diff --git a/.github/workflows/release-charts.yml b/.github/workflows/release-charts.yml new file mode 100644 index 00000000..90e2dd31 --- /dev/null +++ b/.github/workflows/release-charts.yml @@ -0,0 +1,37 @@ +name: Release Charts + +on: + push: + branches: + - master + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v1 + with: + version: v3.7.1 + + - name: Add dependency chart repos + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.3.0 + with: + charts_dir: deployment/kubernetes + config: cr.yaml + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.gitignore b/.gitignore index 0febfb9d..4d05cb36 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,7 @@ openapitools.json # Auto generated files src/resources.md src/swagger2.0.json + +# Helm +**/charts/*.tgz +**/Chart.lock \ No newline at end of file diff --git a/cr.yaml b/cr.yaml new file mode 100644 index 00000000..32f0b568 --- /dev/null +++ b/cr.yaml @@ -0,0 +1 @@ +release-name-template: "{{ .Name }}-chart-{{ .Version }}" \ No newline at end of file diff --git a/deployment/kubernetes/objects/Chart.lock b/deployment/kubernetes/objects/Chart.lock index 38d66523..87ae85a4 100644 --- a/deployment/kubernetes/objects/Chart.lock +++ b/deployment/kubernetes/objects/Chart.lock @@ -1,6 +1,9 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.10.1 -digest: sha256:6286ac74b5e31a1fb03518c8147a24a02d26788ed75d01d8064a068dbda06f03 -generated: "2021-09-20T18:26:08.467099231+02:00" + version: 10.10.3 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 13.0.1 +digest: sha256:f16504851e29407f8998b80327744f6339647167e7be8aac378816b245fd612a +generated: "2022-03-04T21:20:41.190441+01:00" diff --git a/deployment/kubernetes/objects/Chart.yaml b/deployment/kubernetes/objects/Chart.yaml index daab496b..0f705354 100644 --- a/deployment/kubernetes/objects/Chart.yaml +++ b/deployment/kubernetes/objects/Chart.yaml @@ -3,7 +3,7 @@ name: objects description: A Helm chart for Objects API type: application -version: 0.1.1 +version: 0.2.0 appVersion: "1.16.0" dependencies: @@ -12,3 +12,8 @@ dependencies: repository: https://charts.bitnami.com/bitnami tags: - postgresql + - name: redis + version: ~13.0.0 + repository: https://charts.bitnami.com/bitnami + tags: + - redis diff --git a/deployment/kubernetes/objects/charts/postgresql-10.10.1.tgz b/deployment/kubernetes/objects/charts/postgresql-10.10.1.tgz deleted file mode 100644 index 1ccb28d6..00000000 Binary files a/deployment/kubernetes/objects/charts/postgresql-10.10.1.tgz and /dev/null differ diff --git a/deployment/kubernetes/objects/templates/configmap.yaml b/deployment/kubernetes/objects/templates/configmap.yaml index 4cfaae15..e55a29d8 100644 --- a/deployment/kubernetes/objects/templates/configmap.yaml +++ b/deployment/kubernetes/objects/templates/configmap.yaml @@ -11,3 +11,20 @@ data: DB_PORT: {{ .Values.settings.database.port | toString | quote }} DB_USER: {{ .Values.settings.database.username | toString | quote }} DB_NAME: {{ .Values.settings.database.name | toString | quote }} + PGSSLMODE: {{ .Values.settings.database.sslmode | toString | quote }} + CACHE_DEFAULT: {{ .Values.settings.cache.default | toString | quote }} + CACHE_AXES: {{ .Values.settings.cache.axes | toString | quote }} + DEBUG: {{ .Values.settings.debug | toString | quote }} + IS_HTTPS: {{ .Values.settings.isHttps | toString | quote }} + NOTIFICATIONS_DISABLED: {{ .Values.settings.notificationsDisabled | toString | quote }} + TWO_FACTOR_FORCE_OTP_ADMIN: {{ .Values.settings.twoFactorForceOtpAdmin | toString | quote }} + TWO_FACTOR_PATCH_ADMIN: {{ .Values.settings.twoFactorPatchAdmin | toString | quote }} + {{- if .Values.settings.admins }} + ADMINS: {{ .Values.settings.admins | toString | quote }} + {{- end }} + {{- if .Values.settings.subPath }} + SUBPATH: {{ .Values.settings.subPath | toString | quote }} + {{- end }} + {{- if .Values.settings.siteId }} + SITE_ID: {{ .Values.settings.siteId | toString | quote }} + {{- end }} diff --git a/deployment/kubernetes/objects/templates/deployment.yaml b/deployment/kubernetes/objects/templates/deployment.yaml index d2e1b6b2..975ee181 100644 --- a/deployment/kubernetes/objects/templates/deployment.yaml +++ b/deployment/kubernetes/objects/templates/deployment.yaml @@ -13,12 +13,17 @@ spec: {{- include "objects.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: - {{- toYaml . | nindent 8 }} - {{- end }} + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "objects.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -35,7 +40,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} envFrom: - secretRef: - name: {{ include "objects.fullname" . }} + name: {{ .Values.existingSecret | default (include "objects.fullname" .) }} - configMapRef: name: {{ include "objects.fullname" . }} ports: @@ -46,10 +51,16 @@ spec: httpGet: path: / port: http + httpHeaders: + - name: Host + value: {{ include "objects.fullname" . | quote }} readinessProbe: httpGet: path: / port: http + httpHeaders: + - name: Host + value: {{ include "objects.fullname" . | quote }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/deployment/kubernetes/objects/templates/secret.yaml b/deployment/kubernetes/objects/templates/secret.yaml index b4957060..9f4cd7e3 100644 --- a/deployment/kubernetes/objects/templates/secret.yaml +++ b/deployment/kubernetes/objects/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -8,4 +9,7 @@ type: Opaque data: DB_PASSWORD: {{ .Values.settings.database.password | toString | b64enc | quote }} SECRET_KEY: {{ .Values.settings.secretKey | toString | b64enc | quote }} - + {{- if .Values.settings.sentry.dsn }} + SENTRY_DSN: {{ .Values.settings.sentry.dsn | toString | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/deployment/kubernetes/objects/values.yaml b/deployment/kubernetes/objects/values.yaml index a9d1e5be..c131caee 100644 --- a/deployment/kubernetes/objects/values.yaml +++ b/deployment/kubernetes/objects/values.yaml @@ -1,5 +1,6 @@ tags: postgresql: true + redis: true replicaCount: 1 @@ -12,6 +13,8 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +existingSecret: null + serviceAccount: create: true annotations: {} @@ -19,6 +22,8 @@ serviceAccount: podAnnotations: {} +podLabels: {} + podSecurityContext: {} # fsGroup: 2000 @@ -74,7 +79,15 @@ affinity: {} settings: secretKey: NOT-SO-SECRET - allowedHosts: "*" + allowedHosts: "objects" + admins: "" + siteId: "" + debug: "False" + isHttps: "True" + subPath: "" + notificationsDisabled: "False" + twoFactorForceOtpAdmin: "True" + twoFactorPatchAdmin: "True" database: host: objects-postgresql @@ -82,7 +95,14 @@ settings: username: postgres password: objects name: postgres + sslmode: prefer + + cache: + default: open-zaak-redis-master:6379/0 + axes: open-zaak-redis-master:6379/0 + sentry: + dsn: "" ######################### ## PostgreSQL subchart ## @@ -91,3 +111,22 @@ postgresql: postgresqlPassword: objects postgresqlPostgresPassword: objects image.tag: 12.8.0 + + +################## +# Redis subchart # +################## + +redis: + usePassword: false + + cluster: + enabled: false + + persistence: + existingClaim: null + + master: + persistence: + enabled: false + size: 1Gi \ No newline at end of file