CHANGELOG.md

+## [1.0.1](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/compare/v1.0.0...v1.0.1) (2024-07-15)
+
+
+### Bug Fixes
+
+* Initial release. ([8b2fef6](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/commit/8b2fef6468ca86d874f3454a584ff00766dbadfa))
+
 # 1.0.0 (2024-07-10)
 
 

charts/opendesk-migrations/.gitignore

+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+Chart.lock
+charts/
\ No newline at end of file

charts/opendesk-migrations/Chart.yaml

 # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
-annotations:
-  category: "Job"
-  licenses: "Apache-2.0"
 apiVersion: "v2"
 dependencies:
   - name: "common"
@@ -20,5 +17,5 @@ name: "opendesk-migrations"
 sources:
   - "https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations"
 type: "application"
-version: "1.0.0"
+version: "1.0.1"
 ...

charts/opendesk-migrations/README.md

@@ -13,13 +13,13 @@ To install the chart with the release name `my-release`, you have two options:
 ### Install via Repository
 ```console
 helm repo add opendesk-migrations https://gitlab.opencode.de/api/v4/projects/3061/packages/helm/stable
-helm install my-release --version 1.0.0 opendesk-migrations/opendesk-migrations
+helm install my-release --version 1.0.1 opendesk-migrations/opendesk-migrations
 ```
 
 ### Install via OCI Registry
 ```console
 helm repo add opendesk-migrations oci://registry.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations
-helm install my-release --version 1.0.0 opendesk-migrations/opendesk-migrations
+helm install my-release --version 1.0.1 opendesk-migrations/opendesk-migrations
 ```
 
 ## Requirements
@@ -54,15 +54,6 @@ helm install my-release --version 1.0.0 opendesk-migrations/opendesk-migrations
 | image.repository | string | `"bmi/opendesk/components/platform-development/images/opendesk-migrations"` | Container repository string. |
 | image.tag | string | `"1.0.0@sha256:6d9f222197f12f8359a98fa119f2fbe8a7de27a2120a9331192c97ebf433d2c2"` | Define image tag. |
 | imagePullSecrets | list | `[]` | Credentials to fetch images from private registry. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/  imagePullSecrets:   - "docker-registry" |
-| ingress.annotations | object | `{"nginx.ingress.kubernetes.io/proxy-body-size":"4G","nginx.org/client-max-body-size":"4G"}` | Define custom ingress annotations. |
-| ingress.enabled | bool | `false` | Enable creation of Ingress. |
-| ingress.host | string | `""` | Define the Fully Qualified Domain Name (FQDN) where application should be reachable. |
-| ingress.ingressClassName | string | `"nginx"` | The Ingress controller class name. |
-| ingress.path | string | `"/"` | Define the Ingress path. |
-| ingress.pathType | string | `"Prefix"` | Each path in an Ingress is required to have a corresponding path type. Paths that do not include an explicit pathType will fail validation. There are three supported path types:  "ImplementationSpecific" => With this path type, matching is up to the IngressClass. Implementations can treat this                             as a separate pathType or treat it identically to Prefix or Exact path types. "Exact" => Matches the URL path exactly and with case sensitivity. "Prefix" => Matches based on a URL path prefix split by /.  Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types |
-| ingress.tls | object | `{"enabled":true,"secretName":""}` | Secure an Ingress by specifying a Secret that contains a TLS private key and certificate.  Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
-| ingress.tls.enabled | bool | `true` | Enable TLS/SSL/HTTPS for Ingress. |
-| ingress.tls.secretName | string | `""` | The name of the kubernetes secret which contains a TLS private key and certificate. Hint: This secret is not created by this chart and must be provided. |
 | lifecycleHooks | object | `{}` | Lifecycle to automate configuration before or after startup. |
 | migrations.credentials.keycloakAdminPassword | string | `nil` | Keycloak Admin Password |
 | migrations.credentials.keycloakAdminUsername | string | `nil` | Keycloak Admin Username |

charts/opendesk-migrations/templates/job.yaml

@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
 apiVersion: "batch/v1"
 kind: "Job"
 metadata:
-  name: "{{ include "common.names.fullname" . }}-bootstrap-{{ .Release.Revision }}"
+  name: "{{ include "common.names.fullname" . }}-{{ .Release.Revision }}"
   labels:
     {{- include "common.labels.standard" . | nindent 4 }}
     {{- if .Values.additionalLabels }}
@@ -23,7 +23,6 @@ spec:
   template:
     metadata:
       annotations:
-        # checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
         {{- if .Values.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" .) | nindent 8 }}
         {{- end }}
@@ -83,7 +82,7 @@ spec:
               value: "{{ .Values.migrations.currentOdRelease }}"
             - name: "MIGRATIONS_LOGLEVEL"
               value: "{{ .Values.migrations.loglevel }}"
-            - name: "MIGRATIONS_STATE"
+            - name: "MIGRATIONS_STAGE"
               value: "{{ .Values.migrations.stage }}"
             - name: "MIGRATIONS_RUN_ID"
               value: "{{ .Values.migrations.runId }}"
@@ -92,9 +91,9 @@ spec:
             - name: "MIGRATIONS_FAIL_ON_UNEXPECTED_STATE"
               value: "{{ .Values.migrations.failOnUnexpectedState }}"
             - name: "CREDENTIALS_KEYCLOAK_ADMIN_USERNAME"
-              value: "{{ .Values.migrations.credentialsKeycloakAdminUsername }}"
+              value: "{{ .Values.migrations.credentials.keycloakAdminUsername }}"
             - name: "CREDENTIALS_KEYCLOAK_ADMIN_PASSWORD"
-              value: "{{ .Values.migrations.credentialsKeycloakAdminPassword }}"
+              value: "{{ .Values.migrations.credentials.keycloakAdminPassword }}"
             - name: "URLS_KEYCLOAK_BASE"
               value: "{{ .Values.migrations.urls.keycloakBase }}"
           {{- with .Values.extraEnvVars }}

charts/opendesk-migrations/templates/role.yaml

@@ -2,7 +2,7 @@
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-License-Identifier: Apache-2.0
 */}}
-{{- if .Values.rbac.create -}}
+{{- if .Values.rbac.create }}
 ---
 apiVersion: "rbac.authorization.k8s.io/v1"
 kind: "Role"
@@ -11,14 +11,13 @@ metadata:
   labels:
     {{- include "common.labels.standard" . | nindent 4 }}
 rules:
-  # Get IP/Port from service.
-  # Update target port for nodePort
+  # Allow self management of configmap
   - apiGroups: [""]
-    resources:
-      - "configmaps"
-    resourceNames:
-      - "migrations-status"
-    verbs:
-      - "*"
+    resources: ["configmaps"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["migrations-status"]
+    verbs: ["*"]
 ...
 {{- end }}

charts/opendesk-migrations/templates/serviceaccount.yaml

+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if .Values.serviceAccount.create }}
+---
+apiVersion: "v1"
+kind: "ServiceAccount"
+metadata:
+  name: {{ include "common.names.fullname" . | quote }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.serviceAccount.labels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.labels "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.serviceAccount.annotations }}
+  annotations:
+    {{- if .Values.serviceAccount.annotations }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+...
+{{- end }}

charts/opendesk-migrations/values.yaml

@@ -135,50 +135,6 @@ image:
 #   - "docker-registry"
 imagePullSecrets: []
 
-# Define and create Kubernetes Ingress.
-#
-# Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  # -- Enable creation of Ingress.
-  enabled: false
-
-  # -- Define the Fully Qualified Domain Name (FQDN) where application should be reachable.
-  host: ""
-
-  # -- Define the Ingress path.
-  path: "/"
-
-  # -- Each path in an Ingress is required to have a corresponding path type.
-  # Paths that do not include an explicit pathType will fail validation.
-  # There are three supported path types:
-  #
-  # "ImplementationSpecific" => With this path type, matching is up to the IngressClass. Implementations can treat this
-  #                             as a separate pathType or treat it identically to Prefix or Exact path types.
-  # "Exact" => Matches the URL path exactly and with case sensitivity.
-  # "Prefix" => Matches based on a URL path prefix split by /.
-  #
-  # Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
-  pathType: "Prefix"
-
-  # -- The Ingress controller class name.
-  ingressClassName: "nginx"
-
-  # -- Define custom ingress annotations.
-  annotations:
-    nginx.ingress.kubernetes.io/proxy-body-size: "4G"
-    nginx.org/client-max-body-size: "4G"
-
-  # -- Secure an Ingress by specifying a Secret that contains a TLS private key and certificate.
-  #
-  # Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
-  tls:
-    # -- Enable TLS/SSL/HTTPS for Ingress.
-    enabled: true
-
-    # -- The name of the kubernetes secret which contains a TLS private key and certificate.
-    # Hint: This secret is not created by this chart and must be provided.
-    secretName: ""
-
 # -- Lifecycle to automate configuration before or after startup.
 lifecycleHooks: {}
 
@@ -189,21 +145,6 @@ nameOverride: ""
 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
 nodeSelector: {}
 
-# #  Configure extra options for containers probes.
-# livenessProbe:
-#   # -- Enables kubernetes LivenessProbe.
-#   enabled: true
-#   # -- Number of failed executions until container is terminated.
-#   failureThreshold: 3
-#   # -- Delay after container start until LivenessProbe is executed.
-#   initialDelaySeconds: 30
-#   # -- Time between probe executions.
-#   periodSeconds: 10
-#   # -- Number of successful executions after failed ones until container is marked healthy.
-#   successThreshold: 1
-#   # -- Timeout for command return.
-#   timeoutSeconds: 2
-
 # -- Pod Annotations.
 # Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
@@ -224,24 +165,6 @@ podSecurityContext:
   # -- Change ownership and permission of the volume before being exposed inside a Pod.
   fsGroupChangePolicy: "Always"
 
-# #  Configure extra options for containers probes.
-# readinessProbe:
-#   # -- Enables kubernetes ReadinessProbe.
-#   enabled: true
-#   # -- Delay after container start until ReadinessProbe is executed.
-#   initialDelaySeconds: 1
-#   # -- Number of failed executions until container is terminated.
-#   failureThreshold: 10
-#   # -- Time between probe executions.
-#   periodSeconds: 10
-#   # -- Number of successful executions after failed ones until container is marked healthy.
-#   successThreshold: 1
-#   # -- Timeout for command return.
-#   timeoutSeconds: 5
-
-# # -- Set the amount of replicas of deployment.
-# replicaCount: 1
-
 # Role and RoleBinding used in patchJVB job.
 rbac:
   # -- Enable RBAC Role and RoleBinding creation.
@@ -260,48 +183,6 @@ resources:
     # -- The number of RAM which has to be available on the scheduled node.
     memory: "128Mi"
 
-# # Define and create Kubernetes Service.
-# #
-# # Ref.: https://kubernetes.io/docs/concepts/services-networking/service
-# service:
-#   # -- Additional custom annotations.
-#   annotations: {}
-
-#   # -- Enable kubernetes service creation.
-#   enabled: true
-
-#   # "ClusterIP" => Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable
-#   #                from within the cluster. This is the default that is used if you don't explicitly specify a type for
-#   #                a Service.
-#   # "NodePort" => Exposes the Service on each Node's IP at a static port (the NodePort). To make the node port
-#   #               available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of
-#   #               type: ClusterIP.
-#   # "LoadBalancer" => Exposes the Service externally using a cloud provider's load balancer.
-#   #
-#   # Ref.: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-
-#   # -- Choose the kind of Service, one of "ClusterIP", "NodePort" or "LoadBalancer".
-#   type: "ClusterIP"
-
-#   # Define the ports of Service.
-#   # You can set the port value to an arbitrary value, it will map the container port by name.
-#   #
-#   ports:
-#     http:
-#       # -- Accessible port for http.
-#       port: 80
-#       # -- Internal port for http.
-#       containerPort: 8080
-#       # -- service protocol for http.
-#       protocol: "TCP"
-#     status:
-#       # -- Accessible port for status.
-#       port: 8081
-#       # -- Internal port for status.
-#       containerPort: 8081
-#       # -- service protocol for status.
-#       protocol: "TCP"
-
 # Service account to use.
 # Ref.: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
 serviceAccount:
@@ -318,21 +199,6 @@ serviceAccount:
   # -- Additional custom labels for the ServiceAccount.
   labels: {}
 
-# #  Configure extra options for containers probes.
-# startupProbe:
-#   # -- Enables kubernetes StartupProbe.
-#   enabled: true
-#   # -- Delay after container start until StartupProbe is executed.
-#   initialDelaySeconds: 5
-#   # -- Number of failed executions until container is terminated.
-#   failureThreshold: 10
-#   # -- Time between probe executions.
-#   periodSeconds: 10
-#   # -- Number of successful executions after failed ones until container is marked healthy.
-#   successThreshold: 1
-#   # -- Timeout for command return.
-#   timeoutSeconds: 5
-
 # -- In seconds, time the given to the pod needs to terminate gracefully.
 # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
 terminationGracePeriodSeconds: ""
@@ -349,19 +215,4 @@ tolerations: []
 #     topologyKey: failure-domain.beta.kubernetes.io/zone
 #     whenUnsatisfiable: DoNotSchedule
 topologySpreadConstraints: []
-
-# # Set up update strategy.
-# #
-# # Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
-# #
-# # Example:
-# # updateStrategy:
-# #  type: RollingUpdate
-# #  rollingUpdate:
-# #    maxSurge: 25%
-# #    maxUnavailable: 25%
-# updateStrategy:
-#   # -- Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods
-#   # are destroyed first.
-#   type: "RollingUpdate"
 ...