authSecret)
 #     password: password
@@ -196,7 +205,6 @@ collectiongroups: {}
 # # -- Name of the CouchbaseCollectionGroup to create. @default -- will be
 # # filled in as below
 # default:
-#   kind: CouchbaseCollectionGroup
 #   # -- MaxTTL defines how long a document is permitted to exist for, without
 #   # modification, until it is automatically deleted.  This field takes
 #   # precedence over any TTL defined at the bucket level.  This is a default,
@@ -213,7 +221,7 @@ collectiongroups: {}
 #   # group specifies multiple, and the collection group must specify at least
 #   # one collection name. Any collection names specified must be unique.
 #   # Collection names must be 1-251 characters in length, contain only
-#   # [a-zA-Z0-9_-%] and not start with either _ or %.
+#   # [a-zA-Z1-9_-%] and not start with either _ or %.
 #   names: []
 
 # --  Uncomment to create a "couchbasecollections" resource
@@ -223,7 +231,6 @@ collections: {}
 # # -- Name of the CouchbaseCollection to create. @default -- will be filled in
 # # as below
 # default:
-#   kind: CouchbaseCollection
 #   # -- MaxTTL defines how long a document is permitted to exist for, without
 #   # modification, until it is automatically deleted.  This field takes
 #   # precedence over any TTL defined at the bucket level.  This is a default,
@@ -411,7 +418,7 @@ syncGateway:
   # -- Image of the sync gateway container
   image:
     repository: couchbase/sync-gateway
-    tag: 2.8.0-enterprise
+    tag: 3.0.0-enterprise
   imagePullPolicy: IfNotPresent
   # -- Optional secret to use with prepoulated database config
   configSecret: