From 43560aa04fde760df4a8e0be381a02de9603c186 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Fri, 16 Aug 2024 15:29:52 +0100 Subject: [PATCH 1/3] allow a custom docker registry to be passed if required to helm chart --- charts/budibase/templates/app-service-deployment.yaml | 2 +- .../templates/automation-worker-service-deployment.yaml | 2 +- charts/budibase/templates/minio-service-deployment.yaml | 2 +- charts/budibase/templates/proxy-service-deployment.yaml | 2 +- charts/budibase/templates/redis-service-deployment.yaml | 2 +- charts/budibase/templates/worker-service-deployment.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/budibase/templates/app-service-deployment.yaml b/charts/budibase/templates/app-service-deployment.yaml index 6b4fbe5dda..42178e4165 100644 --- a/charts/budibase/templates/app-service-deployment.yaml +++ b/charts/budibase/templates/app-service-deployment.yaml @@ -221,7 +221,7 @@ spec: name: {{ .secretName }} key: {{ .secretKey | quote }} {{- end}} - image: budibase/apps:{{ .Values.globals.appVersion | default .Chart.AppVersion }} + image: {{ .Values.globals.dockerRegistry }}budibase/apps:{{ .Values.globals.appVersion | default .Chart.AppVersion }} imagePullPolicy: Always {{- if .Values.services.apps.startupProbe }} {{- with .Values.services.apps.startupProbe }} diff --git a/charts/budibase/templates/automation-worker-service-deployment.yaml b/charts/budibase/templates/automation-worker-service-deployment.yaml index 38a384626e..f456cc85ad 100644 --- a/charts/budibase/templates/automation-worker-service-deployment.yaml +++ b/charts/budibase/templates/automation-worker-service-deployment.yaml @@ -209,7 +209,7 @@ spec: key: {{ .secretKey | quote }} {{- end}} - image: budibase/apps:{{ .Values.globals.appVersion | default .Chart.AppVersion }} + image: {{ .Values.globals.dockerRegistry }}budibase/apps:{{ .Values.globals.appVersion | default .Chart.AppVersion }} imagePullPolicy: Always {{- if .Values.services.automationWorkers.startupProbe }} {{- with .Values.services.automationWorkers.startupProbe }} diff --git a/charts/budibase/templates/minio-service-deployment.yaml b/charts/budibase/templates/minio-service-deployment.yaml index 901ead2b46..9ad2642e8d 100644 --- a/charts/budibase/templates/minio-service-deployment.yaml +++ b/charts/budibase/templates/minio-service-deployment.yaml @@ -35,7 +35,7 @@ spec: name: {{ template "budibase.fullname" . }} key: objectStoreSecret - image: minio/minio + image: {{ .Values.globals.dockerRegistry }}minio/minio imagePullPolicy: "" livenessProbe: httpGet: diff --git a/charts/budibase/templates/proxy-service-deployment.yaml b/charts/budibase/templates/proxy-service-deployment.yaml index d5ea696431..8ef7056fa4 100644 --- a/charts/budibase/templates/proxy-service-deployment.yaml +++ b/charts/budibase/templates/proxy-service-deployment.yaml @@ -32,7 +32,7 @@ spec: {{ end }} spec: containers: - - image: budibase/proxy:{{ .Values.globals.appVersion | default .Chart.AppVersion }} + - image: {{ .Values.globals.dockerRegistry }}budibase/proxy:{{ .Values.globals.appVersion | default .Chart.AppVersion }} imagePullPolicy: Always name: proxy-service {{- if .Values.services.proxy.startupProbe }} diff --git a/charts/budibase/templates/redis-service-deployment.yaml b/charts/budibase/templates/redis-service-deployment.yaml index 9ad12e0167..22950df41a 100644 --- a/charts/budibase/templates/redis-service-deployment.yaml +++ b/charts/budibase/templates/redis-service-deployment.yaml @@ -22,7 +22,7 @@ spec: - redis-server - --requirepass - {{ .Values.services.redis.password }} - image: {{ .Values.services.redis.image }} + image: {{ .Values.globals.dockerRegistry }}{{ .Values.services.redis.image }} imagePullPolicy: "" name: redis-service ports: diff --git a/charts/budibase/templates/worker-service-deployment.yaml b/charts/budibase/templates/worker-service-deployment.yaml index ecab8dc645..65c922b8e0 100644 --- a/charts/budibase/templates/worker-service-deployment.yaml +++ b/charts/budibase/templates/worker-service-deployment.yaml @@ -207,7 +207,7 @@ spec: name: {{ .secretName }} key: {{ .secretKey | quote }} {{- end}} - image: budibase/worker:{{ .Values.globals.appVersion | default .Chart.AppVersion }} + image: {{ .Values.globals.dockerRegistry }}budibase/worker:{{ .Values.globals.appVersion | default .Chart.AppVersion }} imagePullPolicy: Always {{- if .Values.services.worker.startupProbe }} {{- with .Values.services.worker.startupProbe }} From f8eb72607234693f140d2fdfdb12ac4e5601a777 Mon Sep 17 00:00:00 2001 From: Budibase Staging Release Bot <> Date: Fri, 16 Aug 2024 14:42:31 +0000 Subject: [PATCH 2/3] Bump version to 2.30.4 --- lerna.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lerna.json b/lerna.json index 070d726a42..9720b01fb9 100644 --- a/lerna.json +++ b/lerna.json @@ -1,6 +1,6 @@ { "$schema": "node_modules/lerna/schemas/lerna-schema.json", - "version": "2.30.3", + "version": "2.30.4", "npmClient": "yarn", "packages": [ "packages/*", From 5de3967695c291fdf8ce7ae8481c44ab1ce1279a Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 19 Aug 2024 09:10:56 +0100 Subject: [PATCH 3/3] auto generate encryption key, and use secrets --- charts/budibase/templates/app-service-deployment.yaml | 10 ++++++++-- .../automation-worker-service-deployment.yaml | 10 ++++++++-- charts/budibase/templates/secrets.yaml | 4 ++++ .../budibase/templates/worker-service-deployment.yaml | 10 ++++++++-- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/charts/budibase/templates/app-service-deployment.yaml b/charts/budibase/templates/app-service-deployment.yaml index 42178e4165..a60b2797ea 100644 --- a/charts/budibase/templates/app-service-deployment.yaml +++ b/charts/budibase/templates/app-service-deployment.yaml @@ -65,7 +65,10 @@ spec: - name: ENABLE_ANALYTICS value: {{ .Values.globals.enableAnalytics | quote }} - name: API_ENCRYPTION_KEY - value: {{ .Values.globals.apiEncryptionKey | quote }} + valueFrom: + secretKeyRef: + name: {{ template "budibase.fullname" . }} + key: apiEncryptionKey - name: HTTP_LOGGING value: {{ .Values.services.apps.httpLogging | quote }} - name: INTERNAL_API_KEY @@ -161,7 +164,10 @@ spec: - name: TENANT_FEATURE_FLAGS value: {{ .Values.globals.tenantFeatureFlags | quote }} - name: ENCRYPTION_KEY - value: {{ .Values.globals.bbEncryptionKey | quote }} + valueFrom: + secretKeyRef: + name: {{ template "budibase.fullname" . }} + key: bbEncryptionKey {{ if .Values.globals.bbAdminUserEmail }} - name: BB_ADMIN_USER_EMAIL value: {{ .Values.globals.bbAdminUserEmail | quote }} diff --git a/charts/budibase/templates/automation-worker-service-deployment.yaml b/charts/budibase/templates/automation-worker-service-deployment.yaml index f456cc85ad..71089bd7ee 100644 --- a/charts/budibase/templates/automation-worker-service-deployment.yaml +++ b/charts/budibase/templates/automation-worker-service-deployment.yaml @@ -58,7 +58,10 @@ spec: - name: ENABLE_ANALYTICS value: {{ .Values.globals.enableAnalytics | quote }} - name: API_ENCRYPTION_KEY - value: {{ .Values.globals.apiEncryptionKey | quote }} + valueFrom: + secretKeyRef: + name: {{ template "budibase.fullname" . }} + key: apiEncryptionKey - name: HTTP_LOGGING value: {{ .Values.services.automationWorkers.httpLogging | quote }} - name: INTERNAL_API_KEY @@ -154,7 +157,10 @@ spec: - name: TENANT_FEATURE_FLAGS value: {{ .Values.globals.tenantFeatureFlags | quote }} - name: ENCRYPTION_KEY - value: {{ .Values.globals.bbEncryptionKey | quote }} + valueFrom: + secretKeyRef: + name: {{ template "budibase.fullname" . }} + key: bbEncryptionKey {{ if .Values.globals.bbAdminUserEmail }} - name: BB_ADMIN_USER_EMAIL value: {{ .Values.globals.bbAdminUserEmail | quote }} diff --git a/charts/budibase/templates/secrets.yaml b/charts/budibase/templates/secrets.yaml index 263934187e..861442acac 100644 --- a/charts/budibase/templates/secrets.yaml +++ b/charts/budibase/templates/secrets.yaml @@ -16,10 +16,14 @@ data: jwtSecret: {{ index $existingSecret.data "jwtSecret" }} objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }} objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }} + bbEncryptionKey: {{ index $existingSecret.data "bbEncryptionKey" }} + apiEncryptionKey: {{ index $existingSecret.data "apiEncryptionKey" }} {{- else }} internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }} jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }} objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }} objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }} + bbEncryptionKey: {{ template "budibase.defaultsecret" "" }} + apiEncryptionKey: {{ template "budibase.defaultsecret" "" }} {{- end }} {{- end }} diff --git a/charts/budibase/templates/worker-service-deployment.yaml b/charts/budibase/templates/worker-service-deployment.yaml index 65c922b8e0..fbd88e862f 100644 --- a/charts/budibase/templates/worker-service-deployment.yaml +++ b/charts/budibase/templates/worker-service-deployment.yaml @@ -65,7 +65,10 @@ spec: {{ end }} {{ end }} - name: API_ENCRYPTION_KEY - value: {{ .Values.globals.apiEncryptionKey | quote }} + valueFrom: + secretKeyRef: + name: {{ template "budibase.fullname" . }} + key: apiEncryptionKey - name: HTTP_LOGGING value: {{ .Values.services.worker.httpLogging | quote }} - name: INTERNAL_API_KEY @@ -167,7 +170,10 @@ spec: - name: TENANT_FEATURE_FLAGS value: {{ .Values.globals.tenantFeatureFlags | quote }} - name: ENCRYPTION_KEY - value: {{ .Values.globals.bbEncryptionKey | quote }} + valueFrom: + secretKeyRef: + name: {{ template "budibase.fullname" . }} + key: bbEncryptionKey {{ if .Values.globals.datadogApmEnabled }} - name: DD_LOGS_INJECTION value: {{ .Values.globals.datadogApmEnabled | quote }}