Merge pull request #633 from dduportal/feat/mirrorbits/rsyncd-config

feat(mirrorbits) use rsyncd restricted but customizable configuration
jenkins-infra · Aug 30, 2023 · c80e376 · c80e376
2 parents b3cd499 + 85b8919
commit c80e376
Show file tree

Hide file tree

Showing 9 changed files with 76 additions and 93 deletions.
diff --git a/charts/mirrorbits/Chart.yaml b/charts/mirrorbits/Chart.yaml
@@ -5,4 +5,4 @@ maintainers:
 - email: me@olblak.com
   name: olblak
 name: mirrorbits
-version: 0.61.1
+version: 0.62.0
diff --git a/charts/mirrorbits/templates/configmap.rsyncd.jenkins-motd.yaml b/charts/mirrorbits/templates/configmap.rsyncd.jenkins-motd.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.rsyncd.configurationFiles.jenkinsMotd.override }}
+{{- if and .Values.rsyncd.enabled .Values.rsyncd.configurationFiles.jenkinsMotd.override -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:

diff --git a/charts/mirrorbits/templates/configmap.rsyncd.rsyncd-conf.yaml b/charts/mirrorbits/templates/configmap.rsyncd.rsyncd-conf.yaml
@@ -1,9 +1,43 @@
-{{- if .Values.rsyncd.configurationFiles.rsyncdConf.override }}
+{{- if .Values.rsyncd.enabled -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "mirrorbits.fullname" . }}-rsyncd-conf
 data:
-  rsyncd.conf:
-{{ .Values.rsyncd.configurationFiles.rsyncdConf.content | indent 4 }}
+  rsyncd.conf: |
+    # /etc/rsyncd: configuration file for
+    rsync daemon mode
+
+    # See rsyncd.conf man page for more options.
+
+    # configuration example:
+
+    uid = {{ .Values.rsyncd.configuration.uid }}
+    gid = {{ .Values.rsyncd.configuration.gid }}
+    use chroot = yes
+    max connections = 0
+    pid file = /var/run/rsyncd.pid
+    exclude = lost+found/
+    transfer logging = yes
+    log file = /dev/stdout
+    ignore nonreadable = yes
+    dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
+    port = {{ .Values.rsyncd.configuration.port }}
+    # motd file = {{ .Values.rsyncd.configuration.motd_path }}
+    max verbosity = 4
+
+    # Timeout in seconds
+    timeout = 300
+
+    # Any attempted uploads will fail
+    read only = true
+
+    # Downloads will be possible if file permissions on the daemon side allow them
+    write only = false
+
+    hosts allow = {{ .Values.rsyncd.configuration.hosts_allow }}
+
+    [jenkins]
+    path = {{ .Values.rsyncd.configuration.datadir }}
+    comment = {{ .Values.rsyncd.configuration.comment }}
 {{- end -}}
diff --git a/charts/mirrorbits/templates/deployment.rsyncd.yaml b/charts/mirrorbits/templates/deployment.rsyncd.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.rsyncd.service.enabled .Values.repository.persistentVolumeClaim.enabled -}}
+{{- if .Values.rsyncd.enabled -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -41,18 +41,16 @@ spec:
           resources:
             {{- toYaml .Values.rsyncd.resources | nindent 12 }}
           volumeMounts:
-            - name: binary
-              mountPath: /srv/repo
+            - name: datadir
+              mountPath: {{ .Values.rsyncd.configuration.datadir }}
               readOnly: true
-            {{- if .Values.rsyncd.configurationFiles.rsyncdConf.override }}
             - name: rsyncd-conf
               mountPath: /etc/rsyncd.conf
               subPath: rsyncd.conf
               readOnly: true
-            {{- end }}
             {{- if .Values.rsyncd.configurationFiles.jenkinsMotd.override }}
             - name: jenkins-motd
-              mountPath: /etc/jenkins-motd
+              mountPath: {{ .Values.rsyncd.configuration.motd_path }}
               subPath: jenkins-motd
               readOnly: true
             {{- end }}
@@ -69,15 +67,16 @@ spec:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       volumes:
-        - name: binary
-          persistentVolumeClaim:
-            claimName: {{ .Values.repository.name | default (printf "%s-binary" (include "mirrorbits.fullname" .)) }}
-        {{- if .Values.rsyncd.configurationFiles.rsyncdConf.override }}
+        - name: datadir
+          {{- if .Values.rsyncd.volumes.datadir }}
+          {{- toYaml .Values.rsyncd.volumes.datadir | nindent 10 }}
+          {{- else }}
+          emptyDir:
+          {{- end }}
         - name: rsyncd-conf
           configMap:
             name: {{ include "mirrorbits.fullname" . }}-rsyncd-conf
-        {{- end }}
-        {{- if .Values.rsyncd.configurationFiles.rsyncdConf.override }}
+        {{- if .Values.rsyncd.configurationFiles.jenkinsMotd.override }}
         - name: jenkins-motd
           configMap:
             name: {{ include "mirrorbits.fullname" . }}-jenkins-motd

diff --git a/charts/mirrorbits/templates/service.rsyncd.yaml b/charts/mirrorbits/templates/service.rsyncd.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rsyncd.service.enabled .Values.repository.persistentVolumeClaim.enabled -}}
+{{- if .Values.rsyncd.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:

diff --git a/charts/mirrorbits/templates/tests/test-connection.yaml b/charts/mirrorbits/templates/tests/test-connection.yaml
diff --git a/charts/mirrorbits/tests/custom_values_test.yaml b/charts/mirrorbits/tests/custom_values_test.yaml
@@ -100,41 +100,21 @@ tests:
       - equal:
           path: spec.template.spec.containers[*].imagePullPolicy
           value: Always
-  - it: should create rsyncd deployment if rsyncd service is enabled and PVC is enabled
+  - it: should create rsyncd deployment if rsyncd is enabled
     template: deployment.rsyncd.yaml
     set:
       rsyncd:
-        service:
-          enabled: true
-      repository:
-        persistentVolumeClaim:
-          enabled: true
+        enabled: true
     asserts:
       - hasDocuments:
           count: 1
       - isKind:
           of: Deployment
-  - it: should create rsyncd deployment if only rsyncd service is enabled
-    template: deployment.rsyncd.yaml
-    set:
-      rsyncd:
-        service:
-          enabled: true
-      repository:
-        persistentVolumeClaim:
-          enabled: false
-    asserts:
-      - hasDocuments:
-          count: 0
-  - it: should create rsyncd service if rsyncd service and PVC are enabled
+  - it: should create rsyncd service if rsyncd is enabled
     template: service.rsyncd.yaml
     set:
       rsyncd:
-        service:
-          enabled: true
-      repository:
-        persistentVolumeClaim:
-          enabled: true
+        enabled: true
     asserts:
       - hasDocuments:
           count: 1

diff --git a/charts/mirrorbits/tests/defaults_test.yaml b/charts/mirrorbits/tests/defaults_test.yaml
@@ -10,6 +10,9 @@ templates:
   - secret.yaml # Direct dependency of deployment(.*).yaml
   - service.files.yaml
   - service.rsyncd.yaml
+  - configmap.rsyncd.rsyncd-conf.yaml
+  - configmap.rsyncd.jenkins-motd.yaml
+  - service.rsyncd.yaml
 tests:
   - it: should not create any ingress by default
     template: ingress.yaml
@@ -21,8 +24,12 @@ tests:
     asserts:
       - hasDocuments:
           count: 0
-  - it: should not create any rsyncd deployment by default
-    template: deployment.rsyncd.yaml
+  - it: should not create any rsyncd resource by default
+    templates:
+      - deployment.rsyncd.yaml
+      - configmap.rsyncd.rsyncd-conf.yaml
+      - configmap.rsyncd.jenkins-motd.yaml
+      - service.rsyncd.yaml
     asserts:
       - hasDocuments:
           count: 0

diff --git a/charts/mirrorbits/values.yaml b/charts/mirrorbits/values.yaml
@@ -106,8 +106,11 @@ repository:
     # data hold secrets data used by persistentVolume
     data: {}
 rsyncd:
+  enabled: false
+  volumes:
+    datadir: {}
+      # emptyDir:
   service:
-    enabled: false
     type: ClusterIP
     port: 873
     #    IP:
@@ -129,41 +132,16 @@ rsyncd:
     requests:
       cpu: 50m
       memory: 64Mi
+  configuration:
+    datadir: /srv/repo
+    uid: nobody
+    gid: nogroup
+    motd_path: /etc/jenkins.motd
+    port: 873
+    hosts_allow: '*'
+    comment: "Jenkins Read-Only Mirror"
   # Custom configuration files used to override default rsyncd settings defined in https://github.com/jenkins-infra/docker-rsyncd/tree/main/config
   configurationFiles:
-    rsyncdConf:
-      override: false
-      # content: |-
-      #    # /etc/rsyncd: configuration file for
-      #    rsync daemon mode
-      #
-      #    # See rsyncd.conf man page for more options.
-      #
-      #    # configuration example:
-      #
-      #    uid = nobody
-      #    gid = nogroup
-      #    use chroot = yes
-      #    max connections = 0
-      #    pid file = /var/run/rsyncd.pid
-      #    exclude = lost+found/
-      #    transfer logging = yes
-      #    log file = /dev/stdout
-      #    ignore nonreadable = yes
-      #    dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
-      #    port = 873
-      #    motd file = /etc/jenkins.motd
-      #
-      #    # Timeout in seconds
-      #    timeout = 300
-      #
-      #    # Any attempted uploads will fail
-      #    read only = true
-      #
-      #    # Downloads will be possible if file permissions on the daemon side allow them
-      #    write only = false
-      #
-      #    hosts allow = localhost, get.jenkins.io, mirrors.jenkins-ci.org,172.16.0.0/12,10.0.0.0/8,192.168.0.0/16
     jenkinsMotd:
       override: false
       # content: |-