evryfs · ChaosInTheCRD · Feb 14, 2022 · Feb 14, 2022 · Feb 14, 2022 · Feb 21, 2022
diff --git a/charts/dependency-track/Chart.yaml b/charts/dependency-track/Chart.yaml
@@ -24,7 +24,7 @@ dependencies:
 - name: postgresql
   version: ~10.10
   repository: https://charts.bitnami.com/bitnami
-  condition: postgresql.enabled
+  condition: database.internal.enabled
 - name: common
   version: 1.9.x
   repository: https://charts.bitnami.com/bitnami
diff --git a/charts/dependency-track/secret.yaml b/charts/dependency-track/secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.database.external.enabled -}}
+{{- if .Values.database.external.databaseUserPassword.createSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.database.external.databaseUserPassword.secretName }} 
+  labels: {{- include "backend.labels.standard" . | nindent 4 }}
+type: Opaque
+data:
+  {{ .Values.database.external.databaseUserPassword.secretKey }}: {{ .Values.database.external.databaseUserPassword.secretValue }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/dependency-track/templates/backend/deployment.yaml b/charts/dependency-track/templates/backend/deployment.yaml
@@ -24,65 +24,89 @@ spec:
       initContainers: {{- toYaml . | nindent 6 }}
       {{- end }}
       containers:
-      - name: {{ .Chart.Name }}-apiserver
-        securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }}
-        image: {{ include "apiserver.image" . }}
-        imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
-        {{- with .Values.apiserver.resources }}
-        resources: {{ . | toYaml | nindent 10 }}
-        {{- end }}
-        env:
-        - name: ALPINE_DATA_DIRECTORY
-          value: "/data"
-        {{- if .Values.postgresql.enabled }}
-        - name: ALPINE_DATABASE_MODE
-          value: "external"
-        - name: ALPINE_DATABASE_DRIVER
-          value: "org.postgresql.Driver"
-        - name: ALPINE_DATABASE_URL
-          value: jdbc:postgresql://{{ .Release.Name }}-postgresql/{{ .Values.postgresql.postgresqlDatabase }}
-        - name: ALPINE_DATABASE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-postgresql
-              key: postgresql-password
-        - name: ALPINE_DATABASE_USERNAME
-          value: {{ .Values.postgresql.postgresqlUsername }}
-        {{- end }}
-        {{- with .Values.apiserver.env }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-        volumeMounts:
-        - name: data
-          mountPath: /data
-        - name: tmp
-          mountPath: /tmp
-        ports:
-        - name: api
-          containerPort: 8080
-          protocol: TCP
-        {{- if .Values.apiserver.livenessProbe.enabled }}
-        livenessProbe:
-          httpGet:
-            port: api
-            path: {{ .Values.apiserver.livenessProbe.path }}
-          initialDelaySeconds: {{ .Values.apiserver.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.apiserver.livenessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.apiserver.livenessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.apiserver.livenessProbe.successThreshold }}
-          failureThreshold: {{ .Values.apiserver.livenessProbe.failureThreshold }}
-        {{- end }}
-        {{- if .Values.apiserver.livenessProbe.enabled }}
-        readinessProbe:
-          httpGet:
-            port: api
-            path: {{ .Values.apiserver.readinessProbe.path }}
-          initialDelaySeconds: {{ .Values.apiserver.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.apiserver.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.apiserver.readinessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.apiserver.readinessProbe.successThreshold }}
-          failureThreshold: {{ .Values.apiserver.readinessProbe.failureThreshold }}
+        - name: {{ .Chart.Name }}-apiserver
+          securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }}
+          image: {{ include "apiserver.image" . }}
+          imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
+          {{- with .Values.apiserver.resources }}
+          resources: {{ . | toYaml | nindent 12 }}
+          {{- end }}
+          env:
+          - name: ALPINE_DATA_DIRECTORY
+            value: "/data"
+          {{- if eq .Values.database.internal.enabled true }}
+          - name: ALPINE_DATABASE_MODE
+            value: "external"
+          - name: ALPINE_DATABASE_DRIVER
+            value: "org.postgresql.Driver"
+          - name: ALPINE_DATABASE_URL
+            value: jdbc:postgresql://{{ .Release.Name }}-postgresql/{{ .Values.database.internal.postgresql.database }}
+          - name: ALPINE_DATABASE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-postgresql
+                key: postgresql-password
+          - name: ALPINE_DATABASE_USERNAME
+            value: {{ .Values.database.internal.postgresql.username }}
+          {{- else if eq .Values.database.external.enabled true }}
+          - name: ALPINE_DATABASE_MODE
+            value: {{ .Values.database.external.databaseMode}}
+          - name: ALPINE_DATABASE_DRIVER
+            value: {{ .Values.database.external.databaseDriver}}
+          - name: ALPINE_DATABASE_URL
+            value: {{ .Values.database.external.databaseURL}}
+          - name: ALPINE_DATABASE_USERNAME
+            value: {{ .Values.database.external.databaseUsername }}
+          - name: ALPINE_DATABASE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.database.external.databaseUserPassword.secretName }}
+                key: {{ .Values.database.external.databaseUserPassword.secretKey }}
+          {{- end }}
+          {{- with .Values.apiserver.env }}
+          {{- toYaml . | nindent 8 }}
+          {{- end }}
+          volumeMounts:
+          - name: data
+            mountPath: /data
+          - name: tmp
+            mountPath: /tmp
+          ports:
+          - name: api
+            containerPort: 8080
+            protocol: TCP
+          {{- if .Values.apiserver.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              port: api
+              path: {{ .Values.apiserver.livenessProbe.path }}
+            initialDelaySeconds: {{ .Values.apiserver.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.apiserver.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.apiserver.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.apiserver.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.apiserver.livenessProbe.failureThreshold }}
+          {{- end }}
+          {{- if .Values.apiserver.livenessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              port: api
+              path: {{ .Values.apiserver.readinessProbe.path }}
+            initialDelaySeconds: {{ .Values.apiserver.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.apiserver.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.apiserver.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.apiserver.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.apiserver.readinessProbe.failureThreshold }}
+          {{- end }}
+      {{- if .Values.apiserver.sidecarContainers }}
+        {{- range $name, $spec := .Values.apiserver.sidecarContainers }}
+        - name: {{ $name }}
+          {{- if kindIs "string" $spec }}
+            {{- tpl $spec $ | nindent 10 }}
+          {{- else }}
+            {{- toYaml $spec | nindent 10 }}
+          {{- end }}
         {{- end }}
+      {{- end }}
       {{- with .Values.apiserver.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml
@@ -89,6 +89,13 @@ frontend:
 # -- config of the apiserver
 apiserver:
   enabled: true
+  # sidecarContainers - add more containers to the api-server (e.g. Google Cloud SQL Proxy)
+  # Key/Value where Key is the sidecar `- name: <Key>`
+  # Example:
+  #   sidecarContainers:
+  #      cloud-sql-proxy:
+  #        image: gcr.io/cloudsql-docker/gce-proxy:1.23.0
+  sidecarContainers: {}
 # Max: 1 - DT is not designed for HA
   replicaCount: 1
   image:
@@ -170,9 +177,27 @@ ingress:
   host: chart-example.local
   # ingressClassName: nginx
 
-# -- configuration of postgres
-postgresql:
-  enabled: true
-  postgresqlUsername: deptrack
-  postgresqlPassword: deptrack
-  postgresqlDatabase: deptrack
+# -- configuration of database
+database:
+  # internal - deploys a PostgreSQL database to the Kubernetes cluster (currently only supports postgres)
+  internal:
+    enabled: true
+    postgresql:
+      username: deptrack
+      password: deptrack
+      database: deptrack
+  # Allows for configuring dependency track to use an external database
+  external:
+    enabled: false
+    # Please see variable definitions here https://docs.dependencytrack.org/getting-started/configuration/
+    databaseMode: "external"
+    databaseDriver: "org.postgresql.Driver"
+    databaseURL: ""
+    databaseUsername: ""
+    # Store the database user password in a Kubernetes Secret
+    databaseUserPassword:
+      secretName: ""
+      secretKey: ""
+      # IT IS ADVISED THAT THIS VALUE IS NOT DECLARED AND STORED IN GIT UNENCRYPTED
+      secretValue: ""
+      createSecret: false