From 488e13c3125489b2e5bbe648fbc2e6b1a2f58eb6 Mon Sep 17 00:00:00 2001 From: Xstar97 Date: Fri, 6 Jan 2023 13:44:59 -0500 Subject: [PATCH] fix(gotify): BREAKING CHANGE - Rewrite app (#5997) * fix(gotify) fix user and pass + gui rework. * conf file * gui * fix * lint * fixy-fixy * whops * add dep * hmm * also tet * env -.- Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros kois --- charts/stable/gotify/Chart.yaml | 34 +-- charts/stable/gotify/questions.yaml | 236 ++++++++++++------ charts/stable/gotify/templates/_configmap.tpl | 13 - charts/stable/gotify/templates/_secret.tpl | 83 ++++++ charts/stable/gotify/templates/common.yaml | 5 +- charts/stable/gotify/values.yaml | 75 ++++-- cspell.config.yaml | 1 + 7 files changed, 314 insertions(+), 133 deletions(-) delete mode 100644 charts/stable/gotify/templates/_configmap.tpl create mode 100644 charts/stable/gotify/templates/_secret.tpl diff --git a/charts/stable/gotify/Chart.yaml b/charts/stable/gotify/Chart.yaml index b1cb8c82beb..ec5f7693637 100644 --- a/charts/stable/gotify/Chart.yaml +++ b/charts/stable/gotify/Chart.yaml @@ -1,21 +1,5 @@ apiVersion: v2 appVersion: "2.2.2" -version: 11.0.17 -kubeVersion: ">=1.16.0-0" -name: gotify -description: a simple server for sending and receiving messages -type: application -home: https://truecharts.org/charts/stable/gotify -keywords: - - server - - gotify - - messages -icon: https://truecharts.org/img/hotlink-ok/chart-icons/gotify.png -sources: - - https://github.com/truecharts/charts/tree/master/charts/stable/gotify - - https://gotify.net/ - - https://github.com/gotify/server - - https://hub.docker.com/r/gotify/server dependencies: - name: common repository: https://library-charts.truecharts.org @@ -24,12 +8,28 @@ dependencies: name: postgresql repository: https://charts.truecharts.org/ version: 11.0.17 +deprecated: false +description: A simple server for sending and receiving messages. +home: https://truecharts.org/charts/stable/gotify +icon: https://truecharts.org/img/hotlink-ok/chart-icons/gotify.png +keywords: + - gotify + - notifications +kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org name: TrueCharts url: https://truecharts.org +name: gotify +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/gotify + - https://gotify.net/ + - https://github.com/gotify/server + - https://hub.docker.com/r/gotify/server +type: application +version: 12.0.0 annotations: truecharts.org/catagories: | - - media + - notifications truecharts.org/SCALE-support: "true" truecharts.org/grade: U diff --git a/charts/stable/gotify/questions.yaml b/charts/stable/gotify/questions.yaml index 14252103e54..f53268fb7f5 100644 --- a/charts/stable/gotify/questions.yaml +++ b/charts/stable/gotify/questions.yaml @@ -8,85 +8,169 @@ questions: # Include{replicas} # Include{replica1} # Include{controllerExpertExtraArgs} - - variable: secretEnv - group: "App Configuration" - label: "Image Secrets" + - variable: gotify + group: App Configuration + label: Gotify Configuration schema: additional_attrs: true type: dict attrs: - variable: user - label: "user" - description: "Sets the user env var" - schema: - type: string - default: "admin" - - variable: pass - label: "pass" - description: "Sets the pass env var" - schema: - type: string - default: "changeme" - - variable: env - group: "App Configuration" - label: "Image Environment" - schema: - additional_attrs: true - type: dict - attrs: - - variable: GOTIFY_SERVER_KEEPALIVEPERIODSECONDS - label: "GOTIFY_SERVER_KEEPALIVEPERIODSECONDS" - description: "Sets the GOTIFY_SERVER_KEEPALIVEPERIODSECONDS env var" - schema: - type: int - default: 0 - - variable: GOTIFY_SERVER_LISTENADDR - label: "GOTIFY_SERVER_LISTENADDR" - description: "Sets the GOTIFY_SERVER_LISTENADDR env var" + label: Username (First install only) + description: Sets the default admin user. schema: type: string default: "" - - variable: GOTIFY_SERVER_SSL_ENABLED - label: "GOTIFY_SERVER_SSL_ENABLED" - description: "Sets the GOTIFY_SERVER_SSL_ENABLED env var" - schema: - type: boolean - default: false - - variable: GOTIFY_SERVER_RESPONSEHEADERS - label: "GOTIFY_SERVER_RESPONSEHEADERS" - description: "Sets the GOTIFY_SERVER_RESPONSEHEADERS env var" + required: true + - variable: pass + label: Password (First install only) + description: Sets the default admin pass. schema: type: string - default: "X-Custom-Header: \"custom value\"" - - variable: GOTIFY_SERVER_STREAM_PINGPERIODSECONDS - label: "GOTIFY_SERVER_STREAM_PINGPERIODSECONDS" - description: "Sets the GOTIFY_SERVER_STREAM_PINGPERIODSECONDS env var" + default: "" + required: true + private: true + - variable: registration + label: Registration + description: Enable / Disable user registration. schema: - type: int - default: 45 - - variable: GOTIFY_PASSSTRENGTH - label: "GOTIFY_PASSSTRENGTH" - description: "Sets the GOTIFY_PASSSTRENGTH env var" + type: boolean + default: true + - variable: password_strength + label: Password Strength + description: The bcrypt password strength (higher = better but also slower). schema: type: int default: 10 - - variable: GOTIFY_UPLOADEDIMAGESDIR - label: "GOTIFY_UPLOADEDIMAGESDIR" - description: "Sets the GOTIFY_UPLOADEDIMAGESDIR env var" + - variable: show_advanced + label: Show Advanced Options + description: Shows advanced options that should be changed only if you know what you are doing schema: - type: string - default: "data/images" - - variable: GOTIFY_PLUGINSDIR - label: "GOTIFY_PLUGINSDIR" - description: "Sets the GOTIFY_PLUGINSDIR env var" + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: response_headers + label: Response Headers + description: Response headers are added to every response + schema: + type: list + default: [] + items: + - variable: response_header_entry + label: Response Header Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Header Key + schema: + type: string + default: "" + required: true + - variable: value + label: Header Value + schema: + type: string + default: "" + required: true + - variable: keep_alive_period_seconds + label: Keep Alive Period Seconds + description: Set the interval in which keepalive packets will be sent. 0 = use Go default (15s); -1 = disable keepalive; Only change this value if you know what you are doing. + schema: + type: int + required: true + default: 0 + - variable: stream + label: Stream schema: - type: string - default: "data/plugins" + additional_attrs: true + type: dict + attrs: + - variable: show_advanced + label: Show Advanced Options + description: Shows advanced options that should be changed only if you know what you are doing + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: ping_period_seconds + label: Ping Period Seconds + description: The interval in which websocket pings will be sent. Only change this value if you know what you are doing. + schema: + type: int + required: true + default: 45 + - variable: allowed_origins + label: Allowed Origins + description: Allowed origins for websocket connections (Same Origin is always allowed, Default is Same Origin) + schema: + type: list + default: [] + items: + - variable: allowed_origin_entry + label: Allowed Origin Entry + schema: + type: string + default: "" + required: true + - variable: cors + label: CORS + schema: + additional_attrs: true + type: dict + attrs: + - variable: show_advanced + label: Show Advanced Options + description: Shows advanced options that should be changed only if you know what you are doing + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: allowed_origins + label: Allowed Origins + schema: + type: list + default: [] + items: + - variable: allowed_origin_entry + label: Allowed Origin Entry + schema: + type: string + required: true + default: "" + - variable: allowed_methods + label: Allowed Methods + schema: + type: list + default: [] + items: + - variable: allowed_method_entry + label: Allowed Method Entry + schema: + type: string + default: "" + required: true + - variable: allowed_headers + label: Allowed Headers + schema: + type: list + default: [] + items: + - variable: allowed_header_entry + label: Allowed Header Entry + schema: + type: string + default: "" + required: true # Include{containerConfig} # Include{serviceRoot} - variable: main - label: "Main Service" - description: "The Primary service on which the healthcheck runs, often the webUI" + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict @@ -94,14 +178,14 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main - label: "Main Service Port Configuration" + label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 10084 @@ -112,8 +196,8 @@ questions: # Include{serviceList} # Include{persistenceRoot} - variable: data - label: "App Data Storage" - description: "Stores the Application Data." + label: App Data Storage + description: Stores the Application Data. schema: additional_attrs: true type: dict @@ -122,7 +206,7 @@ questions: # Include{persistenceList} # Include{ingressRoot} - variable: main - label: "Main Ingress" + label: Main Ingress schema: additional_attrs: true type: dict @@ -134,41 +218,41 @@ questions: # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged - label: "Privileged mode" + label: Privileged mode schema: type: boolean default: false - variable: readOnlyRootFilesystem - label: "ReadOnly Root Filesystem" + label: ReadOnly Root Filesystem schema: type: boolean default: true - variable: allowPrivilegeEscalation - label: "Allow Privilege Escalation" + label: Allow Privilege Escalation schema: type: boolean default: false - variable: runAsNonRoot - label: "runAsNonRoot" + label: runAsNonRoot schema: type: boolean default: true # Include{podSecurityContextRoot} - variable: runAsUser - label: "runAsUser" - description: "The UserID of the user running the application" + label: runAsUser + description: The UserID of the user running the application schema: type: int default: 568 - variable: runAsGroup - label: "runAsGroup" - description: "The groupID this App of the user running the application" + label: runAsGroup + description: The groupID this App of the user running the application schema: type: int default: 568 - variable: fsGroup - label: "fsGroup" - description: "The group that should own ALL storage." + label: fsGroup + description: The group that should own ALL storage. schema: type: int default: 568 diff --git a/charts/stable/gotify/templates/_configmap.tpl b/charts/stable/gotify/templates/_configmap.tpl deleted file mode 100644 index bae2ecdb399..00000000000 --- a/charts/stable/gotify/templates/_configmap.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{- define "gotify.configmap" }} -{{ $url := ( .Values.postgresql.url.plain | trimAll "\"" ) }} -{{ $password := ( .Values.postgresql.postgresqlPassword | trimAll "\"" ) }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gotifyenv -data: - GOTIFY_DATABASE_CONNECTION: "host={{ $url }} port=5432 user={{ .Values.postgresql.postgresqlUsername }} dbname={{ .Values.postgresql.postgresqlDatabase }} password={{ $password }} sslmode=disable" - GOTIFY_DATABASE_DIALECT: "postgres" - -{{- end }} diff --git a/charts/stable/gotify/templates/_secret.tpl b/charts/stable/gotify/templates/_secret.tpl new file mode 100644 index 00000000000..2311c7d7915 --- /dev/null +++ b/charts/stable/gotify/templates/_secret.tpl @@ -0,0 +1,83 @@ +{{/* Define the secret */}} +{{- define "gotify.secret" -}} + +{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) }} +{{- $secretEnvName := printf "%s-secret-env" (include "tc.common.names.fullname" .) }} + +{{- $url := (.Values.postgresql.url.plain | trimAll "\"") }} +{{- $password := (.Values.postgresql.postgresqlPassword | trimAll "\"") }} +{{- $dbuser := .Values.postgresql.postgresqlUsername }} +{{- $dbname := .Values.postgresql.postgresqlDatabase }} +{{- $port := .Values.service.main.ports.main.port }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretEnvName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +stringData: {{/* Env takes precedence, and it;s defined in Dockerfile as 80 */}} + GOTIFY_SERVER_PORT: {{ $port | quote }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +stringData: + config.yml: | + server: + listenaddr: "" + keepaliveperiodseconds: {{ .Values.gotify.keep_alive_period_seconds }} + port: {{ $port }} + {{- with .Values.gotify.response_headers }} + responseheaders: + {{- range $item := . }} + {{ $item.key }}: {{ $item.value | quote }} + {{- end }} + {{- end }} + ssl: + enabled: false + stream: + pingperiodseconds: {{ .Values.gotify.stream.ping_period_seconds }} + {{- with .Values.gotify.stream.allowed_origins }} + allowedorigins: + {{- range $item := . }} + - {{ $item | quote }} + {{- end }} + {{- end }} + {{- if or .Values.gotify.cors.allowed_origins .Values.gotify.cors.allowed_methods .Values.gotify.cors.allowed_headers }} + cors: + {{- with .Values.gotify.cors.allowed_origins }} + alloworigins: + {{- range $item := . }} + - {{ $item | quote }} + {{- end }} + {{- end }} + {{- with .Values.gotify.cors.allowed_methods }} + allowmethods: + {{- range $item := . }} + - {{ $item | quote }} + {{- end }} + {{- end }} + {{- with .Values.gotify.cors.allowed_headers }} + allowheaders: + {{- range $item := . }} + - {{ $item | quote }} + {{- end }} + {{- end }} + {{- end }} + database: + dialect: postgres + connection: {{ printf "host=%s port=5432 user=%s dbname=%s password=%s sslmode=disable" $url $dbuser $dbname $password }} + uploadedimagesdir: {{ printf "%s/images" .Values.persistence.data.mountPath }} + {{- if .Values.gotify.plugins_enabled }} + pluginsdir: {{ printf "%s/plugins" .Values.persistence.data.mountPath }} + {{- end }} + defaultuser: + name: {{ .Values.gotify.user }} + pass: {{ .Values.gotify.pass }} + passstrength: {{ .Values.gotify.password_strength }} + registration: {{ .Values.gotify.registration }} +{{- end -}} diff --git a/charts/stable/gotify/templates/common.yaml b/charts/stable/gotify/templates/common.yaml index 273dd80c453..f4b8fe24a7a 100644 --- a/charts/stable/gotify/templates/common.yaml +++ b/charts/stable/gotify/templates/common.yaml @@ -1,7 +1,8 @@ {{/* Make sure all variables are set properly */}} {{- include "tc.common.loader.init" . }} -{{/* Render configmap for nextcloud */}} -{{- include "gotify.configmap" . }} +{{/* Render secret */}} +{{- include "gotify.secret" . }} +{{/* Render the templates */}} {{ include "tc.common.loader.apply" . }} diff --git a/charts/stable/gotify/values.yaml b/charts/stable/gotify/values.yaml index 389ae0e6f89..6519c7da5f7 100644 --- a/charts/stable/gotify/values.yaml +++ b/charts/stable/gotify/values.yaml @@ -3,46 +3,71 @@ image: pullPolicy: IfNotPresent tag: 2.2.2@sha256:740c2e6236b0d197f2c43b39714b802161fdfec17866dade32966ed4d2c9a7d1 -secretEnv: - user: "admin" - pass: "admin" - -env: - GOTIFY_SERVER_PORT: 8080 - GOTIFY_SERVER_KEEPALIVEPERIODSECONDS: 0 - GOTIFY_SERVER_LISTENADDR: "" - GOTIFY_SERVER_SSL_ENABLED: false - # lists are a little weird but do-able (: - # GOTIFY_SERVER_SSL_LETSENCRYPT_HOSTS: "- mydomain.tld\n- myotherdomain.tld" - GOTIFY_SERVER_RESPONSEHEADERS: 'X-Custom-Header: "custom value"' - # GOTIFY_SERVER_CORS_ALLOWORIGINS: "- \".+.example.com\"\n- \"otherdomain.com\"" - # GOTIFY_SERVER_CORS_ALLOWMETHODS: "- \"GET\"\n- \"POST\"" - # GOTIFY_SERVER_CORS_ALLOWHEADERS: "- \"Authorization\"\n- \"content-type\"" - # GOTIFY_SERVER_STREAM_ALLOWEDORIGINS: "- \".+.example.com\"\n- \"otherdomain.com\"" - GOTIFY_SERVER_STREAM_PINGPERIODSECONDS: 45 - GOTIFY_PASSSTRENGTH: 10 - GOTIFY_UPLOADEDIMAGESDIR: "data/images" - GOTIFY_PLUGINSDIR: "data/plugins" +gotify: + user: admin + pass: admin + registration: false + password_strength: 10 + # Advanced + response_headers: + [] + # - key: X-Custom-Header + # value: "custom value" + keep_alive_period_seconds: 0 + stream: + ping_period_seconds: 45 + allowed_origins: + [] + # - example.com + # - domain.com + cors: + allowed_origins: + [] + # - ".+.example.com" + # - "otherdomain.com" + allowed_methods: + [] + # - GET + # - POST + allowed_headers: + [] + # - Authorization + # - content-type envFrom: - - configMapRef: - name: gotifyenv + - secretRef: + name: '{{ include "tc.common.names.fullname" . }}-secret-env' + +probes: + liveness: + path: /health + readiness: + path: /health + startup: + path: /health service: main: ports: main: port: 10084 - targetPort: 8080 persistence: data: enabled: true - mountPath: "/app/data" + mountPath: /app/data + config-file: + enabled: true + type: secret + readOnly: true + defaultMode: "0600" + objectName: '{{ include "tc.common.names.fullname" . }}-secret' + mountPath: /etc/gotify/config.yml + subPath: config.yml postgresql: enabled: true - existingSecret: "dbcreds" + existingSecret: dbcreds postgresqlUsername: gotify postgresqlDatabase: gotify diff --git a/cspell.config.yaml b/cspell.config.yaml index c8c34580e2d..6484426ae5b 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -77,6 +77,7 @@ words: - gibibyte - gluster - goauthentik + - Gotify - Groupname - gunicorn - healthcheck