From 867840303c7f9aa661451b42909ca209a7ced335 Mon Sep 17 00:00:00 2001
From: Wajih Yassine <54372074+wajihyassine@users.noreply.github.com>
Date: Mon, 16 Sep 2024 08:35:06 -0700
Subject: [PATCH] charts/timesketch Add ability to provide existing config
 through ConfigMap and update docs around config updates (#165)

* Add documentation around updating TS configs and allow external configs to be provided

* Update README.md with readme-generator-for-helm

Signed-off-by: wajihyassine <wajihyassine@users.noreply.github.com>

* Capitilize steps

---------

Signed-off-by: wajihyassine <wajihyassine@users.noreply.github.com>
Co-authored-by: wajihyassine <wajihyassine@users.noreply.github.com>
---
 charts/timesketch/Chart.yaml                  |  2 +-
 charts/timesketch/README.md                   | 96 +++++++++++++++++++
 charts/timesketch/templates/_helpers.tpl      |  8 ++
 .../timesketch/templates/init-configmap.yaml  |  1 +
 .../timesketch/templates/web-deployment.yaml  |  2 +-
 .../templates/worker-deployment.yaml          |  2 +-
 charts/timesketch/values.yaml                 |  5 +
 7 files changed, 113 insertions(+), 3 deletions(-)

diff --git a/charts/timesketch/Chart.yaml b/charts/timesketch/Chart.yaml
index 804b966b..8f0ad215 100644
--- a/charts/timesketch/Chart.yaml
+++ b/charts/timesketch/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: timesketch
-version: 1.0.6
+version: 1.0.7
 description: A Helm chart for Timesketch Kubernetes deployments.
 keywords:
 - timesketch
diff --git a/charts/timesketch/README.md b/charts/timesketch/README.md
index a8eafd26..e223f4ef 100644
--- a/charts/timesketch/README.md
+++ b/charts/timesketch/README.md
@@ -173,6 +173,7 @@ kubectl delete pvc -l release=my-release
 | Name                                                 | Description                                                                                                                           | Value       |
 | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
 | `config.override`                                    | Overrides the default Timesketch configs to instead use a user specified directory if present on the root directory of the Helm chart | `configs/*` |
+| `config.existingConfigMap`                           | Use an existing ConfigMap as the default Timesketch config.                                                                           | `""`        |
 | `config.createUser`                                  | Creates a default Timesketch user that can be used to login to Timesketch after deployment                                            | `true`      |
 | `config.oidc.enabled`                                | Enables Timesketch OIDC authentication (currently only supports Google OIDC)                                                          | `false`     |
 | `config.oidc.existingSecret`                         | Existing secret with the client ID, secret and cookie secret                                                                          | `""`        |
@@ -357,6 +358,101 @@ image tag to `latest` and increasing persistent volume size of an existing volum
 to 10 Terabytes. Note that existing data will not be deleted and instead triggers an expansion
 of the volume that backs the underlying PersistentVolume. See [here](https://kubernetes.io/docs/concepts/storage/persistent-volumes/).
 
+### Managing and updating Timesketch configs
+
+This section outlines how to deploy and manage Timesketch configuration files within OSDFIR infrastructure. There are three primary methods:
+
+1. **Using Default Configurations**
+
+    If you don't provide your own Timesketch config files during deployment,
+    the Timesketch deployment will automatically retrieve the latest default configs
+    from the Timesketch Github repository. This method requires no further action from you.
+
+    > **NOTE:**  When using the default method, you cannot update the Timesketch config files directly.
+
+2. **Embedding Timesketch configs in the Helm Chart**
+
+    To customize Timesketch with your own config files and include them directly in the Helm chart deployment, follow these steps:
+
+    1. Download and Extract the Helm chart:
+
+        ```console
+        helm pull osdfir-charts/timesketch --untar
+        cd timesketch/
+        ```
+
+    2. Download the default Timesketch configs:
+
+        ```console
+        ./tools/download-timesketch-configs.sh
+        ```
+
+        This script downloads the default Timesketch configuration files to the `config/` directory within the extracted Helm chart directory.
+
+    3. Modify config files then deploy the Helm chart:
+
+        ```console
+        helm install my-release ../timesketch 
+        ```
+
+        > **NOTE**: The Helm chart checks the path specified in `config.override` for existing config files. By default this path is set to `configs/` within the Helm chart directory.
+
+    To update configs changes using this method:
+
+    1. Modify Configuration Files
+
+        Make the necessary changes to your configuration files in the `config/` directory.
+
+    2. Upgrade the Helm Release:
+
+        ```console
+        helm upgrade my-release ../timesketch
+        ```
+
+        This will automatically apply the updated config changes and restart the Timesketch deployment so the changes can be picked up.
+
+
+3. **Managing Timesketch configs externally**
+
+    For more advanced configuration management, you can manage Timesketch config
+    files independently of the Helm chart:
+
+    1. Prepare your Config Files:
+
+        Organize all the Timesketch configuration files in a directory with your
+        desired customizations.
+
+    2. Create a ConfigMap:
+
+        ```console
+        kubectl create configmap timesketch-configs --from-file=./my-configs/
+        ```
+
+        Replace `./my-configs/` with the actual path to your configuration files.
+
+    3. Install or Upgrade the Helm Chart:
+
+        ```console
+        helm install my-release osdfir-charts/timesketch --set config.existingConfigMap="timesketch-configs"
+        ```
+
+        This command instructs the Helm chart to use the `timesketch-configs` ConfigMap for
+        Timesketch's config files.
+
+    To update the config changes using this method:
+
+    1. Update the ConfigMap:
+
+        ```console
+        kubectl create configmap timesketch-configs --from-file=./my-configs/ --dry-run -o yaml | kubectl replace -f -
+        ```
+
+    2. Restart the Timesketch deployment to apply the new configs
+
+        ```console
+        kubectl rollout restart deployment -l app.kubernetes.io/name=timesketch
+        ```
+
 ### Upgrade Timesketch Database Schema
 
 From time to time, a Timesketch release requires a manual database upgrade if
diff --git a/charts/timesketch/templates/_helpers.tpl b/charts/timesketch/templates/_helpers.tpl
index 14330760..cdc454d4 100644
--- a/charts/timesketch/templates/_helpers.tpl
+++ b/charts/timesketch/templates/_helpers.tpl
@@ -171,4 +171,12 @@ Timesketch service port
 {{- else -}}
 {{- printf "%s-access-list" (include "timesketch.fullname" .) -}}
 {{- end -}}
+{{- end -}}
+
+{{- define "timesketch.configmap" -}}
+{{- if .Values.config.existingConfigMap -}}
+{{- .Values.config.existingConfigMap -}}
+{{- else -}}
+{{- include "timesketch.fullname" . }}-configmap
+{{- end -}}
 {{- end -}}
\ No newline at end of file
diff --git a/charts/timesketch/templates/init-configmap.yaml b/charts/timesketch/templates/init-configmap.yaml
index 19e50825..1e3a08c5 100644
--- a/charts/timesketch/templates/init-configmap.yaml
+++ b/charts/timesketch/templates/init-configmap.yaml
@@ -16,6 +16,7 @@ data:
 
     if [ $(ls /tmp/timesketch/ | wc -l) -gt 0 ]; then
       echo "Using existing configuration files provided."
+      ls /tmp/timesketch
       cp /tmp/timesketch/* /etc/timesketch/
     else
       echo -n "* Fetching configuration files.." 
diff --git a/charts/timesketch/templates/web-deployment.yaml b/charts/timesketch/templates/web-deployment.yaml
index dca67c32..73a4a4c9 100644
--- a/charts/timesketch/templates/web-deployment.yaml
+++ b/charts/timesketch/templates/web-deployment.yaml
@@ -85,7 +85,7 @@ spec:
           emptyDir: {}
         - name: uploaded-configs
           configMap:
-            name: {{ include "timesketch.fullname" . }}-configmap
+            name: {{ include "timesketch.configmap" . }}
             optional: true
         {{- if .Values.config.oidc.authenticatedEmailsFile.enabled }}
         - name: authenticated-emails
diff --git a/charts/timesketch/templates/worker-deployment.yaml b/charts/timesketch/templates/worker-deployment.yaml
index 0f90b160..ad7b568a 100644
--- a/charts/timesketch/templates/worker-deployment.yaml
+++ b/charts/timesketch/templates/worker-deployment.yaml
@@ -74,7 +74,7 @@ spec:
           emptyDir: {}
         - name: uploaded-configs
           configMap:
-            name: {{ include "timesketch.fullname" . }}-configmap
+            name: {{ include "timesketch.configmap" . }}
             optional: true
         {{- if .Values.config.oidc.authenticatedEmailsFile.enabled }}
         - name: authenticated-emails
diff --git a/charts/timesketch/values.yaml b/charts/timesketch/values.yaml
index e5b43ee6..ba8f5a8d 100644
--- a/charts/timesketch/values.yaml
+++ b/charts/timesketch/values.yaml
@@ -70,6 +70,11 @@ config:
   ## script packaged along with this Helm chart.
   ##
   override: configs/*
+  ## @param config.existingConfigMap Use an existing ConfigMap as the default Timesketch config.
+  ## Please ensure that the ConfigMap has been created prior to deployment
+  ## (e.g. kubectl create configmap timesketch-configs --from-file=timesketch-configs/)
+  ##
+  existingConfigMap: ""
   ## @param config.createUser Creates a default Timesketch user that can be used to login to Timesketch after deployment
   ##
   createUser: true