diff --git a/Chart.yaml b/Chart.yaml index 7afa8988..4128b4d1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,8 @@ apiVersion: v2 name: retool description: A Helm chart for Kubernetes type: application -version: 4.5.0 +version: 4.3.0 +appVersion: "2.70.21" maintainers: - name: Retool Engineering email: engineering+helm@retool.com diff --git a/templates/deployment_backend.yaml b/templates/deployment_backend.yaml index a991cccc..051e3b7f 100644 --- a/templates/deployment_backend.yaml +++ b/templates/deployment_backend.yaml @@ -127,6 +127,16 @@ spec: {{- end }} - name: RESTRICTED_DOMAIN value: {{ default "" .Values.config.auth.google.domain }} + - name: BASE_DOMAIN + value: {{ default "" .Values.config.baseDomain }} + - name: GITHUB_APP_ID + value: {{ .Values.config.githubAppId | default "" | quote }} + - name: GITHUB_APP_INSTALLATION_ID + value: {{ .Values.config.githubAppInstallationId | default "" | quote }} + - name: GITHUB_APP_PRIVATE_KEY + value: {{ .Values.config.githubAppPrivateKey | default "" | quote }} + - name: VERSION_CONTROL_LOCKED + value: {{ .Values.config.versionControlLocked | default "" | quote }} {{- end }} {{- range $key, $value := .Values.env }} - name: "{{ $key }}" diff --git a/templates/deployment_jobs.yaml b/templates/deployment_jobs.yaml index 8aa7a06e..d522cca1 100644 --- a/templates/deployment_jobs.yaml +++ b/templates/deployment_jobs.yaml @@ -64,39 +64,22 @@ spec: value: {{ template "retool.postgresql.port" . }} - name: POSTGRES_DB value: {{ template "retool.postgresql.db" . }} - - name: POSTGRES_SSL_ENABLED - value: {{ template "retool.postgresql.ssl_enabled" . }} {{- if not .Values.externalSecrets.enabled }} - name: LICENSE_KEY valueFrom: secretKeyRef: - {{- if .Values.config.licenseKeySecretName }} - name: {{ .Values.config.licenseKeySecretName }} - key: {{ .Values.config.licenseKeySecretKey | default "license-key" }} - {{- else }} name: {{ template "retool.fullname" . }} key: license-key - {{- end }} - name: JWT_SECRET valueFrom: secretKeyRef: - {{- if .Values.config.jwtSecretSecretName }} - name: {{ .Values.config.jwtSecretSecretName }} - key: {{ .Values.config.jwtSecretSecretKey | default "jwt-secret" }} - {{- else }} name: {{ template "retool.fullname" . }} key: jwt-secret - {{- end }} - name: ENCRYPTION_KEY valueFrom: secretKeyRef: - {{- if .Values.config.encryptionKeySecretName }} - name: {{ .Values.config.encryptionKeySecretName }} - key: {{ .Values.config.encryptionKeySecretKey | default "encryption-key" }} - {{- else }} name: {{ template "retool.fullname" . }} key: encryption-key - {{- end }} - name: POSTGRES_USER value: {{ template "retool.postgresql.user" . }} - name: POSTGRES_PASSWORD @@ -104,30 +87,29 @@ spec: secretKeyRef: {{- if .Values.postgresql.enabled }} name: {{ template "retool.postgresql.fullname" . }} - key: postgresql-password - {{- else }} - {{- if .Values.config.postgresql.passwordSecretName }} - name: {{ .Values.config.postgresql.passwordSecretName }} - key: {{ .Values.config.postgresql.passwordSecretKey | default "postgresql-password" }} - {{- else }} + {{- else }} name: {{ template "retool.fullname" . }} - key: postgresql-password - {{- end }} {{- end }} + key: postgresql-password - name: CLIENT_ID value: {{ default "" .Values.config.auth.google.clientId }} - name: CLIENT_SECRET valueFrom: secretKeyRef: - {{- if .Values.config.auth.google.clientSecretSecretName }} - name: {{ .Values.config.auth.google.clientSecretSecretName }} - key: {{ .Values.config.auth.google.clientSecretSecretKey | default "google-client-secret" }} - {{- else }} name: {{ template "retool.fullname" . }} key: google-client-secret - {{- end }} - name: RESTRICTED_DOMAIN value: {{ default "" .Values.config.auth.google.domain }} + - name: BASE_DOMAIN + value: {{ .Values.config.baseDomain | quote }} + - name: GITHUB_APP_ID + value: {{ .Values.config.githubAppId | default "" | quote }} + - name: GITHUB_APP_INSTALLATION_ID + value: {{ .Values.config.githubAppInstallationId | default "" | quote }} + - name: GITHUB_APP_PRIVATE_KEY + value: {{ .Values.config.githubAppPrivateKey | default "" | quote }} + - name: VERSION_CONTROL_LOCKED + value: {{ .Values.config.versionControlLocked | default "" | quote }} {{- end }} {{- range $key, $value := .Values.env }} - name: "{{ $key }}" @@ -185,4 +167,4 @@ spec: {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | indent 8 }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/secret.yaml b/templates/secret.yaml index c8c6bf44..7e4e48cf 100644 --- a/templates/secret.yaml +++ b/templates/secret.yaml @@ -11,31 +11,32 @@ metadata: {{- end }} type: Opaque data: - license-key: {{ .Values.config.licenseKey | default "" | b64enc | quote }} + license-key: {{ .Values.config.licenseKey | b64enc | quote }} + custom_oauth2_sso_client_id: {{ .Values.config.auth.onelogin.customOauth2SsoClientId | b64enc | quote }} + custom_oauth2_sso_client_secret: {{ .Values.config.auth.onelogin.customOauth2SsoClientSecret | b64enc | quote }} + custom_oauth2_sso_auth_url: {{ .Values.config.auth.onelogin.customOauth2SsoAuthUrl | b64enc | quote }} + trigger_oauth_2_sso_login_automatically: {{ .Values.config.auth.onelogin.triggerOauth2SsoLoginAutomatically | b64enc | quote }} + trigger_saml_login_automatically: {{ .Values.config.auth.onelogin.triggerSamlLoginAutomatically | b64enc | quote }} - {{ if not .Values.config.jwtSecretSecretName }} {{ if .Values.config.jwtSecret }} jwt-secret: {{ .Values.config.jwtSecret | b64enc | quote }} {{ else }} jwt-secret: {{ randAlphaNum 20 | b64enc | quote }} {{ end }} - {{ end }} - {{ if not .Values.config.encryptionKeySecretName }} {{ if .Values.config.encryptionKey }} encryption-key: {{ .Values.config.encryptionKey | b64enc | quote }} {{ else }} encryption-key: {{ randAlphaNum 20 | b64enc | quote }} {{ end }} - {{ end }} {{ if .Values.config.auth.google.clientSecret }} - google-client-secret: {{ .Values.config.auth.google.clientSecret | b64enc | quote }} + google-client-secret: {{ .Values.config.auth.google.clientSecret | b64enc |quote }} {{ else }} - google-client-secret: "" + google-client-secret: "" {{ end }} {{ if not .Values.postgresql.enabled }} postgresql-password: {{ .Values.config.postgresql.password | default "" | b64enc | quote }} {{ end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/values.yaml b/values.yaml index cbccf625..0dd15574 100644 --- a/values.yaml +++ b/values.yaml @@ -3,30 +3,24 @@ config: licenseKey: "EXPIRED-LICENSE-KEY-TRIAL" - # licenseKeySecretName is the name of the secret where the Retool license key is stored (can be used instead of licenseKey) - # licenseKeySecretName: - # licenseKeySecretKey is the key in the k8s secret, default: license-key - # licenseKeySecretKey: - useInsecureCookies: false + useInsecureCookies: true auth: google: clientId: clientSecret: - # clientSecretSecretName is the name of the secret where the google client secret is stored (can be used instead of clientSecret) - # clientSecretSecretName: - # clientSecretSecretKey is the key in the k8s secret, default: google-client-secret - # clientSecretSecretKey: domain: + onelogin: + customOauth2SsoClientId: + customOauth2SsoClientSecret: + customOauth2SsoAuthUrl: + triggerOauth2SsoLoginAutomatically: + triggerSamlLoginAutomatically: encryptionKey: - # encryptionKeySecretName is the name of the secret where the encryption key is stored (can be used instead of encryptionKey) - # encryptionKeySecretName: - # encryptionKeySecretKey is the key in the k8s secret, default: encryption-key - # encryptionKeySecretKey: jwtSecret: - # jwtSecretSecretName is the name of the secret where the jwt secret is stored (can be used instead of jwtSecret) - # jwtSecretSecretName: - # jwtSecretSecretKey is the key in the k8s secret, default: jwt-secret - # jwtSecretSecretKey: + baseDomain: + githubAppId: + githubAppInstallationId: + githubAppPrivateKey: postgresql: {} # Specify if postgresql subchart is disabled @@ -35,15 +29,11 @@ config: # db: # user: # password: - # passwordSecretName is the name of the secret where the pg password is stored (can be used instead of password) - # passwordSecretName: - # passwordSecretKey is the key in the k8s secret, default: postgresql-password - # passwordSecretKey: image: repository: "tryretool/backend" # Will default to Chart AppVersion if left empty - tag: "X.Y.Z" + tag: pullPolicy: "IfNotPresent" commandline: @@ -125,7 +115,6 @@ livenessProbe: path: /api/checkHealth initialDelaySeconds: 30 timeoutSeconds: 10 - failureThreshold: 3 readinessProbe: enabled: true @@ -169,15 +158,6 @@ podAnnotations: {} replicaCount: 1 revisionHistoryLimit: 3 -# Optional pod disruption budget, for ensuring higher availability of the -# Retool application. Specify either minAvailable or maxUnavailable, as -# either an integer pod count (1) or a string percentage ("50%"). -# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -# -# Example: -# podDisruptionBudget: -# maxUnavailable: 1 - # Custom labels for pod assignment podLabels: {} @@ -208,4 +188,4 @@ securityContext: extraConfigMapMounts: [] -initContainers: {} +initContainers: {} \ No newline at end of file