From 02a9c3da62a168b5b289a23171d3eb2f745761fb Mon Sep 17 00:00:00 2001 From: amalmborg97 <71734550+amalmborg97@users.noreply.github.com> Date: Tue, 11 Nov 2025 16:16:33 -0500 Subject: [PATCH 1/4] simplify secret creation --- charts/devhub/README.md | 24 +++++++++++++++--------- charts/devhub/README.md.gotmpl | 16 +++++++++++----- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/charts/devhub/README.md b/charts/devhub/README.md index 6f323c7..ff502d8 100644 --- a/charts/devhub/README.md +++ b/charts/devhub/README.md @@ -1,6 +1,6 @@ # devhub -![Version: 2.11.0](https://img.shields.io/badge/Version-2.11.0-informational?style=flag) ![AppVersion: v2.17.0](https://img.shields.io/badge/AppVersion-v2.17.0-informational?style=flag) +![Version: 2.17.0](https://img.shields.io/badge/Version-2.17.0-informational?style=flag) ![AppVersion: v2.17.0](https://img.shields.io/badge/AppVersion-v2.17.0-informational?style=flag) Instructions for running self hosted install of Devhub/QueryDesk. Currently only k8s install is supported, reach out to support@devhub.tools if you would like additional methods supported. @@ -10,16 +10,22 @@ Instructions for running self hosted install of Devhub/QueryDesk. Currently only 1. Create a secret with the required application config - ```yaml + ```bash + CLOAK_KEY_V1=$(openssl rand -base64 32 | base64) + SECRET_KEY_BASE=$(openssl rand -hex 64 | base64) + SIGNING_KEY=$(openssl ecparam -name prime256v1 -genkey -noout | openssl ec 2>/dev/null | base64 ) + + kubectl apply -f - </dev/null | base64 ) + + kubectl apply -f - < Date: Tue, 11 Nov 2025 17:22:09 -0500 Subject: [PATCH 2/4] keep descriptions --- charts/devhub/README.md | 8 ++++++++ charts/devhub/README.md.gotmpl | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/charts/devhub/README.md b/charts/devhub/README.md index ff502d8..ad05f78 100644 --- a/charts/devhub/README.md +++ b/charts/devhub/README.md @@ -10,6 +10,14 @@ Instructions for running self hosted install of Devhub/QueryDesk. Currently only 1. Create a secret with the required application config + | Key | Description | + |-----|-------------| + | `CLOAK_KEY_V1` | A base64 encoded 32 byte random value. Used as an encryption key for field level encryption. | + | `SECRET_KEY_BASE` | A base64 encoded 64 byte random value. Used for signing cookies. | + | `SIGNING_KEY` | A base64 encoded ECDSA private key using the prime256v1 curve. Used for signing JWT tokens. | + + The following example shows how to generate these values and create the secret using kubectl: + ```bash CLOAK_KEY_V1=$(openssl rand -base64 32 | base64) SECRET_KEY_BASE=$(openssl rand -hex 64 | base64) diff --git a/charts/devhub/README.md.gotmpl b/charts/devhub/README.md.gotmpl index f8039b1..8bcbfc0 100644 --- a/charts/devhub/README.md.gotmpl +++ b/charts/devhub/README.md.gotmpl @@ -12,6 +12,14 @@ 1. Create a secret with the required application config + | Key | Description | + |-----|-------------| + | `CLOAK_KEY_V1` | A base64 encoded 32 byte random value. Used as an encryption key for field level encryption. | + | `SECRET_KEY_BASE` | A base64 encoded 64 byte random value. Used for signing cookies. | + | `SIGNING_KEY` | A base64 encoded ECDSA private key using the prime256v1 curve. Used for signing JWT tokens. | + + The following example shows how to generate these values and create the secret using kubectl: + ```bash CLOAK_KEY_V1=$(openssl rand -base64 32 | base64) SECRET_KEY_BASE=$(openssl rand -hex 64 | base64) From dcac63a0e7c3a1200e2f608f394c81cae49aa2c7 Mon Sep 17 00:00:00 2001 From: amalmborg97 <71734550+amalmborg97@users.noreply.github.com> Date: Wed, 12 Nov 2025 11:10:44 -0500 Subject: [PATCH 3/4] clean --- charts/devhub/README.md | 6 +++--- charts/devhub/README.md.gotmpl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/devhub/README.md b/charts/devhub/README.md index ad05f78..30e5920 100644 --- a/charts/devhub/README.md +++ b/charts/devhub/README.md @@ -19,9 +19,9 @@ Instructions for running self hosted install of Devhub/QueryDesk. Currently only The following example shows how to generate these values and create the secret using kubectl: ```bash - CLOAK_KEY_V1=$(openssl rand -base64 32 | base64) - SECRET_KEY_BASE=$(openssl rand -hex 64 | base64) - SIGNING_KEY=$(openssl ecparam -name prime256v1 -genkey -noout | openssl ec 2>/dev/null | base64 ) + CLOAK_KEY_V1=$(openssl rand -base64 32 | base64) + SECRET_KEY_BASE=$(openssl rand -hex 64 | base64) + SIGNING_KEY=$(openssl ecparam -name prime256v1 -genkey -noout | openssl ec 2>/dev/null | base64) kubectl apply -f - </dev/null | base64 ) + CLOAK_KEY_V1=$(openssl rand -base64 32 | base64) + SECRET_KEY_BASE=$(openssl rand -hex 64 | base64) + SIGNING_KEY=$(openssl ecparam -name prime256v1 -genkey -noout | openssl ec 2>/dev/null | base64) kubectl apply -f - < Date: Thu, 13 Nov 2025 11:20:05 -0500 Subject: [PATCH 4/4] correct unittests --- charts/devhub/Chart.yaml | 4 +- .../__snapshot__/deployment_test.yaml.snap | 64 +++++++++++++------ .../__snapshot__/ingressroute_test.yaml.snap | 4 +- .../__snapshot__/networkpolicy_test.yaml.snap | 32 ++++++++-- .../__snapshot__/postgresql_test.yaml.snap | 12 ++-- .../tests/__snapshot__/rbac_test.yaml.snap | 9 ++- .../tests/__snapshot__/service_test.yaml.snap | 4 +- .../serviceaccount_test.yaml.snap | 4 +- 8 files changed, 90 insertions(+), 43 deletions(-) diff --git a/charts/devhub/Chart.yaml b/charts/devhub/Chart.yaml index dc1d2a2..3a8ea7a 100644 --- a/charts/devhub/Chart.yaml +++ b/charts/devhub/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v2 name: devhub description: Instructions for running self hosted install of Devhub/QueryDesk. Currently only k8s install is supported, reach out to support@devhub.tools if you would like additional methods supported. home: https://querydesk.com -version: 2.17.0 -appVersion: v2.17.0 +version: 2.18.0 +appVersion: v2.18.0 icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTk4IiBoZWlnaHQ9IjE4NSIgdmlld0JveD0iMCAwIDE5OCAxODUiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgPHBhdGgKICAgIGQ9Ik0xNTQuOCAxMS4yN0MxNTguOCAxMC42NiAxNjIuNzYgMTAuNzcgMTY2LjU3IDEyLjM1QzE2Ni45MSAxMi40OSAxNjcuMjggMTIuNTUgMTY4IDEyLjc1QzE2My4yOSA3LjE5IDE1Ny45NCAzLjE1IDE1MS42MiAwQzE1MS4zNyAwLjY0IDE1MS4xOSAwLjk3IDE1MS4xIDEuMzNDMTUwLjY2IDIuOTUgMTUwLjIyIDQuNTggMTQ5LjgzIDYuMjFDMTQ5LjI2IDguNiAxNTIuMzQgMTEuNjUgMTU0LjggMTEuMjdaIgogICAgZmlsbD0iIzYxQ0FGRiIgLz4KICA8cGF0aAogICAgZD0iTTE5Ny4wNSA0NkMxOTMuMDMgNDIuOTggMTkwLjMxIDM5LjEgMTg4LjM1IDM0LjQ5QzE4NS4zMSAyNy4zOCAxODAuMTMgMjIuMTkgMTczLjE4IDE4Ljc5QzE2Ni45IDE1LjcyIDE2MC40IDE0LjI0IDE1My4zOCAxNS41NEMxNTIuNTYgMTUuNjkgMTUxLjMxIDE1LjEzIDE1MC42OCAxNC40OEMxNDUuNTIgOS4yNSAxMzkuNTcgNS4yMSAxMzIuNzcgMi4yNUMxMzIuNiAyLjU5IDEzMi4zNyAyLjg5IDEzMi4yOCAzLjIzQzEyOS45NyAxMS4xNyAxMjkuNDUgMTkuMTkgMTMxLjIyIDI3LjMxQzEzMS4zNSAyNy45IDEzMS4zMSAyOC42NiAxMzEuMDMgMjkuMThDMTI4Ljg0IDMzLjQ0IDEyNi43IDM3Ljc0IDEyNC4zOSA0MS45M0MxMTYuNTcgNTYuMDggMTA2Ljk0IDU5LjE4IDgzLjc2IDU5LjE4QzYwLjU4IDU5LjE4IDM0Ljg2IDkxLjM3IDIxLjEgMTA1Ljc4TDE3LjU1IDEwOS4zM0MxNi4yMSAxMTAuNjcgMTYuMTQgMTEyLjk0IDE3LjU1IDExNC4yMkMxOC4xOCAxMTQuNzkgMTguOTcgMTE1LjA3IDE5Ljc2IDExNS4wN0MyMC42IDExNS4wNyAyMS40NCAxMTQuNzUgMjIuMDggMTE0LjExTDM0LjI3IDEwMS45Mkw0Ny40NSA4OC45MUM1Mi4wOCA4NC43MSA1NS43NiA4My40NSA2MS45MyA4OC42MUM2My4zNSA4OS43OSA2My40MyA5MS45NSA2Mi4xMyA5My4yNkw1OS41OSA5NS44QzU2LjE4IDk5LjIxIDU2LjE4IDEwNC43MyA1OS41NyAxMDguMTVDNTMuMTIgMTEwLjg0IDQ0LjQzIDExOC43MyA0MS4xNiAxMjguODJDMzkuMjYgMTM0LjY5IDM2LjE0IDE0MS40OCAzMy4yNCAxNDYuOEMzMS43NyAxNDkuNDkgMzQuMzEgMTUyLjEyIDM3LjI4IDE1MS4zN0M0MS4zMSAxNTAuMzUgNDYuMzcgMTQ5LjkgNTQuNTUgMTQ3LjI4QzYzLjU3IDE0NC4zOSA2OC4zIDEzOS44MSA3MS42IDEzNi42OUM3My4wMiAxMzUuMzUgNzEuNTIgMTMzLjAzIDY5LjcyIDEzMy43OUM2MS4yMyAxMzcuNDIgNDkuOCAxNDAuNzYgNTIuNjkgMTMxLjdDNTYuNjIgMTE5LjM0IDYzLjYgMTE0Ljg1IDY1LjMyIDExMy45TDY5LjQ0IDExOC4wMkM2Ny4wNyAxMTkuODIgNjQuNDkgMTIzLjc0IDYyLjc1IDEyNi43MkM2Mi4wMSAxMjcuOTggNjMuMjcgMTI5LjQ3IDY0LjY0IDEyOC45NkM2Ni4xOCAxMjguMzggNjcuODEgMTI3LjgxIDY4Ljc3IDEyNy42QzczLjc5IDEyNi40NyA3NS4xMyAxMjQuODUgNzUuNDggMTI0LjA2TDc5LjI0IDEyNy44MkM4Mi4yNSAxMzAuODMgODYuOTEgMTMxLjE4IDkwLjMxIDEyOC44OEM5Ni43MSAxMjUuMjkgMTAyLjQxIDExNS45NiAxMTEuNiAxMTIuMTRDMTMxLjE0IDEwMy45OSAxNDguNTEgMTAzLjQ5IDE1NS4wMyA3OC4yMkMxNTcuMjcgNjkuNTQgMTY0LjkxIDY1LjA1IDE3My41IDYyLjlDMTc3LjA4IDYyLjAyIDE4MC43NyA2MS41NSAxODQuMyA2MC41M0MxOTAuODEgNTguNjQgMTk1LjYgNTQuNzQgMTk3LjU1IDQ3Ljk5QzE5Ny43MiA0Ny40IDE5Ny41IDQ2LjMxIDE5Ny4wNiA0NS45OUwxOTcuMDUgNDZaTTE4MS40NCA1My44MUMxNzcuOTkgNTMuNzkgMTc0LjQ3IDUzLjMyIDE3MS4xIDUyLjU1QzE2NS41OCA1MS4yNyAxNjAuMDcgNTAuNDUgMTU0LjQxIDUxLjA3QzE1Mi4zNSA1MS4zIDE1MS40OSA1MC4wOCAxNTAuODIgNDguNDhDMTQ3Ljk0IDQxLjU5IDE1MS4yMSAzMi44NiAxNTguMDMgMjkuMkMxNjUuNCAyNS4yNCAxNzQuNjQgMjcuMzEgMTc4LjU5IDM0LjY2QzE4MS41OCA0MC4yMSAxODUuNjggNDQuMzYgMTkwLjYgNDcuOTdDMTkwLjkgNDguMTggMTkxLjE2IDQ4LjQ2IDE5MS41OSA0OC44M0MxODkuMDEgNTIuMzcgMTg1LjQzIDUzLjg0IDE4MS40NSA1My44MkwxODEuNDQgNTMuODFaIgogICAgZmlsbD0iIzYxQ0FGRiIgLz4KICA8cGF0aAogICAgZD0iTTIzLjM2IDg1LjE1QzI0LjIgODUuMTUgMjUuMDQgODQuODMgMjUuNjggODQuMTlMNTQuOTQgNTQuOTNDNTYuMjIgNTMuNjUgNTYuMjIgNTEuNTYgNTQuOTQgNTAuMjhDNTMuNjYgNDkgNTEuNTcgNDkgNTAuMjkgNTAuMjhMMjEuMDMgNzkuNTRDMTkuNzUgODAuODIgMTkuNzUgODIuOTEgMjEuMDMgODQuMTlDMjEuNjcgODQuODMgMjIuNTEgODUuMTUgMjMuMzUgODUuMTVIMjMuMzZaIgogICAgZmlsbD0iIzYxQ0FGRiIgLz4KICA8cGF0aAogICAgZD0iTTguOTEwMDEgOTkuNkM5Ljc1MDAxIDk5LjYgMTAuNTkgOTkuMjggMTEuMjMgOTguNjRMMTUuNDggOTQuMzlDMTYuNzYgOTMuMTEgMTYuNzYgOTEuMDIgMTUuNDggODkuNzRDMTQuMiA4OC40NiAxMi4xMSA4OC40NiAxMC44MyA4OS43NEw2LjU4MDAxIDkzLjk5QzUuMzAwMDEgOTUuMjcgNS4zMDAwMSA5Ny4zNiA2LjU4MDAxIDk4LjY0QzcuMjIwMDEgOTkuMjggOC4wNjAwMSA5OS42IDguOTAwMDEgOTkuNkg4LjkxMDAxWiIKICAgIGZpbGw9IiM2MUNBRkYiIC8+CiAgPHBhdGgKICAgIGQ9Ik0xNTkuNzUgOTguNjNMMTUxLjI1IDEwNy4xM0MxNDkuOTcgMTA4LjQxIDE0OS45NyAxMTAuNSAxNTEuMjUgMTExLjc4QzE1MS44OSAxMTIuNDIgMTUyLjczIDExMi43NCAxNTMuNTcgMTEyLjc0QzE1NC40MSAxMTIuNzQgMTU1LjI1IDExMi40MiAxNTUuODkgMTExLjc4TDE2NC4zOSAxMDMuMjhDMTY1LjY3IDEwMiAxNjUuNjcgOTkuOTEgMTY0LjM5IDk4LjYzQzE2My4xMSA5Ny4zNSAxNjEuMDIgOTcuMzUgMTU5Ljc0IDk4LjYzSDE1OS43NVoiCiAgICBmaWxsPSIjNjFDQUZGIiAvPgogIDxwYXRoCiAgICBkPSJNMy4zMzAwMSAxNTIuMjNDNC4xNzAwMSAxNTIuMjMgNS4wMTAwMSAxNTEuOTEgNS42NTAwMSAxNTEuMjdMMzguNjIgMTE4LjNDMzkuOSAxMTcuMDIgMzkuOSAxMTQuOTMgMzguNjIgMTEzLjY1QzM3LjM0IDExMi4zNyAzNS4yNSAxMTIuMzcgMzMuOTcgMTEzLjY1TDEuMDAwMDEgMTQ2LjYxQy0wLjI3OTk5IDE0Ny44OSAtMC4yNzk5OSAxNDkuOTggMS4wMDAwMSAxNTEuMjZDMS42NDAwMSAxNTEuOSAyLjQ4MDAxIDE1Mi4yMiAzLjMyMDAxIDE1Mi4yMkwzLjMzMDAxIDE1Mi4yM1oiCiAgICBmaWxsPSIjNjFDQUZGIiAvPgogIDxwYXRoCiAgICBkPSJNMTM5LjA2IDExOS4zMkwxMDYuMTcgMTUyLjIxQzEwNC44OSAxNTMuNDkgMTA0Ljg5IDE1NS41OCAxMDYuMTcgMTU2Ljg2QzEwNi44MSAxNTcuNSAxMDcuNjUgMTU3LjgyIDEwOC40OSAxNTcuODJDMTA5LjMzIDE1Ny44MiAxMTAuMTcgMTU3LjUgMTEwLjgxIDE1Ni44NkwxNDMuNyAxMjMuOTdDMTQ0Ljk4IDEyMi42OSAxNDQuOTggMTIwLjYgMTQzLjcgMTE5LjMyQzE0Mi40MiAxMTguMDQgMTQwLjMzIDExOC4wNCAxMzkuMDUgMTE5LjMySDEzOS4wNloiCiAgICBmaWxsPSIjNjFDQUZGIiAvPgogIDxwYXRoCiAgICBkPSJNMTUuMDggMTY0LjM4TDAuOTcwMDEgMTc4LjQ5Qy0wLjMwOTk5IDE3OS43NyAtMC4zMDk5OSAxODEuODYgMC45NzAwMSAxODMuMTRDMS42MTAwMSAxODMuNzggMi40NTAwMSAxODQuMSAzLjI5MDAxIDE4NC4xQzQuMTMwMDEgMTg0LjEgNC45NzAwMSAxODMuNzggNS42MTAwMSAxODMuMTRMMTkuNzIgMTY5LjAzQzIxIDE2Ny43NSAyMSAxNjUuNjYgMTkuNzIgMTY0LjM4QzE4LjQ0IDE2My4xIDE2LjM1IDE2My4xIDE1LjA3IDE2NC4zOEgxNS4wOFoiCiAgICBmaWxsPSIjNjFDQUZGIiAvPgogIDxwYXRoCiAgICBkPSJNMTA0LjI1IDEzMi40OEMxMDIuOTYgMTMxLjIgMTAwLjg4IDEzMS4yIDk5LjYgMTMyLjQ4TDY2Ljc4IDE2NS40QzY1LjUgMTY2LjY5IDY1LjUgMTY4Ljc3IDY2Ljc4IDE3MC4wNUM2Ny40MiAxNzAuNjkgNjguMjYgMTcxLjAxIDY5LjEgMTcxLjAxQzY5Ljk0IDE3MS4wMSA3MC43OSAxNzAuNjkgNzEuNDMgMTcwLjA0TDEwNC4yNSAxMzcuMTJDMTA1LjUzIDEzNS44MyAxMDUuNTMgMTMzLjc1IDEwNC4yNSAxMzIuNDdWMTMyLjQ4WiIKICAgIGZpbGw9IiM2MUNBRkYiIC8+CiAgPHBhdGgKICAgIGQ9Ik0xMDUuMjIgNDYuMDNMMTA4Ljc3IDM2LjQzTDExOC4zNyAzMi44OEwxMDguNzcgMjkuMzNMMTA1LjIyIDE5LjczTDEwMS42NyAyOS4zM0w5Mi4wNyAzMi44OEwxMDEuNjcgMzYuNDNMMTA1LjIyIDQ2LjAzWiIKICAgIGZpbGw9IiM2MUNBRkYiIC8+CiAgPHBhdGgKICAgIGQ9Ik0xNzcuNTUgNzguOTFMMTc1Ljc4IDgzLjcxTDE3MC45OCA4NS40OEwxNzUuNzggODcuMjZMMTc3LjU1IDkyLjA2TDE3OS4zMyA4Ny4yNkwxODQuMTMgODUuNDhMMTc5LjMzIDgzLjcxTDE3Ny41NSA3OC45MVoiCiAgICBmaWxsPSIjNjFDQUZGIiAvPgogIDxwYXRoCiAgICBkPSJNMzkuNDYgMTY0LjQ0TDM2LjggMTcxLjY0TDI5LjYgMTc0LjMxTDM2LjggMTc2Ljk3TDM5LjQ2IDE4NC4xN0w0Mi4xMyAxNzYuOTdMNDkuMzMgMTc0LjMxTDQyLjEzIDE3MS42NEwzOS40NiAxNjQuNDRaIgogICAgZmlsbD0iIzYxQ0FGRiIgLz4KICA8cGF0aAogICAgZD0iTTE3MS4yOSA0Mi44MUMxNzMuMTA3IDQyLjgxIDE3NC41OCA0MS4zMzcgMTc0LjU4IDM5LjUyQzE3NC41OCAzNy43MDMgMTczLjEwNyAzNi4yMyAxNzEuMjkgMzYuMjNDMTY5LjQ3MyAzNi4yMyAxNjggMzcuNzAzIDE2OCAzOS41MkMxNjggNDEuMzM3IDE2OS40NzMgNDIuODEgMTcxLjI5IDQyLjgxWiIKICAgIGZpbGw9IiM2MUNBRkYiIC8+Cjwvc3ZnPg== diff --git a/charts/devhub/tests/__snapshot__/deployment_test.yaml.snap b/charts/devhub/tests/__snapshot__/deployment_test.yaml.snap index 32b17d2..42d670b 100644 --- a/charts/devhub/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should render deployment with agent: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub spec: replicas: 1 @@ -28,7 +28,7 @@ should render deployment with agent: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: disabled - name: AGENT @@ -37,7 +37,7 @@ should render deployment with agent: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -73,12 +73,24 @@ should render deployment with agent: - mountPath: /etc/secrets/app name: config readOnly: true + - mountPath: /etc/secrets/db + name: database-config + readOnly: true + - mountPath: /etc/secrets/ca + name: database-ca + readOnly: true securityContext: {} serviceAccountName: devhub volumes: - name: config secret: secretName: devhub-config + - name: database-config + secret: + secretName: postgres-app + - name: database-ca + secret: + secretName: postgres-ca should render deployment with custom values: 1: | apiVersion: apps/v1 @@ -88,8 +100,8 @@ should render deployment with custom values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub spec: replicas: 1 @@ -109,7 +121,7 @@ should render deployment with custom values: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: verify - name: AUTH_EMAIL_HEADER @@ -124,7 +136,7 @@ should render deployment with custom values: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -217,7 +229,7 @@ should render deployment with custom values: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: verify - name: AUTH_EMAIL_HEADER @@ -232,7 +244,7 @@ should render deployment with custom values: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent name: database-ready resources: @@ -273,7 +285,7 @@ should render deployment with custom values: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: verify - name: AUTH_EMAIL_HEADER @@ -288,7 +300,7 @@ should render deployment with custom values: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent name: devhub-migrations resources: @@ -353,8 +365,8 @@ should render deployment with default values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub spec: replicas: 1 @@ -374,14 +386,14 @@ should render deployment with default values: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: disabled - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -420,6 +432,9 @@ should render deployment with default values: - mountPath: /etc/secrets/db name: database-config readOnly: true + - mountPath: /etc/secrets/ca + name: database-ca + readOnly: true - image: ghcr.io/devhub-tools/query-parser:v1.0.0 imagePullPolicy: IfNotPresent name: query-parser @@ -461,14 +476,14 @@ should render deployment with default values: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: disabled - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent name: database-ready resources: {} @@ -488,6 +503,9 @@ should render deployment with default values: - mountPath: /etc/secrets/db name: database-config readOnly: true + - mountPath: /etc/secrets/ca + name: database-ca + readOnly: true - command: - ./bin/devhub - eval @@ -496,14 +514,14 @@ should render deployment with default values: - name: APP_HOST value: devhub.example.com - name: APP_VERSION - value: v2.0.5 + value: v2.18.0 - name: DB_SSL value: disabled - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/devhub-tools/devhub:v2.0.5 + image: ghcr.io/devhub-tools/devhub:v2.18.0 imagePullPolicy: IfNotPresent name: devhub-migrations resources: {} @@ -523,6 +541,9 @@ should render deployment with default values: - mountPath: /etc/secrets/db name: database-config readOnly: true + - mountPath: /etc/secrets/ca + name: database-ca + readOnly: true securityContext: {} serviceAccountName: devhub volumes: @@ -532,3 +553,6 @@ should render deployment with default values: - name: database-config secret: secretName: devhub-private-postgres-app + - name: database-ca + secret: + secretName: postgres-ca diff --git a/charts/devhub/tests/__snapshot__/ingressroute_test.yaml.snap b/charts/devhub/tests/__snapshot__/ingressroute_test.yaml.snap index 3f12d1d..3e8cefd 100644 --- a/charts/devhub/tests/__snapshot__/ingressroute_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/ingressroute_test.yaml.snap @@ -7,8 +7,8 @@ should render ingressroute: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub-http spec: entryPoints: diff --git a/charts/devhub/tests/__snapshot__/networkpolicy_test.yaml.snap b/charts/devhub/tests/__snapshot__/networkpolicy_test.yaml.snap index d81db96..d78925d 100644 --- a/charts/devhub/tests/__snapshot__/networkpolicy_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/networkpolicy_test.yaml.snap @@ -7,8 +7,8 @@ renders network policy with custom values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub spec: egress: @@ -30,8 +30,8 @@ renders network policy with default values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub spec: egress: @@ -44,6 +44,13 @@ renders network policy with default values: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system + - ports: + - port: 5432 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: devhub - ports: - protocol: TCP to: @@ -53,6 +60,23 @@ renders network policy with default values: - ports: - port: 4000 protocol: TCP + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: devhub + ports: + - port: 5432 + protocol: TCP + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: cnpg-system + podSelector: + matchLabels: + app.kubernetes.io/name: cloudnative-pg + ports: + - port: 8000 + - port: 5432 podSelector: {} policyTypes: - Ingress diff --git a/charts/devhub/tests/__snapshot__/postgresql_test.yaml.snap b/charts/devhub/tests/__snapshot__/postgresql_test.yaml.snap index 1f0dca2..334879c 100644 --- a/charts/devhub/tests/__snapshot__/postgresql_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/postgresql_test.yaml.snap @@ -11,8 +11,8 @@ should render postgresql with custom values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: postgres namespace: devhub spec: @@ -66,8 +66,8 @@ should render postgresql with custom values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: scheduled-backup namespace: devhub spec: @@ -88,8 +88,8 @@ should render postgresql with default values: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: postgres namespace: devhub spec: diff --git a/charts/devhub/tests/__snapshot__/rbac_test.yaml.snap b/charts/devhub/tests/__snapshot__/rbac_test.yaml.snap index 6ec9436..c8f40da 100644 --- a/charts/devhub/tests/__snapshot__/rbac_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/rbac_test.yaml.snap @@ -7,8 +7,8 @@ should render rbac: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub rules: - apiGroups: @@ -42,8 +42,8 @@ should render rbac: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub roleRef: apiGroup: rbac.authorization.k8s.io @@ -52,4 +52,3 @@ should render rbac: subjects: - kind: ServiceAccount name: devhub - namespace: devhub diff --git a/charts/devhub/tests/__snapshot__/service_test.yaml.snap b/charts/devhub/tests/__snapshot__/service_test.yaml.snap index 82e3e0b..17efe8c 100644 --- a/charts/devhub/tests/__snapshot__/service_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/service_test.yaml.snap @@ -9,8 +9,8 @@ should create service by default: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub spec: ports: diff --git a/charts/devhub/tests/__snapshot__/serviceaccount_test.yaml.snap b/charts/devhub/tests/__snapshot__/serviceaccount_test.yaml.snap index 53cc95a..e54b36a 100644 --- a/charts/devhub/tests/__snapshot__/serviceaccount_test.yaml.snap +++ b/charts/devhub/tests/__snapshot__/serviceaccount_test.yaml.snap @@ -9,6 +9,6 @@ should create service account by default: app.kubernetes.io/instance: devhub app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: devhub - app.kubernetes.io/version: v2.0.5 - helm.sh/chart: devhub-2.1.2 + app.kubernetes.io/version: v2.18.0 + helm.sh/chart: devhub-2.18.0 name: devhub