diff --git a/.github/workflows/helm-template-check.yml b/.github/workflows/helm-template-check.yml new file mode 100644 index 0000000..56a2947 --- /dev/null +++ b/.github/workflows/helm-template-check.yml @@ -0,0 +1,37 @@ +name: Helm Template Validation + +on: + pull_request: + branches: [main, dev] + +jobs: + helm-lint: + name: Validate Helm Charts + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Required Dependencies + run: | + apt-get update && apt-get install -y unzip + + - name: Install Helm + uses: azure/setup-helm@v3 + + - name: Validate Collab Chart + run: | + helm template collab ./charts/collab --values ./charts/collab/values.yaml + + - name: Validate HQ Chart + run: | + helm template hq ./charts/hq --values ./charts/hq/values.yaml + + - name: Validate Intel Chart + run: | + helm template intel ./charts/intel --values ./charts/intel/values.yaml + + - name: Validate Live Chart + run: | + helm template live ./charts/live --values ./charts/live/values.yaml diff --git a/README.md b/README.md index 494c715..ddfb77b 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,34 @@ -This is a Helm Chart repository for CodeTogether's Live and HQ products. +# CodeTogether Helm Chart Repository -## Helm Charts Directory +This repository contains Helm charts for deploying CodeTogether software, including: -### CodeTogether Live +- Intelligence Suite – Engineering intelligence for data-driven insights +- Collabolation Module – Real-time collaboration within the IDE + +## Latest Helm Charts + +### CodeTogether Intel + +The `codetogether/codetogether-intel` Helm chart deploys the latest version of the CodeTogether Intelligence Suite backend. The Intelligence Suite leverages DevEx Workflow AI to drive goal-oriented success. It operates independently of server connectivity, allowing clients to continue tracking project activity locally and synchronize once the server is available. + +### CodeTogether Collab -The `codetogether/codetogether` Helm chart can be used to deploy the CodeTogether Live -backend. Live provides teams the ability to code together real-time right from within -their IDE. +The `codetogether/codetogether-collab` Helm chart deploys the latest version of the CodeTogether Collabolation module backend. It enables real-time collaborative coding within the IDE, enhancing team synergy and communication across projects. + +## Deprecated Helm Charts ### CodeTogether HQ -The `codetogether/codetogether-hq` Helm chart can be used to deploy the CodeTogether HQ -backend. HQ provides teams unique insights into project hotspots and areas of opportunity -to foster collaboration and on-time delivery of software. +The `codetogether/codetogether-hq` Helm chart supports legacy users needing to deploy a previous version of the CodeTogether HQ Intelligence Suite backend. + +### CodeTogether Live + +The `codetogether/codetogether` Helm chart supports legacy users needing to deploy a previous version of the CodeTogether Live backend. ## Getting Started -To begin using the repository, first add it to your Helm configuration: +Add the CodeTogether repository to your Helm configuration: `helm repo add codetogether https://helm.codetogether.io` -Then you can provision services using a command such as: -`helm install codetogether codetogether/codetogether -f codetogether-values.yaml` \ No newline at end of file +Install a Helm chart using: +`helm install codetogether codetogether/codetogether -f codetogether-values.yaml` diff --git a/charts/collab/Chart.yaml b/charts/collab/Chart.yaml index fd05d0a..83a7533 100644 --- a/charts/collab/Chart.yaml +++ b/charts/collab/Chart.yaml @@ -3,9 +3,8 @@ name: codetogether-collab description: CodeTogether Collab type: application -version: 1.1.0 +version: 1.2.0 appVersion: "2025.1.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com diff --git a/charts/collab/templates/deployment.yaml b/charts/collab/templates/deployment.yaml index a0d6f79..7c08ca3 100644 --- a/charts/collab/templates/deployment.yaml +++ b/charts/collab/templates/deployment.yaml @@ -33,7 +33,10 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: >- + {{ .Values.image.repository }} + {{- if .Values.image.digest }}@{{ .Values.image.digest }} + {{- else }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: diff --git a/charts/collab/values.yaml b/charts/collab/values.yaml index dc0b1ca..dc798a8 100644 --- a/charts/collab/values.yaml +++ b/charts/collab/values.yaml @@ -18,6 +18,8 @@ image: pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "latest" + # Optional - set to override the image tag, e.g. "sha256:1234567890" + digest: "" # # Configure the source location for the Docker image, using the diff --git a/charts/hq/Chart.yaml b/charts/hq/Chart.yaml index 5c69b64..fd0674f 100644 --- a/charts/hq/Chart.yaml +++ b/charts/hq/Chart.yaml @@ -3,9 +3,8 @@ name: codetogether-hq description: CodeTogether HQ provides advanced project insights for developers type: application -version: 1.4.18 +version: 1.4.19 appVersion: "2024.1.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml index 94a4f80..30fa2c8 100644 --- a/charts/intel/Chart.yaml +++ b/charts/intel/Chart.yaml @@ -3,9 +3,8 @@ name: codetogether-intel description: CodeTogether Intel provides advanced project insights for developers type: application -version: 1.1.0 +version: 1.2.0 appVersion: "2025.1.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com diff --git a/charts/intel/README.md b/charts/intel/README.md index 8cd5531..bafd7a8 100644 --- a/charts/intel/README.md +++ b/charts/intel/README.md @@ -10,7 +10,6 @@ This chart creates a CodeTogether Intel server deployment on a Kubernetes cluste This chart has been created with Helm v3 and tested with: -- Kubernetes v1.18+ - Helm v3.5+ - Cassandra v3.11+ @@ -25,6 +24,7 @@ The following table lists configurable parameters of the CodeTogether Intel char | `image.repository` | Docker image repository for CodeTogether Intel | `hub.edge.codetogether.com/releases/codetogether-intel` | | `image.pullPolicy` | Container image pull policy | `Always` | | `image.tag` | Tag for the CodeTogether Intel image | `latest` | +| `image.digest` | (Optional) Set to override the image tag, e.g. `sha256:1234567890` | | | `imageCredentials.enabled` | Enables authentication for private Docker registry | `true` | | `imageCredentials.registry` | Docker registry URL | `hub.edge.codetogether.com` | | `imageCredentials.username` | Docker registry username | `my-customer-username` | @@ -47,7 +47,11 @@ The following table lists configurable parameters of the CodeTogether Intel char | `hqproperties.hq.cassandra.db.username` | Username for Cassandra database | `cassandra` | | `hqproperties.hq.collab.url` | URL of the collaboration server integrated with Intel | `https://your-collab-server` | | `hqproperties.hq.collab.secret` | Secret key for secure communication with the collaboration server | `SECRET` | - +| `java.customJavaOptions` | Additional Java options to be passed to the application | `""` | +| `java.customCacerts.enabled` | Enables mounting a custom Java trust store (cacerts) | `false` | +| `java.customCacerts.cacertsSecretName` | Name of the Kubernetes secret containing the `cacerts` file | `custom-java-cacerts` | +| `java.customCacerts.trustStorePasswordKey` | (Optional) Key inside the Kubernetes secret containing the trust store password | `trustStorePassword` | +| `cassandra.passwordSecret` | (Optional) Name of a Kubernetes secret containing the Cassandra database password. | | | `ingress.enabled` | Enables ingress controller resource | `true` | | `ingress.annotations` | Annotations for ingress | `{}` | | `ingress.tls.secretName` | TLS secret name for ingress | `codetogether-intel-tls` | @@ -80,6 +84,29 @@ To secure CodeTogether, you can add a `secret` that contains your TLS (Transport $ kubectl create secret tls codetogether-intel-tls --key --cert ``` +## Custom Java Trust Store + +If your environment requires a custom CA certificate bundle, you can configure a custom Java trust store by creating a secret. + +If trust store is not protected by the password, use the following command to create the secret: +```bash +$ kubectl create secret generic custom-java-cacerts --from-file=cacerts=/path/to/custom/cacerts --namespace=codetogether-intel +``` + +If password is required to access the trust store, store it in the same secret: +```bash +$ kubectl create secret generic custom-java-cacerts --from-file=cacerts=/path/to/custom/cacerts --from-literal=trustStorePassword='your-secure-password' --namespace=codetogether-intel +``` + +## Using Secret for Cassandra Password + +If you prefer not to store the Cassandra password in values.yaml, you can store it securely in a Kubernetes secret. + +```bash +kubectl create secret generic cassandra-password-secret --from-literal=cassandraPassword='your-secure-cassandra-password' --namespace=codetogether-intel +``` + + ## Installing the Chart To install the chart with the release name `codetogether-intel`: diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index bfde3d0..a15aec4 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -31,19 +31,49 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: >- + {{ .Values.image.repository }} + {{- if .Values.image.digest }}@{{ .Values.image.digest }} + {{- else }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} - env: # # Set CodeTogether runtime configuration # - name: CT_HQ_BASE_URL value: {{ .Values.codetogether.url | quote }} + + {{- if .Values.java.customCacerts.enabled }} + - name: CT_TRUST_STORE + value: -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts + {{- end }} + + # Custom Java options (excluding trust store related settings) + {{- if .Values.java.customJavaOptions }} + - name: CT_JAVA_OPTIONS + value: "{{ .Values.java.customJavaOptions | default "" }}" + {{- end }} + + # Set trust store password only if trustStorePasswordKey is provided + {{- if and .Values.java.customCacerts.enabled .Values.java.customCacerts.trustStorePasswordKey }} + - name: CT_TRUST_STORE_PASSWD + valueFrom: + secretKeyRef: + name: {{ .Values.java.customCacerts.cacertsSecretName }} + key: {{ .Values.java.customCacerts.trustStorePasswordKey }} + optional: true # Ensures the key is optional + {{- end }} + volumeMounts: - name: properties-volume mountPath: /opt/codetogether/runtime/cthq.properties subPath: cthq.properties + {{- if .Values.java.customCacerts.enabled }} + - name: java-cacerts + mountPath: /etc/ssl/certs/java/cacerts + subPath: cacerts + {{- end }} + # # Set container configuration # @@ -78,6 +108,11 @@ spec: - name: properties-volume secret: secretName: {{ if .Values.fullnameOverride }}{{ .Values.fullnameOverride }}-hqproperties{{ else }}hqproperties{{ end }} + {{- if .Values.java.customCacerts.enabled }} + - name: java-cacerts + secret: + secretName: {{ .Values.java.customCacerts.cacertsSecretName }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/intel/templates/secret-properties.yaml b/charts/intel/templates/secret-properties.yaml index 925a743..998c94b 100644 --- a/charts/intel/templates/secret-properties.yaml +++ b/charts/intel/templates/secret-properties.yaml @@ -5,6 +5,14 @@ metadata: type: Opaque stringData: cthq.properties: |- + {{- $cassandraPassword := "" }} + {{- if and (hasKey .Values "cassandra") (hasKey .Values.cassandra "passwordSecret") .Values.cassandra.passwordSecret (lookup "v1" "Secret" .Release.Namespace .Values.cassandra.passwordSecret) }} + {{- $cassandraPassword := (lookup "v1" "Secret" .Release.Namespace .Values.cassandra.passwordSecret).data.cassandraPassword | b64dec }} + {{- end }} {{- range $key, $value := .Values.hqproperties }} - {{ $key }}={{ $value }} + {{- if and (eq $key "hq.cassandra.db.password") $cassandraPassword }} + {{ $key }}={{ $cassandraPassword }} + {{- else }} + {{ $key }}={{ $value }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index 3650f0d..ba8cf44 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -15,6 +15,8 @@ image: pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "latest" + # Optional: specify a digest to use a specific image version, if provided will override the + digest: "" # # Configure the source location for the Docker image, using the @@ -57,6 +59,42 @@ hqproperties: # default datacenter name is 'datacenter1' # hq.cassandra.db.localdatacenter: datacenter1 +# Optional property, if provided the value from the secret will be used as the cassandra DB password +# This will overwrite the value in the hqproperties hq.cassandra.db.password +# The secret must have a key named 'cassandraPassword' +cassandra: + passwordSecret: "" + +java: + customCacerts: + enabled: false # Set to 'true' to enable custom Java trust store (cacerts) support. + + # Name of the Kubernetes secret that contains the custom Java trust store (cacerts) file. + # This secret should be created before deploying the application using: + # kubectl create secret generic custom-java-cacerts \ + # --from-file=cacerts=/path/to/custom/cacerts + # + # If a password is required for the trust store, it can optionally be added to the same secret (see below). + # + # The 'cacerts' file is mounted to the container at '/etc/ssl/certs/java/cacerts'. + cacertsSecretName: "custom-java-cacerts" + + # (Optional) The key inside the Kubernetes secret that holds the trust store password. + # If a password is required for the custom trust store, store it in the same secret as a key-value pair: + # kubectl create secret generic custom-java-cacerts \ + # --from-file=cacerts=/path/to/custom/cacerts \ + # --from-literal=trustStorePassword='your-secure-password' + # + # If this key is not present in the secret, no trust store password will be set. + # trustStorePasswordKey: "trustStorePassword" + + # Additional custom Java options to be passed to the application. + # These options will be appended to the CT_JAVA_OPTIONS environment variable. + # + # Example: + # customJavaOptions: "-Xms512m -Xmx2g -XX:+UseG1GC" + customJavaOptions: "" + # # Enables and configures Ingress (default = Nginx). The className value can be used # to change the default behavior. Please read the comments below to see details. diff --git a/charts/live/Chart.yaml b/charts/live/Chart.yaml index b1fd0e7..9130cd5 100644 --- a/charts/live/Chart.yaml +++ b/charts/live/Chart.yaml @@ -3,9 +3,8 @@ name: codetogether description: CodeTogether Live provides pair programming and collaborative coding type: application -version: 1.4.23 +version: 1.4.24 appVersion: "2024.2.0" -kubeVersion: ">= 1.18.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com