From c3cb5b4ea9ce530fa3ff6e3d08f932534df33d1d Mon Sep 17 00:00:00 2001
From: Cedric Verstraeten <cedric@verstraeten.io>
Date: Tue, 19 Mar 2024 21:39:29 +0100
Subject: [PATCH] add export feature + force mfa + and more fixes

---
 charts/hub/Chart.yaml                         |   4 +-
 .../kerberos-pipeline/pipe-export.yaml        | 125 ++++++++++++++++++
 charts/hub/values.yaml                        |  15 ++-
 3 files changed, 139 insertions(+), 5 deletions(-)
 create mode 100644 charts/hub/templates/kerberos-pipeline/pipe-export.yaml

diff --git a/charts/hub/Chart.yaml b/charts/hub/Chart.yaml
index c0bfe06..55588df 100644
--- a/charts/hub/Chart.yaml
+++ b/charts/hub/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.51.0
+version: 0.52.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.1.1"
+appVersion: "1.2.0"
diff --git a/charts/hub/templates/kerberos-pipeline/pipe-export.yaml b/charts/hub/templates/kerberos-pipeline/pipe-export.yaml
new file mode 100644
index 0000000..f8a4ec8
--- /dev/null
+++ b/charts/hub/templates/kerberos-pipeline/pipe-export.yaml
@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pipe-export
+spec:
+  replicas: {{ .Values.kerberospipeline.export.replicas }}
+  selector:
+    matchLabels:
+      app: pipe-export
+  minReadySeconds: 10
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: pipe-export
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: pipe-export
+        image: "{{ .Values.kerberospipeline.export.repository }}:{{ .Values.kerberospipeline.export.tag }}"
+        imagePullPolicy: {{ .Values.kerberospipeline.export.pullPolicy }}
+        {{- with .Values.kerberospipeline.export.resources }}
+        resources:
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
+        env:
+        - name: CLOUD_PROVIDER
+          value: "{{ .Values.cloudProvider }}"
+        - name: QUEUE_SYSTEM
+          value: "{{ .Values.queueProvider }}"
+
+        # Database
+        - name: MONGODB_DATABASE_CLOUD
+          value: "Kerberos"
+        - name: MONGODB_URI
+          value: "{{ .Values.mongodb.uri }}"
+        - name: MONGODB_HOST
+          value: "{{ .Values.mongodb.host }}"
+        - name: MONGODB_DATABASE_CREDENTIALS
+          value: "{{ .Values.mongodb.adminDatabase }}"
+        - name: MONGODB_USERNAME
+          value: "{{ .Values.mongodb.username }}"
+        - name: MONGODB_PASSWORD
+          value: "{{ .Values.mongodb.password }}"
+
+        # Kafka settings
+        - name: KAFKA_BROKER
+          value: "{{ .Values.kafka.broker }}"
+        - name: KAFKA_USERNAME
+          value: "{{ .Values.kafka.username }}"
+        - name: KAFKA_PASSWORD
+          value: "{{ .Values.kafka.password }}"
+        - name: KAFKA_MECHANISM
+          value: "{{ .Values.kafka.mechanism }}"
+        - name: KAFKA_SECURITY
+          value: "{{ .Values.kafka.security }}"
+
+        # RabbitMQ settings
+        - name: RABBITMQ_HOST
+          value: "{{ .Values.rabbitmq.host }}"
+        - name: RABBITMQ_EXCHANGE
+          value: "{{ .Values.rabbitmq.exchange }}"
+        - name: RABBITMQ_USERNAME
+          value: "{{ .Values.rabbitmq.username }}"
+        - name: RABBITMQ_PASSWORD
+          value: "{{ .Values.rabbitmq.password }}"
+          
+        # Kerberos Vault (Main instance, within Kerberos Hub you can assign additional Vaults to sites).
+        - name: STORAGE_URI
+          value: "{{ .Values.kerberosvault.uri }}"
+        - name: STORAGE_ACCESS_KEY
+          value: "{{ .Values.kerberosvault.accesskey }}"
+        - name: STORAGE_SECRET_KEY
+          value: "{{ .Values.kerberosvault.secretkey }}"
+
+        # Kerberos Vault: archiving credentials. When creating a task, the underlying recording will be
+        # copied to this storage provider, using the specific account credentials, for deletion/retention.
+        - name: STORAGE_ARCHIVE_PROVIDER
+          value: "{{ .Values.kerberosvault.archive.provider }}"
+        - name: STORAGE_ARCHIVE_ACCESS_KEY
+          value: "{{ .Values.kerberosvault.archive.accesskey }}"
+        - name: STORAGE_ARCHIVE_SECRET_KEY
+          value: "{{ .Values.kerberosvault.archive.secretkey }}"
+
+        # Sprites
+        - name: SPRITE_ENABLED
+          value: "{{ .Values.kerberospipeline.sprite.enabled }}"
+        - name: VAULT_SPRITE_PROVIDER
+          value: "{{ .Values.kerberosvault.sprite.provider }}"
+        - name: VAULT_SPRITE_ACCESS_KEY
+          value: "{{ .Values.kerberosvault.sprite.accessKey }}"
+        - name: VAULT_SPRITE_SECRET_KEY
+          value: "{{ .Values.kerberosvault.sprite.secretKey }}"
+        # Thumbnails
+        - name: THUMBNAIL_VAULT_ENABLED
+          value: "{{ .Values.kerberospipeline.thumbnail.kerberosvault.enabled }}"
+        - name: VAULT_THUMBNAIL_PROVIDER
+          value: "{{ .Values.kerberosvault.thumbnail.provider }}"
+        - name: VAULT_THUMBNAIL_ACCESS_KEY
+          value: "{{ .Values.kerberosvault.thumbnail.accessKey }}"
+        - name: VAULT_THUMBNAIL_SECRET_KEY
+          value: "{{ .Values.kerberosvault.thumbnail.secretKey }}"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: pipe-export
+    service: pipe
+  name: pipe-export
+spec:
+  ports:
+    - name: hub-metrics
+      port: 8080
+      targetPort: 8080
+      protocol: TCP
+  selector:
+    app: pipe-export
\ No newline at end of file
diff --git a/charts/hub/values.yaml b/charts/hub/values.yaml
index 2b02db0..4e98316 100644
--- a/charts/hub/values.yaml
+++ b/charts/hub/values.yaml
@@ -151,7 +151,7 @@ kerberoshub:
   api:
     repository: kerberos/hub-api
     pullPolicy: IfNotPresent
-    tag: "1.0.1195226311"
+    tag: "1.0.1219162731"
     replicas: 2
     jwtSecret: "this-is-a-secret-please-change-to-random-string" # change to a random value, this is for generating JWT tokens.
     schema: "https"
@@ -230,7 +230,7 @@ kerberoshub:
   frontend:
     repository: kerberos/hub-frontend
     pullPolicy: IfNotPresent
-    tag: "1.0.1172733722"
+    tag: "1.0.1219811275"
     replicas: 2
     schema: "https"
     url: "yourdomain.com"
@@ -464,7 +464,7 @@ kerberospipeline:
   analysis:
     repository: kerberos/pipe-analysis
     pullPolicy: IfNotPresent
-    tag: "1.0.6256066045"
+    tag: "1.0.6426898456"
     replicas: 1
     resources:
       requests:
@@ -524,3 +524,12 @@ kerberospipeline:
       limits:
         memory: 2Gi
         cpu: 1000m
+  export:
+    repository: kerberos/pipe-export
+    pullPolicy: IfNotPresent
+    tag: "1.0.6427528901"
+    replicas: 2
+    resources:
+      requests:
+        memory: 10Mi
+        cpu: 10m
\ No newline at end of file