From ea148b643a66ed3899431bf71c197ecf3831aad9 Mon Sep 17 00:00:00 2001 From: danc094codetogether Date: Fri, 24 Jan 2025 13:20:57 -0600 Subject: [PATCH 01/20] feat: update Docker Compose file to rename codetogether-hq service to codetogether-intel (#39) - Renamed the service from `codetogether-hq` to `codetogether-intel`. - Updated the container name to `codetogether-intel`. - Changed the image to `hub.edge.codetogether.com/releases/codetogether-intel:latest`. - Retained all existing configurations for compatibility. --- compose/compose.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose/compose.yaml b/compose/compose.yaml index 8f6aa76..b67a89c 100644 --- a/compose/compose.yaml +++ b/compose/compose.yaml @@ -1,7 +1,7 @@ -services: - codetogether-hq: - image: hub.edge.codetogether.com/releases/codetogether-hq:latest - container_name: codetogether-hq +services: + codetogether-intel: + image: hub.edge.codetogether.com/releases/codetogether-intel:latest + container_name: codetogether-intel environment: - CT_HQ_BASE_URL=https://your-hq-server-fqdn networks: From 9df20b784467280997433b3241bb4f6a5e4b0468 Mon Sep 17 00:00:00 2001 From: danc094codetogether Date: Tue, 28 Jan 2025 11:37:07 -0600 Subject: [PATCH 02/20] feat: Add README files for CodeTogether Helm Charts (#36) * feat: Add README files for CodeTogether Helm Charts Added detailed README.md files for the following CodeTogether Helm charts: - CodeTogether HQ - CodeTogether Live - CodeTogether Collab Each README contains comprehensive configuration details, installation instructions, and usage guidelines tailored to the respective chart's `values.yaml` file. These additions provide clear documentation for deploying and managing CodeTogether applications in Kubernetes environments. * Fixes * Fixes * Addition of hq.collab url and secret * Removed hq.properties.collab.* Added a note indicating that this chart is legacy * feat: Create codetogether-intel Helm chart - Created a new Helm chart for CodeTogether Intel integration. - Added `hqproperties.hq.collab.*` configuration to the values.yaml. - Updated the README with configuration details. * Changes on README with the functionality of role mappings configuration * Change to sys-admin --- charts/collab/README.md | 115 ++++++++++++++++ charts/collab/values.yaml | 15 -- charts/hq/README.md | 128 ++++++++++++++++++ charts/hq/templates/deployment.yaml | 8 +- charts/hq/values.yaml | 4 +- charts/intel/.helmignore | 20 +++ charts/intel/Chart.yaml | 20 +++ charts/intel/README.md | 112 +++++++++++++++ charts/intel/templates/NOTES.txt | 5 + charts/intel/templates/_helpers.tpl | 86 ++++++++++++ charts/intel/templates/deployment.yaml | 102 ++++++++++++++ charts/intel/templates/ingress-class.yaml | 10 ++ charts/intel/templates/ingress.yaml | 47 +++++++ charts/intel/templates/secret-properties.yaml | 10 ++ charts/intel/templates/secret-pullimage.yaml | 11 ++ charts/intel/templates/service.yaml | 19 +++ charts/intel/templates/serviceaccount.yaml | 12 ++ .../templates/tests/test-connection.yaml | 15 ++ charts/intel/values.yaml | 124 +++++++++++++++++ charts/live/README.md | 121 +++++++++++++++++ 20 files changed, 964 insertions(+), 20 deletions(-) create mode 100644 charts/collab/README.md create mode 100644 charts/hq/README.md create mode 100644 charts/intel/.helmignore create mode 100644 charts/intel/Chart.yaml create mode 100644 charts/intel/README.md create mode 100644 charts/intel/templates/NOTES.txt create mode 100644 charts/intel/templates/_helpers.tpl create mode 100644 charts/intel/templates/deployment.yaml create mode 100644 charts/intel/templates/ingress-class.yaml create mode 100644 charts/intel/templates/ingress.yaml create mode 100644 charts/intel/templates/secret-properties.yaml create mode 100644 charts/intel/templates/secret-pullimage.yaml create mode 100644 charts/intel/templates/service.yaml create mode 100644 charts/intel/templates/serviceaccount.yaml create mode 100644 charts/intel/templates/tests/test-connection.yaml create mode 100644 charts/intel/values.yaml create mode 100644 charts/live/README.md diff --git a/charts/collab/README.md b/charts/collab/README.md new file mode 100644 index 0000000..621f5a5 --- /dev/null +++ b/charts/collab/README.md @@ -0,0 +1,115 @@ +# README.md Helm Chart for CodeTogether Collab + +## Summary + +This chart creates a CodeTogether Collab server deployment on a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +This chart has been created with Helm v3 and tested with: + +- Kubernetes v1.18+ +- Helm v3.5+ + +## Configuration + +The following table lists configurable parameters of the CodeTogether Collab chart and their default values: + +| Parameter | Description | Default | +|---------------------------------------------|-------------------------------------------------------------------------------------------------|-----------------------------------------------------------| +| `nameOverride` | Overrides the name of the chart | `""` | +| `fullnameOverride` | Overrides the full name of the chart | `""` | +| `image.repository` | Docker image repository for CodeTogether Collab | `codetogether/codetogether-collab` | +| `image.pullPolicy` | Container image pull policy | `Always` | +| `image.tag` | Tag for the CodeTogether Collab image | `latest` | +| `imageCredentials.enabled` | Enables authentication for private Docker registry | `false` | +| `imageCredentials.registry` | Docker registry URL | `hub.edge.codetogether.com` | +| `imageCredentials.username` | Docker registry username | `my-customer-username` | +| `imageCredentials.password` | Docker registry password | `my-customer-password` | +| `imageCredentials.email` | Docker registry email | `unused` | +| `openshift.enabled` | Enables deployment in OpenShift | `false` | +| `intel.url` | URL of the Intel server | `https://your-intel-server` | +| `intel.secret` | Secret key used to authenticate with the Intel server for secure communication | `SECRET` | +| `codetogether.mode` | CodeTogether running mode (`direct`, `locator-central`, or `locator-edge`) | `direct` | +| `codetogether.url` | Fully Qualified Domain Name (FQDN) for the server | `https://codetogether.local` | +| `codetogether.trustAllCerts` | Allows untrusted certificates if set to `true` | `true` | +| `codetogether.noclients` | Disables the `/clients` endpoint if set to `true` | `false` | +| `codetogether.timeZone.enabled` | Enables a customized time zone for the container | `false` | +| `codetogether.timeZone.region` | Time zone region for the container | `America/Chicago` | +| `direct.metrics.statsdEnabled` | Enables StatsD metrics collection | `false` | +| `direct.metrics.statsdHost` | Host for StatsD metrics | `https://my-graphite-fqdn` | +| `direct.metrics.statsdPort` | Port for StatsD metrics | `8125` | +| `direct.metrics.statsdProtocol` | Protocol for StatsD metrics | `UDP` | +| `direct.metrics.prometheusEnabled` | Enables Prometheus metrics collection | `false` | +| `locatorCentral.database.host` | Host for locator-central database | `10.10.0.2` | +| `locatorCentral.database.port` | Port for locator-central database | `3306` | +| `locatorCentral.database.schema` | Schema name for locator-central database | `codetogether` | +| `locatorCentral.database.dialect` | Database dialect (`mysql` or `postgres`) | `mysql` | +| `locatorCentral.database.user` | Username for the database | `my-db-username` | +| `locatorCentral.database.password` | Password for the database | `my-db-password` | +| `locatorCentral.database.sslEnabled` | Enables SSL for the database connection | `false` | +| `locatorEdge.locator` | URL of the locator for edge mode | `https://codetogether.locator` | +| `locatorEdge.region` | Region for the edge server | `default` | +| `ingress.enabled` | Enables ingress controller resource | `true` | +| `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-tls` | +| `dashboard.enabled` | Enables the dashboard and allows configuration of credentials | `false` | +| `dashboard.username` | Dashboard username | `my-dashboard-username` | +| `dashboard.password` | Dashboard password | `my-dashboard-password` | +| `av.enabled` | Enables audio/video support | `false` | +| `av.serverIP` | IP address for A/V server | `auto` | +| `av.stunServers.enabled` | Enables private STUN servers | `false` | +| `av.stunServers.server` | STUN server address | `coturn.example.com` | +| `av.stunServers.secret` | STUN server secret | `my-secret` | +| `service.port` | Port for CodeTogether Collab service | `443` | +| `restart.enabled` | Enables periodic restarts for the server | `true` | +| `restart.cronPattern` | Cron pattern for scheduling restarts | `* 11 * * 0` | +| `favicon.enabled` | Enables a custom favicon | `false` | +| `favicon.filePath` | Path to the custom favicon | `files/new-favicon.ico` | + +## Creating your Kubernetes Namespace for CodeTogether Collab + +To create a namespace for CodeTogether Collab objects: + +```bash +$ kubectl create namespace codetogether-collab +$ kubectl config set-context --current --namespace=codetogether-collab +``` + +## TLS + +To secure CodeTogether, you can add a `secret` that contains your TLS (Transport Layer Security) private key and certificate: + +```bash +$ kubectl create secret tls codetogether-tls --key --cert +``` + +## Installing the Chart + +To install the chart with the release name `codetogether-collab`: + +```bash +$ helm install codetogether-collab -f codetogether-values.yaml ./codetogether-collab +``` + +You can verify the deployment using: + +```bash +$ helm list +$ kubectl get all -n codetogether-collab +``` + +## Updating the Chart + +To upgrade CodeTogether Collab to a newer version: + +```bash +$ helm repo update +$ helm upgrade codetogether-collab -f codetogether-values.yaml ./codetogether-collab +``` + +## Uninstalling the Chart + +To uninstall the `codetogether-collab` release: + +```bash +$ helm uninstall codetogether-collab diff --git a/charts/collab/values.yaml b/charts/collab/values.yaml index 013dc5d..fe9bf3a 100644 --- a/charts/collab/values.yaml +++ b/charts/collab/values.yaml @@ -189,21 +189,6 @@ av: # jitsiUrl: "https://your.jtsi.server" # -# Optionally enable integration with your SSO Provider. If using SSO, this -# should be enabled on every CodeTogether server. -# -sso: - # Set this to 'true' if you are using an SSO provider. - enabled: false - # Replace below values with your actual SSO provider configuration. - provider: OKTA - systemBaseUrl: https://OKTA_DOMAIN/oauth2/default - clientID: "my-oidc-id" - clientSecret: "my-id-secret" - # Set this value to 'true' if you are using Oracle IDCS OpenID Connect. - jwksEndPointEnabled: false - offlineAccessScope: true -# # The following sections provide default configurations for the # container and normally do not need to be modified. # ------------------------------------------------------------------------- diff --git a/charts/hq/README.md b/charts/hq/README.md new file mode 100644 index 0000000..9468a61 --- /dev/null +++ b/charts/hq/README.md @@ -0,0 +1,128 @@ +# README.md Helm Chart for CodeTogether HQ +# CodeTogether HQ Chart (Legacy) + +> **⚠️ Legacy Chart** +> This chart is now considered legacy and is not recommended for new deployments. Please use the `codetogether-intel` chart for configurations requiring `hqproperties.hq.collab.*`. + + +## Summary + +This chart creates a CodeTogether HQ server deployment on a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +This chart has been created with Helm v3 and tested with: + +- Kubernetes v1.18+ +- Helm v3.5+ +- Cassandra v3.11+ + +## Configuration + +The following table lists configurable parameters of the CodeTogether HQ chart and their default values: + +| Parameter | Description | Default | +|------------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------| +| `nameOverride` | Overrides the name of the chart | `""` | +| `fullnameOverride` | Overrides the full name of the chart | `""` | +| `image.repository` | Docker image repository for CodeTogether HQ | `hub.edge.codetogether.com/releases/codetogether-hq` | +| `image.pullPolicy` | Container image pull policy | `Always` | +| `image.tag` | Tag for the CodeTogether HQ image | `latest` | +| `imageCredentials.enabled` | Enables authentication for private Docker registry | `true` | +| `imageCredentials.registry` | Docker registry URL | `hub.edge.codetogether.com` | +| `imageCredentials.username` | Docker registry username | `my-customer-username` | +| `imageCredentials.password` | Docker registry password | `my-customer-password` | +| `imageCredentials.email` | Docker registry email | `unused` | +| `codetogether.url` | Full URL for the CodeTogether HQ server | `https://` | +| `hqproperties.hq.sso.client.id` | Client ID for Single Sign-On (SSO) | `CLIENTID.apps.googleusercontent.com` | +| `hqproperties.hq.sso.client.secret` | Client Secret for Single Sign-On (SSO) | `CLIENTSECRET` | +| `hqproperties.hq.sso.client.issuer.url` | Issuer URL for Single Sign-On (SSO) | `https://accounts.google.com` | +| `hqproperties.name.attr` | Name attribute for SSO | `name` | +| `hqproperties.hq.db.type` | Database type for CodeTogether HQ | `CASSANDRA` | +| `hqproperties.hq.secret` | Secret key for CodeTogether HQ | `SECRET1` | +| `hqproperties.hq.encryption.secret` | Encryption secret key for CodeTogether HQ | `SECRET2` | +| `hqproperties.hq.base.url` | Base URL for CodeTogether HQ | `https://` | +| `hqproperties.hq.cassandra.db.name` | Cassandra database name | `hq` | +| `hqproperties.hq.cassandra.db.port` | Cassandra database port | `9042` | +| `hqproperties.hq.cassandra.db.host` | Cassandra database host | `codetogether-cassandra.default.svc.cluster.local` | +| `hqproperties.hq.sso.redirect.uri` | Redirect URI for SSO | `https:///api/v1/auth/sso/success/hq` | +| `hqproperties.hq.cassandra.db.password` | Password for Cassandra database | `cassandra` | +| `hqproperties.hq.cassandra.db.username` | Username for Cassandra database | `cassandra` | +| `hqproperties.hq.sso.role.mapping.claim` | Specifies the claim in the SSO token containing user roles | `roles` | +| `hqproperties.hq.sso.role.mappings` | Defines the role mappings for CodeTogether HQ | `cthq_user,project-manager[pm],system-admin[sa]` | +| `ingress.enabled` | Enables ingress controller resource | `true` | +| `ingress.annotations` | Annotations for ingress | `{}` | +| `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-hq-tls` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Port for CodeTogether HQ service | `1080` | +| `serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `serviceAccount.name` | Name of the service account | `codetogether-hq` | +| `replicaCount` | Number of replicas for CodeTogether HQ deployment | `1` | +| `readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `60` | +| `readinessProbe.periodSeconds` | Period between readiness probes | `60` | +| `readinessProbe.timeoutSeconds` | Timeout for readiness probes | `15` | +| `livenessProbe.initialDelaySeconds` | Initial delay before liveness probe is initiated | `60` | +| `livenessProbe.periodSeconds` | Period between liveness probes | `60` | +| `livenessProbe.timeoutSeconds` | Timeout for liveness probes | `15` | + +## Role Mappings Configuration + +The following parameters are used to configure role mappings for the application: + +- `hq.sso.role.mapping.claim`: Specifies the claim name in the SSO (Single Sign-On) token that contains the user's roles. In this case, it is set to `roles`. + +- `hq.sso.role.mappings`: Defines the mappings for user roles in the system. The mappings are configured as follows: + - `cthq_user`: Represents regular users with standard access to the system. + - `project-manager[pm]`: Represents project managers, identified with the `[pm]` suffix, who have elevated permissions to manage project-specific operations. + - `system-admin[sa]`: Represents system administrators, identified with the `[sa]` suffix, who have the highest level of access, including administrative privileges across the system. + +These role mappings ensure that users are assigned appropriate permissions based on their roles, as provided by the SSO service. Proper configuration of these parameters is crucial for maintaining secure and role-based access control within the application. + + +## Creating your Kubernetes Namespace for CodeTogether HQ + +It is a best practice to create a dedicated namespace for CodeTogether HQ objects. To create a namespace: + +```bash +$ kubectl create namespace codetogether-hq +$ kubectl config set-context --current --namespace=codetogether-hq +``` + +## TLS + +To secure CodeTogether, you can add a `secret` that contains your TLS (Transport Layer Security) private key and certificate: + +```bash +$ kubectl create secret tls codetogether-hq-tls --key --cert +``` + +## Installing the Chart + +To install the chart with the release name `codetogether-hq`: + +```bash +$ helm install codetogether-hq -f codetogether-values.yaml ./codetogether-hq +``` + +You can verify the deployment using: + +```bash +$ helm list +$ kubectl get all -n codetogether-hq +``` + +## Updating the Chart + +To upgrade CodeTogether HQ to a newer version: + +```bash +$ helm repo update +$ helm upgrade codetogether-hq -f codetogether-values.yaml ./codetogether-hq +``` + +## Uninstalling the Chart + +To uninstall the `codetogether-hq` release: + +```bash +$ helm uninstall codetogether-hq diff --git a/charts/hq/templates/deployment.yaml b/charts/hq/templates/deployment.yaml index e3c78ef..c6ec3c5 100644 --- a/charts/hq/templates/deployment.yaml +++ b/charts/hq/templates/deployment.yaml @@ -44,11 +44,11 @@ spec: - name: properties-volume mountPath: /opt/codetogether/runtime/cthq.properties subPath: cthq.properties - {{ - if .Values.license - }} + {{- if .Values.license }} - name: license-volume mountPath: /opt/codetogether/runtime/license subPath: license - {{ - end }} + {{- end }} # # Set container configuration # @@ -83,11 +83,11 @@ spec: - name: properties-volume secret: secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} - {{ - if .Values.license - }} + {{- if .Values.license }} - name: license-volume secret: secretName: license - {{ - end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/hq/values.yaml b/charts/hq/values.yaml index e9c896d..cab1e9d 100644 --- a/charts/hq/values.yaml +++ b/charts/hq/values.yaml @@ -49,9 +49,11 @@ hqproperties: hq.cassandra.db.name: insights hq.cassandra.db.port: 9042 hq.cassandra.db.host: codetogether-cassandra.default.svc.cluster.local - hq.sso.redirect.uri: https:///api/v1/auth/sso/success/insights + hq.sso.redirect.uri: https:///api/v1/auth/sso/success/hq hq.cassandra.db.password: cassandra hq.cassandra.db.username: cassandra + hq.sso.role.mapping.claim: roles + hq.sso.role.mappings: cthq_user,project-manager[pm],sys-admin[sa] # default datacenter name is 'datacenter1' # hq.cassandra.db.localdatacenter: datacenter1 diff --git a/charts/intel/.helmignore b/charts/intel/.helmignore new file mode 100644 index 0000000..b15d0eb --- /dev/null +++ b/charts/intel/.helmignore @@ -0,0 +1,20 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +*.swp +*.bak +*.tmp +*.orig +*~ +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml new file mode 100644 index 0000000..c806608 --- /dev/null +++ b/charts/intel/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: codetogether-intel +description: CodeTogether Intel provides advanced project insights for developers + +type: application +version: 1.4.15 +appVersion: "2023.3.0" +kubeVersion: ">= 1.18.0" + +icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png +home: https://www.codetogether.com + +maintainers: +- email: info@codetogether.com + name: CodeTogether Inc. + +keywords: +- codetogether +- intel +- insights \ No newline at end of file diff --git a/charts/intel/README.md b/charts/intel/README.md new file mode 100644 index 0000000..8cd5531 --- /dev/null +++ b/charts/intel/README.md @@ -0,0 +1,112 @@ +# README.md Helm Chart for CodeTogether Intel + + + +## Summary + +This chart creates a CodeTogether Intel server deployment on a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +This chart has been created with Helm v3 and tested with: + +- Kubernetes v1.18+ +- Helm v3.5+ +- Cassandra v3.11+ + +## Configuration + +The following table lists configurable parameters of the CodeTogether Intel chart and their default values: + +| Parameter | Description | Default | +|------------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------| +| `nameOverride` | Overrides the name of the chart | `""` | +| `fullnameOverride` | Overrides the full name of the chart | `""` | +| `image.repository` | Docker image repository for CodeTogether Intel | `hub.edge.codetogether.com/releases/codetogether-intel` | +| `image.pullPolicy` | Container image pull policy | `Always` | +| `image.tag` | Tag for the CodeTogether Intel image | `latest` | +| `imageCredentials.enabled` | Enables authentication for private Docker registry | `true` | +| `imageCredentials.registry` | Docker registry URL | `hub.edge.codetogether.com` | +| `imageCredentials.username` | Docker registry username | `my-customer-username` | +| `imageCredentials.password` | Docker registry password | `my-customer-password` | +| `imageCredentials.email` | Docker registry email | `unused` | +| `codetogether.url` | Full URL for the CodeTogether Intel server | `https://` | +| `hqproperties.hq.sso.client.id` | Client ID for Single Sign-On (SSO) | `CLIENTID.apps.googleusercontent.com` | +| `hqproperties.hq.sso.client.secret` | Client Secret for Single Sign-On (SSO) | `CLIENTSECRET` | +| `hqproperties.hq.sso.client.issuer.url` | Issuer URL for Single Sign-On (SSO) | `https://accounts.google.com` | +| `hqproperties.name.attr` | Name attribute for SSO | `name` | +| `hqproperties.hq.db.type` | Database type for CodeTogether Intel | `CASSANDRA` | +| `hqproperties.hq.secret` | Secret key for CodeTogether Intel | `SECRET1` | +| `hqproperties.hq.encryption.secret` | Encryption secret key for CodeTogether Intel | `SECRET2` | +| `hqproperties.hq.base.url` | Base URL for CodeTogether Intel | `https://` | +| `hqproperties.hq.cassandra.db.name` | Cassandra database name | `intel` | +| `hqproperties.hq.cassandra.db.port` | Cassandra database port | `9042` | +| `hqproperties.hq.cassandra.db.host` | Cassandra database host | `codetogether-cassandra.default.svc.cluster.local` | +| `hqproperties.hq.sso.redirect.uri` | Redirect URI for SSO | `https:///api/v1/auth/sso/success/intel` | +| `hqproperties.hq.cassandra.db.password` | Password for Cassandra database | `cassandra` | +| `hqproperties.hq.cassandra.db.username` | Username for Cassandra database | `cassandra` | +| `hqproperties.hq.collab.url` | URL of the collaboration server integrated with Intel | `https://your-collab-server` | +| `hqproperties.hq.collab.secret` | Secret key for secure communication with the collaboration server | `SECRET` | + +| `ingress.enabled` | Enables ingress controller resource | `true` | +| `ingress.annotations` | Annotations for ingress | `{}` | +| `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-intel-tls` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Port for CodeTogether Intel service | `1080` | +| `serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `serviceAccount.name` | Name of the service account | `codetogether-intel` | +| `replicaCount` | Number of replicas for CodeTogether Intel deployment | `1` | +| `readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `60` | +| `readinessProbe.periodSeconds` | Period between readiness probes | `60` | +| `readinessProbe.timeoutSeconds` | Timeout for readiness probes | `15` | +| `livenessProbe.initialDelaySeconds` | Initial delay before liveness probe is initiated | `60` | +| `livenessProbe.periodSeconds` | Period between liveness probes | `60` | +| `livenessProbe.timeoutSeconds` | Timeout for liveness probes | `15` | + +## Creating your Kubernetes Namespace for CodeTogether Intel + +It is a best practice to create a dedicated namespace for CodeTogether Intel objects. To create a namespace: + +```bash +$ kubectl create namespace codetogether-intel +$ kubectl config set-context --current --namespace=codetogether-intel +``` + +## TLS + +To secure CodeTogether, you can add a `secret` that contains your TLS (Transport Layer Security) private key and certificate: + +```bash +$ kubectl create secret tls codetogether-intel-tls --key --cert +``` + +## Installing the Chart + +To install the chart with the release name `codetogether-intel`: + +```bash +$ helm install codetogether-intel -f codetogether-values.yaml ./codetogether-intel +``` + +You can verify the deployment using: + +```bash +$ helm list +$ kubectl get all -n codetogether-intel +``` + +## Updating the Chart + +To upgrade CodeTogether Intel to a newer version: + +```bash +$ helm repo update +$ helm upgrade codetogether-intel -f codetogether-values.yaml ./codetogether-intel +``` + +## Uninstalling the Chart + +To uninstall the `codetogether-intel` release: + +```bash +$ helm uninstall codetogether-intel diff --git a/charts/intel/templates/NOTES.txt b/charts/intel/templates/NOTES.txt new file mode 100644 index 0000000..8978eda --- /dev/null +++ b/charts/intel/templates/NOTES.txt @@ -0,0 +1,5 @@ +Application URL: +{{- if .Values.ingress.enabled }} + {{- $host := (urlParse .Values.codetogether.url).host }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ .path }} +{{- end }} diff --git a/charts/intel/templates/_helpers.tpl b/charts/intel/templates/_helpers.tpl new file mode 100644 index 0000000..7de709f --- /dev/null +++ b/charts/intel/templates/_helpers.tpl @@ -0,0 +1,86 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "codetogether.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "codetogether.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "codetogether.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "codetogether.labels" -}} +helm.sh/chart: {{ include "codetogether.chart" . }} +{{ include "codetogether.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "codetogether.selectorLabels" -}} +app.kubernetes.io/name: {{ include "codetogether.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "codetogether.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "codetogether.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Creating Image Pull Secrets +https://helm.sh/docs/howto/charts_tips_and_tricks/#creating-image-pull-secrets +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imageCredentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + +{{/* +Get Proxy secret name +*/}} +{{- define "codetogether.proxy.secretName" }} +{{- if .Values.proxy.existingSecret }} + {{- .Values.proxy.existingSecret }} +{{- else }} + {{- $fullName := include "codetogether.fullname" . -}} + {{- with .Values.proxy }} + {{- printf "%s-proxy-secret" $fullName }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml new file mode 100644 index 0000000..e3c78ef --- /dev/null +++ b/charts/intel/templates/deployment.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "codetogether.fullname" . }} + labels: + {{- include "codetogether.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "codetogether.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/properties: {{ include (print $.Template.BasePath "/secret-properties.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "codetogether.selectorLabels" . | nindent 8 }} + spec: + {{- if .Values.imageCredentials.pullSecret }} + imagePullSecrets: + - name: {{ .Values.imageCredentials.pullSecret }} + {{- else if eq .Values.imageCredentials.enabled true }} + imagePullSecrets: + - name: {{ include "codetogether.fullname" . }}-pull-secret + {{- end }} + serviceAccountName: {{ include "codetogether.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + + env: + # + # Set CodeTogether runtime configuration + # + - name: CT_HQ_BASE_URL + value: {{ .Values.codetogether.url | quote }} + volumeMounts: + - name: properties-volume + mountPath: /opt/codetogether/runtime/cthq.properties + subPath: cthq.properties + {{ - if .Values.license - }} + - name: license-volume + mountPath: /opt/codetogether/runtime/license + subPath: license + {{ - end }} + # + # Set container configuration + # + ports: + - name: http + containerPort: 1080 + protocol: TCP + + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: / + port: http + + readinessProbe: + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + path: / + port: http + + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: properties-volume + secret: + secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} + {{ - if .Values.license - }} + - name: license-volume + secret: + secretName: license + {{ - end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/intel/templates/ingress-class.yaml b/charts/intel/templates/ingress-class.yaml new file mode 100644 index 0000000..ed4b7eb --- /dev/null +++ b/charts/intel/templates/ingress-class.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.ingress.enabled (eq .Values.ingress.className "codetogether-nginx") -}} +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + name: codetogether-nginx +spec: + controller: k8s.io/ingress-nginx +{{- end }} \ No newline at end of file diff --git a/charts/intel/templates/ingress.yaml b/charts/intel/templates/ingress.yaml new file mode 100644 index 0000000..e3dd22c --- /dev/null +++ b/charts/intel/templates/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "codetogether.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $host := (urlParse .Values.codetogether.url).host }} +{{- if semverCompare ">=1.19" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "codetogether.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end}} + {{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ $host | quote }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} + rules: + - host: {{ $host | quote }} + http: + paths: + - path: / + {{- if (semverCompare ">=1.18" $.Capabilities.KubeVersion.GitVersion) }} + pathType: "Prefix" + {{- end }} + backend: + {{- if semverCompare ">=1.19" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} +{{- end }} diff --git a/charts/intel/templates/secret-properties.yaml b/charts/intel/templates/secret-properties.yaml new file mode 100644 index 0000000..925a743 --- /dev/null +++ b/charts/intel/templates/secret-properties.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} +type: Opaque +stringData: + cthq.properties: |- + {{- range $key, $value := .Values.hqproperties }} + {{ $key }}={{ $value }} + {{- end }} \ No newline at end of file diff --git a/charts/intel/templates/secret-pullimage.yaml b/charts/intel/templates/secret-pullimage.yaml new file mode 100644 index 0000000..5a60f28 --- /dev/null +++ b/charts/intel/templates/secret-pullimage.yaml @@ -0,0 +1,11 @@ +{{- if .Values.imageCredentials.pullSecret }} +# If using already configured secret, we don't need our own +{{- else if eq .Values.imageCredentials.enabled true }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "codetogether.fullname" . }}-pull-secret +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} diff --git a/charts/intel/templates/service.yaml b/charts/intel/templates/service.yaml new file mode 100644 index 0000000..9db473b --- /dev/null +++ b/charts/intel/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "codetogether.fullname" . }} + labels: + {{- include "codetogether.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "codetogether.selectorLabels" . | nindent 4 }} diff --git a/charts/intel/templates/serviceaccount.yaml b/charts/intel/templates/serviceaccount.yaml new file mode 100644 index 0000000..ea5faa9 --- /dev/null +++ b/charts/intel/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codetogether.serviceAccountName" . }} + labels: + {{- include "codetogether.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/intel/templates/tests/test-connection.yaml b/charts/intel/templates/tests/test-connection.yaml new file mode 100644 index 0000000..cf2e9a1 --- /dev/null +++ b/charts/intel/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "codetogether.fullname" . }}-test-connection" + labels: + {{- include "codetogether.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "codetogether.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml new file mode 100644 index 0000000..3650f0d --- /dev/null +++ b/charts/intel/values.yaml @@ -0,0 +1,124 @@ +# Default values for CodeTogether Intel. +# This is a YAML-formatted file. +# +# Kubernetes required version: v1.18+ +# +# Example 'values.yaml' file for running CodeTogether Intel On-Premises. +# Use this file as a template to create your own 'codetogether-values.yaml' file. +# For full detail on the chart's prerequisites, settings and configuration, please refer to our official Helm repository at: +# https://artifacthub.io/packages/helm/codetogether/codetogether +nameOverride: "" +fullnameOverride: "" + +image: + repository: hub.edge.codetogether.com/releases/codetogether-intel + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + +# +# Configure the source location for the Docker image, using the +# credentials provided by your CodeTogether Sales Representative. +# +imageCredentials: + # pullSecret: "my-customer-pull-secret" + # Use pullSecret or configure credentials if using private Docker registry. + enabled: true + registry: hub.edge.codetogether.com + username: "my-customer-username" + password: "my-customer-password" + email: unused + +# +# Set CodeTogether runing mode and server's FQDN (HTTPS is mandatory for CodeTogether) +# Use 'direct' for simple evaluations and small deployments. CodeTogether can provide +# guidance on the best deployment option based on your needs. +# +codetogether: + url: https:// + +hqproperties: + hq.sso.client.id: CLIENTID.apps.googleusercontent.com + hq.sso.client.secret: CLIENTSECRET + hq.sso.client.issuer.url: https://accounts.google.com + name.attr: name + hq.db.type: CASSANDRA + hq.secret: SECRET1 + hq.encryption.secret: SECRET2 + hq.base.url: https:// + hq.cassandra.db.name: insights + hq.cassandra.db.port: 9042 + hq.cassandra.db.host: codetogether-cassandra.default.svc.cluster.local + hq.sso.redirect.uri: https:///api/v1/auth/sso/success/insights + hq.cassandra.db.password: cassandra + hq.cassandra.db.username: cassandra + hq.collab.url: https:// + hq.collab.secret: SECRET3 + # default datacenter name is 'datacenter1' + # hq.cassandra.db.localdatacenter: datacenter1 + +# +# Enables and configures Ingress (default = Nginx). The className value can be used +# to change the default behavior. Please read the comments below to see details. +# +ingress: + enabled: true + annotations: + # For reference: This is required for k8 version < 1.18 + # kubernetes.io/ingress.class: nginx + # external-dns.alpha.kubernetes.io/hostname: + # There are 3 ways to handle ingressClassName for the CodeTogether Ingress object: + # (1) set className to 'codetogether-nginx' to use the predefined IngressClass + # (2) set className to a custom value to use your own IngressClass + # (3) do not specify className to rely on the default IngressClass for the cluster (default) + # className: codetogether-nginx + tls: + secretName: codetogether-intel-tls + +# +# The following sections provide default configurations for the +# container and normally do not need to be modified. +# ------------------------------------------------------------------------- +# +service: + # annotations: + # external-dns.alpha.kubernetes.io/hostname: + type: ClusterIP + port: 1080 + +serviceAccount: + create: true + annotations: {} + name: "codetogether-intel" + +podAnnotations: {} + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +readinessProbe: + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 1 + +livenessProbe: + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 1 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +replicaCount: 1 diff --git a/charts/live/README.md b/charts/live/README.md new file mode 100644 index 0000000..76048f3 --- /dev/null +++ b/charts/live/README.md @@ -0,0 +1,121 @@ +# README.md Helm Chart for CodeTogether Live + +## Summary + +This chart creates a CodeTogether Live server deployment on a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +This chart has been created with Helm v3 and tested with: + +- Kubernetes v1.18+ +- Helm v3.5+ + +## Configuration + +The following table lists configurable parameters of the CodeTogether Live chart and their default values: + +| Parameter | Description | Default | +|---------------------------------------------|-------------------------------------------------------------------------------------------------|-----------------------------------------------------------| +| `nameOverride` | Overrides the name of the chart | `""` | +| `fullnameOverride` | Overrides the full name of the chart | `""` | +| `image.repository` | Docker image repository for CodeTogether Live | `codetogether/codetogether` | +| `image.pullPolicy` | Container image pull policy | `Always` | +| `image.tag` | Tag for the CodeTogether Live image | `latest` | +| `imageCredentials.enabled` | Enables authentication for private Docker registry | `false` | +| `imageCredentials.registry` | Docker registry URL | `hub.edge.codetogether.com` | +| `imageCredentials.username` | Docker registry username | `my-customer-username` | +| `imageCredentials.password` | Docker registry password | `my-customer-password` | +| `imageCredentials.email` | Docker registry email | `unused` | +| `openshift.enabled` | Enables deployment in OpenShift | `false` | +| `license.url` | URL to the CodeTogether HQ license server | `https://your-hq-server` | +| `license.token` | Token for authenticating with the license server | `my-hq-token` | +| `codetogether.mode` | CodeTogether running mode (`direct`, `locator-central`, or `locator-edge`) | `direct` | +| `codetogether.url` | Fully Qualified Domain Name (FQDN) for the server | `https://codetogether.local` | +| `codetogether.trustAllCerts` | Allows untrusted certificates if set to `true` | `true` | +| `codetogether.noclients` | Disables the `/clients` endpoint if set to `true` | `false` | +| `codetogether.timeZone.enabled` | Enables a customized time zone for the container | `false` | +| `codetogether.timeZone.region` | Time zone region for the container | `America/Chicago` | +| `direct.metrics.statsdEnabled` | Enables StatsD metrics collection | `false` | +| `direct.metrics.statsdHost` | Host for StatsD metrics | `https://my-graphite-fqdn` | +| `direct.metrics.statsdPort` | Port for StatsD metrics | `8125` | +| `direct.metrics.statsdProtocol` | Protocol for StatsD metrics | `UDP` | +| `direct.metrics.prometheusEnabled` | Enables Prometheus metrics collection | `false` | +| `locatorCentral.database.host` | Host for locator-central database | `10.10.0.2` | +| `locatorCentral.database.port` | Port for locator-central database | `3306` | +| `locatorCentral.database.schema` | Schema name for locator-central database | `codetogether` | +| `locatorCentral.database.dialect` | Database dialect (`mysql` or `postgres`) | `mysql` | +| `locatorCentral.database.user` | Username for the database | `my-db-username` | +| `locatorCentral.database.password` | Password for the database | `my-db-password` | +| `locatorCentral.database.sslEnabled` | Enables SSL for the database connection | `false` | +| `locatorEdge.locator` | URL of the locator for edge mode | `https://codetogether.locator` | +| `locatorEdge.region` | Region for the edge server | `default` | +| `ingress.enabled` | Enables ingress controller resource | `true` | +| `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-tls` | +| `dashboard.enabled` | Enables the dashboard and allows configuration of credentials | `false` | +| `dashboard.username` | Dashboard username | `my-dashboard-username` | +| `dashboard.password` | Dashboard password | `my-dashboard-password` | +| `av.enabled` | Enables audio/video support | `false` | +| `av.serverIP` | IP address for A/V server | `auto` | +| `av.stunServers.enabled` | Enables private STUN servers | `false` | +| `av.stunServers.server` | STUN server address | `coturn.example.com` | +| `av.stunServers.secret` | STUN server secret | `my-secret` | +| `sso.enabled` | Enables Single Sign-On (SSO) integration | `false` | +| `sso.provider` | SSO provider name (e.g., OKTA, MICROSOFT, KEYCLOAK) | `OKTA` | +| `sso.systemBaseUrl` | Base URL for the identity provider | `https://OKTA_DOMAIN/oauth2/default` | +| `sso.clientID` | Client ID for the SSO provider | `my-oidc-id` | +| `sso.clientSecret` | Client secret for the SSO provider | `my-id-secret` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Port for CodeTogether Live service | `443` | +| `restart.enabled` | Enables periodic restarts for the server | `true` | +| `restart.cronPattern` | Cron pattern for scheduling restarts | `* 11 * * 0` | +| `favicon.enabled` | Enables a custom favicon | `false` | +| `favicon.filePath` | Path to the custom favicon | `files/new-favicon.ico` | + +## Creating your Kubernetes Namespace for CodeTogether Live + +To create a namespace for CodeTogether Live objects: + +```bash +$ kubectl create namespace codetogether-live +$ kubectl config set-context --current --namespace=codetogether-live +``` + +## TLS + +To secure CodeTogether, you can add a `secret` that contains your TLS (Transport Layer Security) private key and certificate: + +```bash +$ kubectl create secret tls codetogether-tls --key --cert +``` + +## Installing the Chart + +To install the chart with the release name `codetogether-live`: + +```bash +$ helm install codetogether-live -f codetogether-values.yaml ./codetogether-live +``` + +You can verify the deployment using: + +```bash +$ helm list +$ kubectl get all -n codetogether-live +``` + +## Updating the Chart + +To upgrade CodeTogether Live to a newer version: + +```bash +$ helm repo update +$ helm upgrade codetogether-live -f codetogether-values.yaml ./codetogether-live +``` + +## Uninstalling the Chart + +To uninstall the `codetogether-live` release: + +```bash +$ helm uninstall codetogether-live From cc4c238032ea4015293a003f99a252ff0efdcce8 Mon Sep 17 00:00:00 2001 From: jordanstorz-dw <151195102+jordanstorz-dw@users.noreply.github.com> Date: Thu, 30 Jan 2025 04:39:52 -0700 Subject: [PATCH 03/20] fix: wrong indentation in deployment.yaml in live package (#41) --- charts/live/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/live/templates/deployment.yaml b/charts/live/templates/deployment.yaml index bdaaa81..e9d0e09 100644 --- a/charts/live/templates/deployment.yaml +++ b/charts/live/templates/deployment.yaml @@ -133,7 +133,7 @@ spec: value: {{ .Values.codetogether.timeZone.region | quote }} {{- end }} - - name: CT_LICENSEE + - name: CT_LICENSEE valueFrom: secretKeyRef: name: {{ include "codetogether.fullname" . }}-license From 096929f4c2953bef90dbf0cf8435cbbb1c2c22e4 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Thu, 30 Jan 2025 12:46:06 +0100 Subject: [PATCH 04/20] fix: missing license values (#43) --- charts/live/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/live/values.yaml b/charts/live/values.yaml index 6e37da8..81d0f45 100644 --- a/charts/live/values.yaml +++ b/charts/live/values.yaml @@ -42,8 +42,10 @@ openshift: # CodeTogether license provided by your CodeTogether Sales Representative. # license: - url: "https://your-hq-server" - token: "my-hq-token" + licensee: "Example" + maxConnections: "0" + expiration: "1970/01/01" + signature: "123456789abcdef" # # Set CodeTogether runing mode and server's FQDN (HTTPS is mandatory for CodeTogether) From c4bc890ff82b1f1007825a62bb9b589e66c1f5ea Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Thu, 30 Jan 2025 13:10:12 +0100 Subject: [PATCH 05/20] fix: remove license value references (#45) --- charts/hq/templates/deployment.yaml | 10 ---------- charts/intel/templates/deployment.yaml | 10 ---------- 2 files changed, 20 deletions(-) diff --git a/charts/hq/templates/deployment.yaml b/charts/hq/templates/deployment.yaml index c6ec3c5..bfde3d0 100644 --- a/charts/hq/templates/deployment.yaml +++ b/charts/hq/templates/deployment.yaml @@ -44,11 +44,6 @@ spec: - name: properties-volume mountPath: /opt/codetogether/runtime/cthq.properties subPath: cthq.properties - {{- if .Values.license }} - - name: license-volume - mountPath: /opt/codetogether/runtime/license - subPath: license - {{- end }} # # Set container configuration # @@ -83,11 +78,6 @@ spec: - name: properties-volume secret: secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} - {{- if .Values.license }} - - name: license-volume - secret: - secretName: license - {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index e3c78ef..bfde3d0 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -44,11 +44,6 @@ spec: - name: properties-volume mountPath: /opt/codetogether/runtime/cthq.properties subPath: cthq.properties - {{ - if .Values.license - }} - - name: license-volume - mountPath: /opt/codetogether/runtime/license - subPath: license - {{ - end }} # # Set container configuration # @@ -83,11 +78,6 @@ spec: - name: properties-volume secret: secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} - {{ - if .Values.license - }} - - name: license-volume - secret: - secretName: license - {{ - end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From c8688ef661b38a331bef988077e96c34f2989456 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Thu, 30 Jan 2025 13:58:33 +0100 Subject: [PATCH 06/20] fix: adjustement to recent changes (#47) * update service name * version update and minor tweaks * removal of invalid entries from deployment file in the collab package --- charts/collab/Chart.yaml | 2 +- charts/collab/templates/deployment.yaml | 30 ------------------------- charts/collab/templates/secret-sso.yaml | 14 ------------ charts/collab/values.yaml | 2 +- charts/hq/Chart.yaml | 4 ++-- charts/hq/values.yaml | 4 +--- charts/intel/Chart.yaml | 4 ++-- charts/live/Chart.yaml | 2 +- 8 files changed, 8 insertions(+), 54 deletions(-) delete mode 100644 charts/collab/templates/secret-sso.yaml diff --git a/charts/collab/Chart.yaml b/charts/collab/Chart.yaml index b1a6326..fd05d0a 100644 --- a/charts/collab/Chart.yaml +++ b/charts/collab/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether-collab description: CodeTogether Collab type: application -version: 1.0.0 +version: 1.1.0 appVersion: "2025.1.0" kubeVersion: ">= 1.18.0" diff --git a/charts/collab/templates/deployment.yaml b/charts/collab/templates/deployment.yaml index bfb180b..a0d6f79 100644 --- a/charts/collab/templates/deployment.yaml +++ b/charts/collab/templates/deployment.yaml @@ -14,7 +14,6 @@ spec: checksum/coturn: {{ include (print $.Template.BasePath "/secret-coturn.yaml") . | sha256sum }} checksum/dashboard: {{ include (print $.Template.BasePath "/secret-dashboard.yaml") . | sha256sum }} checksum/intel: {{ include (print $.Template.BasePath "/secret-intel.yaml") . | sha256sum }} - checksum/sso: {{ include (print $.Template.BasePath "/secret-sso.yaml") . | sha256sum }} checksum/ssl: {{ include (print $.Template.BasePath "/secret-ssl.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -169,35 +168,6 @@ spec: - name: CT_AUTO_RESTART_DISABLED value: "true" {{- end }} - # - # Set SSO configuration - # - {{- if .Values.sso.enabled }} - - name: CT_SSO_PROVIDER - valueFrom: - secretKeyRef: - name: {{ include "codetogether.fullname" . }}-sso - key: provider - - name: CT_SSO_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ include "codetogether.fullname" . }}-sso - key: clientID - - name: CT_SSO_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ include "codetogether.fullname" . }}-sso - key: clientSecret - - name: CT_SSO_SYSTEM_BASE_URL - valueFrom: - secretKeyRef: - name: {{ include "codetogether.fullname" . }}-sso - key: systemBaseUrl - - name: CT_SSO_SECURE_JWKS_ENDPT_ENABLE - value: {{ .Values.sso.jwksEndPointEnabled | quote }} - - name: CT_REQUEST_OFFLINE_ACCESS - value: {{ .Values.sso.offlineAccessScope | default "true" | quote }} - {{- end }} {{- if .Values.securityContext.readOnlyRootFilesystem}} volumeMounts: diff --git a/charts/collab/templates/secret-sso.yaml b/charts/collab/templates/secret-sso.yaml deleted file mode 100644 index a40bd35..0000000 --- a/charts/collab/templates/secret-sso.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.sso.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "codetogether.fullname" . }}-sso - labels: - {{- include "codetogether.labels" . | nindent 4 }} -type: Opaque -data: - provider: {{ .Values.sso.provider | b64enc | quote }} - systemBaseUrl: {{ .Values.sso.systemBaseUrl | b64enc | quote }} - clientID: {{ .Values.sso.clientID | b64enc | quote }} - clientSecret: {{ .Values.sso.clientSecret | b64enc | quote }} -{{- end }} diff --git a/charts/collab/values.yaml b/charts/collab/values.yaml index fe9bf3a..dc0b1ca 100644 --- a/charts/collab/values.yaml +++ b/charts/collab/values.yaml @@ -200,7 +200,7 @@ service: serviceAccount: create: true annotations: {} - name: "codetogether" + name: "codetogether-collab" podAnnotations: {} diff --git a/charts/hq/Chart.yaml b/charts/hq/Chart.yaml index 493b64c..5c69b64 100644 --- a/charts/hq/Chart.yaml +++ b/charts/hq/Chart.yaml @@ -3,8 +3,8 @@ name: codetogether-hq description: CodeTogether HQ provides advanced project insights for developers type: application -version: 1.4.15 -appVersion: "2023.3.0" +version: 1.4.18 +appVersion: "2024.1.0" kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png diff --git a/charts/hq/values.yaml b/charts/hq/values.yaml index cab1e9d..e9c896d 100644 --- a/charts/hq/values.yaml +++ b/charts/hq/values.yaml @@ -49,11 +49,9 @@ hqproperties: hq.cassandra.db.name: insights hq.cassandra.db.port: 9042 hq.cassandra.db.host: codetogether-cassandra.default.svc.cluster.local - hq.sso.redirect.uri: https:///api/v1/auth/sso/success/hq + hq.sso.redirect.uri: https:///api/v1/auth/sso/success/insights hq.cassandra.db.password: cassandra hq.cassandra.db.username: cassandra - hq.sso.role.mapping.claim: roles - hq.sso.role.mappings: cthq_user,project-manager[pm],sys-admin[sa] # default datacenter name is 'datacenter1' # hq.cassandra.db.localdatacenter: datacenter1 diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml index c806608..94a4f80 100644 --- a/charts/intel/Chart.yaml +++ b/charts/intel/Chart.yaml @@ -3,8 +3,8 @@ name: codetogether-intel description: CodeTogether Intel provides advanced project insights for developers type: application -version: 1.4.15 -appVersion: "2023.3.0" +version: 1.1.0 +appVersion: "2025.1.0" kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png diff --git a/charts/live/Chart.yaml b/charts/live/Chart.yaml index f3b9865..b1fd0e7 100644 --- a/charts/live/Chart.yaml +++ b/charts/live/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether description: CodeTogether Live provides pair programming and collaborative coding type: application -version: 1.4.22 +version: 1.4.23 appVersion: "2024.2.0" kubeVersion: ">= 1.18.0" From 02c9ed0bbf44935702de780b2b1898e3d09068f2 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Thu, 30 Jan 2025 17:39:57 +0100 Subject: [PATCH 07/20] fix: update release.yml to skip existing versions (#50) --- .github/workflows/release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be36ee8..929e370 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,5 +28,7 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.5.0 + with: + skip_existing: true env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 9e5c9bb4fd1456554875ce6375fcc682ef553c71 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Thu, 30 Jan 2025 17:44:26 +0100 Subject: [PATCH 08/20] fix: update live and hq versions (#52) --- charts/hq/Chart.yaml | 2 +- charts/live/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/hq/Chart.yaml b/charts/hq/Chart.yaml index 5c69b64..811fd89 100644 --- a/charts/hq/Chart.yaml +++ b/charts/hq/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether-hq description: CodeTogether HQ provides advanced project insights for developers type: application -version: 1.4.18 +version: 1.4.19 appVersion: "2024.1.0" kubeVersion: ">= 1.18.0" diff --git a/charts/live/Chart.yaml b/charts/live/Chart.yaml index b1fd0e7..4c35652 100644 --- a/charts/live/Chart.yaml +++ b/charts/live/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether description: CodeTogether Live provides pair programming and collaborative coding type: application -version: 1.4.23 +version: 1.4.24 appVersion: "2024.2.0" kubeVersion: ">= 1.18.0" From cccca4fcbbfa0236f6319b56f82bb82103bfe42a Mon Sep 17 00:00:00 2001 From: danc094codetogether Date: Mon, 3 Feb 2025 03:51:41 -0600 Subject: [PATCH 09/20] feat: add Helm template validation workflow for PR checks (#56) --- .github/workflows/helm-template-check.yml | 38 +++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/helm-template-check.yml diff --git a/.github/workflows/helm-template-check.yml b/.github/workflows/helm-template-check.yml new file mode 100644 index 0000000..2fbb026 --- /dev/null +++ b/.github/workflows/helm-template-check.yml @@ -0,0 +1,38 @@ +name: Helm Template Validation + +on: + pull_request: + branches: + - main + +jobs: + helm-lint: + name: Validate Helm Charts + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Required Dependencies + run: | + apt-get update && apt-get install -y unzip + + - name: Install Helm + uses: azure/setup-helm@v3 + + - name: Validate Collab Chart + run: | + helm template collab ./charts/collab --values ./charts/collab/values.yaml + + - name: Validate HQ Chart + run: | + helm template hq ./charts/hq --values ./charts/hq/values.yaml + + - name: Validate Intel Chart + run: | + helm template intel ./charts/intel --values ./charts/intel/values.yaml + + - name: Validate Live Chart + run: | + helm template live ./charts/live --values ./charts/live/values.yaml From 62ce2bc22aff4a6c34363da2a9baa04198836657 Mon Sep 17 00:00:00 2001 From: patrick-codetogether Date: Tue, 4 Feb 2025 07:42:01 -0700 Subject: [PATCH 10/20] feat: allow image digest & allow cassandra db password from secret (#60) --- charts/intel/templates/deployment.yaml | 6 ++++-- charts/intel/templates/secret-properties.yaml | 10 +++++++++- charts/intel/values.yaml | 8 ++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index bfde3d0..e545938 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -31,9 +31,11 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: >- + {{ .Values.image.repository }} + {{- if .Values.image.digest }}@{{ .Values.image.digest }} + {{- else }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} - env: # # Set CodeTogether runtime configuration diff --git a/charts/intel/templates/secret-properties.yaml b/charts/intel/templates/secret-properties.yaml index 925a743..998c94b 100644 --- a/charts/intel/templates/secret-properties.yaml +++ b/charts/intel/templates/secret-properties.yaml @@ -5,6 +5,14 @@ metadata: type: Opaque stringData: cthq.properties: |- + {{- $cassandraPassword := "" }} + {{- if and (hasKey .Values "cassandra") (hasKey .Values.cassandra "passwordSecret") .Values.cassandra.passwordSecret (lookup "v1" "Secret" .Release.Namespace .Values.cassandra.passwordSecret) }} + {{- $cassandraPassword := (lookup "v1" "Secret" .Release.Namespace .Values.cassandra.passwordSecret).data.cassandraPassword | b64dec }} + {{- end }} {{- range $key, $value := .Values.hqproperties }} - {{ $key }}={{ $value }} + {{- if and (eq $key "hq.cassandra.db.password") $cassandraPassword }} + {{ $key }}={{ $cassandraPassword }} + {{- else }} + {{ $key }}={{ $value }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index 3650f0d..d6902c6 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -15,6 +15,8 @@ image: pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "latest" + # Optional: specify a digest to use a specific image version, if provided will override the + digest: "" # # Configure the source location for the Docker image, using the @@ -57,6 +59,12 @@ hqproperties: # default datacenter name is 'datacenter1' # hq.cassandra.db.localdatacenter: datacenter1 +# Optional property, if provided the value from the secret will be used as the cassandra DB password +# This will overwrite the value in the hqproperties hq.cassandra.db.password +# The secret must have a key named 'cassandra.password' +cassandra: + passwordSecret: "" + # # Enables and configures Ingress (default = Nginx). The className value can be used # to change the default behavior. Please read the comments below to see details. From 86bb02103c3ff4c2840c77e511c3b4c64d41327e Mon Sep 17 00:00:00 2001 From: Patrick Dodgen Date: Tue, 4 Feb 2025 14:54:13 -0700 Subject: [PATCH 11/20] removing kubeversion from charts --- charts/collab/Chart.yaml | 1 - charts/hq/Chart.yaml | 1 - charts/intel/Chart.yaml | 1 - charts/live/Chart.yaml | 1 - 4 files changed, 4 deletions(-) diff --git a/charts/collab/Chart.yaml b/charts/collab/Chart.yaml index fd05d0a..b085b98 100644 --- a/charts/collab/Chart.yaml +++ b/charts/collab/Chart.yaml @@ -5,7 +5,6 @@ description: CodeTogether Collab type: application version: 1.1.0 appVersion: "2025.1.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com diff --git a/charts/hq/Chart.yaml b/charts/hq/Chart.yaml index 811fd89..fd0674f 100644 --- a/charts/hq/Chart.yaml +++ b/charts/hq/Chart.yaml @@ -5,7 +5,6 @@ description: CodeTogether HQ provides advanced project insights for developers type: application version: 1.4.19 appVersion: "2024.1.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml index 94a4f80..d510cae 100644 --- a/charts/intel/Chart.yaml +++ b/charts/intel/Chart.yaml @@ -5,7 +5,6 @@ description: CodeTogether Intel provides advanced project insights for developer type: application version: 1.1.0 appVersion: "2025.1.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com diff --git a/charts/live/Chart.yaml b/charts/live/Chart.yaml index 4c35652..9130cd5 100644 --- a/charts/live/Chart.yaml +++ b/charts/live/Chart.yaml @@ -5,7 +5,6 @@ description: CodeTogether Live provides pair programming and collaborative codin type: application version: 1.4.24 appVersion: "2024.2.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com From f99a4af57c89deea2b346c46fdfc928b19dcf834 Mon Sep 17 00:00:00 2001 From: danc094codetogether Date: Wed, 5 Feb 2025 06:18:43 -0600 Subject: [PATCH 12/20] feat: Update README to include Collab and Intel charts (#55) --- README.md | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 494c715..9c67c34 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,34 @@ -This is a Helm Chart repository for CodeTogether's Live and HQ products. +# CodeTogether Helm Chart Repository -## Helm Charts Directory +This repository contains Helm charts for deploying CodeTogether software, including: -### CodeTogether Live +Intelligence Suite – Engineering intelligence for data-driven insights +Collabolation Module – Real-time collaboration within the IDE + +## Latest Helm Charts + +### CodeTogether Intel + +The `codetogether/codetogether-intel` Helm chart deploys the latest version of the CodeTogether Intelligence Suite backend. The Intelligence Suite leverages DevEx Workflow AI to drive goal-oriented success. It operates independently of server connectivity, allowing clients to continue tracking project activity locally and synchronize once the server is available. + +### CodeTogether Collab -The `codetogether/codetogether` Helm chart can be used to deploy the CodeTogether Live -backend. Live provides teams the ability to code together real-time right from within -their IDE. +The `codetogether/codetogether-collab` Helm chart deploys the latest version of the CodeTogether Collabolation module backend. It enables real-time collaborative coding within the IDE, enhancing team synergy and communication across projects. + +## Deprecated Helm Charts ### CodeTogether HQ -The `codetogether/codetogether-hq` Helm chart can be used to deploy the CodeTogether HQ -backend. HQ provides teams unique insights into project hotspots and areas of opportunity -to foster collaboration and on-time delivery of software. +The `codetogether/codetogether-hq` Helm chart supports legacy users needing to deploy a previous version of the CodeTogether HQ Intelligence Suite backend. + +### CodeTogether Live + +The `codetogether/codetogether` Helm chart supports legacy users needing to deploy a previous version of the CodeTogether Live backend. ## Getting Started -To begin using the repository, first add it to your Helm configuration: +Add the CodeTogether repository to your Helm configuration: `helm repo add codetogether https://helm.codetogether.io` -Then you can provision services using a command such as: -`helm install codetogether codetogether/codetogether -f codetogether-values.yaml` \ No newline at end of file +Install a Helm chart using: +`helm install codetogether codetogether/codetogether -f codetogether-values.yaml` From d262ae10cfeda438a31181a76943f64b1d406380 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 13:23:35 +0100 Subject: [PATCH 13/20] feat: support for customization of java options and cacerts (#71) --- charts/intel/README.md | 29 +++++++++++++++++++- charts/intel/templates/deployment.yaml | 37 ++++++++++++++++++++++++++ charts/intel/values.yaml | 30 +++++++++++++++++++++ 3 files changed, 95 insertions(+), 1 deletion(-) diff --git a/charts/intel/README.md b/charts/intel/README.md index 8cd5531..1304fde 100644 --- a/charts/intel/README.md +++ b/charts/intel/README.md @@ -47,7 +47,11 @@ The following table lists configurable parameters of the CodeTogether Intel char | `hqproperties.hq.cassandra.db.username` | Username for Cassandra database | `cassandra` | | `hqproperties.hq.collab.url` | URL of the collaboration server integrated with Intel | `https://your-collab-server` | | `hqproperties.hq.collab.secret` | Secret key for secure communication with the collaboration server | `SECRET` | - +| `java.customJavaOptions` | Additional Java options to be passed to the application | `""` | +| `java.customCacerts.enabled` | Enables mounting a custom Java trust store (cacerts) | `false` | +| `java.customCacerts.cacertsSecretName` | Name of the Kubernetes secret containing the `cacerts` file | `custom-java-cacerts` | +| `java.customCacerts.trustStorePasswordKey` | (Optional) Key inside the Kubernetes secret containing the trust store password | `trustStorePassword` | +| `cassandra.passwordSecret` | (Optional) Name of a Kubernetes secret containing the Cassandra database password. | | | `ingress.enabled` | Enables ingress controller resource | `true` | | `ingress.annotations` | Annotations for ingress | `{}` | | `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-intel-tls` | @@ -80,6 +84,29 @@ To secure CodeTogether, you can add a `secret` that contains your TLS (Transport $ kubectl create secret tls codetogether-intel-tls --key --cert ``` +## Custom Java Trust Store + +If your environment requires a custom CA certificate bundle, you can configure a custom Java trust store by creating a secret. + +If trust store is not protected by the password, use the following command to create the secret: +```bash +$ kubectl create secret generic custom-java-cacerts --from-file=cacerts=/path/to/custom/cacerts --namespace=codetogether-intel +``` + +If password is required to access the trust store, store it in the same secret: +```bash +$ kubectl create secret generic custom-java-cacerts --from-file=cacerts=/path/to/custom/cacerts --from-literal=trustStorePassword='your-secure-password' --namespace=codetogether-intel +``` + +## Using Secret for Cassandra Password + +If you prefer not to store the Cassandra password in values.yaml, you can store it securely in a Kubernetes secret. + +```bash +kubectl create secret generic cassandra-password-secret --from-literal=cassandra.password='your-secure-cassandra-password' --namespace=codetogether-intel +``` + + ## Installing the Chart To install the chart with the release name `codetogether-intel`: diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index e545938..6b963bf 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -42,10 +42,42 @@ spec: # - name: CT_HQ_BASE_URL value: {{ .Values.codetogether.url | quote }} + + - name: CT_TRUSTSTORE_OPTIONS + value: >- + {{- if .Values.java.customCacerts.enabled }} + -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts + {{- end }} + {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} + -Djavax.net.ssl.trustStorePassword=$(TRUST_STORE_PASSWORD) + {{- end }} + + # Custom Java options (excluding trust store related settings) + {{- if .Values.java.customJavaOptions }} + - name: CT_JAVA_OPTIONS + value: "{{ .Values.java.customJavaOptions | default "" }}" + {{- end }} + + # Set trust store password only if trustStorePasswordKey is provided + {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} + - name: TRUST_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.java.customCacerts.cacertsSecretName }} + key: {{ .Values.java.customCacerts.trustStorePasswordKey }} + optional: true # Ensures the key is optional + {{- end }} + volumeMounts: - name: properties-volume mountPath: /opt/codetogether/runtime/cthq.properties subPath: cthq.properties + {{- if .Values.java.customCacerts.enabled }} + - name: java-cacerts + mountPath: /etc/ssl/certs/java/cacerts + subPath: cacerts + {{- end }} + # # Set container configuration # @@ -80,6 +112,11 @@ spec: - name: properties-volume secret: secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} + {{- if .Values.java.customCacerts.enabled }} + - name: java-cacerts + secret: + secretName: {{ .Values.java.customCacerts.cacertsSecretName }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index d6902c6..f0c6ac0 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -65,6 +65,36 @@ hqproperties: cassandra: passwordSecret: "" +java: + customCacerts: + enabled: false # Set to 'true' to enable custom Java trust store (cacerts) support. + + # Name of the Kubernetes secret that contains the custom Java trust store (cacerts) file. + # This secret should be created before deploying the application using: + # kubectl create secret generic custom-java-cacerts \ + # --from-file=cacerts=/path/to/custom/cacerts + # + # If a password is required for the trust store, it can optionally be added to the same secret (see below). + # + # The 'cacerts' file is mounted to the container at '/etc/ssl/certs/java/cacerts'. + cacertsSecretName: "custom-java-cacerts" + + # (Optional) The key inside the Kubernetes secret that holds the trust store password. + # If a password is required for the custom trust store, store it in the same secret as a key-value pair: + # kubectl create secret generic custom-java-cacerts \ + # --from-file=cacerts=/path/to/custom/cacerts \ + # --from-literal=trustStorePassword='your-secure-password' + # + # If this key is not present in the secret, no trust store password will be set. + # trustStorePasswordKey: "trustStorePassword" + + # Additional custom Java options to be passed to the application. + # These options will be appended to the CT_JAVA_OPTIONS environment variable. + # + # Example: + # customJavaOptions: "-Xms512m -Xmx2g -XX:+UseG1GC" + customJavaOptions: "" + # # Enables and configures Ingress (default = Nginx). The className value can be used # to change the default behavior. Please read the comments below to see details. From 16f51672601680da6701eac624c07904b580895a Mon Sep 17 00:00:00 2001 From: patrick-codetogether Date: Wed, 5 Feb 2025 05:24:59 -0700 Subject: [PATCH 14/20] feat: support image digest on collab chart (#65) --- charts/collab/templates/deployment.yaml | 5 ++++- charts/collab/values.yaml | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/collab/templates/deployment.yaml b/charts/collab/templates/deployment.yaml index a0d6f79..7c08ca3 100644 --- a/charts/collab/templates/deployment.yaml +++ b/charts/collab/templates/deployment.yaml @@ -33,7 +33,10 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: >- + {{ .Values.image.repository }} + {{- if .Values.image.digest }}@{{ .Values.image.digest }} + {{- else }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: diff --git a/charts/collab/values.yaml b/charts/collab/values.yaml index dc0b1ca..dc798a8 100644 --- a/charts/collab/values.yaml +++ b/charts/collab/values.yaml @@ -18,6 +18,8 @@ image: pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "latest" + # Optional - set to override the image tag, e.g. "sha256:1234567890" + digest: "" # # Configure the source location for the Docker image, using the From fdc683bbd4a6b4541d550c6b573b448f3b0b642e Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 13:31:04 +0100 Subject: [PATCH 15/20] fix: include dev PRs when triggering validation (#72) --- .github/workflows/helm-template-check.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/helm-template-check.yml b/.github/workflows/helm-template-check.yml index 2fbb026..56a2947 100644 --- a/.github/workflows/helm-template-check.yml +++ b/.github/workflows/helm-template-check.yml @@ -2,8 +2,7 @@ name: Helm Template Validation on: pull_request: - branches: - - main + branches: [main, dev] jobs: helm-lint: From f47e0843fc13f1e29be30de560d88a9e6725b6f6 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 13:42:11 +0100 Subject: [PATCH 16/20] fix: add image.digest to the readme file (#73) --- README.md | 4 ++-- charts/intel/README.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9c67c34..ddfb77b 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ This repository contains Helm charts for deploying CodeTogether software, including: -Intelligence Suite – Engineering intelligence for data-driven insights -Collabolation Module – Real-time collaboration within the IDE +- Intelligence Suite – Engineering intelligence for data-driven insights +- Collabolation Module – Real-time collaboration within the IDE ## Latest Helm Charts diff --git a/charts/intel/README.md b/charts/intel/README.md index 1304fde..a26de4a 100644 --- a/charts/intel/README.md +++ b/charts/intel/README.md @@ -25,6 +25,7 @@ The following table lists configurable parameters of the CodeTogether Intel char | `image.repository` | Docker image repository for CodeTogether Intel | `hub.edge.codetogether.com/releases/codetogether-intel` | | `image.pullPolicy` | Container image pull policy | `Always` | | `image.tag` | Tag for the CodeTogether Intel image | `latest` | +| `image.digest` | (Optional) Set to override the image tag, e.g. `sha256:1234567890` | | | `imageCredentials.enabled` | Enables authentication for private Docker registry | `true` | | `imageCredentials.registry` | Docker registry URL | `hub.edge.codetogether.com` | | `imageCredentials.username` | Docker registry username | `my-customer-username` | From e23654089dd976bd297cf2c68e478534b522a649 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 14:04:45 +0100 Subject: [PATCH 17/20] fix: remove k8s version constraint from the readme (#74) --- charts/intel/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/intel/README.md b/charts/intel/README.md index a26de4a..fabd4fb 100644 --- a/charts/intel/README.md +++ b/charts/intel/README.md @@ -10,7 +10,6 @@ This chart creates a CodeTogether Intel server deployment on a Kubernetes cluste This chart has been created with Helm v3 and tested with: -- Kubernetes v1.18+ - Helm v3.5+ - Cassandra v3.11+ From e8e0eaafbe4ae194ff2405890fafade9b94e19bd Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 18:07:51 +0100 Subject: [PATCH 18/20] fix: charts version update (#76) --- charts/collab/Chart.yaml | 2 +- charts/intel/Chart.yaml | 2 +- charts/intel/README.md | 2 +- charts/intel/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/collab/Chart.yaml b/charts/collab/Chart.yaml index b085b98..83a7533 100644 --- a/charts/collab/Chart.yaml +++ b/charts/collab/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether-collab description: CodeTogether Collab type: application -version: 1.1.0 +version: 1.2.0 appVersion: "2025.1.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml index d510cae..30fa2c8 100644 --- a/charts/intel/Chart.yaml +++ b/charts/intel/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether-intel description: CodeTogether Intel provides advanced project insights for developers type: application -version: 1.1.0 +version: 1.2.0 appVersion: "2025.1.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png diff --git a/charts/intel/README.md b/charts/intel/README.md index fabd4fb..bafd7a8 100644 --- a/charts/intel/README.md +++ b/charts/intel/README.md @@ -103,7 +103,7 @@ $ kubectl create secret generic custom-java-cacerts --from-file=cacerts=/path/to If you prefer not to store the Cassandra password in values.yaml, you can store it securely in a Kubernetes secret. ```bash -kubectl create secret generic cassandra-password-secret --from-literal=cassandra.password='your-secure-cassandra-password' --namespace=codetogether-intel +kubectl create secret generic cassandra-password-secret --from-literal=cassandraPassword='your-secure-cassandra-password' --namespace=codetogether-intel ``` diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index f0c6ac0..ba8cf44 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -61,7 +61,7 @@ hqproperties: # Optional property, if provided the value from the secret will be used as the cassandra DB password # This will overwrite the value in the hqproperties hq.cassandra.db.password -# The secret must have a key named 'cassandra.password' +# The secret must have a key named 'cassandraPassword' cassandra: passwordSecret: "" From 35dd30c8f8207d7e6a8b6cb9efbede0ce6bb8800 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 20:43:09 +0100 Subject: [PATCH 19/20] fix: simplify passing trust store password (#78) --- charts/intel/templates/deployment.yaml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index 6b963bf..a15aec4 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -43,14 +43,10 @@ spec: - name: CT_HQ_BASE_URL value: {{ .Values.codetogether.url | quote }} - - name: CT_TRUSTSTORE_OPTIONS - value: >- - {{- if .Values.java.customCacerts.enabled }} - -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts - {{- end }} - {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} - -Djavax.net.ssl.trustStorePassword=$(TRUST_STORE_PASSWORD) - {{- end }} + {{- if .Values.java.customCacerts.enabled }} + - name: CT_TRUST_STORE + value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts + {{- end }} # Custom Java options (excluding trust store related settings) {{- if .Values.java.customJavaOptions }} @@ -60,7 +56,7 @@ spec: # Set trust store password only if trustStorePasswordKey is provided {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} - - name: TRUST_STORE_PASSWORD + - name: CT_TRUST_STORE_PASSWD valueFrom: secretKeyRef: name: {{ .Values.java.customCacerts.cacertsSecretName }} From 97f0641879760054d68683affa1357898e872362 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Wed, 5 Feb 2025 21:02:57 +0100 Subject: [PATCH 20/20] fix: update legacy live chart version (#79) --- charts/live/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/live/Chart.yaml b/charts/live/Chart.yaml index 9130cd5..ae1963b 100644 --- a/charts/live/Chart.yaml +++ b/charts/live/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether description: CodeTogether Live provides pair programming and collaborative coding type: application -version: 1.4.24 +version: 1.4.25 appVersion: "2024.2.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png