Skip to content

Commit

Permalink
feat(ansible-semaphore): optionally create admin user
Browse files Browse the repository at this point in the history
  • Loading branch information
@tboerger
tboerger committed Sep 27, 2024
1 parent 7013b89 commit 638765b
Show file tree
Hide file tree
Showing 5 changed files with 309 additions and 3 deletions.
2 changes: 1 addition & 1 deletion stable/ansible-semaphore/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,4 @@ name: ansible-semaphore
sources:
- https://github.com/ansible-semaphore/semaphore
type: application
version: 10.2.0
version: 10.3.0
12 changes: 11 additions & 1 deletion stable/ansible-semaphore/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# ansible-semaphore

![Version: 10.2.0](https://img.shields.io/badge/Version-10.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.10.22](https://img.shields.io/badge/AppVersion-2.10.22-informational?style=flat-square)
![Version: 10.3.0](https://img.shields.io/badge/Version-10.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.10.22](https://img.shields.io/badge/AppVersion-2.10.22-informational?style=flat-square)

Modern and open-source alternative to AWX/Tower

Expand Down Expand Up @@ -119,6 +119,16 @@ oidc:

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| admin.create | bool | `false` | Create an local admin user |
| admin.email | string | `"admin@localhost"` | Email for local admin |
| admin.emailKey | string | `"email"` | Key used within secret for email |
| admin.existingSecret | string | `nil` | Existing secret to use for admin |
| admin.fullname | string | `"Admin"` | Fullname for local admin |
| admin.fullnameKey | string | `"fullname"` | Key used within secret for fullname |
| admin.password | string | `nil` | Password for local admin |
| admin.passwordKey | string | `"password"` | Key used within secret for password |
| admin.username | string | `"admin"` | Username for local admin |
| admin.usernameKey | string | `"username"` | Key used within secret for username |
| affinity | object | `{}` | Affinity for the deployment |
| annotations | object | `{}` | Define additional annotations |
| billing.enabled | bool | `false` | Enable billing |
Expand Down
238 changes: 237 additions & 1 deletion stable/ansible-semaphore/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,246 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.extraInitContainers }}
{{- if or .Values.admin.create .Values.extraInitContainers }}

initContainers:
{{- if or .Values.admin.create }}
- name: admin
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.podSecurityContext }}

securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}

command:
- sh
- -c
- |
if ! semaphore user get --config=/etc/semaphore/config.json --login $(SEMAPHORE_ADMIN_USERNAME) >/dev/null; then
semaphore user add \
--config=/etc/semaphore/config.json \
--admin \
--name=$(SEMAPHORE_ADMIN_FULLNAME) \
--login=$(SEMAPHORE_ADMIN_USERNAME) \
--password=$(SEMAPHORE_ADMIN_PASSWORD) \
--email=$(SEMAPHORE_ADMIN_EMAIL)
else
echo "Admin already extists"
fi
env:
- name: SEMAPHORE_ADMIN_FULLNAME
valueFrom:
secretKeyRef:
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.admin.fullnameKey }}
- name: SEMAPHORE_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.admin.usernameKey }}
- name: SEMAPHORE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.admin.passwordKey }}
- name: SEMAPHORE_ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: {{ .Values.admin.existingSecret | default (printf "%s-admin" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.admin.emailKey }}
- name: SEMAPHORE_PORT
value: {{ .Values.service.internalPort | quote }}
{{- if not (empty .Values.general.host) }}
- name: SEMAPHORE_WEB_ROOT
value: {{ .Values.general.host | quote }}
{{- end }}
- name: SEMAPHORE_GIT_CLIENT
value: {{ .Values.general.gitClient | quote }}
- name: SEMAPHORE_TMP_PATH
value: {{ .Values.general.tmpPath | quote }}
- name: SEMAPHORE_MAX_PARALLEL_TASKS
value: {{ .Values.general.maxParallelTasks | quote }}
- name: SEMAPHORE_PASSWORD_LOGIN_DISABLED
value: {{ .Values.general.passwordLoginDisable | quote }}
- name: SEMAPHORE_NON_ADMIN_CAN_CREATE_PROJECT
value: {{ .Values.general.nonAdminCanCreateProject | quote }}
- name: SEMAPHORE_USE_REMOTE_RUNNER
value: {{ .Values.general.useRemoteRunner | quote }}
- name: SEMAPHORE_DB_DIALECT
value: {{ .Values.database.type | quote }}
{{- if eq .Values.database.type "bolt" }}
- name: SEMAPHORE_DB_HOST
value: {{ .Values.database.path | quote }}
{{- else }}
- name: SEMAPHORE_DB_HOST
value: {{ .Values.database.host | quote }}
- name: SEMAPHORE_DB_PORT
value: {{ .Values.database.port | quote }}
- name: SEMAPHORE_DB
value: {{ .Values.database.name | quote }}
{{- if .Values.database.usernameFromSecret }}
- name: SEMAPHORE_DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.existingSecret | default (printf "%s-database" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.database.usernameKey }}
{{- else }}
- name: SEMAPHORE_DB_USER
value: {{ .Values.database.username | quote }}
{{- end }}
- name: SEMAPHORE_DB_PASS
valueFrom:
secretKeyRef:
name: {{ .Values.database.existingSecret | default (printf "%s-database" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.database.passwordKey }}
{{- end }}
{{- if .Values.database.options }}
- name: SEMAPHORE_DB_OPTIONS
value: {{ .Values.database.options | toJson | quote }}
{{- end }}
- name: SEMAPHORE_LDAP_ENABLE
value: {{ .Values.ldap.enable | quote }}
{{- if .Values.ldap.enable }}
- name: SEMAPHORE_LDAP_SERVER
value: {{ .Values.ldap.server | quote }}
- name: SEMAPHORE_LDAP_NEEDTLS
value: {{ .Values.ldap.needtls | quote }}
- name: SEMAPHORE_LDAP_SEARCH_DN
value: {{ .Values.ldap.searchdn | quote }}
- name: SEMAPHORE_LDAP_SEARCH_FILTER
value: {{ .Values.ldap.filter | quote }}
- name: SEMAPHORE_LDAP_BIND_DN
valueFrom:
secretKeyRef:
name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.ldap.binddnKey }}
- name: SEMAPHORE_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.ldap.passwordKey }}
{{- end }}
- name: SEMAPHORE_EMAIL_ALERT
value: {{ .Values.email.alert | quote }}
{{- if .Values.email.alert }}
- name: SEMAPHORE_EMAIL_SENDER
value: {{ .Values.email.sender | quote }}
- name: SEMAPHORE_EMAIL_HOST
value: {{ .Values.email.host | quote }}
- name: SEMAPHORE_EMAIL_PORT
value: {{ .Values.email.port | quote }}
- name: SEMAPHORE_EMAIL_SECURE
value: {{ .Values.email.secure | quote }}
- name: SEMAPHORE_EMAIL_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.email.existingSecret | default (printf "%s-email" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.email.usernameKey }}
- name: SEMAPHORE_EMAIL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.email.existingSecret | default (printf "%s-email" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.email.passwordKey }}
{{- end }}
- name: SEMAPHORE_TELEGRAM_ALERT
value: {{ .Values.telegram.alert | quote }}
{{- if .Values.telegram.alert }}
- name: SEMAPHORE_TELEGRAM_CHAT
valueFrom:
secretKeyRef:
name: {{ .Values.telegram.existingSecret | default (printf "%s-telegram" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.telegram.chatKey }}
- name: SEMAPHORE_TELEGRAM_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.telegram.existingSecret | default (printf "%s-telegram" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.telegram.tokenKey }}
{{- end }}
- name: SEMAPHORE_SLACK_ALERT
value: {{ .Values.slack.alert | quote }}
{{- if .Values.slack.alert }}
- name: SEMAPHORE_SLACK_URL
valueFrom:
secretKeyRef:
name: {{ .Values.slack.existingSecret | default (printf "%s-slack" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.slack.urlKey }}
{{- end }}
- name: SEMAPHORE_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.runner.existingSecret | default (printf "%s-runner" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.runner.tokenKey }}
- name: SEMAPHORE_COOKIE_HASH
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.secrets.cookieHashKey }}
- name: SEMAPHORE_COOKIE_ENCRYPTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.secrets.cookieEncryptionKey }}
- name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.existingSecret | default (printf "%s-general" (include "ansible-semaphore.fullname" .)) }}
key: {{ .Values.secrets.accesskeyEncryptionKey }}
{{- if or .Values.extraEnvSecrets .Values.extraEnvVariables }}
{{- range $key, $value := .Values.extraEnvSecrets }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ required "Must specify secret!" $value.secret }}
key: {{ required "Must specify key!" $value.key }}
{{- end }}
{{- range $key, $value := .Values.extraEnvVariables }}
- name: {{ $key }}
value: "{{ $value }}"
{{- end }}
{{- end }}
{{- if or .Values.envFromSecrets .Values.envFromConfigMaps }}

envFrom:
{{- range $name := .Values.envFromSecrets }}
- secretRef:
name: {{ $name }}
{{- end }}
{{- range $name := .Values.envFromConfigMaps }}
- configMapRef:
name: {{ $name }}
{{- end }}
{{- end }}
{{- if .Values.resources }}

resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- end }}

volumeMounts:
- name: config
mountPath: /etc/semaphore/config.json
subPath: config.json
- name: workdir
mountPath: {{ .Values.general.tmpPath }}
{{- if eq .Values.database.type "bolt" }}
- name: boltdb
mountPath: {{ .Values.database.path | dir }}
{{- end }}
{{- if .Values.general.additionalPythonPackages }}
- name: config
mountPath: /etc/semaphore/requirements.txt
subPath: requirements.txt
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.extraInitContainers }}
{{- toYaml .Values.extraInitContainers | nindent 8 }}
{{- end }}
{{- end }}

containers:
Expand Down
29 changes: 29 additions & 0 deletions stable/ansible-semaphore/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,35 @@ data:
{{- $token := (get $runnerSecretData .Values.runner.tokenKey) | default (randAlphaNum 32 | b64enc) }}
{{ .Values.runner.tokenKey }}: {{ .Values.runner.token | default ($token) }}
{{- end }}
{{- if and (not .Values.admin.existingSecret) (.Values.admin.create) }}
---
apiVersion: v1
kind: Secret

metadata:
name: {{ include "ansible-semaphore.fullname" . }}-admin
namespace: {{ .Release.Namespace }}
labels:
{{- include "ansible-semaphore.labels" . | nindent 4 }}
{{- if .Values.labels }}
{{- toYaml .Values.labels | nindent 4 }}
{{- end }}
{{- if .Values.annotations }}
annotations:
{{- toYaml .Values.annotations | nindent 4 }}
{{- end }}

type: Opaque
data:
{{- $adminSecretName := printf "%s-admin" (include "ansible-semaphore.fullname" .) }}
{{- $adminSecretObj := (lookup "v1" "Secret" .Release.Namespace $adminSecretName) | default dict }}
{{- $adminSecretData := (get $adminSecretObj "data") | default dict }}
{{- $adminPassword := (get $adminSecretData .Values.admin.passwordKey) | default (randAlphaNum 32 | b64enc) }}
{{ .Values.admin.fullnameKey }}: {{ .Values.admin.fullname | b64enc }}
{{ .Values.admin.usernameKey }}: {{ .Values.admin.username | b64enc }}
{{ .Values.admin.passwordKey }}: {{ .Values.admin.password | default ($adminPassword) }}
{{ .Values.admin.emailKey }}: {{ .Values.admin.email | b64enc }}
{{- end }}
{{- if and (not .Values.ldap.existingSecret) (.Values.ldap.enable) }}
---
apiVersion: v1
Expand Down
31 changes: 31 additions & 0 deletions stable/ansible-semaphore/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,37 @@ billing:
# -- Enable billing
enabled: false

admin:
# -- Create an local admin user
create: false

# -- Fullname for local admin
fullname: Admin

# -- Key used within secret for fullname
fullnameKey: fullname

# -- Username for local admin
username: admin

# -- Key used within secret for username
usernameKey: username

# -- Password for local admin
password:

# -- Key used within secret for password
passwordKey: password

# -- Email for local admin
email: admin@localhost

# -- Key used within secret for email
emailKey: email

# -- Existing secret to use for admin
existingSecret:

# -- Resources for the deployment
resources:
limits: {}
Expand Down

0 comments on commit 638765b

Please sign in to comment.