Fix config override, service port origination, bump to v1 (#107)

* Fix config override, service port origination, bump to v1

* Fix yeti values.yaml

* Update README.md with readme-generator-for-helm

Signed-off-by: wajihyassine <[email protected]>

---------

Signed-off-by: wajihyassine <[email protected]>
Co-authored-by: wajihyassine <[email protected]>

charts/timesketch/Chart.yaml

@@ -1,12 +1,13 @@
 apiVersion: v2
 name: timesketch
-version: 0.3.5
+version: 1.0.0
 description: A Helm chart for Timesketch Kubernetes deployments.
 keywords:
 - timesketch
 - dfir
 - analysis
-home: "https://github.com/google/timesketch"
+- security
+home: "https://timesketch.org/"
 dependencies:
 - condition: postgresql.enabled
   name: postgresql
@@ -21,15 +22,14 @@ dependencies:
   version: 2.14.1
   repository: https://opensearch-project.github.io/helm-charts/
 maintainers:
-  - name: Wajih Yassine
-    url: https://github.com/wajihyassine
-  - name: Johan Berggren
-    url: https://github.com/berggren
+  - name: Open Source DFIR
+    email: [email protected]
+    url: https://github.com/google/osdfir-infrastructure
 sources:
 - https://github.com/google/timesketch
-- https://timesketch.org/
+- https://github.com/google/osdfir-infrastructure
 icon: https://raw.githubusercontent.com/google/timesketch/master/timesketch/frontend-ng/dist/timesketch-color.png
-appVersion: "20230913"
+appVersion: "latest"
 annotations:
   category: Security
   licenses: Apache-2.0

charts/timesketch/README.md

@@ -100,12 +100,12 @@ kubectl delete pvc -l release=my-release
 
 | Name                            | Description                                                                                  | Value   |
 | ------------------------------- | -------------------------------------------------------------------------------------------- | ------- |
-| `global.timesketch.enabled`     | Enables the Timesketch deployment (only used in the main OSDFIR Infrastructure Helm chart)   | `true`  |
-| `global.timesketch.servicePort` | Timesketch service port (overrides `timesketch.service.port`)                                | `5000`  |
+| `global.timesketch.enabled`     | Enables the Timesketch deployment (only used in the main OSDFIR Infrastructure Helm chart)   | `false` |
+| `global.timesketch.servicePort` | Timesketch service port (overrides `timesketch.service.port`)                                | `nil`   |
 | `global.turbinia.enabled`       | Enables the Turbinia deployment (only used within the main OSDFIR Infrastructure Helm chart) | `false` |
-| `global.turbinia.servicePort`   | Turbinia API service port (overrides `turbinia.service.port`)                                | `8080`  |
+| `global.turbinia.servicePort`   | Turbinia API service port (overrides `turbinia.service.port`)                                | `nil`   |
 | `global.yeti.enabled`           | Enables the Yeti deployment (only used in the main OSDFIR Infrastructure Helm chart)         | `false` |
-| `global.yeti.servicePort`       | Yeti API service port (overrides `yeti.api.service.port`)                                    | `8000`  |
+| `global.yeti.servicePort`       | Yeti API service port (overrides `yeti.api.service.port`)                                    | `nil`   |
 | `global.existingPVC`            | Existing claim for Timesketch persistent volume (overrides `persistent.name`)                | `""`    |
 | `global.storageClass`           | StorageClass for the Timesketch persistent volume (overrides `persistent.storageClass`)      | `""`    |
 
@@ -293,7 +293,7 @@ for more details.
 
 ## License
 
-Copyright © 2023 Timesketch
+Copyright © 2023 OSDFIR Infrastructure
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

charts/timesketch/templates/_initContainer.tpl

@@ -4,7 +4,6 @@ this file has been created which then applies to both the Timesketch Web and
 Worker pod upon startup.
 */}}
 {{- define "timesketch.initContainer" -}}
-{{- $userconfigs := .Files.Glob .Values.config.override }}
 - name: init-timesketch
   image: alpine/git
   command: ['sh', '-c', '/init/init-timesketch.sh']
@@ -42,8 +41,6 @@ Worker pod upon startup.
       name: init-timesketch
     - mountPath: /etc/timesketch
       name: timesketch-configs
-    {{- if $userconfigs }}
     - mountPath: /tmp/timesketch
       name: uploaded-configs
-    {{- end }}
 {{- end }}

charts/timesketch/templates/gcp/backendconfig.yaml

@@ -13,5 +13,5 @@ spec:
     unhealthyThreshold: 2
     type: HTTP
     requestPath: /login/
-    port: {{ include "timesketch.service.port" . }}
+    port: 5000
 {{- end }}

charts/timesketch/templates/init-configmap.yaml

@@ -14,18 +14,18 @@ data:
     mkdir -p /etc/timesketch
     cd /etc/timesketch
 
-    {{- $userconfigs := .Files.Glob .Values.config.override }}
-    {{- if $userconfigs }}
-    cp /tmp/timesketch/* /etc/timesketch/
-    {{- else }}
-    echo -n "* Fetching configuration files.." 
-    GITHUB_BASE_URL="https://raw.githubusercontent.com/google/timesketch/master"
-    # Fetch default Timesketch config files
-    git clone https://github.com/google/timesketch.git
-    cp -r timesketch/data/* /etc/timesketch/
-    rm -rf timesketch
-    echo "OK"
-    {{- end}}
+    if [ $(ls /tmp/timesketch/ | wc -l) -gt 0 ]; then
+      echo "Using existing configuration files provided."
+      cp /tmp/timesketch/* /etc/timesketch/
+    else
+      echo -n "* Fetching configuration files.." 
+      GITHUB_BASE_URL="https://raw.githubusercontent.com/google/timesketch/master"
+      # Fetch default Timesketch config files
+      git clone https://github.com/google/timesketch.git
+      cp -r timesketch/data/* /etc/timesketch/
+      rm -rf timesketch
+      echo "OK"
+    fi
 
     # Set up the Redis connection
     sed -i 's#^CELERY_BROKER_URL =.*#CELERY_BROKER_URL = {{ (include "timesketch.redis.url" .) | quote }}#' timesketch.conf

charts/timesketch/templates/service.yaml

@@ -8,13 +8,14 @@ metadata:
   {{- if and (.Values.ingress.enabled) ( eq .Values.ingress.className "gce") }}
   annotations:
     cloud.google.com/neg: '{"ingress": true}'
-    cloud.google.com/backend-config: '{"ports": {"{{ include "timesketch.service.port" . }}":"{{ include "timesketch.fullname" . }}-backend-config"}}'
+    cloud.google.com/backend-config: '{"ports": {"5000":"{{ include "timesketch.fullname" . }}-backend-config"}}'
   {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ include "timesketch.service.port" . }}
       protocol: TCP
+      targetPort: 5000
   selector:
     app.kubernetes.io/component: frontend
     {{- include "timesketch.selectorLabels" . | nindent 4 }}

charts/timesketch/templates/web-deployment.yaml

@@ -1,4 +1,3 @@
-{{- $userconfigs := .Files.Glob .Values.config.override }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -70,7 +69,7 @@ spec:
             {{- if .Values.metrics.enabled }}
             - containerPort: {{ .Values.metrics.port }}
             {{- end }}
-            - containerPort: {{ include "timesketch.service.port" . }}
+            - containerPort: 5000
           resources:
             {{- toYaml .Values.frontend.resources | nindent 12 }}
       volumes:
@@ -84,11 +83,10 @@ spec:
             defaultMode: 0744
         - name: timesketch-configs
           emptyDir: {}
-        {{- if $userconfigs }}
         - name: uploaded-configs
           configMap:
             name: {{ include "timesketch.fullname" . }}-configmap
-        {{- end }}
+            optional: true
       {{- with .Values.frontend.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/timesketch/templates/worker-deployment.yaml

@@ -1,4 +1,3 @@
-{{- $userconfigs := .Files.Glob .Values.config.override }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -59,7 +58,7 @@ spec:
             {{- if .Values.metrics.enabled }}
             - containerPort: {{ .Values.metrics.port }}
             {{- end }}
-            - containerPort: {{ include "timesketch.service.port" . }}
+            - containerPort: 5000
           resources:
             {{- toYaml .Values.worker.resources | nindent 12 }}
       volumes:
@@ -73,11 +72,10 @@ spec:
             defaultMode: 0744
         - name: timesketch-configs
           emptyDir: {}
-        {{- if $userconfigs }}
         - name: uploaded-configs
           configMap:
             name: {{ include "timesketch.fullname" . }}-configmap
-        {{- end }}
+            optional: true
       {{- with .Values.worker.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/timesketch/values.yaml

@@ -10,24 +10,24 @@ global:
   timesketch:
     ## @param global.timesketch.enabled Enables the Timesketch deployment (only used in the main OSDFIR Infrastructure Helm chart)
     ##
-    enabled: true
+    enabled: false
     ## @param global.timesketch.servicePort Timesketch service port (overrides `timesketch.service.port`)
     ##
-    servicePort: 5000
+    servicePort:
   turbinia:
     ## @param global.turbinia.enabled Enables the Turbinia deployment (only used within the main OSDFIR Infrastructure Helm chart)
     ##
     enabled: false
     ## @param global.turbinia.servicePort Turbinia API service port (overrides `turbinia.service.port`)
     ##
-    servicePort: 8080
+    servicePort:
   yeti:
     ## @param global.yeti.enabled Enables the Yeti deployment (only used in the main OSDFIR Infrastructure Helm chart)
     ##
     enabled: false
     ## @param global.yeti.servicePort Yeti API service port (overrides `yeti.api.service.port`)
     ##
-    servicePort: 8000
+    servicePort:
   ## @param global.existingPVC Existing claim for Timesketch persistent volume (overrides `persistent.name`)
   ##
   existingPVC: ""