Added changes for 3.9.x (#386)

* Added changes for 3.9.x Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> * Added changes Signed-off-by: Jonsy13 <[email protected]> --------- Signed-off-by: Jonsy13 <[email protected]>
litmuschaos · Jul 16, 2024 · 2212027 · 2212027
1 parent 44112b0
commit 2212027
Show file tree

Hide file tree

Showing 21 changed files with 373 additions and 239 deletions.
diff --git a/charts/litmus/Chart.yaml b/charts/litmus/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "3.8.0"
+appVersion: "3.9.0"
 description: A Helm chart to install ChaosCenter
 name: litmus
-version: 3.8.0
+version: 3.9.0
 kubeVersion: ">=1.16.0-0"
 home: https://litmuschaos.io
 sources:

diff --git a/charts/litmus/README.md b/charts/litmus/README.md
@@ -1,6 +1,6 @@
 # litmus
 
-![Version: 3.8.0](https://img.shields.io/badge/Version-3.8.0-informational?style=flat-square) ![AppVersion: 3.8.0](https://img.shields.io/badge/AppVersion-3.8.0-informational?style=flat-square)
+![Version: 3.9.0](https://img.shields.io/badge/Version-3.9.0-informational?style=flat-square) ![AppVersion: 3.9.0](https://img.shields.io/badge/AppVersion-3.9.0-informational?style=flat-square)
 
 A Helm chart to install ChaosCenter
 
@@ -55,23 +55,38 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | adminConfig.DBUSER | string | `""` |  |
 | adminConfig.DB_PORT | string | `""` |  |
 | adminConfig.DB_SERVER | string | `""` |  |
-| adminConfig.JWTSecret | string | `"litmus-portal@123"` |  |
 | adminConfig.SKIP_SSL_VERIFY | string | `"false"` |  |
-| adminConfig.VERSION | string | `"3.8.0"` |  |
+| adminConfig.VERSION | string | `"3.9.1"` |  |
+| allowedOrigins | string | `".*"` |  |
 | customLabels | object | `{}` | Additional labels |
 | existingSecret | string | `""` | Use existing secret (e.g., External Secrets) |
 | image.imagePullSecrets | list | `[]` |  |
 | image.imageRegistryName | string | `"litmuschaos.docker.scarf.sh/litmuschaos"` |  |
-| ingress.annotations | object | `{}` |  |
+| ingress.annotations."ingress.kubernetes.io/proxy-body-size" | string | `"0"` |  |
+| ingress.annotations."ingress.kubernetes.io/ssl-redirect" | string | `"true"` |  |
+| ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"0"` |  |
+| ingress.annotations."nginx.ingress.kubernetes.io/ssl-redirect" | string | `"true"` |  |
 | ingress.enabled | bool | `false` |  |
-| ingress.host.backend.path | string | `"/backend/(.*)"` | You may need adapt the path depending your ingress-controller |
-| ingress.host.backend.pathType | string | `"ImplementationSpecific"` | Allow to set [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for the backend path |
-| ingress.host.frontend.path | string | `"/(.*)"` | You may need adapt the path depending your ingress-controller |
+| ingress.host.frontend.path | string | `"/"` | You may need adapt the path depending your ingress-controller |
 | ingress.host.frontend.pathType | string | `"ImplementationSpecific"` | Allow to set [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for the frontend path |
 | ingress.host.name | string | `""` | This is ingress hostname (ex: my-domain.com) |
 | ingress.ingressClassName | string | `""` |  |
 | ingress.name | string | `"litmus-ingress"` |  |
 | ingress.tls | list | `[]` |  |
+| internalTLS.authServer.crt | string | `""` |  |
+| internalTLS.authServer.key | string | `""` |  |
+| internalTLS.authServer.secretName | string | `""` |  |
+| internalTLS.certMountPath | string | `"/etc/tls"` |  |
+| internalTLS.certSource | string | `"auto"` |  |
+| internalTLS.enabled | bool | `false` |  |
+| internalTLS.graphqlServer.crt | string | `""` |  |
+| internalTLS.graphqlServer.key | string | `""` |  |
+| internalTLS.graphqlServer.secretName | string | `""` |  |
+| internalTLS.strong_ssl_ciphers | bool | `false` |  |
+| internalTLS.trustCa | string | `""` |  |
+| internalTLS.web.crt | string | `""` |  |
+| internalTLS.web.key | string | `""` |  |
+| internalTLS.web.secretName | string | `""` |  |
 | mongodb | object | `{"architecture":"replicaset","auth":{"enabled":true,"existingSecret":"","rootPassword":"1234","rootUser":"root"},"enabled":true,"livenessProbe":{"timeoutSeconds":20},"metrics":{"enabled":false,"prometheusRule":{"enabled":false}},"persistence":{"enabled":true},"readinessProbe":{"timeoutSeconds":20},"replicaCount":3,"volumePermissions":{"enabled":true}}` | Configure the Bitnami MongoDB subchart see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
 | mongodb.auth.existingSecret | string | `""` | existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) |
 | nameOverride | string | `""` |  |
@@ -91,7 +106,7 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | portal.frontend.customLabels | object | `{}` |  |
 | portal.frontend.image.pullPolicy | string | `"Always"` |  |
 | portal.frontend.image.repository | string | `"litmusportal-frontend"` |  |
-| portal.frontend.image.tag | string | `"3.8.0"` |  |
+| portal.frontend.image.tag | string | `"3.9.1"` |  |
 | portal.frontend.livenessProbe.failureThreshold | int | `5` |  |
 | portal.frontend.livenessProbe.initialDelaySeconds | int | `30` |  |
 | portal.frontend.livenessProbe.periodSeconds | int | `10` |  |
@@ -126,13 +141,13 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | portal.server.authServer.autoscaling.minReplicas | int | `2` |  |
 | portal.server.authServer.autoscaling.targetCPUUtilizationPercentage | int | `50` |  |
 | portal.server.authServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` |  |
-| portal.server.authServer.env.LITMUS_GQL_GRPC_PORT | string | `":8000"` |  |
+| portal.server.authServer.env | object | `{}` |  |
 | portal.server.authServer.image.pullPolicy | string | `"Always"` |  |
 | portal.server.authServer.image.repository | string | `"litmusportal-auth-server"` |  |
-| portal.server.authServer.image.tag | string | `"3.8.0"` |  |
-| portal.server.authServer.ports[0].containerPort | int | `3030` |  |
+| portal.server.authServer.image.tag | string | `"3.9.1"` |  |
+| portal.server.authServer.ports[0].containerPort | int | `3000` |  |
 | portal.server.authServer.ports[0].name | string | `"auth-server"` |  |
-| portal.server.authServer.ports[1].containerPort | int | `3000` |  |
+| portal.server.authServer.ports[1].containerPort | int | `3030` |  |
 | portal.server.authServer.ports[1].name | string | `"auth-rpc-server"` |  |
 | portal.server.authServer.replicas | int | `1` |  |
 | portal.server.authServer.resources.limits.cpu | string | `"550m"` |  |
@@ -146,35 +161,34 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | portal.server.authServer.securityContext.runAsNonRoot | bool | `true` |  |
 | portal.server.authServer.securityContext.runAsUser | int | `2000` |  |
 | portal.server.authServer.service.annotations | object | `{}` |  |
+| portal.server.authServer.service.authRestServer.port | int | `9003` |  |
+| portal.server.authServer.service.authRestServer.targetPort | int | `3000` |  |
 | portal.server.authServer.service.authRpcServer.port | int | `3030` |  |
 | portal.server.authServer.service.authRpcServer.targetPort | int | `3030` |  |
-| portal.server.authServer.service.authServer.port | int | `9003` |  |
-| portal.server.authServer.service.authServer.targetPort | int | `3000` |  |
 | portal.server.authServer.service.type | string | `"ClusterIP"` |  |
 | portal.server.authServer.volumeMounts | list | `[]` |  |
 | portal.server.authServer.volumes | list | `[]` |  |
 | portal.server.customLabels | object | `{}` |  |
+| portal.server.graphqlServer.automountServiceAccountToken | bool | `false` |  |
 | portal.server.graphqlServer.genericEnv.CHAOS_CENTER_UI_ENDPOINT | string | `""` |  |
 | portal.server.graphqlServer.genericEnv.CONTAINER_RUNTIME_EXECUTOR | string | `"k8sapi"` |  |
-| portal.server.graphqlServer.genericEnv.DEFAULT_HUB_BRANCH_NAME | string | `"v3.8.x"` |  |
+| portal.server.graphqlServer.genericEnv.DEFAULT_HUB_BRANCH_NAME | string | `"v3.9.x"` |  |
 | portal.server.graphqlServer.genericEnv.ENABLE_GQL_INTROSPECTION | string | `"false"` |  |
-| portal.server.graphqlServer.genericEnv.INFRA_COMPATIBLE_VERSIONS | string | `"[\"3.8.0\"]"` |  |
+| portal.server.graphqlServer.genericEnv.INFRA_COMPATIBLE_VERSIONS | string | `"[\"3.9.0\"]"` |  |
 | portal.server.graphqlServer.genericEnv.INFRA_DEPLOYMENTS | string | `"[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"` |  |
-| portal.server.graphqlServer.genericEnv.LITMUS_AUTH_GRPC_PORT | string | `":3030"` |  |
 | portal.server.graphqlServer.genericEnv.REMOTE_HUB_MAX_SIZE | string | `"5000000"` |  |
 | portal.server.graphqlServer.genericEnv.TLS_CERT_64 | string | `""` |  |
-| portal.server.graphqlServer.genericEnv.TLS_SECRET_NAME | string | `""` |  |
-| portal.server.graphqlServer.genericEnv.WORKFLOW_HELPER_IMAGE_VERSION | string | `"3.8.0"` |  |
+| portal.server.graphqlServer.genericEnv.WORKFLOW_HELPER_IMAGE_VERSION | string | `"3.9.0"` |  |
 | portal.server.graphqlServer.image.pullPolicy | string | `"Always"` |  |
 | portal.server.graphqlServer.image.repository | string | `"litmusportal-server"` |  |
-| portal.server.graphqlServer.image.tag | string | `"3.8.0"` |  |
+| portal.server.graphqlServer.image.tag | string | `"3.9.1"` |  |
 | portal.server.graphqlServer.imageEnv.ARGO_WORKFLOW_CONTROLLER_IMAGE | string | `"workflow-controller:v3.3.1"` |  |
 | portal.server.graphqlServer.imageEnv.ARGO_WORKFLOW_EXECUTOR_IMAGE | string | `"argoexec:v3.3.1"` |  |
-| portal.server.graphqlServer.imageEnv.EVENT_TRACKER_IMAGE | string | `"litmusportal-event-tracker:3.8.0"` |  |
-| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_EXPORTER_IMAGE | string | `"chaos-exporter:3.8.0"` |  |
-| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_OPERATOR_IMAGE | string | `"chaos-operator:3.8.0"` |  |
-| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_RUNNER_IMAGE | string | `"chaos-runner:3.8.0"` |  |
-| portal.server.graphqlServer.imageEnv.SUBSCRIBER_IMAGE | string | `"litmusportal-subscriber:3.8.0"` |  |
+| portal.server.graphqlServer.imageEnv.EVENT_TRACKER_IMAGE | string | `"litmusportal-event-tracker:3.9.1"` |  |
+| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_EXPORTER_IMAGE | string | `"chaos-exporter:3.9.0"` |  |
+| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_OPERATOR_IMAGE | string | `"chaos-operator:3.9.0"` |  |
+| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_RUNNER_IMAGE | string | `"chaos-runner:3.9.0"` |  |
+| portal.server.graphqlServer.imageEnv.SUBSCRIBER_IMAGE | string | `"litmusportal-subscriber:3.9.1"` |  |
 | portal.server.graphqlServer.livenessProbe.failureThreshold | int | `5` |  |
 | portal.server.graphqlServer.livenessProbe.initialDelaySeconds | int | `30` |  |
 | portal.server.graphqlServer.livenessProbe.periodSeconds | int | `10` |  |
@@ -199,10 +213,10 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | portal.server.graphqlServer.securityContext.runAsNonRoot | bool | `true` |  |
 | portal.server.graphqlServer.securityContext.runAsUser | int | `2000` |  |
 | portal.server.graphqlServer.service.annotations | object | `{}` |  |
+| portal.server.graphqlServer.service.graphqlRestServer.port | int | `9002` |  |
+| portal.server.graphqlServer.service.graphqlRestServer.targetPort | int | `8080` |  |
 | portal.server.graphqlServer.service.graphqlRpcServer.port | int | `8000` |  |
 | portal.server.graphqlServer.service.graphqlRpcServer.targetPort | int | `8000` |  |
-| portal.server.graphqlServer.service.graphqlServer.port | int | `9002` |  |
-| portal.server.graphqlServer.service.graphqlServer.targetPort | int | `8080` |  |
 | portal.server.graphqlServer.service.type | string | `"ClusterIP"` |  |
 | portal.server.graphqlServer.volumeMounts[0].mountPath | string | `"/tmp/"` |  |
 | portal.server.graphqlServer.volumeMounts[0].name | string | `"gitops-storage"` |  |
@@ -214,7 +228,6 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | portal.server.graphqlServer.volumes[1].name | string | `"hub-storage"` |  |
 | portal.server.nodeSelector | object | `{}` |  |
 | portal.server.replicas | int | `1` |  |
-| portal.server.serviceAccountName | string | `"litmus-server-account"` |  |
 | portal.server.tolerations | list | `[]` |  |
 | portal.server.updateStrategy | object | `{}` |  |
 | portal.server.waitForMongodb.image.pullPolicy | string | `"Always"` |  |
@@ -227,16 +240,6 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | portal.server.waitForMongodb.resources.requests.ephemeral-storage | string | `"500Mi"` |  |
 | portal.server.waitForMongodb.resources.requests.memory | string | `"150Mi"` |  |
 | portal.server.waitForMongodb.securityContext | object | `{}` |  |
-| portalScope | string | `"cluster"` |  |
-| upgradeAgent.affinity | object | `{}` |  |
-| upgradeAgent.controlPlane.image.pullPolicy | string | `"Always"` |  |
-| upgradeAgent.controlPlane.image.repository | string | `"upgrade-agent-cp"` |  |
-| upgradeAgent.controlPlane.image.tag | string | `"3.8.0"` |  |
-| upgradeAgent.controlPlane.restartPolicy | string | `"OnFailure"` |  |
-| upgradeAgent.enabled | bool | `true` |  |
-| upgradeAgent.nodeSelector | object | `{}` |  |
-| upgradeAgent.resources | object | `{}` |  |
-| upgradeAgent.tolerations | list | `[]` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/litmus/templates/_helpers.tpl b/charts/litmus/templates/_helpers.tpl
@@ -91,3 +91,48 @@ Check for existing secret
 mongodb://{{ trimSuffix "," $hosts  }}/admin
 {{- end -}}
 
+{{- define "litmus-portal.internalTLS.web.secretName" -}}
+  {{- if eq .Values.internalTLS.certSource "secret" -}}
+    {{- .Values.internalTLS.web.secretName -}}
+  {{- else -}}
+    {{- printf "%s-web-internal-tls" (include "litmus-portal.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "litmus-portal.internalTLS.authServer.secretName" -}}
+  {{- if eq .Values.internalTLS.certSource "secret" -}}
+    {{- .Values.internalTLS.authServer.secretName -}}
+  {{- else -}}
+    {{- printf "%s-auth-server-internal-tls" (include "litmus-portal.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "litmus-portal.internalTLS.graphqlServer.secretName" -}}
+  {{- if eq .Values.internalTLS.certSource "secret" -}}
+    {{- .Values.internalTLS.graphqlServer.secretName -}}
+  {{- else -}}
+    {{- printf "%s-graphql-server-internal-tls" (include "litmus-portal.fullname" .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "litmus-portal.web" -}}
+  {{- printf "%s-web-service" (include "litmus-portal.fullname" .) -}}
+{{- end -}}
+
+{{- define "litmus-portal.auth-server" -}}
+  {{- printf "%s-auth-server-service" (include "litmus-portal.fullname" .) -}}
+{{- end -}}
+
+{{- define "litmus-portal.graphql-server" -}}
+  {{- printf "%s-graphql-server-service" (include "litmus-portal.fullname" .) -}}
+{{- end -}}
+
+{{/* scheme for all components because it only support http mode */}}
+{{- define "litmus-portal.component.scheme" -}}
+  {{- if .Values.internalTLS.enabled -}}
+    {{- printf "https" -}}
+  {{- else -}}
+    {{- printf "http" -}}
+  {{- end -}}
+{{- end -}}
+
diff --git a/charts/litmus/templates/auth-server-deployment.yaml b/charts/litmus/templates/auth-server-deployment.yaml
@@ -1,10 +1,10 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "litmus-portal.fullname" . }}-auth-server
+  name: '{{ include "litmus-portal.fullname" . }}-auth-server'
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/component: {{ include "litmus-portal.name" . }}-auth-server
+    app.kubernetes.io/component: '{{ include "litmus-portal.name" . }}-auth-server'
     {{- include "litmus-portal.labels" . | nindent 4 }}
     {{- if .Values.portal.server.customLabels }}
       {{ toYaml .Values.portal.server.customLabels | nindent 4 }}
@@ -30,7 +30,6 @@ spec:
         {{- end }}
     spec:
       automountServiceAccountToken: {{ .Values.portal.server.authServer.automountServiceAccountToken }}
-      serviceAccountName: {{ .Values.portal.server.serviceAccountName }}
       {{- if .Values.image.imagePullSecrets }}
       imagePullSecrets:
         {{ toYaml .Values.image.imagePullSecrets | indent 8 }}
@@ -122,18 +121,48 @@ spec:
               {{- end }}
             - name: LITMUS_GQL_GRPC_ENDPOINT
               value: "{{ include "litmus-portal.fullname" . }}-server-service"
+            - name: "LITMUS_GQL_GRPC_PORT"
+              value: "{{ .Values.portal.server.graphqlServer.service.graphqlRpcServer.port }}"
+              {{- if .Values.internalTLS.enabled }}
+            - name: ENABLE_INTERNAL_TLS
+              value: "true"
+            - name: TLS_CERT_PATH
+              value: "{{ .Values.internalTLS.certMountPath }}/tls.crt"
+            - name: TLS_KEY_PATH
+              value: "{{ .Values.internalTLS.certMountPath }}/tls.key"
+            - name: CA_CERT_TLS_PATH
+              value: "{{ .Values.internalTLS.certMountPath }}/ca.crt"
+              {{- else }}
+            - name: ENABLE_INTERNAL_TLS
+              value: "false"
+              {{- end }}
+            - name: REST_PORT
+              value: "{{ (index .Values.portal.server.authServer.ports 0).containerPort }}"
+            - name: GRPC_PORT
+              value: "{{ (index .Values.portal.server.authServer.ports 1).containerPort }}"
+            - name: ALLOWED_ORIGINS
+              value: "{{ .Values.allowedOrigins }}"
             {{- range $key, $val := .Values.portal.server.authServer.env }}
             - name: {{ $key }}
               value: {{ $val | quote }}
             {{- end }}
-          {{- with .Values.portal.server.authServer.volumeMounts }}
           volumeMounts:
+          {{- with .Values.portal.server.authServer.volumeMounts }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- with .Values.portal.server.authServer.volumes }}
+            {{- if .Values.internalTLS.enabled }}
+            - name: auth-server-internal-certs
+              mountPath: {{ .Values.internalTLS.certMountPath }}
+            {{- end }}
       volumes:
+      {{- with .Values.portal.server.authServer.volumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
+        {{- if .Values.internalTLS.enabled }}
+        - name: auth-server-internal-certs
+          secret:
+            secretName: {{ template "litmus-portal.internalTLS.authServer.secretName" . }}
+        {{- end }}
     {{- with .Values.portal.server.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/litmus/templates/auth-server-svc.yaml b/charts/litmus/templates/auth-server-svc.yaml
@@ -14,8 +14,8 @@ spec:
   type: {{ .Values.portal.server.authServer.service.type }}
   ports:
     - name: auth-server
-      port: {{ .Values.portal.server.authServer.service.authServer.port }}
-      targetPort: {{ .Values.portal.server.authServer.service.authServer.targetPort }}
+      port: {{ .Values.portal.server.authServer.service.authRestServer.port }}
+      targetPort: {{ .Values.portal.server.authServer.service.authRestServer.targetPort }}
     - name: auth-rpc-server
       port: {{ .Values.portal.server.authServer.service.authRpcServer.port }}
       targetPort: {{ .Values.portal.server.authServer.service.authRpcServer.targetPort }}

diff --git a/charts/litmus/templates/auth-server-tls.yaml b/charts/litmus/templates/auth-server-tls.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.internalTLS.enabled }}
+{{- if eq .Values.internalTLS.certSource "manual" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "litmus-portal.internalTLS.authServer.secretName" . }}"
+  labels:
+{{ include "litmus-portal.labels" . | indent 4 }}
+type: kubernetes.io/tls
+data:
+  ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
+  tls.crt: {{ (required "The \"internalTLS.authServer.crt\" is required!" .Values.internalTLS.authServer.crt) | b64enc | quote }}
+  tls.key: {{ (required "The \"internalTLS.authServer.key\" is required!" .Values.internalTLS.authServer.key) | b64enc | quote }}
+{{- end }}
+{{- end }}