dBildungsplattform · JannikBadenhop · Nov 15, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 14, 2024
diff --git a/charts/dbp-moodle/README.md b/charts/dbp-moodle/README.md
@@ -28,18 +28,30 @@ The Chart can be deployed without any modification but it is advised to set own
 |-----|------|---------|-------------|
 | backup-cronjob.affinity | object | `{}` |  |
 | backup-cronjob.clusterRole.create | bool | `false` |  |
-| backup-cronjob.env[0].name | string | `"DATABASE_PASSWORD"` |  |
-| backup-cronjob.env[0].valueFrom.secretKeyRef.key | string | `"mariadb-password"` |  |
-| backup-cronjob.env[0].valueFrom.secretKeyRef.name | string | `"moodle"` |  |
-| backup-cronjob.env[1].name | string | `"AWS_ACCESS_KEY_ID"` |  |
-| backup-cronjob.env[1].valueFrom.secretKeyRef.key | string | `"s3_access_key"` |  |
-| backup-cronjob.env[1].valueFrom.secretKeyRef.name | string | `"moodle-backup-s3"` |  |
-| backup-cronjob.env[2].name | string | `"AWS_SECRET_ACCESS_KEY"` |  |
-| backup-cronjob.env[2].valueFrom.secretKeyRef.key | string | `"s3_access_secret"` |  |
-| backup-cronjob.env[2].valueFrom.secretKeyRef.name | string | `"moodle-backup-s3"` |  |
-| backup-cronjob.env[3].name | string | `"S3_BACKUP_REGION_URL"` |  |
-| backup-cronjob.env[3].valueFrom.secretKeyRef.key | string | `"s3_endpoint_url"` |  |
-| backup-cronjob.env[3].valueFrom.secretKeyRef.name | string | `"moodle-backup-s3"` |  |
+| backup-cronjob.env[0].name | string | `"DATABASE_HOST"` |  |
+| backup-cronjob.env[0].valueFrom.secretKeyRef.key | string | `"host"` |  |
+| backup-cronjob.env[0].valueFrom.secretKeyRef.name | string | `"moodle-database"` |  |
+| backup-cronjob.env[1].name | string | `"DATABASE_PORT"` |  |
+| backup-cronjob.env[1].valueFrom.secretKeyRef.key | string | `"port"` |  |
+| backup-cronjob.env[1].valueFrom.secretKeyRef.name | string | `"moodle-database"` |  |
+| backup-cronjob.env[2].name | string | `"DATABASE_NAME"` |  |
+| backup-cronjob.env[2].valueFrom.secretKeyRef.key | string | `"name"` |  |
+| backup-cronjob.env[2].valueFrom.secretKeyRef.name | string | `"moodle-database"` |  |
+| backup-cronjob.env[3].name | string | `"DATABASE_USER"` |  |
+| backup-cronjob.env[3].valueFrom.secretKeyRef.key | string | `"user"` |  |
+| backup-cronjob.env[3].valueFrom.secretKeyRef.name | string | `"moodle-database"` |  |
+| backup-cronjob.env[4].name | string | `"DATABASE_PASSWORD"` |  |
+| backup-cronjob.env[4].valueFrom.secretKeyRef.key | string | `"mariadb-password"` |  |
+| backup-cronjob.env[4].valueFrom.secretKeyRef.name | string | `"moodle"` |  |
+| backup-cronjob.env[5].name | string | `"AWS_ACCESS_KEY_ID"` |  |
+| backup-cronjob.env[5].valueFrom.secretKeyRef.key | string | `"s3_access_key"` |  |
+| backup-cronjob.env[5].valueFrom.secretKeyRef.name | string | `"moodle-backup-s3"` |  |
+| backup-cronjob.env[6].name | string | `"AWS_SECRET_ACCESS_KEY"` |  |
+| backup-cronjob.env[6].valueFrom.secretKeyRef.key | string | `"s3_access_secret"` |  |
+| backup-cronjob.env[6].valueFrom.secretKeyRef.name | string | `"moodle-backup-s3"` |  |
+| backup-cronjob.env[7].name | string | `"S3_BACKUP_REGION_URL"` |  |
+| backup-cronjob.env[7].valueFrom.secretKeyRef.key | string | `"s3_endpoint_url"` |  |
+| backup-cronjob.env[7].valueFrom.secretKeyRef.name | string | `"moodle-backup-s3"` |  |
 | backup-cronjob.extraVolumeMounts[0].mountPath | string | `"/scripts/"` |  |
 | backup-cronjob.extraVolumeMounts[0].name | string | `"moodle-backup-script"` |  |
 | backup-cronjob.extraVolumeMounts[1].mountPath | string | `"/mountData"` |  |
@@ -119,6 +131,7 @@ The Chart can be deployed without any modification but it is advised to set own
 | dbpMoodle.name | string | `"infra"` |  |
 | dbpMoodle.phpConfig.additional | string | `""` | Any additional text to be included into the config.php |
 | dbpMoodle.phpConfig.debug | bool | `false` | Moodle debugging is not safe for production |
+| dbpMoodle.phpConfig.existingConfig | string | `""` | Provide an existing secret containing the config.php instead of generating it from chart -- Remember to adjust moodle.extraVolumes & moodle.extraVolumeMounts when setting this. -- Secret key is by default expected to be config.php |
 | dbpMoodle.phpConfig.extendedLogging | bool | `false` | Extended php logging |
 | dbpMoodle.redis | object | `{"host":"moodle-redis-master","password":"","port":6379}` | Configurations for the optional redis |
 | dbpMoodle.restore | object | `{"affinity":{},"enabled":false,"existingSecretDatabase":"moodle","existingSecretGPG":"","existingSecretKeyDatabase":"","existingSecretKeyS3Access":"","existingSecretKeyS3Secret":"","existingSecretS3":"","image":"ghcr.io/dbildungsplattform/moodle-tools:1.0.7","resources":{"limits":{"cpu":"2000m","memory":"16Gi"},"requests":{"cpu":"1000m","memory":"8Gi"}},"rules":[{"apiGroups":["apps"],"resources":["deployments/scale","deployments"],"verbs":["get","list","scale","patch"]}],"tolerations":[]}` | This restores moodle to the latest snapshot. Requires an existing s3 backup. ONLY USE FOR ROLLBACK |
@@ -222,14 +235,14 @@ The Chart can be deployed without any modification but it is advised to set own
 | moodle.extraEnvVars[3].name | string | `"MOODLE_PLUGINS"` |  |
 | moodle.extraEnvVars[3].valueFrom.configMapKeyRef.key | string | `"moodle-plugin-list"` |  |
 | moodle.extraEnvVars[3].valueFrom.configMapKeyRef.name | string | `"moodle-plugins"` |  |
-| moodle.extraVolumeMounts[0].mountPath | string | `"/moodleconfig"` |  |
-| moodle.extraVolumeMounts[0].name | string | `"moodle-config"` |  |
+| moodle.extraVolumeMounts[0].mountPath | string | `"/moodleconfig/php-ini"` |  |
+| moodle.extraVolumeMounts[0].name | string | `"moodle-php-ini"` |  |
 | moodle.extraVolumeMounts[0].readOnly | bool | `true` |  |
-| moodle.extraVolumes[0].name | string | `"moodle-config"` |  |
-| moodle.extraVolumes[0].secret.defaultMode | int | `420` |  |
-| moodle.extraVolumes[0].secret.items[0] | object | `{"key":"config.php","path":"config.php"}` | The custom config.php file that is used to configure moodle to use the database and redis (if activated) |
-| moodle.extraVolumes[0].secret.items[1] | object | `{"key":"php.ini","path":"php.ini"}` | The php.ini which installs the php-redis extension to enable the use for redis |
-| moodle.extraVolumes[0].secret.secretName | string | `"moodle-config"` |  |
+| moodle.extraVolumeMounts[1].mountPath | string | `"/moodleconfig/config-php"` |  |
+| moodle.extraVolumeMounts[1].name | string | `"moodle-php-config"` |  |
+| moodle.extraVolumeMounts[1].readOnly | bool | `true` |  |
+| moodle.extraVolumes[0] | object | `{"configMap":{"defaultMode":420,"items":[{"key":"php.ini","path":"php.ini"}],"name":"moodle-php-ini"},"name":"moodle-php-ini"}` | The php.ini which installs the php-redis extension to enable the use for redis |
+| moodle.extraVolumes[1] | object | `{"name":"moodle-php-config","secret":{"defaultMode":420,"items":[{"key":"config.php","path":"config.php"}],"secretName":"moodle-php-config"}}` | The custom config.php file that is used to configure moodle to use the database and redis (if activated) |
 | moodle.image.debug | bool | `false` | Debug mode for more detailed moodle installation and log output |
 | moodle.image.pullPolicy | string | `"Always"` |  |
 | moodle.image.registry | string | `"ghcr.io"` |  |
@@ -243,7 +256,7 @@ The Chart can be deployed without any modification but it is advised to set own
 | moodle.ingress.extraHosts | list | `[]` | Any additional hostnames, needs to be "name: URL" value pairs |
 | moodle.ingress.hostname | string | `"example.de"` | The hostname of the moodle application |
 | moodle.ingress.tls | bool | `true` |  |
-| moodle.mariadb | object | `{"enabled":false}` | The mariadb included in bitnami/moodle chart. For this chart usage of mariadb.enabled with moodle.externalDatabase.type="mariadb" is recommended |
+| moodle.mariadb | object | `{"database":"bitnami_moodle","enabled":false,"username":"bn_moodle"}` | The mariadb included in bitnami/moodle chart. For this chart usage of mariadb.enabled with moodle.externalDatabase.type="mariadb" is recommended |
 | moodle.metrics.enabled | bool | `true` |  |
 | moodle.metrics.resources | object | `{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"10m","memory":"16Mi"}}` | Resources have to be set so that the horizontal pod autoscaler for moodle can read the moodle cpu consumption correctly |
 | moodle.metrics.service.type | string | `"ClusterIP"` |  |

diff --git a/charts/dbp-moodle/scripts/backup.sh b/charts/dbp-moodle/scripts/backup.sh
@@ -77,12 +77,13 @@ cd "${backup_dir}"
 echo "=== Start DB dump ==="
 export DATE=$( date "+%Y-%m-%d" )
 
-{{ if .Values.mariadb.enabled }}
-MYSQL_PWD="$DATABASE_PASSWORD" mysqldump -h {{ .Release.Name }}-mariadb -P {{ .Values.mariadb.primary.containerPorts.mysql }} -u {{ .Values.mariadb.auth.username }} {{ .Values.mariadb.auth.database }} > moodle_mariadb_dump_$DATE.sql
-gzip moodle_mariadb_dump_$DATE.sql
-{{ else }}
-PGPASSWORD="$DATABASE_PASSWORD" pg_dump -h {{ .Release.Name }}-postgresql -p {{ .Values.postgresql.containerPorts.postgresql }} -U postgres {{ .Values.postgresql.auth.database }} > moodle_postgresqldb_dump_$DATE.sql
-gzip moodle_postgresqldb_dump_$DATE.sql
+# shellcheck disable=all
+{{ if or .Values.mariadb.enabled (eq .Values.moodle.externalDatabase.type "mariadb") }}
+MYSQL_PWD="$DATABASE_PASSWORD" mysqldump -h "$DATABASE_HOST" -P "$DATABASE_PORT" -u "$DATABASE_USER" "$DATABASE_NAME" > "moodle_mariadb_dump_${DATE}.sql"
+gzip "moodle_mariadb_dump_${DATE}.sql"
+{{ else if or .Values.postgresql.enabled (eq .Values.moodle.externalDatabase.type "pgsql") }}
+PGPASSWORD="$DATABASE_PASSWORD" pg_dump -h "$DATABASE_HOST" -p "$DATABASE_PORT" -U "$DATABASE_USER" "$DATABASE_NAME" > "moodle_postgresqldb_dump_${DATE}.sql"
+gzip "moodle_postgresqldb_dump_${DATE}.sql"
 {{ end }}
 
 # Get moodle folder

diff --git a/charts/dbp-moodle/scripts/config.php b/charts/dbp-moodle/scripts/config.php
@@ -40,6 +40,10 @@
 $CFG->session_redis_compressor = 'none';
 {{- end }}
 
+{{ with .Values.dbpMoodle.phpConfig.additional -}}
+{{- . }}
+{{- end }}
+
 require_once(__DIR__ . '/lib/setup.php');
 
 {{- if .Values.dbpMoodle.phpConfig.extendedLogging }}
@@ -63,8 +67,5 @@
 $CFG->debugsqltrace = 0;
 {{- end }}
 
-{{ with .Values.dbpMoodle.phpConfig.additional -}}
-{{- . }}
-{{- end }}
 // There is no php closing tag in this file,
 // it is intentional because it prevents trailing whitespace problems!
diff --git a/charts/dbp-moodle/templates/configmaps/moodle-php-ini-configmap.yaml b/charts/dbp-moodle/templates/configmaps/moodle-php-ini-configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: moodle-php-ini
+  namespace: {{ .Release.Namespace }}
+data:
+  php.ini: |
+    {{- .Files.Get "scripts/php.ini" | nindent 4 }}
diff --git a/charts/dbp-moodle/templates/secrets/moodle-config-secret.yaml b/charts/dbp-moodle/templates/secrets/moodle-config-secret.yaml
@@ -1,9 +1,10 @@
+{{ if not .Values.dbpMoodle.phpConfig.existingConfig -}}
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: moodle-config
+  name: moodle-php-config
   namespace: {{ .Release.Namespace }}
 data:
-  php.ini: {{ .Files.Get "scripts/php.ini" | b64enc }}
-  config.php: {{ tpl (.Files.Get "scripts/config.php") . | b64enc }}
+  config.php: {{ tpl (.Files.Get "scripts/config.php") . | b64enc }}
+{{- end -}}
diff --git a/charts/dbp-moodle/templates/secrets/moodle-database-secret.yaml b/charts/dbp-moodle/templates/secrets/moodle-database-secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: "moodle-database"
+  namespace: "{{ .Release.Namespace }}"
+stringData:
+  {{ if .Values.moodle.mariadb.enabled -}}
+  type: "mariadb"
+  host: "moodle-mariadb-0"
+  port: "3306"
+  user: "{{ .Values.moodle.mariadb.username }}"
+  name: "{{ .Values.moodle.mariadb.database }}"
+  {{- else if .Values.moodle.externalDatabase -}}
+  type: "{{ .Values.moodle.externalDatabase.type }}"
+  host: "{{ .Values.moodle.externalDatabase.host }}"
+  port: "{{ .Values.moodle.externalDatabase.port }}"
+  user: "{{ .Values.moodle.externalDatabase.user }}"
+  name: "{{ .Values.moodle.externalDatabase.database }}"
+  {{- end }}
+
diff --git a/charts/dbp-moodle/values.yaml b/charts/dbp-moodle/values.yaml
@@ -85,6 +85,10 @@ dbpMoodle:
     debug: false
     # -- Any additional text to be included into the config.php
     additional: ""
+    # -- Provide an existing secret containing the config.php instead of generating it from chart
+    # -- Remember to adjust moodle.extraVolumes & moodle.extraVolumeMounts when setting this.
+    # -- Secret key is by default expected to be config.php
+    existingConfig: ""
 
   # -- Configurations for the optional redis
   redis:
@@ -258,6 +262,8 @@ moodle:
   # -- The mariadb included in bitnami/moodle chart. For this chart usage of mariadb.enabled with moodle.externalDatabase.type="mariadb" is recommended
   mariadb:
     enabled: false
+    database: bitnami_moodle
+    username: bn_moodle
   externalDatabase:
     # -- Type of DB to provision, possible values are "mariadb" and "pgsql"
     type: "mariadb"
@@ -300,20 +306,28 @@ moodle:
         cpu: 200m
         memory: 256Mi
   extraVolumeMounts:
-    - name: moodle-config
+    - name: moodle-php-ini
       readOnly: true
-      mountPath: /moodleconfig
+      mountPath: /moodleconfig/php-ini
+    - name: moodle-php-config
+      readOnly: true
+      mountPath: /moodleconfig/config-php
   extraVolumes:
-    - name: moodle-config
+    # -- The php.ini which installs the php-redis extension to enable the use for redis
+    - name: moodle-php-ini
+      configMap:
+        name: moodle-php-ini
+        items:
+          - key: php.ini
+            path: php.ini
+        defaultMode: 0644
+    # -- The custom config.php file that is used to configure moodle to use the database and redis (if activated)
+    - name: moodle-php-config
       secret:
-        secretName: moodle-config
+        secretName: moodle-php-config
         items:
-          # -- The custom config.php file that is used to configure moodle to use the database and redis (if activated)
           - key: config.php
             path: config.php
-          # -- The php.ini which installs the php-redis extension to enable the use for redis
-          - key: php.ini
-            path: php.ini
         defaultMode: 0644
   podAnnotations:
     moodle/image: '{{- .Values.image.repository -}}:{{- .Values.image.tag -}}'
@@ -544,6 +558,26 @@ backup-cronjob:
     name: "moodle-backup-job"
     create: false
   env:
+    - name: DATABASE_HOST
+      valueFrom: 
+        secretKeyRef:
+          name: moodle-database
+          key: host
+    - name: DATABASE_PORT
+      valueFrom: 
+        secretKeyRef:
+          name: moodle-database
+          key: port
+    - name: DATABASE_NAME
+      valueFrom:
+        secretKeyRef:
+          name: moodle-database
+          key: name
+    - name: DATABASE_USER
+      valueFrom:
+        secretKeyRef:
+          name: moodle-database
+          key: user
     - name: DATABASE_PASSWORD
       valueFrom:
         secretKeyRef:

diff --git a/moodle/scripts/init/entrypoint.sh b/moodle/scripts/init/entrypoint.sh
@@ -103,8 +103,8 @@ MODULE=dbp info "Start Bitnami setup script after checking for proper version"
 upgrade_if_pending
 
 MODULE=dbp info "Replacing config files with ours"
-/bin/cp -p /moodleconfig/config.php /bitnami/moodle/config.php
-/bin/cp /moodleconfig/php.ini /opt/bitnami/php/etc/conf.d/php.ini
+/bin/cp -p /moodleconfig/config-php/config.php /bitnami/moodle/config.php
+/bin/cp /moodleconfig/php-ini/php.ini /opt/bitnami/php/etc/conf.d/php.ini
 
 if [ -f "/tmp/de.zip" ] && [ ! -d /bitnami/moodledata/lang/de ]; then \
     MODULE=dbp info "Installing german language pack"