From 105be7cf79cc185f6ca54ceb0410663ec50871e6 Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:16:48 +0100 Subject: [PATCH 1/7] add admin user creation job and bump netmaker version --- charts/netmaker/Chart.yaml | 4 +-- charts/netmaker/README.md | 5 ++- charts/netmaker/templates/_helpers.tpl | 11 ++++++ .../templates/netmaker-admin-secret.yaml | 13 +++++++ .../templates/netmaker-admin-user-job.yaml | 36 +++++++++++++++++++ charts/netmaker/values.yaml | 9 +++++ 6 files changed, 75 insertions(+), 3 deletions(-) create mode 100644 charts/netmaker/templates/netmaker-admin-secret.yaml create mode 100644 charts/netmaker/templates/netmaker-admin-user-job.yaml diff --git a/charts/netmaker/Chart.yaml b/charts/netmaker/Chart.yaml index dad7695..a569a37 100644 --- a/charts/netmaker/Chart.yaml +++ b/charts/netmaker/Chart.yaml @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.10.1 +version: 0.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.21.2" +appVersion: "v0.23.0" maintainers: - name: "jessebot" diff --git a/charts/netmaker/README.md b/charts/netmaker/README.md index ddafa21..9918ed3 100644 --- a/charts/netmaker/README.md +++ b/charts/netmaker/README.md @@ -1,6 +1,6 @@ # netmaker -![Version: 0.10.1](https://img.shields.io/badge/Version-0.10.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.21.2](https://img.shields.io/badge/AppVersion-v0.21.2-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.23.0](https://img.shields.io/badge/AppVersion-v0.23.0-informational?style=flat-square) A Helm chart to run HA Netmaker on Kubernetes @@ -61,6 +61,9 @@ A Helm chart to run HA Netmaker on Kubernetes | mq.tolerations | object | `{}` | optional tolerations settings for mqtt | | mq.username | string | `"netmaker"` | | | nameOverride | string | `""` | override the name for netmaker objects | +| netmaker.admin.existingSecret | string | `""` | set admin user/password via an existing k8s secret. If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password | +| netmaker.admin.password | string | `""` | initial admin user's password, ignored if existingSecret set | +| netmaker.admin.user | string | `""` | initial admin user to create. if set disables registration via UI. ignored if existingSecret set | | netmaker.enterprise | object | `{"licenseKey":"","tenantId":""}` | if using enterprise edition fill out this section | | netmaker.enterprise.licenseKey | string | `""` | netmaker enterprise license key, ignored if netmaker.existingSecret set | | netmaker.enterprise.tenantId | string | `""` | netmaker enterprise tenant ID, ignored if netmaker.existingSecret set | diff --git a/charts/netmaker/templates/_helpers.tpl b/charts/netmaker/templates/_helpers.tpl index b808c9c..4d86933 100644 --- a/charts/netmaker/templates/_helpers.tpl +++ b/charts/netmaker/templates/_helpers.tpl @@ -169,6 +169,17 @@ netmaker-secret {{- end }} {{- end }} +{{/* +netmaker admin credentials secret +*/}} +{{- define "netmaker.admin.secret" -}} +{{- if .Values.netmaker.admin.existingSecret -}} +{{ .Values.netmaker.admin.existingSecret }} +{{- else -}} +netmaker-admin-secret +{{- end }} +{{- end }} + {{/* mqtt (broker) secret */}} diff --git a/charts/netmaker/templates/netmaker-admin-secret.yaml b/charts/netmaker/templates/netmaker-admin-secret.yaml new file mode 100644 index 0000000..4cecb70 --- /dev/null +++ b/charts/netmaker/templates/netmaker-admin-secret.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.netmaker.admin.user (not .Values.netmaker.admin.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: netmaker-admin-secret + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + ADMIN_USER: {{ .Values.netmaker.admin.user | b64enc | quote }} + ADMIN_PASSWORD: {{ .Values.netmaker.admin.password | b64enc | quote }} +{{- end }} diff --git a/charts/netmaker/templates/netmaker-admin-user-job.yaml b/charts/netmaker/templates/netmaker-admin-user-job.yaml new file mode 100644 index 0000000..b9ad2f4 --- /dev/null +++ b/charts/netmaker/templates/netmaker-admin-user-job.yaml @@ -0,0 +1,36 @@ +{{- if or .Values.netmaker.admin.user .Values.netmaker.admin.existingSecret }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: setup-initial-user-job +spec: + template: + metadata: + name: setup-initial-user-pod + spec: + containers: + - name: setup-initial-user + image: curlimages/curl:latest + command: + - |- + curl --location "https://$SERVER_HTTP_HOST/api/users/adm/createsuperadmin" \ + --header 'Content-Type: application/json' \ + --data "{'username':'$ADMIN_USER', 'password':'$ADMIN_PASSWORD'}" + env: + - name: SERVER_HTTP_HOST + valueFrom: + secretKeyRef: + key: SERVER_HTTP_HOST + name: {{ include "netmaker.secret" . }} + - name: ADMIN_USER + valueFrom: + secretKeyRef: + key: ADMIN_USER + name: {{ include "netmaker.admin.secret" . }} + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: ADMIN_PASSWORD + name: {{ include "netmaker.admin.secret" . }} +{{- end }} diff --git a/charts/netmaker/values.yaml b/charts/netmaker/values.yaml index fe853c0..973466b 100644 --- a/charts/netmaker/values.yaml +++ b/charts/netmaker/values.yaml @@ -58,6 +58,15 @@ netmaker: # -- Auto disable a user's connecteds clients bassed on JWT token expiration racAutoDisable: "true" + admin: + # -- initial admin user to create. if set disables registration via UI. ignored if existingSecret set + user: "" + # -- initial admin user's password, ignored if existingSecret set + password: "" + # -- set admin user/password via an existing k8s secret. If set, disables registration via UI, + # and ignores netmaker.admin.user, netmaker.admin.password + existingSecret: "" + # -- if using enterprise edition fill out this section enterprise: # -- netmaker enterprise license key, ignored if netmaker.existingSecret set From 84dc94c3c9a8336311f3bedc6abbfcb4a5608d1d Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:20:34 +0100 Subject: [PATCH 2/7] clarify exact existingSecret value to set --- charts/netmaker/README.md | 4 ++-- charts/netmaker/values.yaml | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/charts/netmaker/README.md b/charts/netmaker/README.md index 9918ed3..a1f450f 100644 --- a/charts/netmaker/README.md +++ b/charts/netmaker/README.md @@ -62,8 +62,8 @@ A Helm chart to run HA Netmaker on Kubernetes | mq.username | string | `"netmaker"` | | | nameOverride | string | `""` | override the name for netmaker objects | | netmaker.admin.existingSecret | string | `""` | set admin user/password via an existing k8s secret. If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password | -| netmaker.admin.password | string | `""` | initial admin user's password, ignored if existingSecret set | -| netmaker.admin.user | string | `""` | initial admin user to create. if set disables registration via UI. ignored if existingSecret set | +| netmaker.admin.password | string | `""` | initial admin user's password, ignored if netmaker.admin.existingSecret set | +| netmaker.admin.user | string | `""` | initial admin user to create. if set, disables registration via UI. Ignored if netmaker.admin.existingSecret set | | netmaker.enterprise | object | `{"licenseKey":"","tenantId":""}` | if using enterprise edition fill out this section | | netmaker.enterprise.licenseKey | string | `""` | netmaker enterprise license key, ignored if netmaker.existingSecret set | | netmaker.enterprise.tenantId | string | `""` | netmaker enterprise tenant ID, ignored if netmaker.existingSecret set | diff --git a/charts/netmaker/values.yaml b/charts/netmaker/values.yaml index 973466b..3d1910e 100644 --- a/charts/netmaker/values.yaml +++ b/charts/netmaker/values.yaml @@ -59,12 +59,13 @@ netmaker: racAutoDisable: "true" admin: - # -- initial admin user to create. if set disables registration via UI. ignored if existingSecret set + # -- initial admin user to create. if set, disables registration via UI. + # Ignored if netmaker.admin.existingSecret set user: "" - # -- initial admin user's password, ignored if existingSecret set + # -- initial admin user's password, ignored if netmaker.admin.existingSecret set password: "" - # -- set admin user/password via an existing k8s secret. If set, disables registration via UI, - # and ignores netmaker.admin.user, netmaker.admin.password + # -- set admin user/password via an existing k8s secret. If set, disables + # registration via UI, and ignores netmaker.admin.user, netmaker.admin.password existingSecret: "" # -- if using enterprise edition fill out this section From df38f8acab35334458aefbca9af6ea17c4a36c28 Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:23:34 +0100 Subject: [PATCH 3/7] change admin user job to be a post install helm hook --- charts/netmaker/templates/netmaker-admin-user-job.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/netmaker/templates/netmaker-admin-user-job.yaml b/charts/netmaker/templates/netmaker-admin-user-job.yaml index b9ad2f4..0f81310 100644 --- a/charts/netmaker/templates/netmaker-admin-user-job.yaml +++ b/charts/netmaker/templates/netmaker-admin-user-job.yaml @@ -4,6 +4,9 @@ apiVersion: batch/v1 kind: Job metadata: name: setup-initial-user-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-delete-policy": hook-succeeded spec: template: metadata: From cb3497dc994def7668c9a26d15f2ccb5f4c7d79c Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:27:58 +0100 Subject: [PATCH 4/7] test out netmaker admin password in the ci --- .github/workflows/ci-helm-lint-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-helm-lint-test.yml b/.github/workflows/ci-helm-lint-test.yml index ff841da..2b9a590 100644 --- a/.github/workflows/ci-helm-lint-test.yml +++ b/.github/workflows/ci-helm-lint-test.yml @@ -49,4 +49,4 @@ jobs: id: install if: steps.list-changed.outputs.changed == 'true' run: | - ct install --target-branch ${{ github.event.repository.default_branch }} + ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set=netmaker.admin.user=testadmin" --helm-extra-set-args "--set=netmaker.admin.password=testadminpassword" From 33eb811fdaaba537ecea89a08d990efb0b91f9fd Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:30:03 +0100 Subject: [PATCH 5/7] note required existing secret keys --- charts/netmaker/README.md | 2 +- charts/netmaker/values.yaml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/netmaker/README.md b/charts/netmaker/README.md index a1f450f..e0fc9de 100644 --- a/charts/netmaker/README.md +++ b/charts/netmaker/README.md @@ -61,7 +61,7 @@ A Helm chart to run HA Netmaker on Kubernetes | mq.tolerations | object | `{}` | optional tolerations settings for mqtt | | mq.username | string | `"netmaker"` | | | nameOverride | string | `""` | override the name for netmaker objects | -| netmaker.admin.existingSecret | string | `""` | set admin user/password via an existing k8s secret. If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password | +| netmaker.admin.existingSecret | string | `""` | set admin user/password via an existing k8s secret. Must have keys: ADMIN_USER, ADMIN_PASSWORD If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password | | netmaker.admin.password | string | `""` | initial admin user's password, ignored if netmaker.admin.existingSecret set | | netmaker.admin.user | string | `""` | initial admin user to create. if set, disables registration via UI. Ignored if netmaker.admin.existingSecret set | | netmaker.enterprise | object | `{"licenseKey":"","tenantId":""}` | if using enterprise edition fill out this section | diff --git a/charts/netmaker/values.yaml b/charts/netmaker/values.yaml index 3d1910e..86db9b4 100644 --- a/charts/netmaker/values.yaml +++ b/charts/netmaker/values.yaml @@ -64,8 +64,9 @@ netmaker: user: "" # -- initial admin user's password, ignored if netmaker.admin.existingSecret set password: "" - # -- set admin user/password via an existing k8s secret. If set, disables - # registration via UI, and ignores netmaker.admin.user, netmaker.admin.password + # -- set admin user/password via an existing k8s secret. Must have keys: + # ADMIN_USER, ADMIN_PASSWORD + # If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password existingSecret: "" # -- if using enterprise edition fill out this section From 50da46da06c93f7d8e14d54e23a6244de15ed30c Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:37:05 +0100 Subject: [PATCH 6/7] update curl command quoting --- charts/netmaker/templates/netmaker-admin-user-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/netmaker/templates/netmaker-admin-user-job.yaml b/charts/netmaker/templates/netmaker-admin-user-job.yaml index 0f81310..035f824 100644 --- a/charts/netmaker/templates/netmaker-admin-user-job.yaml +++ b/charts/netmaker/templates/netmaker-admin-user-job.yaml @@ -19,7 +19,7 @@ spec: - |- curl --location "https://$SERVER_HTTP_HOST/api/users/adm/createsuperadmin" \ --header 'Content-Type: application/json' \ - --data "{'username':'$ADMIN_USER', 'password':'$ADMIN_PASSWORD'}" + --data "{\"username\":\"$ADMIN_USER\",\"password\":\"$ADMIN_PASSWORD\"}" env: - name: SERVER_HTTP_HOST valueFrom: From 85d51424db6a89310895f62ae80e07a281492f37 Mon Sep 17 00:00:00 2001 From: jessebot Date: Tue, 26 Mar 2024 11:39:40 +0100 Subject: [PATCH 7/7] fix trailing space in values --- charts/netmaker/README.md | 2 +- charts/netmaker/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/netmaker/README.md b/charts/netmaker/README.md index e0fc9de..d7ffaff 100644 --- a/charts/netmaker/README.md +++ b/charts/netmaker/README.md @@ -61,7 +61,7 @@ A Helm chart to run HA Netmaker on Kubernetes | mq.tolerations | object | `{}` | optional tolerations settings for mqtt | | mq.username | string | `"netmaker"` | | | nameOverride | string | `""` | override the name for netmaker objects | -| netmaker.admin.existingSecret | string | `""` | set admin user/password via an existing k8s secret. Must have keys: ADMIN_USER, ADMIN_PASSWORD If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password | +| netmaker.admin.existingSecret | string | `""` | set admin user/password via an existing k8s secret. Must have keys: ADMIN_USER, ADMIN_PASSWORD If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password | | netmaker.admin.password | string | `""` | initial admin user's password, ignored if netmaker.admin.existingSecret set | | netmaker.admin.user | string | `""` | initial admin user to create. if set, disables registration via UI. Ignored if netmaker.admin.existingSecret set | | netmaker.enterprise | object | `{"licenseKey":"","tenantId":""}` | if using enterprise edition fill out this section | diff --git a/charts/netmaker/values.yaml b/charts/netmaker/values.yaml index 86db9b4..37b6fd3 100644 --- a/charts/netmaker/values.yaml +++ b/charts/netmaker/values.yaml @@ -65,7 +65,7 @@ netmaker: # -- initial admin user's password, ignored if netmaker.admin.existingSecret set password: "" # -- set admin user/password via an existing k8s secret. Must have keys: - # ADMIN_USER, ADMIN_PASSWORD + # ADMIN_USER, ADMIN_PASSWORD # If set, disables registration via UI, and ignores netmaker.admin.user, netmaker.admin.password existingSecret: ""