diff --git a/mantisbt/index.yaml b/mantisbt/index.yaml index 6184614..87821cd 100644 --- a/mantisbt/index.yaml +++ b/mantisbt/index.yaml @@ -3,17 +3,17 @@ entries: mantisbt: - apiVersion: v2 appVersion: 2.27.0 - created: "2025-12-15T13:17:25.365016+01:00" + created: "2025-12-15T15:15:41.372342+01:00" dependencies: - condition: mariadb.enabled name: mariadb repository: https://charts.bitnami.com/bitnami version: 19.*.* description: MantisBT Bug Tracker - A Helm chart for Kubernetes - digest: 551c7fa565a9ff177bdc237e5aa7618745aef3f80b56927cf8445b97ea0a8806 + digest: c2c8609f8789e8cda33da558c41540c05da0b0bd5b4b0d13f11e3dcaf9f3159e name: mantisbt type: application urls: - - https://gitea.innovation-hub-niedersachsen.de/innohub/charts/raw/main/mantisbt/mantisbt-0.4.0.tgz - version: 0.4.0 -generated: "2025-12-15T13:17:25.361809+01:00" + - https://gitea.innovation-hub-niedersachsen.de/innohub/charts/raw/main/mantisbt/mantisbt-0.4.1.tgz + version: 0.4.1 +generated: "2025-12-15T15:15:41.369286+01:00" diff --git a/mantisbt/mantisbt-0.4.0.tgz b/mantisbt/mantisbt-0.4.0.tgz deleted file mode 100644 index 65e07d0..0000000 Binary files a/mantisbt/mantisbt-0.4.0.tgz and /dev/null differ diff --git a/mantisbt/mantisbt-0.4.1.tgz b/mantisbt/mantisbt-0.4.1.tgz new file mode 100644 index 0000000..538c951 Binary files /dev/null and b/mantisbt/mantisbt-0.4.1.tgz differ diff --git a/mantisbt/mantisbt/Chart.yaml b/mantisbt/mantisbt/Chart.yaml index 8f60eaf..c220137 100644 --- a/mantisbt/mantisbt/Chart.yaml +++ b/mantisbt/mantisbt/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mantisbt description: MantisBT Bug Tracker - A Helm chart for Kubernetes type: application -version: "0.4.0" +version: "0.4.1" appVersion: "2.27.0" dependencies: diff --git a/mantisbt/mantisbt/argocd-application.yaml b/mantisbt/mantisbt/argocd-application.yaml new file mode 100644 index 0000000..30992f8 --- /dev/null +++ b/mantisbt/mantisbt/argocd-application.yaml @@ -0,0 +1,82 @@ +# ArgoCD Application für MantisBT v0.4.0 (mit xlrl/mantisbt) +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mantisbt + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: 'https://gitea.innovation-hub-niedersachsen.de/innohub/charts/raw/main/mantisbt' + targetRevision: 0.4.* + chart: mantisbt + helm: + values: | + image: + repository: xlrl/mantisbt + tag: "latest" + + ingress: + enabled: true + className: traefik + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.entrypoints: websecure + cert-manager.io/cluster-issuer: lets-encrypt + hosts: + - mantisbt.innovation-hub-niedersachsen.de + tls: + - secretName: mantisbt-tls + hosts: + - mantisbt.innovation-hub-niedersachsen.de + + mantisbt: + # WICHTIG: Nach der Installation auf "0" setzen! + enableAdmin: "1" + timezone: "Europe/Berlin" + # Master Salt - WICHTIG: Einmal setzen und nicht mehr ändern! + masterSalt: "shJaiK32W2tABdTZjwRUrZN+90AWLHXaLKiOt1Fwpaw=" + + persistence: + enabled: true + storageClass: longhorn + size: 10Gi + + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 512Mi + cpu: 500m + + mariadb: + enabled: true + image: + tag: "latest" + auth: + database: mantisbt + username: mantisbt + password: "MantisDBPassword_2024!" + rootPassword: "RootDBPassword_2024!" + primary: + persistence: + enabled: true + storageClass: longhorn + size: 8Gi + + destination: + server: 'https://kubernetes.default.svc' + namespace: mantisbt + syncPolicy: + managedNamespaceMetadata: + labels: + pod-security.kubernetes.io/enforce: "privileged" + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true diff --git a/mantisbt/mantisbt/templates/deployment.yaml b/mantisbt/mantisbt/templates/deployment.yaml index b767194..3a88feb 100644 --- a/mantisbt/mantisbt/templates/deployment.yaml +++ b/mantisbt/mantisbt/templates/deployment.yaml @@ -63,6 +63,12 @@ spec: value: {{ .Values.mantisbt.timezone | default "Europe/Berlin" | quote }} - name: MANTIS_ENABLE_ADMIN value: {{ .Values.mantisbt.enableAdmin | default "1" | quote }} + # Master salt from secret - keeps crypto keys stable across deployments + - name: MASTER_SALT + valueFrom: + secretKeyRef: + name: {{ template "mantisbt.fullname" . }}-secret + key: master-salt {{- range $key := .Values.env }} {{- if .value }} - name: {{ .name }} diff --git a/mantisbt/mantisbt/templates/secret.yaml b/mantisbt/mantisbt/templates/secret.yaml index 9b1e977..97b0d6e 100644 --- a/mantisbt/mantisbt/templates/secret.yaml +++ b/mantisbt/mantisbt/templates/secret.yaml @@ -10,11 +10,8 @@ metadata: type: Opaque stringData: database-password: {{ include "mantisbt.databasePassword" . | quote }} - admin-password: {{ .Values.mantisbt.adminPassword | quote }} - master-salt: {{ randAlphaNum 64 | b64enc | quote }} - {{- if .Values.mantisbt.email.smtpPassword }} - smtp-password: {{ .Values.mantisbt.email.smtpPassword | quote }} - {{- end }} + # Master salt - use provided value or generate random one + master-salt: {{ .Values.mantisbt.masterSalt | default (randAlphaNum 64 | b64enc) | quote }} {{- range .Values.secretEnv }} {{ .name }}: {{ .value | quote }} {{- end }} diff --git a/mantisbt/mantisbt/values.yaml b/mantisbt/mantisbt/values.yaml index 9df716d..426d616 100644 --- a/mantisbt/mantisbt/values.yaml +++ b/mantisbt/mantisbt/values.yaml @@ -74,6 +74,11 @@ mantisbt: # Timezone (xlrl uses MANTIS_TIMEZONE) timezone: "Europe/Berlin" + + # Master Salt for crypto - IMPORTANT: Set this to keep it stable across deployments! + # If not set, a random one will be generated (but changes on each deploy) + # Generate with: openssl rand -base64 32 + masterSalt: "" # Environment variables env: []