diff --git a/helmchart/nginx-public-ingress-0.1.0.tgz b/helmchart/nginx-public-ingress-0.1.0.tgz new file mode 100644 index 0000000000..0fef7db754 Binary files /dev/null and b/helmchart/nginx-public-ingress-0.1.0.tgz differ diff --git a/helmchart/nginx-public-ingress/.helmignore b/helmchart/nginx-public-ingress/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helmchart/nginx-public-ingress/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helmchart/nginx-public-ingress/Chart.yaml b/helmchart/nginx-public-ingress/Chart.yaml new file mode 100644 index 0000000000..ded713533b --- /dev/null +++ b/helmchart/nginx-public-ingress/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: nginx-public-ingress +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 1.16.0 diff --git a/helmchart/nginx-public-ingress/nginx-public-ingress-0.1.0.tgz b/helmchart/nginx-public-ingress/nginx-public-ingress-0.1.0.tgz new file mode 100644 index 0000000000..799f299dd4 Binary files /dev/null and b/helmchart/nginx-public-ingress/nginx-public-ingress-0.1.0.tgz differ diff --git a/helmchart/nginx-public-ingress/templates/_helpers.tpl b/helmchart/nginx-public-ingress/templates/_helpers.tpl new file mode 100644 index 0000000000..0af5bc238a --- /dev/null +++ b/helmchart/nginx-public-ingress/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nginx-public-ingress.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nginx-public-ingress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nginx-public-ingress.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "nginx-public-ingress.labels" -}} +helm.sh/chart: {{ include "nginx-public-ingress.chart" . }} +{{ include "nginx-public-ingress.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "nginx-public-ingress.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nginx-public-ingress.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nginx-public-ingress.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "nginx-public-ingress.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helmchart/nginx-public-ingress/templates/configMap.yaml b/helmchart/nginx-public-ingress/templates/configMap.yaml new file mode 100644 index 0000000000..008a18117b --- /dev/null +++ b/helmchart/nginx-public-ingress/templates/configMap.yaml @@ -0,0 +1,1010 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: proxy-default + namespace: {{ .Release.namespace }} +data: + compression.conf: | + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 256; # 256Bytes + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + ; + proxy-default.conf: | + server { + listen 80; + listen [::]:80; + server_name {{ .Values.domain }}; + # Limitting open connection per ip + limit_conn limitbyaddr 400; + return 301 https://{{ .Values.domain }}$request_uri; + } + server { + listen 443 ssl; + ssl_certificate /etc/secrets/tls.crt; + ssl_certificate_key /etc/secrets/tls.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.{{ .Values.domain }} {{ .Values.domain }}; + # Limitting open connection per ip + limit_conn limitbyaddr 400; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ (lookup "v1" "Service" "kube-system" "kube-dns").spec.clusterIP }} valid=30s; + # Mobile Devices Refresh token Endpoints + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm player API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Static Assets for player endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache small_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 5m; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache medium_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 5m; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache large_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 4m; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache large_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 4m; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/data/v1/form/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache small_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 5m; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache medium_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 5m; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + proxy_pass http://kong; + } + location /api/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + if ( $arg_eHVyhwSdt ) { + set $custom_header "Bearer $arg_eHVyhwSdt"; + } + if ( $http_authorization ) { + set $custom_header "$http_authorization"; + } + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Authorization $custom_header; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /graylog/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://graylog.logging.svc.cluster.local; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header Graylog-User viewer; + proxy_set_header X-Graylog-Server-URL https://{{ .Values.domain }}/graylog/; + rewrite ^/graylog/(.*)$ /$1 break; + proxy_pass $target; + } + location /dashboard { + return 301 /graylog/; + } + location /oauth3 { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth3/auth { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + auth_request /oauth3/auth; + error_page 401 = /oauth3/sign_in; + auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.dev.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + # Socket.IO Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://nodebb-service.dev.svc.cluster.local:4567; + #rewrite ^/discussions/(.*) /$1 break; + proxy_pass $target; + } + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/v3/preview/$url_full; + } + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/content-editor/$url_full; + } + location ~* ^/discussion-ui/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/discussion-ui/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "https://{{ .Values.cloud_public_storage_accountname }}/{{ .Values.cloud_public_storage_container }}/dev-offlineinstaller"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{ .Values.cloud_public_storage_accountname }}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /learner/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache medium_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 5m; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /api/channel/v1/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache medium_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 5m; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.dev.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + location /dial/ { + if ($dial_upstream_host = kong) { + rewrite ^/dial/(.*) /api/dialcode/v2/read/$1; + } + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://$dial_upstream_host; + } + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-conf + namespace: {{ .Release.namespace }} +data: + nginx.conf: | + user nginx; + worker_processes auto; + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + events { + worker_connections 10000; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + resolver {{ (lookup "v1" "Service" "kube-system" "kube-dns").spec.clusterIP }} valid=30s; + lua_load_resty_core off; + log_format main '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $request_length $body_bytes_sent' + ' $request_time $upstream_response_time $pipe' + ' "$http_referer" "$http_user_agent" "$sb_request_id"' + ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' + ' "$http_x_app_ver" "$http_x_session_id" '; + access_log /var/log/nginx/access.log main; + # Shared dictionary to store metrics + lua_shared_dict prometheus_metrics 100M; + lua_package_path "/etc/nginx/lua_modules/?.lua"; + # Defining request_id + # If the client send request_id it should be preffered over the default one + map $http_x_request_id $sb_request_id { + default $http_x_request_id; + '' $request_id; + } + # Defining upstream cache status for nginx metrics + map $upstream_cache_status $cache_status { + default $upstream_cache_status; + '' "NONE"; + } + map $http_accept $dial_upstream_host { + default player; + application/ld+json kong; + } + # Defining metrics + init_worker_by_lua_block { + prometheus = require("prometheus").init("prometheus_metrics") + metric_requests = prometheus:counter( + "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) + metric_latency = prometheus:histogram( + "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) + metric_connections = prometheus:gauge( + "nginx_http_connections", "Number of HTTP connections", {"state"}) + } + log_by_lua_block { + metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) + metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) + } + header_filter_by_lua_block { + ngx.header["server"] = nil + } + sendfile on; + #tcp_nopush on; + client_max_body_size 60M; + keepalive_timeout 65s; + keepalive_requests 200; + # Nginx connection limit per ip + limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; + limit_conn_status 429; + upstream kong { + server kong:8000; + keepalive 1000; + } + upstream keycloak { + server keycloak:8080; + keepalive 1000; + } + upstream player { + server player:3000; + keepalive 1000; + } + include /etc/nginx/defaults.d/*.conf; + include /etc/nginx/conf.d/*.conf; + ################# + # Caching Block # + ################# + # + # Keywords + # + # proxy_cache_path: path to store the cache content + # level: how many directories we need, 1:2 means 1 parent directory, and another child directory before the cache content. + # keys_zone: name of the cache and size of the keys store in RAM; 1‑MB zone can store data for about 8,000 keys + # max_size: size of the cache content in disk + # inactive: specifies how long an item can remain in the cache without being accessed. This doesn't value expiry time of cache. So keep it more than the expiry. + # use_temp_path: do we have to write the cache to a temp path first? This will reduce the performance. + # + # caching for images and files + proxy_cache_path /tmp/large_cache levels=1:2 keys_zone=large_cache:3m max_size=100m inactive=10m use_temp_path=off; + proxy_cache_path /tmp/medium_cache levels=1:2 keys_zone=medium_cache:2m max_size=50m inactive=10m use_temp_path=off; + proxy_cache_path /tmp/small_cache levels=1:2 keys_zone=small_cache:1m max_size=10m inactive=10m use_temp_path=off; + + server { + listen 9145; + location /metrics { + content_by_lua_block { + metric_connections:set(ngx.var.connections_reading, {"reading"}) + metric_connections:set(ngx.var.connections_waiting, {"waiting"}) + metric_connections:set(ngx.var.connections_writing, {"writing"}) + prometheus:collect() + } + } + } + } diff --git a/helmchart/nginx-public-ingress/templates/daemonset.yaml b/helmchart/nginx-public-ingress/templates/daemonset.yaml new file mode 100644 index 0000000000..e660fbf635 --- /dev/null +++ b/helmchart/nginx-public-ingress/templates/daemonset.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: nginx-public-ingress + namespace: {{ .Release.namespace }} +spec: + selector: + matchLabels: + app: nginx-public-ingress + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + template: + metadata: + annotations: + nginxRolloutID: {{ randAlphaNum 5 | quote }} # Restart nginx after every deployment + fluentbit.io/parser: nginx2 + labels: + app: nginx-public-ingress + spec: + # Running nginx with custom config +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + volumes: + - name: tls + secret: + secretName: ingress-cert + - name: proxy-config + configMap: + name: proxy-default + - name: nginx-config + configMap: + name: nginx-conf +# {{- if .Values.apple_universal_links }} +# - name: apple-site-association +# configMap: +# name: apple-universal-links +# {{- end }} + containers: + - name: nginx-public + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - name: tls + mountPath: /etc/secrets + readOnly: true + - name: proxy-config + mountPath: /etc/nginx/defaults.d + - name: nginx-config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +# {{- if .Values.apple_universal_links }} +# - name: apple-site-association +# mountPath: /var/www/html +# {{- end }} + + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + - containerPort: 9145 + name: http-metrics +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-public-ingress-metrics + namespace: {{ .Release.namespace }} + labels: +{{- include "nginx-public-ingress.labels" . | nindent 4 }} +spec: + selector: + app: nginx-public-ingress + ports: + - name: http + port: 9145 + targetPort: 9145 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-public-ingress + namespace: {{ .Release.namespace }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: + externalTrafficPolicy: Local + selector: + app: nginx-public-ingress + type: {{ .Values.service.type }} +{{- if and .Values.service.nginx_public_ingress_ip (ne .Values.service.type "NodePort") }} + loadBalancerIP: {{ .Values.service.nginx_public_ingress_ip }} +{{- end }} + ports: +{{ toYaml .Values.service.ports | indent 4 }} diff --git a/helmchart/nginx-public-ingress/templates/recordingRules.yaml b/helmchart/nginx-public-ingress/templates/recordingRules.yaml new file mode 100644 index 0000000000..1701d08332 --- /dev/null +++ b/helmchart/nginx-public-ingress/templates/recordingRules.yaml @@ -0,0 +1,50 @@ +{{- if .Values.serviceMonitor.enabled }} +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "nginx-public-ingress.fullname" . }}-recording.rule + namespace: {{ default .Values.namespace .Release.Namespace }} + labels: + {{- include "nginx-public-ingress.labels" . | nindent 4 }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} +spec: + groups: + - name: nginx-recording.rules + rules: + - expr: sum(irate(nginx_http_requests_total[1m])) by (cache_status, host, env, status) + record: job:nginx_http_requests_total:irate:sum:1m + - expr: sum(irate(nginx_http_requests_total[5m])) by (cache_status, host, env, status) + record: job:nginx_http_requests_total:irate:sum:5m + - expr: sum(irate(nginx_http_requests_total[15m])) by (cache_status, host, env, status) + record: job:nginx_http_requests_total:irate:sum:15m + - record: job:nginx_http_success_percentage:increase:sum:5m + expr: |- + ( + sum(increase(nginx_http_requests_total{status!~"4..|5.."}[5m])) by (status) + / + ignoring(status) group_left sum(increase(nginx_http_requests_total[5m])) + ) * 100 + - record: job:nginx_http_success_percentage:increase:sum:15m + expr: |- + ( + sum(increase(nginx_http_requests_total{status!~"4..|5.."}[15m])) by (status) + / + ignoring(status) group_left sum(increase(nginx_http_requests_total[15m])) + ) * 100 + - record: job:nginx_http_failure_percentage:increase:sum:5m + expr: |- + ( + sum(increase(nginx_http_requests_total{status!~"2..|3.."}[5m])) by (status) + / + ignoring(status) group_left sum(increase(nginx_http_requests_total[5m])) + ) * 100 + - record: job:nginx_http_failure_percentage:increase:sum:15m + expr: |- + ( + sum(increase(nginx_http_requests_total{status!~"2..|3.."}[15m])) by (status) + / + ignoring(status) group_left sum(increase(nginx_http_requests_total[15m])) + ) * 100 +{{- end }} +{{- end }} diff --git a/helmchart/nginx-public-ingress/templates/secrets.yaml b/helmchart/nginx-public-ingress/templates/secrets.yaml new file mode 100644 index 0000000000..13cb456ad1 --- /dev/null +++ b/helmchart/nginx-public-ingress/templates/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ingress-cert + namespace: {{ .Release.namespace }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.core_vault_proxy_site_crt | b64enc }} + tls.key: {{ .Values.core_vault_proxy_site_key | b64enc }} diff --git a/helmchart/nginx-public-ingress/templates/serviceMonitor.yml b/helmchart/nginx-public-ingress/templates/serviceMonitor.yml new file mode 100644 index 0000000000..ea8ea50cf7 --- /dev/null +++ b/helmchart/nginx-public-ingress/templates/serviceMonitor.yml @@ -0,0 +1,27 @@ +{{- if .Values.serviceMonitor.enabled }} +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "nginx-public-ingress.fullname" . }} + namespace: {{ default .Values.namespace .Release.Namespace }} + labels: + {{- include "nginx-public-ingress.labels" . | nindent 4 }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} +spec: + endpoints: + - honorLabels: true + interval: 15s + path: /metrics + port: http + scheme: http + scrapeTimeout: 10s + jobLabel: nginx-public-ingress + namespaceSelector: + matchNames: + - {{ default .Values.namespace .Release.Namespace }} + selector: + matchLabels: + {{- include "nginx-public-ingress.labels" . | nindent 6 }} +{{- end }} +{{- end }} diff --git a/helmchart/nginx-public-ingress/values.yaml b/helmchart/nginx-public-ingress/values.yaml new file mode 100644 index 0000000000..6a3076193b --- /dev/null +++ b/helmchart/nginx-public-ingress/values.yaml @@ -0,0 +1,46 @@ +#jinja2:lstrip_blocks: True + +nginx_private_ingress_ip: "10.0.1.100" +domain: easyinstall.sunbirded.org +cloud_public_storage_accountname: "" +cloud_public_storage_container: "" +# nginx private and public cert +core_vault_proxy_site_key: "" +core_vault_proxy_site_crt: "" + +merge_domain_status: false +merge_domain: merger.sunbirded1.dev.org +service: + annotations: + service.beta.kubernetes.io/azure-load-balancer-external: "true" + type: LoadBalancer + + ports: + - port: 80 + name: http + targetPort: 80 + nodePort: 31380 + - port: 443 + name: https + targetPort: 443 + nodePort: 31390 + +imagepullsecrets: "" +dockerhub: docker.io + +resources: + requests: + cpu: '100m' + memory: '100Mi' + limits: + cpu: 1 + memory: '1024Mi' + +repository: tsprasath91/proxy +image_tag: release-5.1.0 + +serviceMonitor: + enabled: false + labels: # labels with which the prometheus choose the serviceMonitor + app: prometheus-operator + release: prometheus-operator diff --git a/helmchart/player-0.1.0.tgz b/helmchart/player-0.1.0.tgz new file mode 100644 index 0000000000..9018ac47e8 Binary files /dev/null and b/helmchart/player-0.1.0.tgz differ diff --git a/helmchart/portal/Chart.yaml b/helmchart/portal/Chart.yaml new file mode 100644 index 0000000000..ea3f9a464b --- /dev/null +++ b/helmchart/portal/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: player +description: A Helm chart for Sunbird Ed Portal service + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "5.0.0" diff --git a/helmchart/portal/charts/.helmignore b/helmchart/portal/charts/.helmignore new file mode 100644 index 0000000000..691fa13d6a --- /dev/null +++ b/helmchart/portal/charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/helmchart/portal/charts/common/.helmignore b/helmchart/portal/charts/common/.helmignore new file mode 100644 index 0000000000..691fa13d6a --- /dev/null +++ b/helmchart/portal/charts/common/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/helmchart/portal/charts/common/Chart.yaml b/helmchart/portal/charts/common/Chart.yaml new file mode 100644 index 0000000000..06cdb80cf2 --- /dev/null +++ b/helmchart/portal/charts/common/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: common +description: A helm chart for common templates + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: library + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "5.2.0" \ No newline at end of file diff --git a/helmchart/portal/charts/common/templates/_helpers.tpl b/helmchart/portal/charts/common/templates/_helpers.tpl new file mode 100644 index 0000000000..bd9f5b73f9 --- /dev/null +++ b/helmchart/portal/charts/common/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "common.read.configmap.name" -}} +{{- printf "%s-config" .Chart.Name -}} +{{- end -}} \ No newline at end of file diff --git a/helmchart/portal/charts/common/templates/_randomize.tpl b/helmchart/portal/charts/common/templates/_randomize.tpl new file mode 100644 index 0000000000..197527323c --- /dev/null +++ b/helmchart/portal/charts/common/templates/_randomize.tpl @@ -0,0 +1,3 @@ +{{- define "common.randomize" }} + {{- randAlphaNum . | trim }} +{{- end }} \ No newline at end of file diff --git a/helmchart/portal/charts/common/templates/_readsecret.tpl b/helmchart/portal/charts/common/templates/_readsecret.tpl new file mode 100644 index 0000000000..f11264f7aa --- /dev/null +++ b/helmchart/portal/charts/common/templates/_readsecret.tpl @@ -0,0 +1,40 @@ +{{- define "common.read.secret" -}} +{{- $secret := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $secret -}} + {{- if hasKey $secret .Key -}} + {{- index $secret .Key | b64dec -}} + {{- else -}} + {{- if .LocalDevelopment -}} + {{- printf "Ignoring API server errors to allow templating" -}} + {{- else -}} + {{- printf "ERROR | %s | The secret \"%s\" does not contain the key \"%s\" in namespace \"%s\"" .ChartName .Name .Key .Namespace | fail -}} + {{- end -}} + {{- end -}} +{{ else -}} + {{- if .LocalDevelopment -}} + {{- printf "Ignoring API server errors to allow templating" -}} + {{- else -}} + {{- printf "ERROR | %s | The secret \"%s\" does not exist in the namespace \"%s\"" .ChartName .Name .Namespace | fail -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{- define "common.secret.exists" -}} +{{ $secret := (lookup "v1" "Secret" .Namespace .Name).data}} +{{- if $secret -}} + {{- if hasKey $secret .Key -}} + {{- true -}} + {{- else -}} + {{- false -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{- define "common.secret.as.map" -}} +{{ $secret := (lookup "v1" "Secret" .Namespace .Name).data}} +{{- if $secret -}} + {{- $secret -}} +{{- else -}} + {{- false -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/helmchart/portal/charts/common/templates/_valdations.tpl b/helmchart/portal/charts/common/templates/_valdations.tpl new file mode 100644 index 0000000000..c13304ed12 --- /dev/null +++ b/helmchart/portal/charts/common/templates/_valdations.tpl @@ -0,0 +1,9 @@ +{{- define "common.valid.csps" -}} +{{- $validcsps := "azure or aws or gcloud" -}} +{{- printf "%s" $validcsps -}} +{{- end -}} + +{{- define "common.csp.validation" -}} +{{- $csplist := list "azure" "aws" "gcloud" -}} +{{- has . $csplist -}} +{{- end -}} \ No newline at end of file diff --git a/helmchart/portal/charts/common/values.yaml b/helmchart/portal/charts/common/values.yaml new file mode 100644 index 0000000000..c35424a597 --- /dev/null +++ b/helmchart/portal/charts/common/values.yaml @@ -0,0 +1 @@ +## Common helm templates \ No newline at end of file diff --git a/helmchart/portal/portal-sample-values.yaml b/helmchart/portal/portal-sample-values.yaml new file mode 100644 index 0000000000..fb18fcb7b3 --- /dev/null +++ b/helmchart/portal/portal-sample-values.yaml @@ -0,0 +1,19 @@ +## This section has mandatory variables +## You must provide a value for these +## If you don't provide a value for these variables, the chart installation will not proceed +domain: https://easeinstall.sunbirded.org +cloud_public_storage_accountname: testing +cloud_public_storage_secret: YXNkZmRhc2ZkYXNmZGFzZmRhc2ZkYXNmZHNhZg== +sunbird_azure_account_key: YXNkZmRhc2ZkYXNmZGFzZmRhc2ZkYXNmZHNhZg== +sunbird_azure_account_name: testing +sunbird_azure_report_container_name: report +sunbird_azure_storage_account_name: https://PUBLIC_STORAGE_URL.blob.core.windows.net/ +cloud_private_storage_accountname: testing +cloud_private_storage_secret: YXNkZmRhc2ZkYXNmZGFzZmRhc2ZkYXNmZHNhZg== +cloud_service_provider: azure + + +## This section has optional variables +## It is strongly recommended to provide a value for these +## If you don't provide a value for these variables, they will default to empty values +## If these variables are empty, some features on the application might not work as expected diff --git a/helmchart/portal/templates/_helpers.tpl b/helmchart/portal/templates/_helpers.tpl new file mode 100644 index 0000000000..3e091d110f --- /dev/null +++ b/helmchart/portal/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "sb-ed-portal-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sb-ed-portal-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sb-ed-portal-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "sb-ed-portal-service.labels" -}} +helm.sh/chart: {{ include "sb-ed-portal-service.chart" . }} +{{ include "sb-ed-portal-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sb-ed-portal-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sb-ed-portal-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sb-ed-portal-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "sb-ed-portal-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helmchart/portal/templates/configmap.yaml b/helmchart/portal/templates/configmap.yaml new file mode 100644 index 0000000000..5a91b33eb7 --- /dev/null +++ b/helmchart/portal/templates/configmap.yaml @@ -0,0 +1,218 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-config + namespace: {{ .Release.Namespace }} +data: + {{/* This section has variables whose value is read from another object */}} + + {{/* This section has variables which in turn contain one or more mandatory variables */}} + cloud_service_provider: {{ if eq (include "common.csp.validation" .Values.cloud_service_provider) "true" }} + {{- .Values.cloud_service_provider }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a valid value for \"cloud_service_provider\". Accepted values are \"%s\"" .Chart.Name (include "common.valid.csps" .) | fail }} + {{- end }} + + AZURE_STORAGE_ACCOUNT: {{ if .Values.cloud_public_storage_accountname }} + {{- .Values.cloud_public_storage_accountname }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_public_storage_accountname\"" .Chart.Name | fail }} + {{- end }} + + AZURE_STORAGE_KEY: {{ if .Values.cloud_public_storage_secret }} + {{- .Values.cloud_public_storage_secret }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_public_storage_secret\"" .Chart.Name | fail }} + {{- end }} + + cloud_private_storage_accountname: {{ if .Values.cloud_private_storage_accountname }} + {{- .Values.cloud_private_storage_accountname }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_private_storage_accountname\"" .Chart.Name | fail }} + {{- end }} + + {{/* uncomment for GCP + cloud_private_storage_project: {{ if .Values.cloud_private_storage_project }} + {{- .Values.cloud_private_storage_project }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_private_storage_project\"" .Chart.Name | fail }} + {{- end }} + + cloud_private_storage_region: {{ if .Values.cloud_private_storage_region }} + {{- .Values.cloud_private_storage_region }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_private_storage_region\"" .Chart.Name | fail }} + {{- end }} + + sunbird_gcloud_bucket_name: {{ .Values.sunbird_gcloud_bucket_name }} + sunbird_gcloud_client_email: {{ .Values.sunbird_gcloud_client_email }} + sunbird_gcloud_labels: {{ .Values.sunbird_gcloud_labels }} + sunbird_gcloud_private_key: {{ .Values.sunbird_gcloud_private_key }} + sunbird_gcloud_projectId: {{ .Values.sunbird_gcloud_projectId }} + sunbird_gcloud_reports: {{ .Values.sunbird_gcloud_reports }} + */}} + + {{/* uncomment AWS + # sunbird_aws_access_key: {{ .Values.sunbird_aws_access_key }} + # sunbird_aws_bucket_name: {{ .Values.sunbird_aws_bucket_name }} + # sunbird_aws_labels: {{ .Values.sunbird_aws_labels }} + # sunbird_aws_region: {{ .Values.sunbird_aws_region }} + # sunbird_aws_reports: {{ .Values.sunbird_aws_reports }} + # sunbird_aws_secret_key: {{ .Values.sunbird_aws_secret_key }} + */}} + cloud_private_storage_secret: {{ if .Values.cloud_private_storage_secret }} + {{- .Values.cloud_private_storage_secret }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_private_storage_secret\"" .Chart.Name | fail }} + {{- end }} + + cloud_storage_desktopCrash_bucketname: {{ if .Values.cloud_storage_desktopCrash_bucketname }} + {{- .Values.cloud_storage_desktopCrash_bucketname }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_storage_desktopCrash_bucketname\"" .Chart.Name | fail }} + {{- end }} + + cloud_storage_privatereports_bucketname: {{ if .Values.cloud_storage_privatereports_bucketname }} + {{- .Values.cloud_storage_privatereports_bucketname }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_storage_privatereports_bucketname\"" .Chart.Name | fail }} + {{- end }} + + cloud_storage_resourceBundle_bucketname: {{ if .Values.cloud_storage_resourceBundle_bucketname }} + {{- .Values.cloud_storage_resourceBundle_bucketname }} + {{- else -}} + {{- printf "ERROR | %s | Please provide a value for \"cloud_storage_resourceBundle_bucketname\"" .Chart.Name | fail }} + {{- end }} + + config_refresh_interval: {{ .Values.config_refresh_interval | quote }} + config_service_enabled: {{ .Values.config_service_enabled | quote}} + crypto_encryption_key: {{ .Values.crypto_encryption_key }} + crypto_encryption_key_external: {{ .Values.crypto_encryption_key_external | quote }} + desktop_app_storage_url: {{ .Values.desktop_app_storage_url }} + discussions_middleware: {{ .Values.discussions_middleware }} + ekstep_env: {{ .Values.ekstep_env }} + google_captcha_private_key: {{ .Values.google_captcha_private_key | quote }} + ml_survey_url: {{ .Values.ml_survey_url }} + portal_redirect_error_callback_domain: {{ .Values.domain }} + portal_redis_connection_string: {{ .Values.portal_redis_connection_string }} + reportsListVersion: {{ .Values.reportsListVersion }} + sunbird_android_app_url: {{ .Values.sunbird_android_app_url | quote }} + sunbird_android_keycloak_client_id: {{ .Values.sunbird_android_keycloak_client_id }} + sunbird_anonymous_default_token: {{ .Values.sunbird_anonymous_default_token }} + sunbird_anonymous_device_register_api: {{ .Values.sunbird_anonymous_device_register_api }} + sunbird_anonymous_register_token: {{ .Values.sunbird_anonymous_register_token }} + sunbird_anonymous_session_ttl: {{ .Values.sunbird_anonymous_session_ttl | quote }} + sunbird_api_auth_token: {{ .Values.sunbird_api_auth_token }} + sunbird_api_request_timeout: {{ .Values.sunbird_api_request_timeout | quote }} + sunbird_autocreate_trampoline_user: {{ .Values.sunbird_autocreate_trampoline_user | quote }} + sunbird_azure_account_key: {{ .Values.sunbird_azure_account_key }} + sunbird_azure_account_name: {{ .Values.sunbird_azure_account_name }} + sunbird_azure_report_container_name: {{ .Values.sunbird_azure_report_container_name }} + sunbird_azure_storage_account_name: {{ .Values.sunbird_azure_storage_account_name }} + sunbird_base_proto: {{ .Values.sunbird_base_proto }} + sunbird_bot_configured: {{ .Values.sunbird_bot_configured | quote }} + sunbird_bot_service_URL: {{ .Values.sunbird_bot_service_URL }} + sunbird_build_number: {{ .Values.sunbird_build_number | quote }} + sunbird_cassandra_consistency_level: {{ .Values.sunbird_cassandra_consistency_level }} + sunbird_cassandra_replication_strategy: {{ .Values.sunbird_cassandra_replication_strategy | quote }} + sunbird_cassandra_urls: {{ .Values.sunbird_cassandra_urls}} + sunbird_cloud_storage_provider: {{ .Values.cloud_service_provider }} + sunbird_cloud_storage_urls: {{ .Values.sunbird_cloud_storage_urls }} + sunbird_collection_children_limit: {{ .Values.sunbird_collection_children_limit | quote }} + sunbird_collectionEditorURL: {{ .Values.sunbird_collectionEditorURL }} + sunbird_config_service_url: {{ .Values.sunbird_config_service_url | quote }} + sunbird_content_player_url: {{ .Values.sunbird_content_player_url }} + sunbird_content_proxy_url: {{ .Values.sunbird_content_proxy_url }} + sunbird_contentEditorURL: {{ .Values.sunbird_contentEditorURL }} + sunbird_data_product_service: {{ .Values.sunbird_data_product_service }} + sunbird_dataservice_url: {{ .Values.domain }}/api/ + sunbird_default_channel: {{ .Values.sunbird_default_channel }} + sunbird_default_device_token: {{ .Values.sunbird_default_device_token | quote }} + sunbird_default_file_size: {{ .Values.sunbird_default_file_size | quote }} + sunbird_desktop_keycloak_client_id: {{ .Values.sunbird_desktop_keycloak_client_id }} + sunbird_device_api: {{ .Values.sunbird_device_api }} + sunbird_device_register_api: {{ .Values.domain }}/v3/device/register/ + sunbird_echo_api_url: {{ .Values.sunbird_echo_api_url }} + sunbird_enable_api_whitelist: {{ .Values.sunbird_enable_api_whitelist | quote }} + sunbird_enable_permission_check: {{ .Values.sunbird_enable_permission_check | quote }} + sunbird_enable_signup: {{ .Values.sunbird_enable_signup | quote }} + sunbird_enable_sso: {{ .Values.sunbird_enable_sso | quote }} + sunbird_environment: {{ .Values.sunbird_environment }} + sunbird_ext_plugin_url: {{ .Values.sunbird_ext_plugin_url }} + sunbird_external_content_whitelisted_domains: {{ .Values.sunbird_external_content_whitelisted_domains | quote }} + sunbird_genericEditorURL: {{ .Values.sunbird_genericEditorURL }} + sunbird_google_android_keycloak_client_id: {{ .Values.sunbird_google_android_keycloak_client_id }} + sunbird_google_android_keycloak_secret: {{ .Values.sunbird_google_android_keycloak_secret }} + sunbird_google_captcha_site_key: {{ .Values.sunbird_google_captcha_site_key | quote }} + sunbird_google_desktop_keycloak_client_id: {{ .Values.sunbird_google_desktop_keycloak_client_id }} + sunbird_google_desktop_keycloak_secret: {{ .Values.sunbird_google_desktop_keycloak_secret }} + sunbird_google_keycloak_client_id: {{ .Values.sunbird_google_keycloak_client_id }} + sunbird_google_keycloak_secret: {{ .Values.sunbird_google_keycloak_secret }} + sunbird_google_oauth_clientId: {{ .Values.sunbird_google_oauth_clientId }} + sunbird_google_oauth_clientSecret: {{ .Values.sunbird_google_oauth_clientSecret }} + sunbird_google_oauth_ios_clientId: {{ .Values.sunbird_google_oauth_ios_clientId }} + sunbird_google_oauth_ios_clientSecret: {{ .Values.sunbird_google_oauth_ios_clientSecret }} + sunbird_health_check_enable: {{ .Values.sunbird_health_check_enable | quote }} + sunbird_help_link_visibility: {{ .Values.sunbird_help_link_visibility | quote}} + sunbird_instance: {{ .Values.sunbird_instance }} + sunbird_keycloak_public_key: {{ .Values.sunbird_keycloak_public_key }} + sunbird_kong_device_register: {{ .Values.sunbird_kong_device_register | quote }} + sunbird_kong_device_register_anonymous: {{ .Values.sunbird_kong_device_register_anonymous | quote}} + sunbird_kong_refresh_token_api: {{ .Values.sunbird_kong_refresh_token_api }} + sunbird_learner_player_url: {{ .Values.sunbird_learner_player_url }} + sunbird_logged_default_token: {{ .Values.sunbird_logged_default_token }} + sunbird_loggedin_device_register_api: {{ .Values.sunbird_loggedin_device_register_api }} + sunbird_loggedin_register_token: {{ .Values.sunbird_loggedin_register_token }} + sunbird_p1_reCaptcha_enabled: {{ .Values.sunbird_p1_reCaptcha_enabled | quote }} + sunbird_p2_reCaptcha_enabled: {{ .Values.sunbird_p2_reCaptcha_enabled | quote}} + sunbird_p3_reCaptcha_enabled: {{ .Values.sunbird_p3_reCaptcha_enabled | quote }} + sunbird_phraseApp_token: {{ .Values.sunbird_phraseApp_token | quote }} + sunbird_port: {{ .Values.sunbird_port | quote }} + sunbird_portal_auth_server_client: {{ .Values.sunbird_portal_auth_server_client }} + sunbird_portal_auth_server_url: {{ .Values.domain }}/auth + sunbird_portal_base_url: {{ .Values.domain }} + sunbird_portal_cdn_blob_url: {{ .Values.sunbird_portal_cdn_blob_url }} + sunbird_portal_cdn_url: {{ .Values.sunbird_portal_cdn_url | quote }} + sunbird_portal_log_level: {{ .Values.sunbird_portal_log_level }} + sunbird_portal_merge_auth_server_url: {{ .Values.sunbird_portal_merge_auth_server_url }} + sunbird_portal_offline_app_download_url: {{ .Values.sunbird_portal_offline_app_download_url }} + sunbird_portal_offline_app_release_date: {{ .Values.sunbird_portal_offline_app_release_date }} + sunbird_portal_offline_app_version: {{ .Values.sunbird_portal_offline_app_version }} + sunbird_portal_offline_supported_languages: {{ .Values.sunbird_portal_offline_supported_languages }} + sunbird_portal_offline_tenant: {{ .Values.sunbird_portal_offline_tenant }} + sunbird_portal_player_cdn_enabled: {{ .Values.sunbird_portal_player_cdn_enabled | quote }} + sunbird_portal_preview_cdn_url: {{ .Values.sunbird_portal_preview_cdn_url | quote }} + sunbird_portal_realm: {{ .Values.sunbird_portal_realm }} + sunbird_portal_session_secret: {{ .Values.sunbird_portal_session_secret }} + sunbird_portal_slugForProminentFilter: {{ .Values.sunbird_portal_slugForProminentFilter | quote }} + sunbird_portal_title_name: {{ .Values.sunbird_portal_title_name }} + sunbird_portal_uci_blob_url: {{ .Values.sunbird_portal_uci_blob_url }} + sunbird_portal_uci_bot_phone_number: {{ .Values.sunbird_portal_uci_bot_phone_number | quote }} + sunbird_portal_updateLoginTimeEnabled: {{ .Values.sunbird_portal_updateLoginTimeEnabled | quote }} + sunbird_portal_user_upload_ref_link: {{ .Values.domain }}/help/administrator/register-user/index.html + sunbird_portal_video_max_size: {{ .Values.sunbird_portal_video_max_size | quote }} + sunbird_processing_kafka_host: {{ .Values.sunbird_processing_kafka_host }} + sunbird_questionset_children_limit: {{ .Values.sunbird_questionset_children_limit | quote}} + sunbird_redis_password: {{ .Values.sunbird_redis_password }} + sunbird_redis_port: {{ .Values.sunbird_redis_port | quote }} + sunbird_redis_type: {{ .Values.sunbird_redis_type }} + sunbird_redis_urls: {{ .Values.sunbird_redis_urls }} + sunbird_report_service_url: {{ .Values.sunbird_report_service_url }} + sunbird_response_cache_ttl: {{ .Values.sunbird_response_cache_ttl | quote }} + sunbird_session_store_type: {{ .Values.sunbird_session_store_type }} + sunbird_session_ttl: {{ .Values.sunbird_session_ttl | quote }} + sunbird_sso_kafka_topic: {{ .Values.sunbird_sso_kafka_topic }} + sunbird_super_admin_slug: {{ .Values.sunbird_super_admin_slug }} + sunbird_telemetry_packet_size: {{ .Values.sunbird_telemetry_packet_size | quote }} + sunbird_telemetry_service_local_url: {{ .Values.sunbird_telemetry_service_local_url }} + sunbird_tenant_cdn_url: {{ .Values.sunbird_tenant_cdn_url | quote }} + sunbird_trampoline_android_keycloak_client_id: {{ .Values.sunbird_trampoline_android_keycloak_client_id }} + sunbird_trampoline_android_keycloak_secret: {{ .Values.sunbird_trampoline_android_keycloak_secret }} + sunbird_trampoline_client_id: {{ .Values.sunbird_trampoline_client_id }} + sunbird_trampoline_desktop_keycloak_client_id: {{ .Values.sunbird_trampoline_desktop_keycloak_client_id }} + sunbird_trampoline_desktop_keycloak_secret: {{ .Values.sunbird_trampoline_desktop_keycloak_secret }} + sunbird_trampoline_secret: {{ .Values.sunbird_trampoline_secret }} + vdnURL: {{ .Values.vdnURL | quote }} + + diff --git a/helmchart/portal/templates/deployment.yaml b/helmchart/portal/templates/deployment.yaml new file mode 100644 index 0000000000..cdd1e0c5c6 --- /dev/null +++ b/helmchart/portal/templates/deployment.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Release.Namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxSurge }} + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + type: RollingUpdate + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.javaOptions }} + - name: _JAVA_OPTIONS + value: -Dlog4j2.formatMsgNoLookups=true + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.port }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + volumeMounts: + - mountPath: /home/sunbird/app_dist/keys + name: {{ .Values.external_configmaps.access_public_keys.name }} + volumes: + - name: {{ .Values.external_configmaps.access_public_keys.name }} + secret: + secretName: {{ .Values.external_configmaps.access_public_keys.name }} + diff --git a/helmchart/portal/templates/service.yaml b/helmchart/portal/templates/service.yaml new file mode 100644 index 0000000000..a69138737e --- /dev/null +++ b/helmchart/portal/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: player + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.targetPort }} + selector: + app: {{ .Chart.Name }} diff --git a/helmchart/portal/values.yaml b/helmchart/portal/values.yaml new file mode 100644 index 0000000000..193eb4ac09 --- /dev/null +++ b/helmchart/portal/values.yaml @@ -0,0 +1,209 @@ +## This section has mandatory variables +## You must provide a value for these +## If you don't provide a value for these variables, the chart installation will not proceed +domain: "" +AZURE_STORAGE_ACCOUNT: "" +AZURE_STORAGE_KEY: "" +sunbird_azure_account_key: "" +sunbird_azure_account_name: "" +sunbird_azure_storage_account_name: "" +cloud_private_storage_accountname: "" +cloud_private_storage_secret: "" +cloud_service_provider: "" + + +## This section has optional variables +## It is strongly recommended to provide a value for these +## If you don't provide a value for these variables, they will default to empty values +## If these variables are empty, some features on the application might not work as expected + +google_captcha_private_key: "" +sunbird_google_captcha_site_key: "" + +## This section has variables with default values +## These are standard defaults that work well +## You can override these if you have a use case for it + +sunbird_android_keycloak_client_id: "" +cloud_storage_desktopCrash_bucketname: desktopappcrashlogs +cloud_storage_privatereports_bucketname: reports +cloud_storage_resourceBundle_bucketname: label +sunbird_azure_report_container_name: reports +sunbird_anonymous_default_token: KONG_TOKEN +sunbird_anonymous_register_token: KONG_TOKEN +sunbird_api_auth_token: KONG_TOKEN +sunbird_logged_default_token: KONG_TOKEN +sunbird_loggedin_register_token: KONG_TOKEN +sunbird_anonymous_device_register_api: http://kong:8000/api-manager/v2/consumer/portal_anonymous/credential/register +sunbird_anonymous_session_ttl: "1800000" +config_refresh_interval: "10" +config_service_enabled: "False" +crypto_encryption_key: 030702bc8696b8ee2aa71b9f13e4251e +crypto_encryption_key_external: "" +desktop_app_storage_url: https://dev.blob.core.windows.net/staging-offlineinstaller +discussions_middleware: http://discussionsmw-service:3002 +ekstep_env: qa +ml_survey_url: https://survey.preprod.ntp.net.in/staging +portal_redirect_error_callback_domain: https://testing.sunbirded.org +portal_redis_connection_string: redis://:@redis-master.lern.svc.cluster.local:6379/3 +reportsListVersion: v2 +sunbird_android_app_url: "" +sunbird_api_request_timeout: "60000" +sunbird_autocreate_trampoline_user: "false" +sunbird_base_proto: https +sunbird_bot_configured: "true" +sunbird_bot_service_URL: /chatapi/bot +sunbird_build_number: "" +sunbird_cassandra_consistency_level: quorum +sunbird_cassandra_replication_strategy: '{"class":"NetworkTopologyStrategy","datacenter1":2}' +sunbird_cassandra_urls: cassandra.lern.svc.cluster.local:9042 +sunbird_cloud_storage_urls: https://dev.blob.core.windows.net/dev-content +sunbird_collection_children_limit: "1200" +sunbird_collectionEditorURL: collection-editor/index.html +sunbird_config_service_url: "" +sunbird_content_player_url: http://kong:8000/ +sunbird_content_proxy_url: http://knowledge-mw-service:5000 +sunbird_contentEditorURL: content-editor/index.html +sunbird_data_product_service: http://kong:8000/ +sunbird_dataservice_url: https://testing.sunbirded.org/api/ +sunbird_default_channel: ntp +sunbird_default_device_token: "" +sunbird_default_file_size: "150" +sunbird_desktop_keycloak_client_id: desktop +sunbird_device_api: http://kong:8000/ +sunbird_device_register_api: https://testing.sunbired.org/v3/device/register/ +sunbird_echo_api_url: http://kong:8000/echo/ +sunbird_enable_api_whitelist: "true" +sunbird_enable_permission_check: "1" +sunbird_enable_signup: "True" +sunbird_enable_sso: "true" +sunbird_environment: staging +sunbird_ext_plugin_url: http://player:3000/plugin/ +sunbird_external_content_whitelisted_domains: "" +sunbird_genericEditorURL: generic-editor/index.html +sunbird_google_oauth_clientId: google_oauth_clientId +sunbird_google_oauth_clientSecret: google_oauth_clientSecret +sunbird_google_oauth_ios_clientId: google_oauth_ios_clientId +sunbird_google_oauth_ios_clientSecret: google_oauth_ios_clientSecret +sunbird_health_check_enable: "false" +sunbird_help_link_visibility: "True" +sunbird_instance: sunbird +sunbird_kong_device_register: "true" +sunbird_kong_device_register_anonymous: "true" +sunbird_kong_refresh_token_api: http://kong:8000/auth/v1/refresh/token +sunbird_learner_player_url: http://kong:8000/ +sunbird_loggedin_device_register_api: http://kong:8000/api-manager/v2/consumer/portal_loggedin/credential/register +sunbird_p1_reCaptcha_enabled: "true" +sunbird_p2_reCaptcha_enabled: "true" +sunbird_p3_reCaptcha_enabled: "true" +sunbird_phraseApp_token: "" +sunbird_port: "3000" +sunbird_portal_auth_server_client: portal +sunbird_portal_auth_server_url: https://testing.sunbirded.org/auth +sunbird_portal_base_url: https://testing.sunbirded.org +sunbird_portal_cdn_blob_url: https://dev.blob.core.windows.net/uci/ +sunbird_portal_cdn_url: "" +sunbird_portal_log_level: debug +sunbird_portal_merge_auth_server_url: https://merge.testing.sunbirded.org/auth +sunbird_portal_offline_app_download_url: https://play.google.com/store/apps/details?id=in.gov.diksha.app +sunbird_portal_offline_app_release_date: 17/3/2020 +sunbird_portal_offline_app_version: 1.2.0 +sunbird_portal_offline_supported_languages: English, Assamese, Bengali, Gujarati, + Hindi, Kannada, Malayalam, Marathi, Oriya, Punjabi, Tamil, Telugu, Urdu +sunbird_portal_offline_tenant: tn +sunbird_portal_player_cdn_enabled: "true" +sunbird_portal_preview_cdn_url: "" +sunbird_portal_realm: sunbird +sunbird_portal_session_secret: portal_session_secret +sunbird_portal_slugForProminentFilter: "" +sunbird_portal_title_name: Sunbird +sunbird_portal_uci_blob_url: https://gpublic.blob.core.windows.net/uci +sunbird_portal_uci_bot_phone_number: "000000" +sunbird_portal_updateLoginTimeEnabled: "false" +sunbird_portal_user_upload_ref_link: https://testing.sunbirded.org/help/administrator/register-user/index.html +sunbird_portal_video_max_size: "150" +sunbird_processing_kafka_host: kafka.lern.svc.cluster.local:9092 +sunbird_questionset_children_limit: "500" +sunbird_redis_password: none +sunbird_redis_port: "6379" +sunbird_redis_type: standalone +sunbird_redis_urls: redis +sunbird_report_service_url: http://kong:8000/data/v1/report-service +sunbird_response_cache_ttl: "180" +sunbird_session_store_type: redis +sunbird_session_ttl: "86400000" +sunbird_sso_kafka_topic: sunbirdstaging.lms.sso.events +sunbird_super_admin_slug: tn +sunbird_telemetry_packet_size: "200" +sunbird_telemetry_service_local_url: http://kong:8000/data/ +sunbird_tenant_cdn_url: "" +vdnURL: "" +sunbird_google_android_keycloak_client_id: google-auth-android +sunbird_google_android_keycloak_secret: google_android_keycloak_secret +sunbird_google_desktop_keycloak_client_id: google-auth-desktop +sunbird_google_desktop_keycloak_secret: google_desktop_keycloak_secret +sunbird_google_keycloak_client_id: google-auth +sunbird_google_keycloak_secret: sunbird_google_keycloak_secret +sunbird_trampoline_android_keycloak_client_id: trampoline-android +sunbird_trampoline_android_keycloak_secret: rampoline_android_keycloak_secret +sunbird_trampoline_client_id: trampoline +sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop +sunbird_trampoline_desktop_keycloak_secret: trampoline_desktop_keycloak_secret +sunbird_trampoline_secret: trampoline_secret +sunbird_keycloak_public_key: keycloak_public_key +sunbird_android_keycloak_client_id: android + +## Helper variables which are used to construct other variables +external_configmaps: + access_public_keys: + name: user-access-keys-public + +## Set this value to true when developing the chart +local_chart_development: true + + +## This section has other kubernetes variables +## These are standard defaults that work well +## You can override these if you have a use case for it +image: + registry: sunbirded.azurecr.io + repository: player + tag: release-5.2.0_RC13_1 + +replicaCount: 1 +strategy: + maxSurge: 25% + maxUnavailable: 25% + +imagePullSecrets: "" + +resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1 + memory: 1G + +port: 3000 + +targetPort: 3000 + +livenessProbe: + failureThreshold: 2 + httpGet: + path: /service/health + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + +readinessProbe: + failureThreshold: 2 + httpGet: + path: /service/health + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + diff --git a/helmchart/sunbird-ed-portal-0.1.0.tgz b/helmchart/sunbird-ed-portal-0.1.0.tgz new file mode 100644 index 0000000000..7c76c64f50 Binary files /dev/null and b/helmchart/sunbird-ed-portal-0.1.0.tgz differ diff --git a/oneclickinstaller/charts.csv b/oneclickinstaller/charts.csv index 6e048f9ba5..90a998d67f 100644 --- a/oneclickinstaller/charts.csv +++ b/oneclickinstaller/charts.csv @@ -1,5 +1,5 @@ cassandra,https://raw.githubusercontent.com/saiakhil46/sunbird-helmchart-common/main/cassandra-10.1.0.tgz -elasticsearch,https://raw.githubusercontent.com/saiakhil46/sunbird-helmchart-common/main/elasticsearch-19.5.14.tgz +elasticsearch,https://github.com/santhosh-tg/sunbird-helmchart-common/blob/helmchart/elasticsearch-19.5.14.tgz?raw=true kafka,https://raw.githubusercontent.com/saiakhil46/sunbird-helmchart-common/main/kafka-21.3.1.tgz postgresql,https://raw.githubusercontent.com/saiakhil46/sunbird-helmchart-common/main/postgresql-12.2.2.tgz redis,https://raw.githubusercontent.com/saiakhil46/sunbird-helmchart-common/main/redis-17.8.3.tgz @@ -26,4 +26,4 @@ merge-user-courses,https://raw.githubusercontent.com/saiakhil46/data-pipeline/he notification-job,https://raw.githubusercontent.com/saiakhil46/data-pipeline/helmchart/helm/lern-flink-jobs-0.1.0.tgz relation-cache-updater,https://raw.githubusercontent.com/saiakhil46/data-pipeline/helmchart/helm/lern-flink-jobs-0.1.0.tgz user-cache-updater-v2,https://raw.githubusercontent.com/saiakhil46/data-pipeline/helmchart/helm/lern-flink-jobs-0.1.0.tgz -elasticsearch-init,https://raw.githubusercontent.com/saiakhil46/sunbird-helmchart-common/main/elasticsearch-init-0.1.0.tgz +elasticsearch-init,https://github.com/santhosh-tg/sunbird-helmchart-common/blob/helmchart/elasticsearch-init-0.1.0.tgz?raw=true diff --git a/oneclickinstaller/ed-charts.csv b/oneclickinstaller/ed-charts.csv index 33feaac4b7..8f1f1f7f81 100644 --- a/oneclickinstaller/ed-charts.csv +++ b/oneclickinstaller/ed-charts.csv @@ -1,3 +1,8 @@ -apimanager,https://github.com/tsprasath/ed-chart/blob/main/apimanager/apimanager-0.1.0.tgz?raw=true -apimanagerecho,https://github.com/tsprasath/ed-chart/blob/main/apimanagerecho/apimanagerecho-0.1.0.tgz?raw=true -nginx-private-ingress,https://github.com/tsprasath/ed-chart/blob/main/nginx-private-ingress/nginx-private-ingress-0.1.0.tgz?raw=true +apimanager,https://github.com/project-sunbird/sunbird-devops/blob/oneclickinstaller/helmchart/apimanager/apimanager-0.1.0.tgz?raw=true +apimanagerecho,https://github.com/project-sunbird/sunbird-devops/blob/oneclickinstaller/helmchart/apimanagerecho/apimanagerecho-0.1.0.tgz?raw=true +keycloak,https://github.com/project-sunbird/sunbird-devops/blob/oneclickinstaller/helmchart/keycloak/keycloak-0.1.0.tgz?raw=true +nginx-private-ingress,https://github.com/project-sunbird/sunbird-devops/blob/oneclickinstaller/helmchart/nginx-private-ingress/nginx-private-ingress-0.1.0.tgz?raw=true +player,https://github.com/santhosh-tg/sunbird-devops/blob/oneclickinstaller/helmchart/player-0.1.0.tgz?raw=true +onboardapi,https://github.com/project-sunbird/sunbird-devops/blob/oneclickinstaller/helmchart/onboardapi/onboardapi-0.1.0.tgz?raw=true +onboardconsumer,https://github.com/project-sunbird/sunbird-devops/blob/oneclickinstaller/helmchart/onboardconsumer/onboardconsumer-0.1.0.tgz?raw=true +nginx-public-ingress,https://github.com/santhosh-tg/sunbird-devops/blob/oneclickinstaller/helmchart/nginx-public-ingress-0.1.0.tgz?raw=true diff --git a/oneclickinstaller/install-ed.sh b/oneclickinstaller/install-ed.sh index 65ba7d2c9d..05b7141584 100755 --- a/oneclickinstaller/install-ed.sh +++ b/oneclickinstaller/install-ed.sh @@ -1,7 +1,7 @@ #!/bin/bash # set -x # Set the namespace for the Helm charts -namespace="dry-run" +namespace="dev" kubeconfig_file=$1 # Check if kubectl is installed diff --git a/oneclickinstaller/install-inquiry.sh b/oneclickinstaller/install-inquiry.sh index 6de7a0e189..1053514306 100755 --- a/oneclickinstaller/install-inquiry.sh +++ b/oneclickinstaller/install-inquiry.sh @@ -1,7 +1,7 @@ #!/bin/bash # set -x # Set the namespace for the Helm charts -namespace="dry-run" +namespace="dev" kubeconfig_file=$1 # Check if kubectl is installed diff --git a/oneclickinstaller/install-knowlg.sh b/oneclickinstaller/install-knowlg.sh index 5cdf407d9f..41f3295288 100755 --- a/oneclickinstaller/install-knowlg.sh +++ b/oneclickinstaller/install-knowlg.sh @@ -1,7 +1,7 @@ #!/bin/bash # set -x # Set the namespace for the Helm charts -namespace="dry-run" +namespace="dev" kubeconfig_file=$1 # Check if kubectl is installed diff --git a/oneclickinstaller/install-lern.sh b/oneclickinstaller/install-lern.sh index a980ec102b..8dbc9a4e52 100755 --- a/oneclickinstaller/install-lern.sh +++ b/oneclickinstaller/install-lern.sh @@ -1,7 +1,7 @@ #!/bin/bash #set -x # Set the namespace for the Helm charts -namespace="dry-run" +namespace="dev" kubeconfig_file=$1 # Check if kubectl is installed diff --git a/oneclickinstaller/install-obsrv.sh b/oneclickinstaller/install-obsrv.sh index 205fbfcf19..1af8e9325b 100755 --- a/oneclickinstaller/install-obsrv.sh +++ b/oneclickinstaller/install-obsrv.sh @@ -1,7 +1,7 @@ #!/bin/bash # set -x # Set the namespace for the Helm charts -namespace="dry-run" +namespace="dev" kubeconfig_file=$1 # Check if kubectl is installed diff --git a/oneclickinstaller/knowlg-charts.csv b/oneclickinstaller/knowlg-charts.csv index d4b7d23ad6..0c90205314 100644 --- a/oneclickinstaller/knowlg-charts.csv +++ b/oneclickinstaller/knowlg-charts.csv @@ -3,3 +3,12 @@ taxonomy,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/ learning,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/learning-0.1.0.tgz?raw=true search,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/search-0.1.0.tgz?raw=true dial,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/dial-0.1.0.tgz?raw=true +search-indexer,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +audit-event-generator,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +asset-enrichment,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +post-publish-processor,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +dialcode-context-updater,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +qrcode-image-generator,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +video-stream-generator,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +audit-history-indexer,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true +content-publish,https://github.com/santhosh-tg/knowledge-platform/blob/knowlg-oneclick/knowlg-automation/helm_charts/flink-0.1.0.tgz?raw=true diff --git a/oneclickinstaller/knowlg-sample-values.yml b/oneclickinstaller/knowlg-sample-values.yml index 5f7283889f..956725b858 100644 --- a/oneclickinstaller/knowlg-sample-values.yml +++ b/oneclickinstaller/knowlg-sample-values.yml @@ -1,7 +1,8 @@ -cassandra_connection: cassandra.dry-run.svc.cluster.local:9042 -redis_connection: redis-master.dry-run.svc.cluster.local +cassandra_connection: cassandra.dev.svc.cluster.local:9042 +redis_connection: redis-master.dev.svc.cluster.local neo4j_domain_connection: neo4j.inquiry.svc.cluster.local:7687 neo4j_all_connection: neo4j.inquiry.svc.cluster.local:8687 -kafka_connection: kafka.dry-run.svc.cluster.local:9092 -es_connection: elasticsearch.dry-run.svc.cluster.local -api_namespace: dry-run +kafka_connection: kafka.dev.svc.cluster.local:9092 +es_connection: elasticsearch.dev.svc.cluster.local:9200 +api_namespace: dev +namespace: dev diff --git a/oneclickinstaller/obsrv-charts.csv b/oneclickinstaller/obsrv-charts.csv index d772aaf353..31b2ccaac5 100644 --- a/oneclickinstaller/obsrv-charts.csv +++ b/oneclickinstaller/obsrv-charts.csv @@ -2,3 +2,4 @@ druid-operator,https://github.com/santhosh-tg/obsrv-automation/blob/helmchart/dr druid-cluster,https://github.com/santhosh-tg/obsrv-automation/blob/helmchart/druid-cluster-0.1.0.tgz?raw=true druid-validator,https://github.com/santhosh-tg/obsrv-automation/blob/helmchart/flink-0.1.0.tgz?raw=true superset,https://github.com/santhosh-tg/obsrv-automation/blob/helmchart/superset-0.3.5.tgz?raw=true +analytics,https://github.com/santhosh-tg/obsrv-automation/blob/helmchart/analytics-0.1.0.tgz?raw=true diff --git a/oneclickinstaller/obsrv-sample-values.yml b/oneclickinstaller/obsrv-sample-values.yml index e6a2c1e965..f920e101e5 100644 --- a/oneclickinstaller/obsrv-sample-values.yml +++ b/oneclickinstaller/obsrv-sample-values.yml @@ -1,7 +1,7 @@ -namespace: dry-run +namespace: dev druid_env: dev -druid_namespace: dry-run -druid_metadata_storage_connector_connectURI: "jdbc:postgresql://postgresql.dry-run.svc.cluster.local:5432/druid" +druid_namespace: dev +druid_metadata_storage_connector_connectURI: "jdbc:postgresql://postgresql.dev.svc.cluster.local:5432/druid" druid_metadata_storage_connector_user: postgres druid_metadata_storage_connector_password: postgres storageClass: local-path