diff --git a/charts/dso-console/.helmignore b/charts/dso-console/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/dso-console/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dso-console/Chart.lock b/charts/dso-console/Chart.lock new file mode 100644 index 0000000..c76522b --- /dev/null +++ b/charts/dso-console/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 12.7.3 +- name: keycloak + repository: https://charts.bitnami.com/bitnami + version: 19.3.0 +digest: sha256:e4c52d75d9aad57182d8876c545a179fd8c34a6bbcb11307473720517d7e22cf +generated: "2024-04-09T02:31:51.291603+02:00" diff --git a/charts/dso-console/Chart.yaml b/charts/dso-console/Chart.yaml new file mode 100644 index 0000000..bce8d03 --- /dev/null +++ b/charts/dso-console/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: cpn-console +description: A Helm chart to deploy Cloud Pi Native Console +type: application +version: 1.0.0 +appVersion: 8.1.1 +keywords: [] +home: https://cloud-pi-native.fr +sources: + - https://github.com/cloud-pi-native/console +dependencies: +- name: postgresql + version: 12.7.3 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled +- name: keycloak + version: 19.3.0 + repository: https://charts.bitnami.com/bitnami + condition: keycloak.enabled +deprecated: false +annotations: {} +maintainers: + - name: Thibault Colin + email: thibault.colin@interieur.gouv.fr + url: https://this-is-tobi.com diff --git a/charts/dso-console/README.md b/charts/dso-console/README.md new file mode 100644 index 0000000..52626ad --- /dev/null +++ b/charts/dso-console/README.md @@ -0,0 +1,201 @@ +# cpn-console + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.1.1](https://img.shields.io/badge/AppVersion-8.1.1-informational?style=flat-square) + +A Helm chart to deploy Cloud Pi Native Console + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Thibault Colin | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | keycloak | 19.3.0 | +| https://charts.bitnami.com/bitnami | postgresql | 12.7.3 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| client.affinity | object | `{}` | Default affinity for Console CPN client. | +| client.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Console CPN client. | +| client.autoscaling.maxReplicas | int | `3` | Maximum number of replicas for the Console CPN client [HPA]. | +| client.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Console CPN client [HPA]. | +| client.autoscaling.targetCPUUtilizationPercentage | int | `80` | Average CPU utilization percentage for the Console CPN client [HPA]. | +| client.autoscaling.targetMemoryUtilizationPercentage | int | `80` | Average memory utilization percentage for the Console CPN client [HPA]. | +| client.container.args | list | `[]` | Console CPN client container command args. | +| client.container.command | list | `[]` | Console CPN client container command. | +| client.container.port | int | `8080` | Console CPN client container port. | +| client.container.securityContext | object | `{}` | Toggle and define container-level security context. | +| client.env | object | `{}` | Console CPN client container env variables, it will be injected into a configmap and loaded into the container. | +| client.extraContainers | string | `nil` | Extra containers to add to the Console CPN client pod as sidecars. | +| client.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes). | +| client.extraVolumes | list | `[]` | List of extra volumes to add. | +| client.healthcheckPath | string | `"/"` | Console CPN client container healthcheck endpoint. | +| client.hostAliases | list | `[]` | Host aliases that will be injected at pod-level into /etc/hosts. | +| client.image.pullPolicy | string | `"Always"` | Image pull policy for the Console CPN client. | +| client.image.repository | string | `"ghcr.io/cloud-pi-native/console/client"` | Repository to use for the Console CPN client. | +| client.image.tag | string | `""` | Tag to use for the Console CPN client. # Overrides the image tag whose default is the chart appVersion. | +| client.initContainers | list | `[]` | Init containers to add to the Console CPN client pod. | +| client.livenessProbe.enabled | bool | `true` | Whether or not enable the probe. | +| client.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | +| client.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before probe is initiated. | +| client.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the probe. | +| client.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| client.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| client.nodeSelector | object | `{}` | Default node selector for Console CPN client. | +| client.podAnnotations | object | `{}` | Annotations for the Console CPN client deployed pods. | +| client.podLabels | object | `{}` | Labels for the Console CPN client deployed pods. | +| client.podSecurityContext | object | `{}` | Toggle and define pod-level security context. | +| client.readinessProbe.enabled | bool | `true` | Whether or not enable the probe. | +| client.readinessProbe.failureThreshold | int | `2` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | +| client.readinessProbe.initialDelaySeconds | int | `15` | Number of seconds after the container has started before probe is initiated. | +| client.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. | +| client.readinessProbe.successThreshold | int | `2` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| client.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | +| client.replicaCount | int | `1` | The number of application controller pods to run. | +| client.resources | object | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"128Mi"}}` | Resource limits and requests for the Console CPN client. | +| client.secrets | object | `{}` | Console CPN client container env secrets, it will be injected into a secret and loaded into the container. | +| client.service.port | int | `80` | Console CPN client service port. | +| client.service.type | string | `"ClusterIP"` | Console CPN client service type. | +| client.startupProbe.enabled | bool | `true` | Whether or not enable the probe. | +| client.startupProbe.failureThreshold | int | `10` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | +| client.startupProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before probe is initiated. | +| client.startupProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. | +| client.startupProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| client.startupProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | +| client.strategy.type | string | `"RollingUpdate"` | Strategy type used to replace old Pods by new ones, can be "Recreate" or "RollingUpdate". | +| client.tolerations | list | `[]` | Default tolerations for Console CPN client. | +| config.create | bool | `false` | Whether or not helm should create the console config. | +| config.name | string | `"dso-config"` | Name of the genrated config. | +| config.projectsRootDir | string | `"forge"` | Projects root directory to use in other services such as Gitlab, etc. | +| config.secrets | string | `nil` | Secrets to inject into the configuration. It is needed for server to get services informations such as urls, admin username, admin password or token, etc. | +| fullnameOverride | string | `""` | String to fully override the default application name. | +| global.env | object | `{"NODE_ENV":"production"}` | Map of environment variables to inject into backend and frontend containers. | +| global.keycloak.clientIds.backend | string | `"console-backend"` | Keycloak clientId used for Console CPN client. | +| global.keycloak.clientIds.frontend | string | `"console-frontend"` | Keycloak clientId used for frontend. | +| global.keycloak.clientSecrets.backend | string | `""` | Keycloak clientSecret used for Console CPN client. | +| global.keycloak.domain | string | `"keycloak.domain.com"` | Keycloak domain used for authentication. | +| global.keycloak.protocol | string | `"https"` | Protocol used to communicate with keycloak for authentication. | +| global.keycloak.realm | string | `"cloud-pi-native"` | Name of the keycloak realm used for authentication. | +| global.keycloak.redirectUri | string | `"https://console.dso.local"` | Keycloak redirect uri used with keycloak. | +| global.keycloak.sessionSecret | string | `"a-very-strong-secret-with-more-than-32-char"` | Session secret used to store keycloak session for Console CPN client. | +| global.postgresql.dbUrl | string | `""` | Postgres database connection string used to override computed db url, usefull if external database. # For postgres it should look like this "postgresql://db_user:db_password@db_service:db_port/db_name?schema=public" | +| global.secrets | object | `{}` | Map of environment variables to inject into backend and frontend containers. | +| imageCredentials.email | string | `""` | Email to pull images. | +| imageCredentials.password | string | `""` | Password to pull images. | +| imageCredentials.registry | string | `""` | Registry to pull images from. | +| imageCredentials.username | string | `""` | Username to pull images. | +| ingress.annotations | object | `{}` | Additional ingress annotations. | +| ingress.className | string | `""` | Defines which ingress controller will implement the resource. | +| ingress.enabled | bool | `true` | Whether or not ingress should be enabled. | +| ingress.hosts | list | `["console.dso.local"]` | The list of hosts to be covered by ingress record. | +| ingress.labels | object | `{}` | Additional ingress labels. | +| ingress.tls | list | `[]` | Enable TLS configuration. | +| keycloak.auth.adminPassword | string | `""` | | +| keycloak.auth.adminUser | string | `""` | | +| keycloak.enabled | bool | `false` | | +| keycloak.ingress.annotations | object | `{}` | | +| keycloak.ingress.enabled | bool | `true` | | +| keycloak.ingress.hostname | string | `"keycloak.dso.local"` | | +| keycloak.ingress.ingressClassName | string | `""` | | +| keycloak.ingress.path | string | `"/"` | | +| keycloak.ingress.secrets | list | `[]` | | +| keycloak.ingress.tls | bool | `false` | | +| keycloak.postgresql.auth.architecture | string | `"standalone"` | | +| keycloak.postgresql.auth.database | string | `"keycloak"` | | +| keycloak.postgresql.auth.password | string | `""` | | +| keycloak.postgresql.auth.postgresPassword | string | `""` | | +| keycloak.postgresql.auth.username | string | `""` | | +| keycloak.postgresql.enabled | bool | `true` | | +| keycloak.production | bool | `true` | | +| keycloak.proxy | string | `"edge"` | | +| keycloak.tls.autoGenerated | bool | `false` | | +| keycloak.tls.enabled | bool | `false` | | +| nameOverride | string | `""` | Provide a name in place of the default application name. | +| postgresql.architecture | string | `"standalone"` | | +| postgresql.enabled | bool | `true` | | +| postgresql.global.postgresql.auth.database | string | `""` | | +| postgresql.global.postgresql.auth.password | string | `""` | | +| postgresql.global.postgresql.auth.postgresPassword | string | `""` | | +| postgresql.global.postgresql.auth.username | string | `""` | | +| postgresql.primary.persistence.size | string | `"2Gi"` | | +| postgresql.primary.resources.limits.cpu | string | `"500m"` | | +| postgresql.primary.resources.limits.memory | string | `"512Mi"` | | +| postgresql.primary.resources.requests.cpu | string | `"250m"` | | +| postgresql.primary.resources.requests.memory | string | `"128Mi"` | | +| postgresql.primary.service.ports.postgresql | int | `5432` | | +| postgresql.primary.service.type | string | `"ClusterIP"` | | +| postgresql.readReplicas.persistence.size | string | `"2Gi"` | | +| server.affinity | object | `{}` | Default affinity for Console CPN server. | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Console CPN server. | +| server.autoscaling.maxReplicas | int | `3` | Maximum number of replicas for the Console CPN server [HPA]. | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Console CPN server [HPA]. | +| server.autoscaling.targetCPUUtilizationPercentage | int | `80` | Average CPU utilization percentage for the Console CPN server [HPA]. | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `80` | Average memory utilization percentage for the Console CPN server [HPA]. | +| server.container.args | list | `[]` | Console CPN server container command args. | +| server.container.command | list | `[]` | Console CPN server container command. | +| server.container.port | int | `8080` | Console CPN server container port. | +| server.container.securityContext | object | `{}` | Toggle and define container-level security context. | +| server.dbDataCm | string | `""` | Name of the configmap with javascript data that need to be imported by the server at start up. | +| server.disabledPlugins | string | `""` | CSV list of plugins to disabled. | +| server.env | object | `{}` | Console CPN server container env variables, it will be injected into a configmap and loaded into the container. | +| server.extraCa | object | `{"key":"","mountSubPath":"ca_certs","name":""}` | Extra certificate to add to the container, it should be provide as a configmap. | +| server.extraCa.key | string | `""` | The key to lookup. | +| server.extraCa.mountSubPath | string | `"ca_certs"` | The path inside the container where the certificate file should be mount. This is a native Nodejs environment variable to extends certificates, see: https://nodejs.org/api/cli.html#node_extra_ca_certsfile. This mount path represent the subpath to use under the `/config` config root path. | +| server.extraCa.name | string | `""` | The name of the configmap in namespace where certificates are stored. | +| server.extraContainers | string | `nil` | Extra containers to add to the Console CPN server pod as sidecars. | +| server.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| server.extraVolumes | list | `[]` | List of extra volumes to add. | +| server.healthcheckPath | string | `"/api/v1/healthz"` | Console CPN server container healthcheck endpoint. | +| server.hostAliases | list | `[]` | Host aliases that will be injected at pod-level into /etc/hosts. | +| server.image.pullPolicy | string | `"Always"` | Image pull policy for the Console CPN server. | +| server.image.repository | string | `"ghcr.io/cloud-pi-native/console/server"` | Repository to use for the Console CPN server. | +| server.image.tag | string | `""` | Tag to use for the Console CPN server. # Overrides the image tag whose default is the chart appVersion. | +| server.initContainers | list | `[]` | Init containers to add to the Console CPN client pod. | +| server.livenessProbe.enabled | bool | `true` | Whether or not enable the probe. | +| server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| server.livenessProbe.initialDelaySeconds | int | `30` | Whether or not enable the probe. | +| server.livenessProbe.periodSeconds | int | `30` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | +| server.livenessProbe.successThreshold | int | `1` | Number of seconds after the container has started before probe is initiated. | +| server.livenessProbe.timeoutSeconds | int | `5` | How often (in seconds) to perform the probe. | +| server.nodeSelector | object | `{}` | Default node selector for Console CPN server. | +| server.plugins | list | `[]` | List of zips to download; basically curl url, unzip and stores it in plugins/external/. | +| server.podAnnotations | object | `{}` | Annotations for the Console CPN server deployed pods. | +| server.podLabels | object | `{}` | Labels for the Console CPN server deployed pods. | +| server.podSecurityContext | object | `{}` | Toggle and define pod-level security context. | +| server.readinessProbe.enabled | bool | `true` | Whether or not enable the probe. | +| server.readinessProbe.failureThreshold | int | `2` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | +| server.readinessProbe.initialDelaySeconds | int | `15` | Number of seconds after the container has started before probe is initiated. | +| server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. | +| server.readinessProbe.successThreshold | int | `2` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| server.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | +| server.replicaCount | int | `1` | The number of application controller pods to run. | +| server.resources | object | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"128Mi"}}` | Resource limits and requests for the Console CPN server. | +| server.secrets | object | `{}` | Console CPN server container env secrets, it will be injected into a secret and loaded into the container. | +| server.service.port | int | `80` | Console CPN server service port. | +| server.service.type | string | `"ClusterIP"` | Console CPN server service type. | +| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account. | +| server.serviceAccount.create | bool | `true` | Create a service account for the Console CPN server. | +| server.serviceAccount.name | string | `"cpn-console-server"` | Service account name. | +| server.startupProbe.enabled | bool | `true` | Whether or not enable the probe. | +| server.startupProbe.failureThreshold | int | `10` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | +| server.startupProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before probe is initiated. | +| server.startupProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. | +| server.startupProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| server.startupProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | +| server.strategy.type | string | `"RollingUpdate"` | Strategy type used to replace old Pods by new ones, can be "Recreate" or "RollingUpdate". | +| server.tolerations | list | `[]` | Default tolerations for Console CPN server. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/dso-console/templates/_helpers.tpl b/charts/dso-console/templates/_helpers.tpl new file mode 100644 index 0000000..a557c24 --- /dev/null +++ b/charts/dso-console/templates/_helpers.tpl @@ -0,0 +1,115 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cpnConsole.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cpnConsole.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cpnConsole.server.serviceAccountName" -}} +{{- if .Values.server.serviceAccount.create }} +{{- default (include "cpnConsole.name" .) .Values.server.serviceAccount.name }} +{{- else }} +{{- default "cpn-server" .Values.server.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create image pull secret +*/}} +{{- define "cpnConsole.imagePullSecret" }} +{{- with .Values.imageCredentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + +{{/* +Create container environment variables from configmap +*/}} +{{- define "cpnConsole.env" -}} +{{ range $key, $val := .env }} +{{ $key }}: {{ $val | quote }} +{{- end }} +{{- end }} + +{{/* +Create container environment variables from secret +*/}} +{{- define "cpnConsole.secret" -}} +{{ range $key, $val := .secrets }} +{{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} + +{{/* +Define a file checksum to trigger rollout on configmap of secret change +*/}} +{{- define "checksum" -}} +{{- $ := index . 0 }} +{{- $path := index . 1 }} +{{- $resourceType := include (print $.Template.BasePath $path) $ | fromYaml -}} +{{- if $resourceType -}} +checksum/{{ $resourceType.metadata.name }}: {{ $resourceType.data | toYaml | sha256sum }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cpnConsole.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cpnConsole.client.labels" -}} +helm.sh/chart: {{ include "cpnConsole.chart" . }} +{{ include "cpnConsole.client.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{- define "cpnConsole.server.labels" -}} +helm.sh/chart: {{ include "cpnConsole.chart" . }} +{{ include "cpnConsole.server.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cpnConsole.client.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cpnConsole.name" . }}-client +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "cpnConsole.server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cpnConsole.name" . }}-server +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/dso-console/templates/client/configmap.yaml b/charts/dso-console/templates/client/configmap.yaml new file mode 100644 index 0000000..02ee086 --- /dev/null +++ b/charts/dso-console/templates/client/configmap.yaml @@ -0,0 +1,19 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "cpnConsole.fullname" . }}-client + labels: {{- include "cpnConsole.client.labels" . | nindent 4 }} +data: + SERVER_HOST: {{ include "cpnConsole.fullname" . }}-server + SERVER_PORT: {{ .Values.server.service.port | quote }} + KEYCLOAK_PROTOCOL: {{ .Values.global.keycloak.protocol }} + KEYCLOAK_DOMAIN: {{ .Values.global.keycloak.domain }} + KEYCLOAK_REALM: {{ .Values.global.keycloak.realm }} + KEYCLOAK_REDIRECT_URI: {{ .Values.global.keycloak.redirectUri }} + KEYCLOAK_CLIENT_ID: {{ .Values.global.keycloak.clientIds.frontend }} + {{- if .Values.global.env -}} + {{- include "cpnConsole.env" .Values.global | indent 2 }} + {{- end -}} + {{- if .Values.client.env -}} + {{- include "cpnConsole.env" .Values.client | indent 2 }} + {{- end -}} diff --git a/charts/dso-console/templates/client/deployment.yaml b/charts/dso-console/templates/client/deployment.yaml new file mode 100644 index 0000000..495955f --- /dev/null +++ b/charts/dso-console/templates/client/deployment.yaml @@ -0,0 +1,138 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cpnConsole.fullname" . }}-client + labels: + {{- include "cpnConsole.client.labels" . | nindent 4 }} +spec: + {{- if not .Values.client.autoscaling.enabled }} + replicas: {{ .Values.client.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "cpnConsole.client.selectorLabels" . | nindent 6 }} + strategy: + type: {{ .Values.client.strategy.type }} + template: + metadata: + annotations: + {{- include "checksum" (list $ "/client/configmap.yaml") | nindent 8 }} + {{- include "checksum" (list $ "/client/secret.yaml") | nindent 8 }} + {{- with .Values.client.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "cpnConsole.client.selectorLabels" . | nindent 8 }} + {{- with .Values.client.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if and .Values.imageCredentials.username .Values.imageCredentials.password }} + imagePullSecrets: + - name: {{ include "cpnConsole.name" . }}-pullsecret + {{- end }} + securityContext: + {{- toYaml .Values.client.podSecurityContext | nindent 8 }} + {{- if .Values.client.initContainers }} + initContainers: + {{- toYaml .Values.client.initContainers | nindent 8 }} + {{- end }} + containers: + - name: client + securityContext: + {{- toYaml .Values.client.container.securityContext | nindent 12 }} + image: "{{ .Values.client.image.repository }}:{{ .Values.client.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.client.image.pullPolicy }} + {{- if .Values.client.container.command }} + command: + {{- range .Values.client.container.command }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.client.container.args }} + args: + {{- range .Values.client.container.args }} + - {{ . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.client.container.port }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ include "cpnConsole.fullname" . }}-client + {{- if or .Values.global.secrets .Values.client.secrets }} + - secretRef: + name: {{ include "cpnConsole.fullname" . }}-client + {{- end }} + {{- if .Values.client.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.client.healthcheckPath }} + port: {{ .Values.client.container.port }} + initialDelaySeconds: {{ .Values.client.startupProbe.initialDelaySeconds }} + successThreshold: {{ .Values.client.startupProbe.successThreshold }} + failureThreshold: {{ .Values.client.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.client.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.client.startupProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.client.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.client.healthcheckPath }} + port: {{ .Values.client.container.port }} + initialDelaySeconds: {{ .Values.client.readinessProbe.initialDelaySeconds }} + successThreshold: {{ .Values.client.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.client.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.client.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.client.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.client.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.client.healthcheckPath }} + port: {{ .Values.client.container.port }} + initialDelaySeconds: {{ .Values.client.livenessProbe.initialDelaySeconds }} + successThreshold: {{ .Values.client.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.client.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.client.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.client.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.client.hostAliases }} + hostAliases: + {{- toYaml .Values.client.hostAliases | nindent 8 }} + {{- end }} + resources: + {{- toYaml .Values.client.resources | nindent 10 }} + volumeMounts: + {{- range $volumeMount := .Values.client.extraVolumeMounts }} + - name: {{ $volumeMount.name }} + mountPath: {{ $volumeMount.mountPath }} + {{- end }} + {{- if .Values.client.extraContainers }} + {{- toYaml .Values.client.extraContainers | nindent 8 }} + {{- end }} + {{- with .Values.client.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.client.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.client.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- range $volume := .Values.client.extraVolumes }} + - name: {{ $volume.name }} + {{- if eq $volume.type "hostPath" }} + hostPath: + path: {{ $volume.path }} + {{- end }} + {{- if eq $volume.type "configMap" }} + configMap: + name: {{ $volume.name }} + {{- end }} + {{- end }} diff --git a/charts/dso-console/templates/client/hpa.yaml b/charts/dso-console/templates/client/hpa.yaml new file mode 100644 index 0000000..8de9ffd --- /dev/null +++ b/charts/dso-console/templates/client/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.client.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "cpnConsole.fullname" . }}-client + labels: + {{- include "cpnConsole.client.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "cpnConsole.fullname" . }}-client + minReplicas: {{ .Values.client.autoscaling.minReplicas }} + maxReplicas: {{ .Values.client.autoscaling.maxReplicas }} + metrics: + {{- if .Values.client.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.client.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.client.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.client.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/dso-console/templates/client/secret.yaml b/charts/dso-console/templates/client/secret.yaml new file mode 100644 index 0000000..453b702 --- /dev/null +++ b/charts/dso-console/templates/client/secret.yaml @@ -0,0 +1,14 @@ +{{- if or .Values.global.secrets .Values.client.secrets }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "cpnConsole.fullname" . }}-client + labels: {{- include "cpnConsole.client.labels" . | nindent 4 }} +data: + {{- if .Values.global.secrets -}} + {{- include "cpnConsole.secret" .Values.global | indent 2 }} + {{- end -}} + {{- if .Values.client.secrets -}} + {{- include "cpnConsole.secret" .Values.client | indent 2 }} + {{- end -}} +{{- end -}} diff --git a/charts/dso-console/templates/client/service.yaml b/charts/dso-console/templates/client/service.yaml new file mode 100644 index 0000000..2a31a38 --- /dev/null +++ b/charts/dso-console/templates/client/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cpnConsole.fullname" . }}-client + labels: + {{- include "cpnConsole.client.labels" . | nindent 4 }} +spec: + type: {{ .Values.client.service.type }} + ports: + - port: {{ .Values.client.service.port }} + targetPort: {{ .Values.client.container.port }} + protocol: TCP + selector: + {{- include "cpnConsole.client.selectorLabels" . | nindent 4 }} diff --git a/charts/dso-console/templates/config.yaml b/charts/dso-console/templates/config.yaml new file mode 100644 index 0000000..78191a8 --- /dev/null +++ b/charts/dso-console/templates/config.yaml @@ -0,0 +1,11 @@ +{{- if .Values.config.create -}} +kind: Secret +apiVersion: v1 +metadata: + name: {{ .Values.config.name }} +data: + PROJECTS_ROOT_DIR: {{ .Values.config.projectsRootDir | b64enc | quote }} + {{- if .Values.config.secrets -}} + {{- include "cpnConsole.secret" .Values.config | indent 2 }} + {{- end -}} +{{- end -}} diff --git a/charts/dso-console/templates/ingress.yaml b/charts/dso-console/templates/ingress.yaml new file mode 100644 index 0000000..8e88b6c --- /dev/null +++ b/charts/dso-console/templates/ingress.yaml @@ -0,0 +1,49 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "cpnConsole.fullname" . -}} +{{- $svcPortClient := .Values.client.service.port -}} +{{- $svcPortServer := .Values.server.service.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "cpnConsole.fullname" . }} + {{- with .Values.ingress.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if gt (len .Values.ingress.tls) 0 }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName | quote | default (printf "%s-%s" $fullName "console-secret") }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ $fullName }}-client + port: + number: {{ $svcPortClient }} + - path: /api/ + pathType: Prefix + backend: + service: + name: {{ $fullName }}-server + port: + number: {{ $svcPortServer }} + {{- end }} +{{- end }} diff --git a/charts/dso-console/templates/pullsecret.yml b/charts/dso-console/templates/pullsecret.yml new file mode 100644 index 0000000..65c0c31 --- /dev/null +++ b/charts/dso-console/templates/pullsecret.yml @@ -0,0 +1,9 @@ +{{- if and .Values.imageCredentials.username .Values.imageCredentials.password }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "cpnConsole.name" . }}-pullsecret +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "cpnConsole.imagePullSecret" . }} +{{- end }} diff --git a/charts/dso-console/templates/server/clusterrole.yaml b/charts/dso-console/templates/server/clusterrole.yaml new file mode 100644 index 0000000..118ec9f --- /dev/null +++ b/charts/dso-console/templates/server/clusterrole.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: {{- include "cpnConsole.server.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + - user.openshift.io + - rbac.authorization.k8s.io + - argoproj.io + resources: + - '*' + verbs: + - '*' diff --git a/charts/dso-console/templates/server/clusterrolebinding.yaml b/charts/dso-console/templates/server/clusterrolebinding.yaml new file mode 100644 index 0000000..f59458d --- /dev/null +++ b/charts/dso-console/templates/server/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: {{- include "cpnConsole.server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cpnConsole.fullname" . }}-server +subjects: +- kind: ServiceAccount + name: {{ include "cpnConsole.server.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} diff --git a/charts/dso-console/templates/server/configmap.yaml b/charts/dso-console/templates/server/configmap.yaml new file mode 100644 index 0000000..cdeafbe --- /dev/null +++ b/charts/dso-console/templates/server/configmap.yaml @@ -0,0 +1,24 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: {{- include "cpnConsole.server.labels" . | nindent 4 }} +data: + SERVER_PORT: {{ .Values.server.container.port | quote }} + KEYCLOAK_PROTOCOL: {{ .Values.global.keycloak.protocol }} + KEYCLOAK_DOMAIN: {{ .Values.global.keycloak.domain }} + KEYCLOAK_REALM: {{ .Values.global.keycloak.realm }} + KEYCLOAK_REDIRECT_URI: {{ .Values.global.keycloak.redirectUri }} + KEYCLOAK_CLIENT_ID: {{ .Values.global.keycloak.clientIdBackend }} + {{- if .Values.server.extraCa.name }} + NODE_EXTRA_CA_CERTS: {{ printf "%s/%s" "/config" .Values.server.extraCa.mountSubPath }} + {{- end }} + {{- if .Values.server.disabledPlugins -}} + DISABLED_PLUGINS: {{ .Values.server.disabledPlugins }} + {{- end }} + {{- if .Values.global.env -}} + {{- include "cpnConsole.env" .Values.global | indent 2 }} + {{- end -}} + {{- if .Values.server.env -}} + {{- include "cpnConsole.env" .Values.server | indent 2 }} + {{- end -}} diff --git a/charts/dso-console/templates/server/deployment.yaml b/charts/dso-console/templates/server/deployment.yaml new file mode 100644 index 0000000..01cba26 --- /dev/null +++ b/charts/dso-console/templates/server/deployment.yaml @@ -0,0 +1,184 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: + {{- include "cpnConsole.server.labels" . | nindent 4 }} +spec: + {{- if not .Values.server.autoscaling.enabled }} + replicas: {{ .Values.server.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "cpnConsole.server.selectorLabels" . | nindent 6 }} + strategy: + type: {{ .Values.server.strategy.type }} + template: + metadata: + annotations: + {{- include "checksum" (list $ "/server/configmap.yaml") | nindent 8 }} + {{- include "checksum" (list $ "/server/secret.yaml") | nindent 8 }} + {{- include "checksum" (list $ "/server/scripts.yaml") | nindent 8 }} + {{- with .Values.server.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "cpnConsole.server.selectorLabels" . | nindent 8 }} + {{- with .Values.server.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if and .Values.imageCredentials.username .Values.imageCredentials.password }} + imagePullSecrets: + - name: {{ include "cpnConsole.name" . }}-pullsecret + {{- end }} + serviceAccountName: {{ include "cpnConsole.server.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.server.podSecurityContext | nindent 8 }} + {{- if or .Values.server.plugins .Values.server.initContainers }} + initContainers: + {{- if and .Values.server.plugins (len .Values.server.plugins) }} + - image: docker.io/wbitt/network-multitool:alpine-minimal + name: fetch-plugins + command: + - sh + - /script/fetch + volumeMounts: + - name: fetch-script + mountPath: /script + - name: plugins + mountPath: /plugins + {{- end }} + {{- if .Values.server.initContainers }} + {{- toYaml .Values.server.initContainers | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: server + securityContext: + {{- toYaml .Values.server.container.securityContext | nindent 12 }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.server.image.pullPolicy }} + {{- if .Values.server.container.command }} + command: + {{- range .Values.server.container.command }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.server.container.args }} + args: + {{- range .Values.server.container.args }} + - {{ . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.server.service.port }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ include "cpnConsole.fullname" . }}-server + - secretRef: + name: {{ include "cpnConsole.fullname" . }}-server + {{- if .Values.server.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.server.healthcheckPath }} + port: {{ .Values.server.container.port }} + initialDelaySeconds: {{ .Values.server.startupProbe.initialDelaySeconds }} + successThreshold: {{ .Values.server.startupProbe.successThreshold }} + failureThreshold: {{ .Values.server.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.server.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.startupProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.server.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.server.healthcheckPath }} + port: {{ .Values.server.container.port }} + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.server.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.server.healthcheckPath }} + port: {{ .Values.server.container.port }} + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.server.hostAliases }} + hostAliases: + {{- toYaml .Values.server.hostAliases | nindent 8 }} + {{- end }} + resources: + {{- toYaml .Values.server.resources | nindent 10 }} + volumeMounts: + - name: config + mountPath: /config + {{- if .Values.server.dbDataCm }} + - name: imports + mountPath: /app/dist/init/db/imports + {{- end }} + {{- if and .Values.server.plugins (len .Values.server.plugins) }} + - name: plugins + mountPath: /plugins + {{- end }} + {{- range $volumeMount := .Values.server.extraVolumeMounts }} + - name: {{ $volumeMount.name }} + mountPath: {{ $volumeMount.mountPath }} + {{- end }} + {{- if .Values.server.extraContainers }} + {{- toYaml .Values.server.extraContainers | nindent 8 }} + {{- end }} + {{- with .Values.server.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + projected: + sources: + {{- if .Values.server.extraCa.name }} + - configMap: + name: {{ .Values.server.extraCa.name }} + items: + - key: {{ .Values.server.extraCa.key }} + path: {{ .Values.server.extraCa.mountSubPath }} + {{- end }} + {{- if .Values.server.dbDataCm }} + - name: imports + configMap: + name: {{ .Values.server.dbDataCm }} + {{- end }} + {{- if and .Values.server.plugins (len .Values.server.plugins) }} + - name: plugins + emptyDir: {} + - name: fetch-script + configMap: + name: {{ include "cpnConsole.fullname" . }}-fetch-script + {{- end }} + {{- range $volume := .Values.server.extraVolumes }} + - name: {{ $volume.name }} + {{- if eq $volume.type "hostPath" }} + hostPath: + path: {{ $volume.path }} + {{- end }} + {{- if eq $volume.type "configMap" }} + configMap: + name: {{ $volume.name }} + {{- end }} + {{- end }} diff --git a/charts/dso-console/templates/server/hpa.yaml b/charts/dso-console/templates/server/hpa.yaml new file mode 100644 index 0000000..6bf23c5 --- /dev/null +++ b/charts/dso-console/templates/server/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.server.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: + {{- include "cpnConsole.server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "cpnConsole.fullname" . }}-server + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- if .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/dso-console/templates/server/scripts.yaml b/charts/dso-console/templates/server/scripts.yaml new file mode 100644 index 0000000..1c2be54 --- /dev/null +++ b/charts/dso-console/templates/server/scripts.yaml @@ -0,0 +1,16 @@ +{{- if .Values.server.plugins }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "cpnConsole.fullname" . }}-fetch-script + labels: {{- include "cpnConsole.server.labels" . | nindent 4 }} +data: + fetch: | + #!/bin/bash + cd /tmp +{{- range $i, $val := .Values.server.plugins }} + wget {{ $val }} -O {{ $i }}.zip; + mkdir -p /plugins/{{ $i }} + unzip {{ $i }}.zip -d /plugins/{{ $i }}; +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/dso-console/templates/server/secret.yaml b/charts/dso-console/templates/server/secret.yaml new file mode 100644 index 0000000..d739785 --- /dev/null +++ b/charts/dso-console/templates/server/secret.yaml @@ -0,0 +1,15 @@ +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: {{- include "cpnConsole.server.labels" . | nindent 4 }} +data: + SESSION_SECRET: {{ .Values.global.keycloak.sessionSecret | b64enc }} + KEYCLOAK_CLIENT_SECRET: {{ .Values.global.keycloak.clientSecrets.backend | b64enc }} + DB_URL: {{ .Values.global.postgresql.dbUrl | default (printf "postgresql://%s:%s@%s-hl:%s/%s?schema=public" .Values.postgresql.global.postgresql.auth.username .Values.postgresql.global.postgresql.auth.password .Values.postgresql.fullnameOverride (.Values.postgresql.primary.service.ports.postgresql | toString) .Values.postgresql.global.postgresql.auth.database) | b64enc }} + {{- if .Values.global.secrets -}} + {{- include "cpnConsole.secret" .Values.global | indent 2 }} + {{- end -}} + {{- if .Values.server.secrets -}} + {{- include "cpnConsole.secret" .Values.server | indent 2 }} + {{- end -}} diff --git a/charts/dso-console/templates/server/service.yaml b/charts/dso-console/templates/server/service.yaml new file mode 100644 index 0000000..debf20c --- /dev/null +++ b/charts/dso-console/templates/server/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cpnConsole.fullname" . }}-server + labels: + {{- include "cpnConsole.server.labels" . | nindent 4 }} +spec: + type: {{ .Values.server.service.type }} + ports: + - port: {{ .Values.server.service.port }} + targetPort: {{ .Values.server.container.port }} + protocol: TCP + selector: + {{- include "cpnConsole.server.selectorLabels" . | nindent 4 }} diff --git a/charts/dso-console/templates/server/serviceaccount.yaml b/charts/dso-console/templates/server/serviceaccount.yaml new file mode 100644 index 0000000..ecb584e --- /dev/null +++ b/charts/dso-console/templates/server/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.server.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cpnConsole.server.serviceAccountName" . }} + labels: + {{- include "cpnConsole.server.labels" . | nindent 4 }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/dso-console/values.yaml b/charts/dso-console/values.yaml new file mode 100644 index 0000000..79837e8 --- /dev/null +++ b/charts/dso-console/values.yaml @@ -0,0 +1,502 @@ +# -- Provide a name in place of the default application name. +nameOverride: "" +# -- String to fully override the default application name. +fullnameOverride: "" + +# Image credentials configuration. +imageCredentials: + # -- Registry to pull images from. + registry: "" + # -- Username to pull images. + username: "" + # -- Password to pull images. + password: "" + # -- Email to pull images. + email: "" + +# Cloud Pi Native (CPN) configuration file. +config: + # -- Whether or not helm should create the console config. + create: false + # -- Name of the genrated config. + name: "dso-config" + # -- Projects root directory to use in other services such as Gitlab, etc. + projectsRootDir: "forge" + # -- Secrets to inject into the configuration. + # It is needed for server to get services informations such as urls, admin username, admin password or token, etc. + secrets: + # ARGO_NAMESPACE: "dso-argocd" + # ARGOCD_URL: "https://argocd.domain.local" + # GITLAB_TOKEN: "" + # GITLAB_URL: "https://gitlab.domain.local" + # HARBOR_ADMIN: "admin" + # HARBOR_ADMIN_PASSWORD: "" + # HARBOR_URL: "https://harbor.domain.local" + # KEYCLOAK_ADMIN: "admin" + # KEYCLOAK_ADMIN_PASSWORD: "" + # KEYCLOAK_URL: "https://keycloak.domain.local" + # NEXUS_ADMIN: "admin" + # NEXUS_ADMIN_PASSWORD: "" + # NEXUS_URL: "https://nexus.domain.local" + # SONAR_API_TOKEN: "" + # SONARQUBE_URL: "https://sonar.domain.local" + # VAULT_TOKEN: "" + # VAULT_URL: "https://vault.domain.local" + +# Global configuration. +global: + # -- Map of environment variables to inject into backend and frontend containers. + env: + NODE_ENV: "production" + # -- Map of environment variables to inject into backend and frontend containers. + secrets: {} + ## Global informations about the Keycloak instance that will be shared to the server and client. + keycloak: + # -- Keycloak domain used for authentication. + domain: "keycloak.domain.com" + # -- Name of the keycloak realm used for authentication. + realm: "cloud-pi-native" + # -- Protocol used to communicate with keycloak for authentication. + protocol: "https" + ## Keycloak client ids. + clientIds: + # -- Keycloak clientId used for Console CPN client. + backend: "console-backend" + # -- Keycloak clientId used for frontend. + frontend: "console-frontend" + clientSecrets: + # -- Keycloak clientSecret used for Console CPN client. + backend: "" + # -- Keycloak redirect uri used with keycloak. + redirectUri: "https://console.dso.local" + # -- Session secret used to store keycloak session for Console CPN client. + sessionSecret: "a-very-strong-secret-with-more-than-32-char" + postgresql: + # -- Postgres database connection string used to override computed db url, usefull if external database. + ## For postgres it should look like this "postgresql://db_user:db_password@db_service:db_port/db_name?schema=public" + dbUrl: "" + +# Ingress configuration +ingress: + # -- Whether or not ingress should be enabled. + enabled: true + # -- Defines which ingress controller will implement the resource. + className: "" + # -- Additional ingress annotations. + annotations: {} + # -- Additional ingress labels. + labels: {} + # -- The list of hosts to be covered by ingress record. + hosts: + - "console.dso.local" + # -- Enable TLS configuration. + tls: [] + # - secretName: console.dso.local-tls + # hosts: + # - console.dso.local + +# Console CPN client configuration. +client: + # -- The number of application controller pods to run. + replicaCount: 1 + ## Console CPN client image + image: + # -- Repository to use for the Console CPN client. + repository: "ghcr.io/cloud-pi-native/console/client" + # -- Image pull policy for the Console CPN client. + pullPolicy: "Always" + # -- Tag to use for the Console CPN client. + ## Overrides the image tag whose default is the chart appVersion. + tag: "" + # -- Annotations for the Console CPN client deployed pods. + podAnnotations: {} + # -- Labels for the Console CPN client deployed pods. + podLabels: {} + # -- Toggle and define pod-level security context. + podSecurityContext: {} + # fsGroup: 2000 + # -- Init containers to add to the Console CPN client pod. + initContainers: [] + # - name: wait-for-keycloak + # image: docker.io/curlimages/curl:latest + # command: + # - "/bin/sh" + # - "-c" + # args: + # - "while [ $(curl -sw '%{http_code}' http://webserver.svc.cluster.local -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the webserver...'; done" + # volumeMounts: + # - mountPath: /custom-volume + # name: custom-volume + container: + # -- Console CPN client container port. + port: 8080 + # -- Console CPN client container command. + command: [] + # -- Console CPN client container command args. + args: [] + # -- Toggle and define container-level security context. + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # -- Extra containers to add to the Console CPN client pod as sidecars. + extraContainers: + # - name: fluentd + # image: "fluentd" + # volumeMounts: + # - mountPath: /my-volume/config + # name: config + # -- Console CPN client container env variables, it will be injected into a configmap and loaded into the container. + env: {} + # -- Console CPN client container env secrets, it will be injected into a secret and loaded into the container. + secrets: {} + # -- Console CPN client container healthcheck endpoint. + healthcheckPath: "/" + ## Deployment strategy for CPN client deployment. + strategy: + # -- Strategy type used to replace old Pods by new ones, can be "Recreate" or "RollingUpdate". + type: "RollingUpdate" + ## Startup probe for Console CPN client. + startupProbe: + # -- Whether or not enable the probe. + enabled: true + # -- Number of seconds after the container has started before probe is initiated. + initialDelaySeconds: 0 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 10 + # -- How often (in seconds) to perform the probe. + periodSeconds: 10 + # -- Number of seconds after which the probe times out. + timeoutSeconds: 5 + ## Readiness probe for Console CPN client. + readinessProbe: + # -- Whether or not enable the probe. + enabled: true + # -- Number of seconds after the container has started before probe is initiated. + initialDelaySeconds: 15 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 2 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 2 + # -- How often (in seconds) to perform the probe. + periodSeconds: 10 + # -- Number of seconds after which the probe times out. + timeoutSeconds: 5 + ## Liveness probe for Console CPN client. + livenessProbe: + # -- Whether or not enable the probe. + enabled: true + # -- Number of seconds after the container has started before probe is initiated. + initialDelaySeconds: 30 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 3 + # -- How often (in seconds) to perform the probe. + periodSeconds: 30 + # -- Number of seconds after which the probe times out + timeoutSeconds: 5 + # -- Host aliases that will be injected at pod-level into /etc/hosts. + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # - ip: "10.1.2.3" + # hostnames: + # - "foo.remote" + # - "bar.remote" + # -- List of extra volumes to add. + extraVolumes: [] + # - name: extra-vol + # path: /host/path + # type: hostPath + # - name: extra-vol-cm + # type: configMap + # -- List of extra mounts to add (normally used with extraVolumes). + extraVolumeMounts: [] + # - name: extra-vol + # mountPath: /volume/path + # - name: extra-vol-cm + # mountPath: /volume/cm/path + service: + # -- Console CPN client service type. + type: "ClusterIP" + # -- Console CPN client service port. + port: 80 + # -- Resource limits and requests for the Console CPN client. + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + ## Console CPN client Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Console CPN client. + enabled: false + # -- Minimum number of replicas for the Console CPN client [HPA]. + minReplicas: 1 + # -- Maximum number of replicas for the Console CPN client [HPA]. + maxReplicas: 3 + # -- Average CPU utilization percentage for the Console CPN client [HPA]. + targetCPUUtilizationPercentage: 80 + # -- Average memory utilization percentage for the Console CPN client [HPA]. + targetMemoryUtilizationPercentage: 80 + # -- Default node selector for Console CPN client. + nodeSelector: {} + # -- Default tolerations for Console CPN client. + tolerations: [] + # -- Default affinity for Console CPN client. + affinity: {} + +# Console CPN server configuration. +server: + # -- The number of application controller pods to run. + replicaCount: 1 + ## Console CPN server image. + image: + # -- Repository to use for the Console CPN server. + repository: "ghcr.io/cloud-pi-native/console/server" + # -- Image pull policy for the Console CPN server. + pullPolicy: "Always" + # -- Tag to use for the Console CPN server. + ## Overrides the image tag whose default is the chart appVersion. + tag: "" + # -- Annotations for the Console CPN server deployed pods. + podAnnotations: {} + # -- Labels for the Console CPN server deployed pods. + podLabels: {} + # -- Toggle and define pod-level security context. + podSecurityContext: {} + # fsGroup: 2000 + # -- Init containers to add to the Console CPN client pod. + initContainers: [] + # - name: wait-for-keycloak + # image: docker.io/curlimages/curl:latest + # command: + # - "/bin/sh" + # - "-c" + # args: + # - "while [ $(curl -sw '%{http_code}' http://webserver.svc.cluster.local -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the webserver...'; done" + # volumeMounts: + # - mountPath: /custom-volume + # name: custom-volume + container: + # -- Console CPN server container port. + port: 8080 + # -- Console CPN server container command. + command: [] + # -- Console CPN server container command args. + args: [] + # -- Toggle and define container-level security context. + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # -- Extra containers to add to the Console CPN server pod as sidecars. + extraContainers: + # - name: fluentd + # image: "fluentd" + # volumeMounts: + # - mountPath: /my-volume/config + # name: config + # -- Console CPN server container env variables, it will be injected into a configmap and loaded into the container. + env: {} + ## csv list of plugins to disabled + # DISABLED_PLUGINS: "" + # -- Console CPN server container env secrets, it will be injected into a secret and loaded into the container. + secrets: {} + # -- Name of the configmap with javascript data that need to be imported by the server at start up. + dbDataCm: "" + # -- Console CPN server container healthcheck endpoint. + healthcheckPath: "/api/v1/healthz" + ## Deployment strategy for CPN server deployment. + strategy: + # -- Strategy type used to replace old Pods by new ones, can be "Recreate" or "RollingUpdate". + type: "RollingUpdate" + ## Startup probe for Console CPN server. + startupProbe: + # -- Whether or not enable the probe. + enabled: true + # -- Number of seconds after the container has started before probe is initiated. + initialDelaySeconds: 0 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 10 + # -- How often (in seconds) to perform the probe. + periodSeconds: 10 + # -- Number of seconds after which the probe times out. + timeoutSeconds: 5 + ## Readiness probe for Console CPN server. + readinessProbe: + # -- Whether or not enable the probe. + enabled: true + # -- Number of seconds after the container has started before probe is initiated. + initialDelaySeconds: 15 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 2 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 2 + # -- How often (in seconds) to perform the probe. + periodSeconds: 10 + # -- Number of seconds after which the probe times out. + timeoutSeconds: 5 + ## Liveness probe for Console CPN server. + livenessProbe: + # -- Whether or not enable the probe. + enabled: true + # -- Whether or not enable the probe. + initialDelaySeconds: 30 + # -- Number of seconds after the container has started before probe is initiated. + successThreshold: 1 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + failureThreshold: 3 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. + periodSeconds: 30 + # -- How often (in seconds) to perform the probe. + timeoutSeconds: 5 + # -- Host aliases that will be injected at pod-level into /etc/hosts. + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # - ip: "10.1.2.3" + # hostnames: + # - "foo.remote" + # - "bar.remote" + # -- Extra certificate to add to the container, it should be provide as a configmap. + extraCa: + # -- The name of the configmap in namespace where certificates are stored. + name: "" + # -- The key to lookup. + key: "" + # -- The path inside the container where the certificate file should be mount. + # This is a native Nodejs environment variable to extends certificates, see: https://nodejs.org/api/cli.html#node_extra_ca_certsfile. + # This mount path represent the subpath to use under the `/config` config root path. + mountSubPath: "ca_certs" + # -- List of extra volumes to add. + extraVolumes: [] + # - name: extra-vol + # path: /host/path + # type: hostPath + # - name: extra-vol-cm + # type: configMap + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + # - name: extra-vol + # mountPath: /volume/path + # - name: extra-vol-cm + # mountPath: /volume/cm/path + service: + # -- Console CPN server service type. + type: "ClusterIP" + # -- Console CPN server service port. + port: 80 + # -- List of zips to download; basically curl url, unzip and stores it in plugins/external/. + plugins: [] + # -- CSV list of plugins to disabled. + disabledPlugins: "" + # -- Resource limits and requests for the Console CPN server. + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + ## Console CPN server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Console CPN server. + enabled: false + # -- Minimum number of replicas for the Console CPN server [HPA]. + minReplicas: 1 + # -- Maximum number of replicas for the Console CPN server [HPA]. + maxReplicas: 3 + # -- Average CPU utilization percentage for the Console CPN server [HPA]. + targetCPUUtilizationPercentage: 80 + # -- Average memory utilization percentage for the Console CPN server [HPA]. + targetMemoryUtilizationPercentage: 80 + # -- Default node selector for Console CPN server. + nodeSelector: {} + # -- Default tolerations for Console CPN server. + tolerations: [] + # -- Default affinity for Console CPN server. + affinity: {} + serviceAccount: + # -- Create a service account for the Console CPN server. + create: true + # -- Annotations applied to created service account. + annotations: {} + # -- Service account name. + name: "cpn-console-server" + +# Postgresql configuration. +## Ref: https://artifacthub.io/packages/helm/bitnami/postgresql +postgresql: + enabled: true + architecture: "standalone" + global: + postgresql: + auth: + postgresPassword: "" + username: "" + password: "" + database: "" + primary: + service: + type: "ClusterIP" + ports: + postgresql: 5432 + persistence: + size: "2Gi" + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + readReplicas: + persistence: + size: "2Gi" + +# Keycloak configuration. +## Ref: https://artifacthub.io/packages/helm/bitnami/keycloak +keycloak: + enabled: false + auth: + adminUser: "" + adminPassword: "" + ingress: + enabled: true + ingressClassName: "" + annotations: {} + hostname: "keycloak.dso.local" + path: "/" + tls: false + secrets: [] + production: true + proxy: "edge" + tls: + enabled: false + autoGenerated: false + postgresql: + enabled: true + auth: + postgresPassword: "" + username: "" + password: "" + database: "keycloak" + architecture: "standalone"