fix: release changes to allow for config from external source

charts/yeti/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: yeti
-version: 1.0.2
+version: 1.0.3
 description: A Helm chart for Yeti Kubernetes deployments.
 keywords:
 - yeti

charts/yeti/templates/_helpers.tpl

@@ -9,11 +9,7 @@ Expand the name of the chart.
 Create a default fully qualified app name.
 */}}
 {{- define "yeti.fullname" -}}
-{{- if contains .Chart.Name .Release.Name }}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name "yeti" | trunc 63 | trimSuffix "-" }}
-{{- end }}
 {{- end }}
 
 {{/*

charts/yeti/templates/config.yaml

@@ -1,181 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "timesketch.fullname" . }}-init-configmap
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "timesketch.labels" . | nindent 4 }}
-data:
-  yeti.conf: |
-    [system]
-
-    ##
-    ## Basic system settings
-    ##
-
-    # if export_path is not set, then the default value is /tmp
-    export_path = /opt/yeti/exports
-    logging = /var/log/yeti_user_activity.log
-    plugins_path = ./plugins
-    audit_logfile = /var/log/yeti_audit.log
-
-    # Public scheme + hostname + port for Yeti. Use it if you want to specify an
-    # OIDC callback
-    # for testing use also a port number, e.g. http://localhost:8000
-    # webroot =
-
-    [auth]
-
-    ##
-    ## Use these settings to configure Yeti authentication.
-    ##
-
-    # oidc, local
-    module = oidc
-
-    # to get a stronger value run:
-    # openssl rand -hex 32
-    # SECRET_KEY = SECRET
-    # ALGORITHM = HS256
-    # ACCESS_TOKEN_EXPIRE_MINUTES = 30
-    enabled = True
-
-    # OIDC
-    #
-    # Google can be used as an OIDC provider:
-    #  See Instructions here: https://developers.google.com/identity/protocols/oauth2
-    #
-    # OIDC_CLIENT_ID = LONGRANDOMSTRING.apps.googleusercontent.com
-    # OIDC_CLIENT_SECRET = BLABLA-BLABLABLA
-    # OIDC_DISCOVERY_URL = https://accounts.google.com/.well-known/openid-configuration
-
-    [tag]
-
-    ##
-    ## Use these settings to configure Yeti tags.
-    ## If you specify default_tag_expiration = 7776000, then the tag will expire for 90 days.
-    ## Value must be in seconds (7776000 seconds is 90 days).
-    ##
-
-    # default_tag_expiration = 7776000
-
-    [arangodb]
-
-    ##
-    ## Use these settings to configure how to connect to your ArangoDB database.
-    ## All settings are optional, with default values being the one in the comment.
-    ## If you do not specify a username and password, there will be no authentication.
-    ##
-
-    # host = arangodb
-    # port = 8529
-    # username = root
-    # password =
-    # database = yeti_dev
-
-    [redis]
-
-    ##
-    ## Use these settings to configure how to connect to your redis server.
-    ## All settings are optional, with default values being the one in the comment.
-    ##
-
-    # host = redis
-    # port = 6379
-    # database = 0
-    # tls = ok
-
-    [misp]
-
-    ##
-    ## Use this setting in order to specify a comma-separated list of MISP instances
-    ## that should be taken into account by the MISP feed.
-    ##
-
-    # instances = misp_1
-
-    [misp_1]
-
-    ##
-    ## For each instance in the 'misp.instances' setting, you should specify a
-    ## configuration block with this format, in order to specify at least the URL
-    ## and the auth key.
-    ##
-
-    # name = MISP_1
-    # url = MISP_URL
-    # key = MISP_AUTH_KEY
-    # galaxy_filter = filtering_galaxy_to_drop
-    # days = days_history_to_change_by_default_60_days
-    # verifycert = true_or_false
-
-    [proxy]
-
-    # Format proxies like socks5://user:pass@host:port
-
-    http =
-    https =
-
-    [github]
-    # Generate token: https://github.com/settings/tokens
-    # Select repo only
-    # no token - limit 60 r/h
-    # w/ token - limit 5k r/h
-    # token =
-
-    [otx]
-    key = YourOTXKey
-    days = 1
-
-    [abuseIPDB]
-    key = YourKey
-
-    [phishtank]
-    key=
-
-    [vt]
-    key=
-
-    [passivedns]
-    login=
-    password=
-    url=
-
-    [circl_passivessl]
-    username=
-    password=
-
-    [circl_pdns]
-    username=
-    password=
-
-    [dnsdb]
-    api_key=
-
-    [macaddressio]
-    api_key=
-
-    [malshare]
-    api_key=
-
-    [timesketch]
-    endpoint =
-    username =
-    password =
-
-    [censys]
-    api_key =
-    secret =
-
-    [shodan]
-
-    # Set result_limit to -1 for unlimited results, default is 100
-
-    api_key =
-    result_limit =
-
-
-    [dfiq]
-
-    # Comma-separated list of additional directories to load DFIQ objects from.
-    extra_dirs = /dfiq

charts/yeti/templates/deployment-api.yaml

@@ -48,6 +48,15 @@ spec:
             - containerPort: 8000
           resources:
             {{- toYaml .Values.backend.api.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/yeti.conf
+              subPath: yeti.conf
+              name: yeti-conf
+              readOnly: true
+      volumes:
+        - name: yeti-conf
+          secret:
+            secretName: {{ .Values.existingConfigSecret }}
       {{- with .Values.backend.api.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/yeti/templates/deployment-tasks.yaml

@@ -43,6 +43,16 @@ spec:
             {{- end }}
           resources:
             {{- toYaml .Values.backend.tasks.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/yeti.conf
+              subPath: yeti.conf
+              name: yeti-conf
+              readOnly: true
+      volumes:
+        - name: yeti-conf
+          secret:
+            secretName: {{ .Values.existingConfigSecret }}
+
       {{- with .Values.backend.tasks.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/yeti/tests/values.yaml

@@ -1,31 +0,0 @@
-config:
-  externalUrl: https://cache.example.com/
-
-persistence:
-  existingClaim: attic
-
-initContainers:
-  dbInit:
-    image:
-      repository: ghcr.io/onedr0p/postgres-init
-      tag: "16"
-    envFrom:
-    - secretRef:
-        name: attic-secret
-
-envFromSecret: attic-secret
-
-image:
-  repository: ghcr.io/zhaofengli/attic
-  tag: 4dbdbee45728d8ce5788db6461aaaa89d98081f0
-
-postgres:
-  secretName: attic-secret
-
-resources:
-  limits:
-    memory: "3Gi"
-    cpu: "1000m"
-#  requests:
-#    cpu: 100m
-#    memory: 250Mi

charts/yeti/values.yaml

@@ -1,4 +1,5 @@
 existingSecret: yeti-secret
+existingConfigSecret: yeti-conf
 
 frontend:
   image: