diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5942cd0c..14f965ce 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -81,6 +81,7 @@ jobs: - name: Update gh-pages branch run: | git fetch origin + git config pull.ff only git pull origin gh-pages - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index da28cc60..00000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# See https://pre-commit.com for more information -# See https://pre-commit.com/hooks.html for more hooks -repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 - hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-added-large-files - - id: fix-byte-order-marker - - id: check-case-conflict - - id: check-executables-have-shebangs - - id: check-yaml - args: [--allow-multiple-documents] - exclude: ^charts/.*/templates/ diff --git a/README.md b/README.md index 34334ad0..64bfc3ef 100644 --- a/README.md +++ b/README.md @@ -14,13 +14,6 @@ helm repo update ## Development -1. (Optional) Install the [pre-commit](https://pre-commit.com/) hooks - - ```sh - pip install pre-commit - pre-commit install - ``` - 1. (Optional) Setup a KinD cluster with Nginx ingress support ```sh diff --git a/charts/datashield/Chart.yaml b/charts/datashield/Chart.yaml index 25959329..43b25ae7 100644 --- a/charts/datashield/Chart.yaml +++ b/charts/datashield/Chart.yaml @@ -23,7 +23,7 @@ dependencies: version: 2.28.0 deprecated: false kubeVersion: ">= 1.19.0" -version: 0.7.47 +version: 0.7.48 annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/containsSecurityUpdates: "false" @@ -37,4 +37,8 @@ annotations: # When using the list of objects option the valid supported kinds are # added, changed, deprecated, removed, fixed and security. - kind: changed - description: "Updated common to 2.28.0" + description: "Updated docker.io/obiba/opal to sha256:9a04a429e5d9b80cb67d0129c487a97068a0a24329b9f1902177c58106f1917b" + - kind: changed + description: "Ingress backend port switched to https" + - kind: changed + description: "Removed NGINX-specific annotations from ingress" diff --git a/charts/datashield/README.md b/charts/datashield/README.md index 93e4e40e..818bbcdd 100644 --- a/charts/datashield/README.md +++ b/charts/datashield/README.md @@ -42,7 +42,7 @@ helm install --create-namespace -n datashield datashield oci://ghcr.io/miracum/c | opal.database.ids.username | string | `"opal_ids_password"` | username used to connect to the DB. Note that this name is currently used even if postgresql.enabled=true | | opal.extraEnv | list | `[]` | extra environment variables to set on the opal api container | | opal.imagePullSecrets | list | `[]` | image pull secrets used by the opal container | -| opal.ingress.annotations | object | `{"nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/force-ssl-redirect":"true"}` | extra annotations to apply to the Ingress resource | +| opal.ingress.annotations | object | `{}` | extra annotations to apply to the Ingress resource | | opal.ingress.className | string | `""` | ingressClassName to use | | opal.ingress.enabled | bool | `false` | create an Ingress for the application | | opal.ingress.hosts | list | `[{"host":"opal.127.0.0.1.nip.io","paths":[{"path":"/","pathType":"ImplementationSpecific","portName":"http"}]}]` | list of ingress hosts | diff --git a/charts/datashield/templates/opal/ingress.yaml b/charts/datashield/templates/opal/ingress.yaml index b2bf1b6c..e45185bd 100644 --- a/charts/datashield/templates/opal/ingress.yaml +++ b/charts/datashield/templates/opal/ingress.yaml @@ -36,7 +36,7 @@ spec: service: name: {{ $fullName }} port: - name: {{ default "http" .portName }} + name: {{ default "https" .portName }} {{- end }} {{- end }} {{- end }} diff --git a/charts/datashield/values.yaml b/charts/datashield/values.yaml index 1797e021..efe56376 100644 --- a/charts/datashield/values.yaml +++ b/charts/datashield/values.yaml @@ -12,7 +12,7 @@ opal: image: registry: docker.io repository: obiba/opal - tag: 5.0.3@sha256:d655f7a2e5bba2852873e570f4d8682f05d8770a681ee849102e0acbbc651fd3 + tag: 5.0.3@sha256:9a04a429e5d9b80cb67d0129c487a97068a0a24329b9f1902177c58106f1917b pullPolicy: IfNotPresent auth: @@ -31,11 +31,7 @@ opal: # -- ingressClassName to use className: "" # -- extra annotations to apply to the Ingress resource - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + annotations: {} # -- list of ingress hosts hosts: - host: opal.127.0.0.1.nip.io @@ -133,8 +129,8 @@ opal: drop: - ALL runAsNonRoot: true - runAsUser: 100 - runAsGroup: 65534 + runAsUser: 10041 + runAsGroup: 10041 readOnlyRootFilesystem: false seccompProfile: type: RuntimeDefault