From 59465a696f79a36317431cfd0951c01d0d87def6 Mon Sep 17 00:00:00 2001
From: Matt Kaar <66427159+sei-mkaar@users.noreply.github.com>
Date: Wed, 8 Feb 2023 05:11:08 -0500
Subject: [PATCH] Software updates (#48)

* Software updates

- Gameboard v3.7.1/3.7.2 (api/ui)
- TopoMojo v2.1.6
- Gitea v1.8.3
- Switch code-server Helm chart to vendor version (hosted on SEI charts repo)

* Add code block copy/paste to MkDocs

Fix VBoxGuestAdditions install
---
 foundry/code-server.values.yaml | 227 ++++++++++++++++++++++++++------
 foundry/gameboard.values.yaml   |   2 +-
 foundry/gitea.values.yaml       |   3 +-
 foundry/install.sh              |   5 +-
 foundry/topomojo.values.yaml    |   4 +-
 mkdocs/mkdocs.yml               |   9 +-
 setup-appliance                 |   2 +-
 7 files changed, 200 insertions(+), 52 deletions(-)

diff --git a/foundry/code-server.values.yaml b/foundry/code-server.values.yaml
index 4e007f7..d07502c 100644
--- a/foundry/code-server.values.yaml
+++ b/foundry/code-server.values.yaml
@@ -1,26 +1,44 @@
----
-# Default values for template.
+# Default values for code-server.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
+
+replicaCount: 1
+
 image:
-  repository: linuxserver/code-server
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "4.8.1"
-secret:
-# PASSWORD: password
-  SUDO_PASSWORD: foundry
-# HASHED_PASSWORD
-
-env:
-  # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
-  TZ: "America/New_York"
-  # PUID: 1000
-  # PGID: 1000
-  # PROXY_DOMAIN: code-server.my.domain
+  repository: codercom/code-server
+  tag: '4.9.1'
+  pullPolicy: Always
+
+# Specifies one or more secrets to be used when pulling images from a
+# private container repository
+# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry
+imagePullSecrets: []
+#  - name: registry-creds
+
+nameOverride: ""
+fullnameOverride: ""
+hostnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+priorityClassName: ""
+
 service:
-  port:
-    port: 8443
+  type: ClusterIP
+  port: 8080
+
 ingress:
   enabled: true
   annotations:
@@ -29,32 +47,155 @@ ingress:
       rewrite ^(/vscode)$ $1/ redirect;
   hosts:
     - host: foundry.local
-      paths:
-        - path: /vscode(/|$)(.*)
-          # Ignored if not kubeVersion >= 1.14-0
-          pathType: Prefix
+      paths: ["/vscode(/|$)(.*)"]
+  ingressClassName: ""
   tls:
     - secretName: appliance-cert
       hosts:
         - foundry.local
+
+# Optional additional arguments
+extraArgs: []
+  # These are the arguments normally passed to code-server; run
+  # code-server --help for a list of available options.
+  #
+  # Each argument and parameter must have its own entry; if you use
+  # --param value on the command line, then enter it here as:
+  #
+  # - --param
+  # - value
+  #
+  # If you receive an error like "Unknown option --param value", it may be
+  # because both the parameter and value are specified as a single argument,
+  # rather than two separate arguments (e.g. "- --param value" on a line).
+
+# Optional additional environment variables
+extraVars:
+#  - name: DISABLE_TELEMETRY
+#    value: true
+#  - name: DOCKER_HOST
+#    value: "tcp://localhost:2375"
+
+##
+## Init containers parameters:
+## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
+##
+volumePermissions:
+  enabled: true
+  securityContext:
+    runAsUser: 0
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+  enabled: true
+  fsGroup: 1000
+  runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 1000Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+## Persist data to a persistent volume
 persistence:
-  config:
-    enabled: true
-    emptyDir: false
-    mountPath: /config
-    ## Template downloads data Persistent Volume Storage Class
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    storageClass: local-path
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    accessMode: ReadWriteOnce
-    size: 1Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
+  enabled: true
+  ## code-server data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  storageClass: "local-path"
+  accessMode: ReadWriteOnce
+  size: 1Gi
+  annotations: {}
+  # existingClaim: ""
+  # hostPath: /data
+
+lifecycle:
+  enabled: false
+  # postStart:
+  #  exec:
+  #    command:
+  #      - /bin/bash
+  #      - -c
+  #      - curl -s -L SOME_SCRIPT | bash
+
+## Enable an Specify container in extraContainers.
+## This is meant to allow adding code-server dependencies, like docker-dind.
+extraContainers: |
+# If docker-dind is used, DOCKER_HOST env is mandatory to set in "extraVars"
+#- name: docker-dind
+#  image: docker:19.03-dind
+#  imagePullPolicy: IfNotPresent
+#  resources:
+#    requests:
+#      cpu: 250m
+#      memory: 256M
+#  securityContext:
+#    privileged: true
+#    procMount: Default
+#  env:
+#  - name: DOCKER_TLS_CERTDIR
+#    value: ""
+#  - name: DOCKER_DRIVER
+#    value: "overlay2"
+
+extraInitContainers: |
+# - name: customization
+#   image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+#   imagePullPolicy: IfNotPresent
+#   env:
+#     - name: SERVICE_URL
+#       value: https://open-vsx.org/vscode/gallery
+#     - name: ITEM_URL
+#       value: https://open-vsx.org/vscode/item
+#   command:
+#     - sh
+#     - -c
+#     - |
+#       code-server --install-extension ms-python.python
+#       code-server --install-extension golang.Go
+#   volumeMounts:
+#     - name: data
+#       mountPath: /home/coder
+
+## Additional code-server secret mounts
+extraSecretMounts: []
+  # - name: secret-files
+  #   mountPath: /etc/secrets
+  #   secretName: code-server-secret-files
+  #   readOnly: true
+
+## Additional code-server volume mounts
+extraVolumeMounts: []
+  # - name: extra-volume
+  #   mountPath: /mnt/volume
+  #   readOnly: true
+  #   existingClaim: volume-claim
+  #   hostPath: ""
+
+extraConfigmapMounts: []
+  # - name: certs-configmap
+  #   mountPath: /etc/code-server/ssl/
+  #   subPath: certificates.crt # (optional)
+  #   configMap: certs-configmap
+  #   readOnly: true
+
+password: foundry
diff --git a/foundry/gameboard.values.yaml b/foundry/gameboard.values.yaml
index 93e3173..a00a33c 100644
--- a/foundry/gameboard.values.yaml
+++ b/foundry/gameboard.values.yaml
@@ -141,7 +141,7 @@ gameboard-ui:
     repository: cmusei/gameboard-ui
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "3.7.1"
+    tag: "3.7.2"
 
   imagePullSecrets: []
   nameOverride: ""
diff --git a/foundry/gitea.values.yaml b/foundry/gitea.values.yaml
index 64464a3..daedde7 100644
--- a/foundry/gitea.values.yaml
+++ b/foundry/gitea.values.yaml
@@ -31,7 +31,7 @@ image:
   registry: ""
   repository: gitea/gitea
   # Overrides the image tag whose default is the chart appVersion.
-  tag: 1.17.4
+  tag: 1.18.3
   pullPolicy: Always
   rootless: false # only possible when running 1.14 or later
 
@@ -333,6 +333,7 @@ gitea:
     server:
       DOMAIN: https://foundry.local/gitea/
       ROOT_URL: https://foundry.local/gitea/
+      DISABLE_SSH: true
     database:
       DB_TYPE: postgres
       HOST: postgresql:5432
diff --git a/foundry/install.sh b/foundry/install.sh
index 186bff7..189149d 100755
--- a/foundry/install.sh
+++ b/foundry/install.sh
@@ -39,8 +39,8 @@ kubectl create secret generic pgpassfile --from-literal=pgpassfile=postgresql:54
 helm install -f pgadmin4.values.yaml pgadmin4 runix/pgadmin4
 
 # Install code-server (browser-based VS Code)
-helm repo add nicholaswilde https://nicholaswilde.github.io/helm-charts/
-helm install -f code-server.values.yaml code-server nicholaswilde/code-server
+helm repo add sei https://helm.cyberforce.site/charts
+helm install -f code-server.values.yaml code-server sei/code-server
 
 # Kubernetes Dashboard
 helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
@@ -52,7 +52,6 @@ cp certs/root-ca.pem ../mkdocs/docs/root-ca.crt
 
 # Install Identity
 sed -i -r "s/<GITEA_OAUTH_CLIENT_SECRET>/$GITEA_OAUTH_CLIENT_SECRET/" identity.values.yaml
-helm repo add sei https://helm.cyberforce.site/charts
 helm install --wait -f identity.values.yaml identity sei/identity
 
 # Install Gitea
diff --git a/foundry/topomojo.values.yaml b/foundry/topomojo.values.yaml
index e9c9581..3f071a6 100644
--- a/foundry/topomojo.values.yaml
+++ b/foundry/topomojo.values.yaml
@@ -9,7 +9,7 @@ topomojo-api:
     repository: cmusei/topomojo-api
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "2.1.5"
+    tag: "2.1.6"
 
   imagePullSecrets: []
   nameOverride: ""
@@ -166,7 +166,7 @@ topomojo-ui:
     repository: cmusei/topomojo-ui
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "2.1.4"
+    tag: "2.1.6"
 
   imagePullSecrets: []
   nameOverride: ""
diff --git a/mkdocs/mkdocs.yml b/mkdocs/mkdocs.yml
index 4409524..64d67ac 100644
--- a/mkdocs/mkdocs.yml
+++ b/mkdocs/mkdocs.yml
@@ -3,8 +3,15 @@ site_url: https://foundry.local/start
 markdown_extensions:
   - attr_list
   - md_in_html
+  - pymdownx.highlight:
+      anchor_linenums: true
+  - pymdownx.inlinehilite
+  - pymdownx.snippets
+  - pymdownx.superfences
 theme:
   name: material
+  features:
+    - content.code.copy
   palette:
     - media: "(prefers-color-scheme: light)"
       scheme: default
@@ -25,7 +32,7 @@ theme:
 repo_url: https://github.com/cmu-sei/foundry-appliance
 repo_name: cmu-sei/foundry-appliance
 edit_uri: ""
-copyright: Copyright &copy; 2022 Carnegie Mellon University
+copyright: Copyright &copy; 2023 Carnegie Mellon University
 extra:
   social:
     - icon: fontawesome/brands/github
diff --git a/setup-appliance b/setup-appliance
index f9a57f8..5d82c0a 100644
--- a/setup-appliance
+++ b/setup-appliance
@@ -61,7 +61,7 @@ netplan apply
 apt-get install -y dnsmasq avahi-daemon jq nfs-common sshpass kubectl helm pwgen build-essential
 
 # Install VirtualBox Guest Additions
-if [ -f "~/VBoxGuestAdditions.iso" ]; then
+if [ -f ~/VBoxGuestAdditions.iso ]; then
     mount -o loop ~/VBoxGuestAdditions.iso /mnt
     /mnt/VBoxLinuxAdditions.run
     umount /mnt