Restructure chart for PatchMon v2 monolith architecture

charts/patchmon/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
 name: patchmon
-description: PatchMon (backend + frontend) with optional Gateway API, Postgres, and Valkey
+description: PatchMon v2 – Linux patch management platform with optional Gateway API, Postgres, Valkey, and Guacd
 type: application
-version: 0.2.10
-appVersion: "1.4.0"
+version: 0.3.0
+appVersion: "2.0.0"
 
 maintainers:
   - name: HellstromIT

charts/patchmon/templates/NOTES.txt

@@ -1,10 +1,7 @@
-PatchMon installed.
+PatchMon v2 installed.
 
-Frontend:
-  Service: {{ include "patchmon.fullname" . }}-frontend:{{ .Values.service.frontend.port }}
-
-Backend:
-  Service: {{ include "patchmon.fullname" . }}-backend:{{ .Values.service.backend.port }}
+Server:
+  Service: {{ include "patchmon.fullname" . }}-server:{{ .Values.service.port }}
 
 Exposure:
 {{- if .Values.gatewayAPI.enabled }}
@@ -13,6 +10,11 @@ Exposure:
 {{- if .Values.ingress.enabled }}
   Ingress: {{ include "patchmon.fullname" . }}
 {{- end }}
+{{- if not (or .Values.gatewayAPI.enabled .Values.ingress.enabled) }}
+  None configured — access via port-forward:
+    kubectl port-forward svc/{{ include "patchmon.fullname" . }}-server {{ .Values.service.port }}:{{ .Values.service.port }}
+{{- end }}
 
 Database mode: {{ .Values.database.mode }}
-Valkey subchart enabled: {{ .Values.valkey.enabled }}
+Valkey enabled: {{ .Values.valkey.enabled }}
+Guacd sidecar: {{ .Values.guacd.enabled }}

charts/patchmon/templates/_helpers.tpl

@@ -32,6 +32,13 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{- end }}
 
+{{/* Validate that only one exposure method is enabled */}}
+{{- define "patchmon.exposure.validate" -}}
+{{- if and .Values.gatewayAPI.enabled .Values.ingress.enabled -}}
+  {{- fail "Only one exposure method can be enabled: set either gatewayAPI.enabled or ingress.enabled, not both" -}}
+{{- end -}}
+{{- end -}}
+
 {{- define "patchmon.db.external.validate" -}}
 {{- if eq .Values.database.mode "external" -}}
   {{- $hasUriVal := and .Values.external.postgres.uri (ne .Values.external.postgres.uri "") -}}
@@ -50,15 +57,23 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
 {{- define "patchmon.redis.host" -}}
-{{- if .Values.redis.host -}}
-{{ .Values.redis.host }}
+{{- if and .Values.patchmon.redis.host (ne .Values.patchmon.redis.host "") -}}
+{{ .Values.patchmon.redis.host }}
 {{- else if .Values.valkey.enabled -}}
 {{ printf "%s-valkey" .Release.Name }}
 {{- else -}}
 ""
 {{- end -}}
 {{- end -}}
 
+{{- define "patchmon.redis.port" -}}
+{{- if and .Values.patchmon.redis.port (ne (.Values.patchmon.redis.port | toString) "") -}}
+{{ .Values.patchmon.redis.port }}
+{{- else -}}
+{{ .Values.valkey.service.port }}
+{{- end -}}
+{{- end -}}
+
 {{- define "patchmon.postgres.passwordSecretName" -}}
 {{- if .Values.postgres.auth.existingSecret -}}
 {{ .Values.postgres.auth.existingSecret }}
@@ -71,7 +86,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- if .Values.postgres.auth.existingSecret -}}
 {{ default "password" .Values.postgres.auth.existingSecretPasswordKey }}
 {{- else -}}
-{{- /* Always use the chart secret key name */ -}}
 POSTGRES_PASSWORD
 {{- end -}}
 {{- end -}}

charts/patchmon/templates/configmap-server.yaml

@@ -0,0 +1,100 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "patchmon.fullname" . }}-server
+  labels:
+    {{- include "patchmon.labels" . | nindent 4 }}
+data:
+  LOG_LEVEL: {{ .Values.patchmon.logLevel | quote }}
+  CORS_ORIGIN: {{ .Values.patchmon.server.corsOrigin | quote }}
+  TRUST_PROXY: {{ .Values.patchmon.server.trustProxy | quote }}
+  ENABLE_HSTS: {{ .Values.patchmon.server.enableHsts | quote }}
+  {{- if .Values.patchmon.server.port }}
+  PORT: {{ .Values.patchmon.server.port | quote }}
+  {{- end }}
+
+  JWT_EXPIRES_IN: {{ .Values.patchmon.jwt.expiresIn | quote }}
+
+  # Auth / lockout
+  MAX_LOGIN_ATTEMPTS: {{ .Values.patchmon.auth.maxLoginAttempts | quote }}
+  LOCKOUT_DURATION_MINUTES: {{ .Values.patchmon.auth.lockoutDurationMinutes | quote }}
+  SESSION_INACTIVITY_TIMEOUT_MINUTES: {{ .Values.patchmon.auth.sessionInactivityTimeoutMinutes | quote }}
+  AUTH_BROWSER_SESSION_COOKIES: {{ .Values.patchmon.auth.browserSessionCookies | quote }}
+  TFA_MAX_REMEMBER_SESSIONS: {{ .Values.patchmon.auth.tfaMaxRememberSessions | quote }}
+  MAX_TFA_ATTEMPTS: {{ .Values.patchmon.auth.maxTfaAttempts | quote }}
+  TFA_LOCKOUT_DURATION_MINUTES: {{ .Values.patchmon.auth.tfaLockoutDurationMinutes | quote }}
+  TFA_REMEMBER_ME_EXPIRES_IN: {{ .Values.patchmon.auth.tfaRememberMeExpiresIn | quote }}
+
+  # Password policy
+  PASSWORD_MIN_LENGTH: {{ .Values.patchmon.passwordPolicy.minLength | quote }}
+  PASSWORD_REQUIRE_UPPERCASE: {{ .Values.patchmon.passwordPolicy.requireUppercase | quote }}
+  PASSWORD_REQUIRE_LOWERCASE: {{ .Values.patchmon.passwordPolicy.requireLowercase | quote }}
+  PASSWORD_REQUIRE_NUMBER: {{ .Values.patchmon.passwordPolicy.requireNumber | quote }}
+  PASSWORD_REQUIRE_SPECIAL: {{ .Values.patchmon.passwordPolicy.requireSpecial | quote }}
+
+  # DB pool
+  DB_CONNECTION_LIMIT: {{ .Values.patchmon.dbPool.connectionLimit | quote }}
+  DB_CONNECT_TIMEOUT: {{ .Values.patchmon.dbPool.connectTimeout | quote }}
+  DB_TRANSACTION_LONG_TIMEOUT: {{ .Values.patchmon.dbPool.transactionLongTimeout | quote }}
+  PM_DB_CONN_MAX_ATTEMPTS: {{ .Values.patchmon.dbPool.connMaxAttempts | quote }}
+  PM_DB_CONN_WAIT_INTERVAL: {{ .Values.patchmon.dbPool.connWaitInterval | quote }}
+
+  # Rate limits
+  RATE_LIMIT_WINDOW_MS: {{ .Values.patchmon.rateLimit.windowMs | quote }}
+  RATE_LIMIT_MAX: {{ .Values.patchmon.rateLimit.max | quote }}
+  AUTH_RATE_LIMIT_WINDOW_MS: {{ .Values.patchmon.rateLimit.authWindowMs | quote }}
+  AUTH_RATE_LIMIT_MAX: {{ .Values.patchmon.rateLimit.authMax | quote }}
+  AGENT_RATE_LIMIT_WINDOW_MS: {{ .Values.patchmon.rateLimit.agentWindowMs | quote }}
+  AGENT_RATE_LIMIT_MAX: {{ .Values.patchmon.rateLimit.agentMax | quote }}
+  PASSWORD_RATE_LIMIT_WINDOW_MS: {{ .Values.patchmon.rateLimit.passwordWindowMs | quote }}
+  PASSWORD_RATE_LIMIT_MAX: {{ .Values.patchmon.rateLimit.passwordMax | quote }}
+
+  # Body limits
+  JSON_BODY_LIMIT: {{ .Values.patchmon.bodyLimits.json | quote }}
+  AGENT_UPDATE_BODY_LIMIT: {{ .Values.patchmon.bodyLimits.agentUpdate | quote }}
+
+  # Redis TLS
+  {{- if .Values.patchmon.redis.tls }}
+  REDIS_TLS: "true"
+  REDIS_TLS_VERIFY: {{ .Values.patchmon.redis.tlsVerify | quote }}
+  {{- if .Values.patchmon.redis.tlsCa }}
+  REDIS_TLS_CA: {{ .Values.patchmon.redis.tlsCa | quote }}
+  {{- end }}
+  {{- end }}
+  REDIS_CONNECT_TIMEOUT_MS: {{ .Values.patchmon.redis.connectTimeoutMs | quote }}
+  REDIS_COMMAND_TIMEOUT_MS: {{ .Values.patchmon.redis.commandTimeoutMs | quote }}
+
+  TZ: {{ .Values.patchmon.timezone | quote }}
+
+  {{- if .Values.patchmon.oidc.enabled }}
+  OIDC_ENABLED: "true"
+  OIDC_ISSUER_URL: {{ .Values.patchmon.oidc.issuerUrl | quote }}
+  OIDC_CLIENT_ID: {{ .Values.patchmon.oidc.clientId | quote }}
+  OIDC_REDIRECT_URI: {{ .Values.patchmon.oidc.redirectUri | quote }}
+  OIDC_SCOPES: {{ .Values.patchmon.oidc.scopes | quote }}
+  OIDC_AUTO_CREATE_USERS: {{ ternary "true" "false" .Values.patchmon.oidc.autoCreateUsers | quote }}
+  OIDC_DEFAULT_ROLE: {{ .Values.patchmon.oidc.defaultRole | quote }}
+  OIDC_BUTTON_TEXT: {{ .Values.patchmon.oidc.buttonText | quote }}
+  OIDC_DISABLE_LOCAL_AUTH: {{ ternary "true" "false" .Values.patchmon.oidc.disableLocalAuth | quote }}
+  OIDC_SYNC_ROLES: {{ ternary "true" "false" .Values.patchmon.oidc.syncRoles | quote }}
+  OIDC_ENFORCE_HTTPS: {{ ternary "true" "false" .Values.patchmon.oidc.enforceHttps | quote }}
+  OIDC_SESSION_TTL: {{ .Values.patchmon.oidc.sessionTtl | quote }}
+  {{- if .Values.patchmon.oidc.postLogoutUri }}
+  OIDC_POST_LOGOUT_URI: {{ .Values.patchmon.oidc.postLogoutUri | quote }}
+  {{- end }}
+  {{- if .Values.patchmon.oidc.adminGroup }}
+  OIDC_ADMIN_GROUP: {{ .Values.patchmon.oidc.adminGroup | quote }}
+  {{- end }}
+  {{- if .Values.patchmon.oidc.userGroup }}
+  OIDC_USER_GROUP: {{ .Values.patchmon.oidc.userGroup | quote }}
+  {{- end }}
+  {{- if .Values.patchmon.oidc.superAdminGroup }}
+  OIDC_SUPERADMIN_GROUP: {{ .Values.patchmon.oidc.superAdminGroup | quote }}
+  {{- end }}
+  {{- if .Values.patchmon.oidc.hostManagerGroup }}
+  OIDC_HOST_MANAGER_GROUP: {{ .Values.patchmon.oidc.hostManagerGroup | quote }}
+  {{- end }}
+  {{- if .Values.patchmon.oidc.readOnlyGroup }}
+  OIDC_READONLY_GROUP: {{ .Values.patchmon.oidc.readOnlyGroup | quote }}
+  {{- end }}
+  {{- end }}