diff --git a/charts/neo4j/Chart.yaml b/charts/neo4j/Chart.yaml index feb015c1..d96667e3 100644 --- a/charts/neo4j/Chart.yaml +++ b/charts/neo4j/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be diff --git a/charts/neo4j/templates/deployment.yaml b/charts/neo4j/templates/deployment.yaml index 8ab98bf2..c7b56e6a 100644 --- a/charts/neo4j/templates/deployment.yaml +++ b/charts/neo4j/templates/deployment.yaml @@ -1,5 +1,4 @@ {{- $fullName := include "neo4j.fullname" . -}} -{{- $volumeName := printf "%s-%s" $fullName "data" | trunc 63 | trimSuffix "-" -}} {{- $initContainerName := printf "%s-%s" $fullName "init-data" | trunc 63 | trimSuffix "-" -}} apiVersion: apps/v1 kind: Deployment @@ -24,8 +23,13 @@ spec: {{- include "neo4j.selectorLabels" . | nindent 8 }} spec: volumes: - - name: {{$volumeName}} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "neo4j.fullname" .) }} + {{- else }} emptyDir: {} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -41,7 +45,7 @@ spec: imagePullPolicy: {{ .Values.service.image.pullPolicy }} env: - name: NEO4J_AUTH - value: neo4j/{{ .Values.service.password }} + value: neo4j/{{ .Values.security.password }} - name: NEO4J_dbms_connector_bolt_advertised__address value: {{ .Values.ingress.hostnameBolt }}:443 ports: @@ -63,7 +67,7 @@ spec: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - mountPath: /data - name: {{$volumeName}} + name: data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/neo4j/templates/networkpolicy.yaml b/charts/neo4j/templates/networkpolicy.yaml index c114e235..a45fe4cb 100644 --- a/charts/neo4j/templates/networkpolicy.yaml +++ b/charts/neo4j/templates/networkpolicy.yaml @@ -2,11 +2,11 @@ kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: - name: {{ include "ubuntu.fullname" . }} + name: {{ include "neo4j.fullname" . }} spec: podSelector: matchLabels: - {{- include "ubuntu.selectorLabels" . | nindent 6 }} + {{- include "neo4j.selectorLabels" . | nindent 6 }} ingress: - from: - podSelector: {} diff --git a/charts/neo4j/templates/pvc.yaml b/charts/neo4j/templates/pvc.yaml new file mode 100644 index 00000000..07305df5 --- /dev/null +++ b/charts/neo4j/templates/pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "neo4j.fullname" . }} + labels: + {{- include "neo4j.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/neo4j/values.schema.json b/charts/neo4j/values.schema.json index 45fa1297..3a1d93b6 100644 --- a/charts/neo4j/values.schema.json +++ b/charts/neo4j/values.schema.json @@ -24,10 +24,10 @@ } } }, - "service": { - "description": "neo4j specific configuration", + "security": { + "description": "security specific configuration", "type": "object", - "properties": { + "properties": { "password": { "type": "string", "description": "Password", @@ -35,6 +35,54 @@ "x-form": { "value": "{{user.password}}" } + }, + "whitelist": { + "type": "object", + "description": "IP protection", + "properties": { + "enable": { + "type": "boolean", + "title": "Enable IP protection", + "description": "Only the configured set of IPs will be able to reach the service", + "default": true + }, + "ip": { + "type": "string", + "description": "the white list of IP is whitespace", + "title": "Whitelist of IP", + "x-form": { + "value": "{{user.ip}}" + } + } + } + }, + "networkPolicy": { + "type": "object", + "description": "Define access policy to the service", + "properties": { + "enable": { + "type": "boolean", + "title": "Enable network policy", + "description": "Only pod from the same namespace will be allowed", + "default": true + } + } + } + } + }, + "persistence": { + "description": "Configuration for persistence", + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Create a persistent volume", + "default": true + }, + "size": { + "type": "string", + "description": "Size of the persistent volume", + "default": "10Gi" } } }, diff --git a/charts/neo4j/values.yaml b/charts/neo4j/values.yaml index 967634f4..64009d28 100644 --- a/charts/neo4j/values.yaml +++ b/charts/neo4j/values.yaml @@ -1,7 +1,19 @@ # Default values for neo4j. +security: + password: password + networkPolicy: + enable: false + from: + - ipBlock: + cidr: 10.233.103.0/32 + - ipBlock: + cidr: 10.233.111.0/32 + whitelist: + enable: true + ip: "0.0.0.0/0" + service: - password: "changeme" image: repository: "neo4j" pullPolicy: IfNotPresent @@ -39,6 +51,7 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 + networking: type: ClusterIP neo4jUI: @@ -57,6 +70,20 @@ ingress: # hosts: # - chart-example.local +persistence: + enabled: true + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 10Gi + # existingClaim: "" + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/charts/pgadmin/Chart.yaml b/charts/pgadmin/Chart.yaml index f4c08ccf..620b35fc 100644 --- a/charts/pgadmin/Chart.yaml +++ b/charts/pgadmin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.2 +version: 0.2.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/pgadmin/templates/configmap.yaml b/charts/pgadmin/templates/configmap.yaml index 33db7f72..9332bc61 100644 --- a/charts/pgadmin/templates/configmap.yaml +++ b/charts/pgadmin/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.discovery.postgres -}} apiVersion: v1 kind: ConfigMap metadata: