DB secret for OpenFGA

Author: prabhatsharma

charts/openobserve-standalone/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.min.io
   version: 5.3.0
 digest: sha256:c539f29a4cbdeef50e73fccb320917baf7e08913288b2b2ba68f89f0eaf266de
-generated: "2025-04-27T06:49:29.099602-07:00"
+generated: "2025-04-29T17:16:27.935648-07:00"

charts/openobserve/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: https://charts.min.io
   version: 5.3.0
 digest: sha256:12e13eef5ed1113d7d687def21c8ef2acdae7514500fac3737d968234bdbcc7d
-generated: "2025-04-27T06:49:25.318084-07:00"
+generated: "2025-04-29T17:16:23.750897-07:00"

charts/openobserve/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.14.60
+version: 0.14.61
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/openobserve/basic_check.sh

@@ -1,3 +1,4 @@
 #!/bin/sh
 
 helm -n o2 template . -f values.yaml > o2.yaml
+# helm -n o2 template . -f test_values_external_secret.yaml > o2.yaml

charts/openobserve/templates/openfga-deployment.yaml

@@ -22,16 +22,18 @@ spec:
           env:
             - name: OPENFGA_DATASTORE_ENGINE
               value: postgres
+            {{- if .Values.postgres.enabled }}
             - name: OPENFGA_DATASTORE_URI
-              {{- if .Values.postgres.enabled }}
               value: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable"
-              {{- else if .Values.auth.ZO_META_POSTGRES_DSN }}
+            {{- else if .Values.auth.ZO_META_POSTGRES_DSN }}
+            - name: OPENFGA_DATASTORE_URI
               value: "{{ .Values.auth.ZO_META_POSTGRES_DSN }}"
-              {{- else }}
+            {{- else if .Values.config.ZO_META_POSTGRES_DSN }}
+            - name: OPENFGA_DATASTORE_URI
               value: "{{ .Values.config.ZO_META_POSTGRES_DSN }}"
-              {{- end }}
+            {{- end }}
           envFrom:
-            - secretRef:  # postgres detail can be picked up from secret
+            - secretRef:  # postgres detail can be picked up from secret if not found anywhere else
                 name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }}
           resources:
             limits:

charts/openobserve/test.sh

@@ -4,7 +4,7 @@ export TERM=xterm-256color
 # Configuration
 NAMESPACE="${1:-openobserve}"    # Use first argument as namespace, default to 'openobserve' if not provided
 RELEASE_NAME="${2:-o2}"          # Use second argument as release name, default to 'o2' if not provided
-NAMESPACE="o2"
+NAMESPACE="o3"
 RELEASE_NAME="o2"
 # Function to check pod status
 check_pods() {
@@ -53,6 +53,19 @@ check_pods() {
     fi
 }
 
+uninstall() {
+    local namespace=$1
+    local release_name=$2
+    
+    echo "Uninstalling OpenObserve..."
+    helm --namespace "$namespace" uninstall "$release_name"
+    if [ $? -ne 0 ]; then
+        echo "Failed to uninstall OpenObserve"
+        return 1
+    fi
+    echo "OpenObserve uninstalled successfully"
+}
+
 # Function to cleanup resources
 cleanup() {
     local namespace=$1
@@ -61,10 +74,6 @@ cleanup() {
 
     echo -e "\nStarting cleanup..."
 
-    # Uninstall helm release
-    echo "Uninstalling OpenObserve helm release: ${release_name}..."
-    helm --namespace "$namespace" uninstall "$release_name"
-    
     # Delete namespace
     echo "Deleting namespace: ${namespace}"
     kubectl delete namespace "$namespace"
@@ -79,40 +88,111 @@ cleanup() {
     exit $exit_code
 }
 
+setup() {
+
+    # Check if CloudNative PostgreSQL Operator is already installed
+    if kubectl get deployment -n cnpg-system cloudnative-pg-controller-manager &> /dev/null; then
+        echo "CloudNative PostgreSQL Operator is already installed."
+    else
+        # Install CloudNative PostgreSQL Operator (prerequisite)
+        echo "Installing CloudNative PostgreSQL Operator..."
+        kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.22/releases/cnpg-1.22.1.yaml
+    fi
+
+    # wait for the operator to get ready
+    echo "Waiting for PostgreSQL Operator to be ready..."
+    while true; do
+        if kubectl get pods -n cnpg-system | grep -q "Running"; then
+            echo "PostgreSQL Operator is ready!"
+            break
+        else
+            echo "Waiting for PostgreSQL Operator to be ready..."
+            sleep 5
+        fi
+    done
+
+    local namespace=$1
+    local release_name=$2
+
+    # Check if the namespace already exists
+    if kubectl get namespace "$namespace" > /dev/null 2>&1; then
+        echo "Namespace '${namespace}' already exists. Skipping creation."
+    else
+        echo "Creating namespace '${namespace}'..."
+        kubectl create namespace "$namespace"
+    fi
+
+    # Check if OpenObserve is already installed
+    if helm --namespace "$namespace" list | grep -q "$release_name"; then
+        echo "OpenObserve is already installed. Skipping installation."
+        return 0
+    fi
+}
+
+# Function to install OpenObserve and its dependencies
+test_basic() {
+    local namespace=$1
+    local release_name=$2
+
+    # Create namespace
+    echo "Creating namespace: ${namespace}"
+    kubectl create namespace "$namespace"
+
+    # Install OpenObserve helm chart
+    echo "Installing OpenObserve helm chart (Release: ${release_name}) in namespace: ${namespace}"
+    helm --namespace "$namespace" upgrade --install "$release_name" . -f values.yaml
+
+    return $?
+}
+
+# Function to install OpenObserve external_secret
+test_with_external_secret() {
+    local namespace=$1
+    local release_name=$2
+
+    # Create namespace
+    echo "Creating namespace: ${namespace}"
+    kubectl create namespace "$namespace"
+    
+    kubectl -n "$namespace" apply -f test_secret.yaml
+
+    # Install OpenObserve helm chart
+    echo "Installing OpenObserve helm chart (Release: ${release_name}) in namespace: ${namespace}"
+    helm --namespace "$namespace" upgrade --install "$release_name" . -f test_values_external_secret.yaml
+
+    return $?
+}
+
 # Print configuration
 echo "Using configuration:"
 echo "  Namespace: ${NAMESPACE}"
 echo "  Release Name: ${RELEASE_NAME}"
 echo -e "-------------------\n"
 
-# Start minikube
-echo "Starting minikube cluster..."
-# minikube start
-# if [ $? -ne 0 ]; then
-#     echo "Failed to start minikube cluster"
-#     exit 1
-# fi
-
-# Install CloudNative PostgreSQL Operator (prerequisite)
-echo "Installing CloudNative PostgreSQL Operator..."
-kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.22/releases/cnpg-1.22.1.yaml
+# Setup basic prerequisites
+setup "$namespace" "$release_name"
+if [ $? -ne 0 ]; then
+    echo "Failed to setup prerequisites. Exiting."
+    return 1
+fi
 
-# wait for the operator to get ready by sleeping
-sleep 60
+# Test 1 - Install basic installation of OpenObserve and dependencies
+# test_basic "$NAMESPACE" "$RELEASE_NAME"
+# # Check pod status
+# check_pods "$NAMESPACE"
+# exit_status=$?
 
-# Add OpenObserve helm repository
-# echo "Adding OpenObserve helm repository..."
-# helm repo add openobserve https://charts.openobserve.ai
-# helm repo update
+# if [ $exit_status -eq 0 ]; then
+#     echo -e "\033[1;92m OpenObserve deployment completed successfully in namespace: ${NAMESPACE}  \033[0m"
+# else
+#     echo -e "\033[1;31m OpenObserve deployment encountered issues in namespace: ${NAMESPACE} . Please check the pod status above. \033[0m"
+# fi
 
-# Create namespace
-echo "Creating namespace: ${NAMESPACE}"
-kubectl create namespace "$NAMESPACE"
+# uninstall "$namespace" "$release_name"
 
-# Install OpenObserve helm chart
-echo "Installing OpenObserve helm chart (Release: ${RELEASE_NAME}) in namespace: ${NAMESPACE}"
-helm --namespace "$NAMESPACE" upgrade --install "$RELEASE_NAME" . -f values.yaml
 
+# Test #2 - Install OpenObserve with external secret
+test_with_external_secret "$NAMESPACE" "$RELEASE_NAME"
 # Check pod status
 check_pods "$NAMESPACE"
 exit_status=$?
@@ -123,12 +203,14 @@ else
     echo -e "\033[1;31m OpenObserve deployment encountered issues in namespace: ${NAMESPACE} . Please check the pod status above. \033[0m"
 fi
 
+# uninstall "$namespace" "$release_name"
+
 # Setup trap for Ctrl+C
-trap 'cleanup "$NAMESPACE" "$RELEASE_NAME" $exit_status' INT
+# trap 'cleanup "$NAMESPACE" "$RELEASE_NAME" $exit_status' INT
 
 # Pause to show results before cleanup
 # echo -e "\nTest completed. Press Enter to cleanup or Ctrl+C to keep the deployment..."
 # read -r
 
 # Perform cleanup
-cleanup "$NAMESPACE" "$RELEASE_NAME" $exit_status
+# cleanup "$NAMESPACE" "$RELEASE_NAME" $exit_status

charts/openobserve/test_secret.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: super-secret
+type: Opaque
+stringData:
+  ZO_ROOT_USER_EMAIL: "[email protected]"
+  ZO_ROOT_USER_PASSWORD: "Complexpass#123"
+
+  # do not need to set this if enabled minio is being used. settings will be picked from minio section. Also IRSA is preferred if on EKS. Set the Service account section with the correct IAM role ARN. Refer https://zinc.dev/docs/guide/ha_deployment/#amazon-eks-s3
+  ZO_S3_ACCESS_KEY: ""
+  ZO_S3_SECRET_KEY: ""
+
+  AZURE_STORAGE_ACCOUNT_KEY: ""
+  AZURE_STORAGE_ACCOUNT_NAME: ""
+  ZO_META_POSTGRES_DSN: "postgres://openobserve:Batman123@o2-openobserve-postgres-rw:5432/app"
+  OPENFGA_DATASTORE_URI: "postgres://openobserve:Batman123@o2-openobserve-postgres-rw:5432/app"
+  ZO_META_POSTGRES_RO_DSN: ""
+  ZO_TRACING_HEADER_KEY: "Authorization"
+  ZO_TRACING_HEADER_VALUE: "Basic cm9vdEBleGFtcGxlLmNvbTpDb21wbGV4cGFzcyMxMjM="
+  ZO_RUM_CLIENT_TOKEN: ""
+  ZO_REPORT_USER_EMAIL: "" # Check details at https://github.com/openobserve/o2_report_server
+  ZO_REPORT_USER_PASSWORD: ""
+  ZO_SMTP_USER_NAME: "ABAAQQQQFFFFF" # Replace with your own SMTP username
+  ZO_SMTP_PASSWORD: "+fjlahsguykevfkajvjk#jsbj43$bjkjbkk" # Replace with your own SMTP password