srx/fab-city-os-core-chart
1
0
Fork 0
mirror of https://gitlab.fabcity.hamburg/software/fab-city-os-core-chart.git synced 2024-09-19 20:08:53 +02:00
Code Packages Projects Releases Activity

addopted helm config to the new zenflow container

Browse source
This commit is contained in:
Sebastian Wendel 2022-10-25 13:38:56 +02:00
parent 629e99f69b
commit 3b7931a57a
No known key found for this signature in database
GPG key ID: 1422B7DF78144640
18 changed files with 414 additions and 528 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.editorconfig
View file

@ -15,3 +15,7 @@ indent_style = space
[*.md]
indent_size = 2
indent_style = space
[{Makefile, *.make}]
indent_size = 4
indent_style = tab

11
Chart.lock
View file

@ -1,12 +1,9 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.16.0
version: 1.17.1
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.7
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.1.35
digest: sha256:70e320755869e63e382e3f1398f99aadba81d9bd538fe04092f24fb64eea984e
generated: "2022-06-22T00:09:39.352294916+02:00"
version: 11.9.11
digest: sha256:0042e55164e56c2a5c4c62caa278095edaf48ab9e0a0428e07d652d628764470
generated: "2022-10-24T12:23:47.26450072+02:00"

14
Chart.yaml
View file

@ -3,21 +3,22 @@ name: fcoscore
description: Fab City OS Core Chart using Kubernetes Helm
version: 0.0.1
type: application
appVersion: 0.1.0-beta.280
appVersion: latest
home: https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart
icon: https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png
sources:
- https://github.com/dyne/reflow-os
- https://github.com/dyne/zenflows
- https://github.com/dyne/zenflows-crypto
- https://www.interfacerproject.eu/
keywords:
- bonfire
- fabcity
- fcos
- zenflow
- zvmlet
- fediverse
- graphql
- reflowos
- valueflows
- zenroom
maintainers:
- name: Sebastian Wendel
email: s.wendel@fabcity.hamburg
@ -34,8 +35,3 @@ dependencies:
name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.x.x
- name: meilisearch
version: 0.1.35
repository: https://meilisearch.github.io/meilisearch-kubernetes
tags:
- meilisearch

109
Makefile Normal file
View file

@ -0,0 +1,109 @@
##@ General
# The help target prints out all targets with their descriptions organized
# beneath their categories. The categories are represented by '##@' and the
# target descriptions by '##'. The awk commands is responsible for reading the
# entire set of makefiles included in this invocation, looking for lines of the
# file as xyz: ## something, and then pretty-format the target and help. Then,
# if there's a line with ##@ something, that gets pretty-printed as a category.
# More info on the usage of ANSI control characters for terminal formatting:
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Setup
up: k3d-create update build ## Create a local k3d development cluster.
down: k3d-delete ## Delete the local k3d development cluster.
k3d-create: ## Create a local K3D development cluster.
@k3d cluster create fcos-dev --config k3d-dev.yaml
k3d-delete: ## Delete the local K3D development cluster
@k3d cluster delete fcos-dev
info: ## Show k3d cluster info
@k3d cluster list
@kubectl cluster-info
##@ Helm
update: ## Update helm dependencies
@helm dependency update
build: ## Build helm dependencies
@helm dependency build
dry-run: ## Run helm dry run
@helm install --dry-run fcoscore .
install: ## Run helm install
@helm install fcoscore .
uninstall: ## Run helm uninstall
@helm uninstall fcoscore || true
reinstall: uninstall install ## Run helm reinstall
clean: down up ## Clean the local Kubernetes development cluster.
##@ Lint
lint: helm ## Lint all input files.
lint-yaml: ## Lint YAML files.
@yamllint -f auto .
lint-markdown: ## Lint Markdown files.
@mdl .
lint-chart: ## Lint Charts files.
@ct lint
lint-helm: ## Lint Helm files.
@helm lint .
##@ Show
get: ## Get specific Kubernetes resources from all namespaces.
@kubectl get --all-namespaces $(filter-out $@, $(MAKECMDGOALS))
get-pods: ## Get Kubernetes pods from all namespaces.
@kubectl get --all-namespaces pods
get-events: ## Get Kubernetes events from all namespaces.
@kubectl get --all-namespaces events
get-all: ## Get the state of all Kubernetes resources.
@kubectl get all --all-namespaces
get-ns: ## Get all Kubernetes namespaces.
@kubectl get namespaces
get-api: ## Get all Kubernetes api resources.
@kubectl api-resources
get-crd: ## Get all Kubernetes api resources.
@kubectl get crd
get-node: ## Get all Kubernetes nodes.
@kubectl get nodes -o wide
watch-all: ## Watch the state of all Kubernetes resources.
@watch -n 1 kubectl get all --all-namespaces
##@ Log
events: ## Show all Kubernetes cluster events.
@kubectl get events --watch --all-namespaces
##@ Tools
nav: ## Start K9s to view and manage your Kubernetes clusters.
@k9s --all-namespaces --headless
%:
@true

72
flake.lock
View file

@ -1,26 +1,5 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1648942457,
"narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -53,64 +32,13 @@
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
"flake-utils": [
"utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1651391319,
"narHash": "sha256-KmNO8/Ll8M4kKyvLxeELmr02TYX8ADLDKVQO4t9OaDk=",
"owner": "yaxitech",
"repo": "ragenix",
"rev": "36964905ee503b51de804d9cf29319a5004779cd",
"type": "github"
},
"original": {
"owner": "yaxitech",
"repo": "ragenix",
"type": "github"
}
},
"root": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"ragenix": "ragenix",
"utils": "utils"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1651286718,
"narHash": "sha256-sPGOKDL6TNRfLnwarbdlmeD0FW4BmPfOoB/AMax91pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8a687a6e5dc1f5c39715b01521a7aa0122529a05",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1652776076,

13
flake.nix
View file

@ -2,22 +2,13 @@
description = "fc k8s runtime flake";
inputs = {
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable-small";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small";
utils.url = "github:numtide/flake-utils";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
utils.url = "github:numtide/flake-utils";
ragenix = {
url = "github:yaxitech/ragenix";
inputs.flake-utils.follows = "utils";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, utils, ... }@inputs:

2
k3d-dev.yaml
View file

@ -3,7 +3,7 @@ apiVersion: k3d.io/v1alpha4
kind: Simple
servers: 1
agents: 1
image: docker.io/rancher/k3s:v1.23.4-k3s1
image: docker.io/rancher/k3s:v1.24.4-k3s1
options:
kubeconfig:
updateDefaultKubeconfig: true

91
shell.nix
View file

@ -1,62 +1,31 @@
{ pkgs ? import <nixpkgs> { } }:
{pkgs ? import <nixpkgs> {}}:
with pkgs;
mkShell {
name = "fcoscore-chart";
nativeBuildInputs = with pkgs; [
chart-testing
editorconfig-checker
git
gnumake
k9s
kube3d
kubectl
kubectx
kubernetes-helm
mdl
nixpkgs-fmt
pre-commit
rnix-lsp
vscodium-fhs
yaml-language-server
yamllint
];
with pkgs; mkShell {
name = "fcoscore-chart";
nativeBuildInputs = with pkgs; [
chart-testing
delve
dgoss
dotenv-linter
editorconfig-checker
git
git-lfs
gitlint
gnumake
go
go-outline
go-tools
gocode
gocode-gomod
godef
golangci-lint
gopkgs
gopls
goss
grype
hadolint
k9s
kube3d
kubebuilder
kubeconform
kubectl
kubectx
kubernetes-helm
kubeval
kubeval-schema
kustomize
mdl
mdsh
nix-build-uncached
nix-linter
nixpkgs-fmt
pre-commit
rnix-lsp
shfmt
skaffold
trivy
vscodium-fhs
yamale
yaml-language-server
yamllint
];
postInstall = ''
. <(helm completion $(basename $SHELL))
. <(k3d completion $(basename $SHELL))
. <(k9s completion $(basename $SHELL))
. <(kubectl completion $(basename $SHELL))
. <(kustomize completion $(basename $SHELL))
. <(golangci-lint completion $(basename $SHELL))
'';
}
postInstall = ''
. <(helm completion $(basename $SHELL))
. <(k3d completion $(basename $SHELL))
. <(k9s completion $(basename $SHELL))
. <(kubectl completion $(basename $SHELL))
. <(ct completion $(basename $SHELL))
'';
}

27
templates/NOTES.txt
View file

@ -1,15 +1,12 @@
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
________ ________ ________ ________ ___ _________ ___ ___ ________ ________
|\ _____\\ __ \|\ __ \ |\ ____\|\ \|\___ ___\ |\ \ / /| |\ __ \|\ ____\
\ \ \__/\ \ \|\ \ \ \|\ /_ \ \ \___|\ \ \|___ \ \_| \ \ \/ / / \ \ \|\ \ \ \___|_
\ \ __\\ \ __ \ \ __ \ \ \ \ \ \ \ \ \ \ \ \ / / \ \ \\\ \ \_____ \
\ \ \_| \ \ \ \ \ \ \|\ \ \ \ \____\ \ \ \ \ \ \/ / / \ \ \\\ \|____|\ \
\ \__\ \ \__\ \__\ \_______\ \ \_______\ \__\ \ \__\__/ / / \ \_______\____\_\ \
\|__| \|__|\|__|\|_______| \|_______|\|__| \|__|\___/ / \|_______|\_________\
\|___|/ \|_________|
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
____ __ ____ ____ _____
/ _/___ / /____ _____/ __/___ _________ _____/ __ \/ ___/
/ // __ \/ __/ _ \/ ___/ /_/ __ `/ ___/ _ \/ ___/ / / /\__ \
_/ // / / / /_/ __/ / / __/ /_/ / /__/ __/ / / /_/ /___/ /
/___/_/ /_/\__/\___/_/ /_/ \__,_/\___/\___/_/ \____//____/
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Get the application URL by running these commands:
@ -19,29 +16,29 @@ Get the application URL by running these commands:
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
{{- else if contains "NodePort" .Values.zenflow.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fcoscore.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
{{- else if contains "LoadBalancer" .Values.zenflow.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fcoscore.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fcoscore.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
echo http://$SERVICE_IP:{{ .Values.zenflow.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
{{- else if contains "ClusterIP" .Values.zenflow.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fcoscore.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application"
echo "Visit http://127.0.0.1:{{ .Values.zenflow.service.port }} to use your application"
{{- end }}

38
templates/_helpers.tpl
View file

@ -23,6 +23,15 @@ If release name contains chart name it will be used as a full name.
{{- end }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "fcoscore.zvmlet.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" . ) ( .Values.zvmlet.name) }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
@ -97,9 +106,9 @@ Return true if a secret object for FabCityOS should be created
{{- end -}}
{{/*
Return the FabCityOS secret name
Return the zenflow secret name
*/}}
{{- define "fcoscore.secretName" -}}
{{- define "zenflow.secretName" -}}
{{- default (include "common.names.fullname" .) -}}
{{- end -}}
@ -216,6 +225,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}}
{{- end -}}
{{- define "fcoscore.zvmlet.host" -}}
{{- printf "%s" (include "fcoscore.zvmlet.fullname" . ) -}}
{{- end -}}
{{- define "fcoscore.zvmlet.port" -}}
{{- .Values.zvmlet.service.port | quote -}}
{{- end -}}
{{- define "fcoscore.meilisearch.host" -}}
{{- include "common.names.dependency.fullname" (dict "chartName" "meilisearch" "chartValues" .Values.meilisearch "context" $) -}}
{{- end }}
@ -243,3 +260,20 @@ Return true if FabCityOS SMTP uses password authentication
{{- true -}}
{{- end -}}
{{- end -}}
{{- /*
Returns given number of random Hex characters.
- randNumeric 4 | atoi generates a random number in [0, 10^4)
This is a range range evenly divisble by 16, but even if off by one,
that last partial interval offsetting randomness is only 1 part in 625.
- mod N 16 maps to the range 0-15
- printf "%x" represents a single number 0-15 as a single hex character
*/}}
{{- define "randHex" -}}
{{- $result := "" }}
{{- range $i := until . }}
{{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
{{- $result = print $result $rand_hex_char }}
{{- end }}
{{- $result }}
{{- end }}

65
templates/configmaps.yaml
View file

@ -1,65 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
APP_NAME: {{ include "fcoscore.fullname" . | quote }}
MIX_ENV: {{ .Values.fcoscore.mix_env | quote }}
ORG_NAME: {{ .Values.fcoscore.org_name | quote }}
FLAVOUR: {{ .Values.fcoscore.flavour | quote }}
HOSTNAME: {{ include "fcoscore.host" . | quote }}
INSTANCE_DESCRIPTION: {{ .Values.siteName | quote }}
INVITE_ONLY: {{ .Values.fcoscore.invite_only | quote }}
INVITE_KEY: {{ .Values.fcoscore.invite_key | quote }}
REPLACE_OS_VARS: {{ .Values.fcoscore.replace_os_vars | quote }}
LANG: {{ .Values.fcoscore.lang | quote }}
ERLANG_COOKIE: {{ .Values.fcoscore.erlang_cookie | quote }}
PUBLIC_PORT: {{ .Values.service.port | quote }}
SERVER_PORT: {{ .Values.service.port | quote }}
LIVEVIEW_ENABLED: {{ .Values.fcoscore.liveview_enabled | quote }}
UPLOAD_LIMIT: {{ .Values.fcoscore.upload_limit | quote }}
ACME_AGREE: {{ .Values.fcoscore.acme_agree | quote }}
SEEDS_USER: {{ .Values.fcoscore.seeds_user | quote }}
GEOLOCATE_OPENCAGEDATA: {{ .Values.fcoscore.geolocate_opencagedata | quote }}
WEB_PUSH_PUBLIC_KEY: {{ .Values.fcoscore.web_push_public_key | quote }}
WEB_PUSH_SUBJECT: {{ .Values.fcoscore.web_push.subject | quote }}
SEARCH_MEILI_INSTANCE: {{ include "fcoscore.meilisearch.url" . | quote }}
{{- if .Values.smtp.enabled }}
MAIL_BACKEND: {{ .Values.smtp.backend | quote }}
MAIL_DOMAIN: {{ .Values.smtp.host | quote }}
MAIL_SERVER: {{ .Values.smtp.host | quote }}
MAIL_PORT: {{ .Values.smtp.port | quote }}
MAIL_FROM: {{ .Values.smtp.from | quote }}
MAIL_USER: {{ .Values.smtp.user | quote }}
{{- end }}
DISABLE_DB_AUTOMIGRATION: {{ .Values.fcoscore.disable_db_automigration | quote }}
{{- if .Values.postgresql.enabled }}
POSTGRES_DB: {{ include "fcoscore.database.name" . }}
POSTGRES_HOST: {{ include "fcoscore.database.host" . }}
POSTGRES_PORT: {{ include "fcoscore.database.port" . }}
POSTGRES_USER: {{ include "fcoscore.database.user" . }}
POSTGRES_TIMEOUT: {{ .Values.fcoscore.timeout | quote }}
{{- end }}
{{- if or .Values.postgresql.enabled .Values.externalDatabase.create }}
POSTGRESQL_CLIENT_DATABASE_HOST: {{ include "fcoscore.database.host" . }}
POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER: {{ include "fcoscore.database.port" . }}
POSTGRESQL_CLIENT_DATABASE_NAME: {{ include "fcoscore.database.name" . }}
{{- if or .Values.postgresql.enabled (not .Values.externalDatabase.postgresUser) }}
POSTGRESQL_CLIENT_POSTGRES_USER: "postgres"
{{- else }}
POSTGRESQL_CLIENT_POSTGRES_USER: {{ .Values.externalDatabase.postgresUser | quote }}
POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME: {{ .Values.externalDatabase.user | quote }}
{{- end }}
POSTGRESQL_CLIENT_CREATE_DATABASE_NAME: {{ include "fcoscore.database.name" . }}
POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS: {{ .Values.postgresql.extensions | quote }}
{{- end }}

182
templates/deployment.yaml
View file

@ -2,7 +2,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "fcoscore.fullname" . }}
name: "{{ .Chart.Name }}-{{ .Values.zenflow.name }}"
labels:
{{- include "fcoscore.labels" . | nindent 4 }}
spec:
@ -29,11 +29,11 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
- name: {{ .Values.zenflow.name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: "{{ .Values.zenflow.repository }}:{{ .Values.zenflow.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.zenflow.pullPolicy }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
@ -52,94 +52,126 @@ spec:
{{- end }}
env:
{{- if or .Values.postgresql.enabled .Values.externalDatabase.create }}
- name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.database.secretName" . }}
key: {{ include "fcoscore.database.secretPostgresPasswordKey" . }}
- name: POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.database.secretName" . }}
key: {{ include "fcoscore.database.secretPasswordKey" . }}
- name: POSTGRES_PASSWORD
- name: DB_HOST
value: {{ template "fcoscore.database.host" . }}
- name: DB_PORT
value: {{ template "fcoscore.database.port" . }}
- name: DB_NAME
value: {{ template "fcoscore.database.name" . }}
- name: DB_USER
value: {{ template "fcoscore.database.user" . }}
- name: DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.database.secretName" . }}
key: {{ include "fcoscore.database.secretPasswordKey" . }}
{{- end }}
- name: SECRET_KEY_BASE
- name: ROOM_HOST
value: {{ template "fcoscore.zvmlet.host" . }}
- name: ROOM_PORT
value: {{ template "fcoscore.zvmlet.port" . }}
- name: ROOM_SALT
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: secret_key_base
- name: SIGNING_SALT
name: {{ include "zenflow.secretName" . }}
key: room-salt
- name: ADMIN_KEY
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: signing_salt
- name: ENCRYPTION_SALT
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: encryption_salt
- name: SEEDS_PW
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: seeds_pw
{{- if (include "smtp.password.enabled" .) }}
- name: MAIL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "smtp.secretName" . }}
key: smtp_password
- name: MAIL_KEY
valueFrom:
secretKeyRef:
name: {{ include "smtp.api_key" . }}
key: smtp_api_key
{{- end }}
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: meili_master_key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: web_push_private_key
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "fcoscore.secretName" . }}
key: github_token
{{- if .Values.fcoscore.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.fcoscore.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "common.names.fullname" . }}
{{- if .Values.fcoscore.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.fcoscore.extraEnvVarsCM }}
{{- end }}
{{- if .Values.fcoscore.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.fcoscore.extraEnvVarsSecret }}
{{- end }}
name: {{ include "zenflow.secretName" . }}
key: admin-key
ports:
- name: http
containerPort: {{ .Values.service.port }}
containerPort: {{ .Values.zenflow.service.port }}
protocol: TCP
# livenessProbe:
# httpGet:
# path: /
# port: http
# readinessProbe:
# httpGet:
# path: /
# port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ .Chart.Name }}-{{ .Values.zvmlet.name }}"
labels:
{{- include "fcoscore.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "fcoscore.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "fcoscore.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "fcoscore.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Values.zvmlet.name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.zvmlet.repository }}:{{ .Values.zvmlet.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.zvmlet.pullPolicy }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: HTTP_PORT
value: {{ .Values.zvmlet.service.port | quote }}
ports:
- name: http
containerPort: {{ .Values.zvmlet.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /
path: /docs/
port: http
readinessProbe:
httpGet:
path: /
path: /docs/
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}

18
templates/secrets-database.yaml
View file

@ -1,18 +0,0 @@
{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-database" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{ include "fcoscore.database.secretPasswordKey" . }}: {{ .Values.externalDatabase.password | b64enc | quote }}
{{ include "fcoscore.database.secretPostgresPasswordKey" . }}: {{ .Values.externalDatabase.postgresPassword | b64enc | quote }}
{{- end }}

26
templates/secrets-fcoscore.yaml
View file

@ -1,26 +0,0 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
seeds_pw: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-discourse" (include "common.names.fullname" .)) "key" "seeds_pw" "providedValues" (list "auth.password") "context" $) }}
meili_master_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "meili_master_key" "providedValues" (list "fcoscore.meili_master_key") "context" $) }}
encryption_salt: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "encryption_salt" "providedValues" (list "fcoscore.encryption_salt") "context" $) }}
secret_key_base: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "secret_key_base" "providedValues" (list "fcoscore.secret_key_base") "context" $) }}
signing_salt: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "signing_salt" "providedValues" (list "fcoscore.signing_salt") "context" $) }}
github_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "github_token" "providedValues" (list "fcoscore.github_token") "context" $) }}
web_push_private_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "web_push_private_key" "providedValues" (list "fcoscore.web_push_private_key") "context" $) }}
{{- if and .Values.smtp.enabled .Values.smtp.password (not .Values.smtp.existingSecret) }}
smtp_password: {{ .Values.smtp.password | b64enc | quote }}
smtp_api_key: {{ .Values.smtp.api_key | b64enc | quote }}
{{- end }}

17
templates/secrets.yaml Normal file
View file

@ -0,0 +1,17 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
room-salt: {{ ternary (randAlphaNum 64 | b64enc) .Values.zenflow.room.salt (empty .Values.zenflow.room.salt) | b64enc | quote }}
admin-key: {{ ternary (include "randHex" 128) .Values.auth.password (empty .Values.auth.password) | b64enc | quote }}

23
templates/service.yaml
View file

@ -1,15 +1,30 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "fcoscore.fullname" . }}
name: "{{ .Chart.Name }}-{{ .Values.zenflow.name }}"
labels:
{{- include "fcoscore.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
type: {{ .Values.zenflow.service.type }}
ports:
- port: {{ .Values.service.port }}
- port: {{ .Values.zenflow.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "fcoscore.selectorLabels" . | nindent 4 }}
---
apiVersion: v1
kind: Service
metadata:
name: "{{ .Chart.Name }}-{{ .Values.zvmlet.name }}"
labels:
{{- include "fcoscore.labels" . | nindent 4 }}
spec:
type: {{ .Values.zvmlet.service.type }}
ports:
- port: {{ .Values.zvmlet.service.port }}
targetPort: http
protocol: TCP
name: http

16
templates/tests/test-connection.yaml
View file

@ -1,16 +0,0 @@
---
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "fcoscore.fullname" . }}-test-connection"
labels:
{{- include "fcoscore.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "fcoscore.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

214
values.yaml
View file

@ -33,37 +33,6 @@ diagnosticMode:
args:
- infinity
## @param image.registry fcoscore image registry
## @param image.repository fcoscore image repository
## @param image.pullPolicy fcoscore image pull policy
## @param image.pullSecrets fcoscore image pull secrets
## @param image.tag fcoscore image tag
## @param image.debug Enable image debug mode
##
image:
registry: docker.io
repository: dyne/reflow
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
# Overrides the image tag whose default is the chart appVersion.
# tag: ""
tag: ""
# debug: false
debug: true
audit:
pgAuditLog: true
logLinePrefix: ""
@ -75,9 +44,6 @@ fullnameOverride: ""
## Authentication parameters
##
auth:
## @param auth.username FabCityOS admin user
##
username: root
## @param auth.password FabCityOS admin password. WARNING: Minimum length of 10 characters
## Defaults to a random 10-character alphanumeric string if not set
##
@ -94,7 +60,7 @@ auth:
host: ""
## @param siteName fcoscore site name
##
siteName: 'Fab City Core node for valueflows circular economy networks'
siteName: "Fab City Core node for valueflows circular economy networks"
## fcoscore SMTP settings
## @param smtp.enabled Enable/disable SMTP
@ -131,7 +97,8 @@ serviceAccount:
podAnnotations: {}
securityContext: {}
securityContext:
{}
# capabilities:
# drop:
# - ALL
@ -139,14 +106,11 @@ securityContext: {}
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 4000
ingress:
enabled: false
className: ""
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
@ -159,7 +123,8 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
@ -176,7 +141,8 @@ resources: {}
## @param podSecurityContext.enabled Enabled Odoo pods' Security Context
## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup
##
podSecurityContext: {}
podSecurityContext:
{}
# fsGroup: 2000
## Configure Container Security Context (only main container)
@ -201,101 +167,69 @@ tolerations: []
affinity: {}
fcoscore:
secretName: fcoscore
## @param fcoscore.command Custom command to override image cmd
## @param image.registry fcoscore image registry
## @param image.repository fcoscore image repository
## @param image.pullPolicy fcoscore image pull policy
## @param image.pullSecrets fcoscore image pull secrets
## @param image.tag fcoscore image tag
## @param image.debug Enable image debug mode
##
zenflow:
name: zenflow
registry: docker.io
repository: fabcityhamburg/zenflows
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
command: []
## @param fcoscore.args Custom args for the custom command
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
args: []
## @param fcoscore.extraEnvVars Array with extra environment variables to add fcoscore pods
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
extraEnvVars: []
## @param fcoscore.extraEnvVarsCM ConfigMap containing extra environment variables for fcoscore pods
# Overrides the image tag whose default is the chart appVersion.
# tag: ""
tag: ""
secretName: ""
existingSecret: ""
debug: false
service:
type: ClusterIP
port: 8000
room:
salt: ""
zvmlet:
name: zvmlet
registry: docker.io
repository: fabcityhamburg/zvmlet
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
extraEnvVarsCM: ""
## @param fcoscore.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for fcoscore pods
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
extraEnvVarsSecret: ""
## config properties
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
org_name: "FabCity"
## config properties
##
mix_env: "prod"
## config properties
##
flavour: "reflow"
## config properties
##
lang: "en_US.UTF-8"
## config properties
##
upload_limit: "30000000"
## config properties
##
timeout: "10000"
## config properties
##
invite_only: true
## config properties
##
invite_key: ""
## config properties
##
replace_os_vars: true
## config properties
##
liveview_enabled: true
## config properties
##
acme_agree: true
## config properties
##
erlang_cookie: "bonfire"
## config properties
##
web_push:
## config properties
##
subject: "mailto:hostmaster@example.com"
## config properties
##
public_key: ""
## config properties
##
geolocate_opencagedata: ""
## config properties
##
meili_master_key: ""
## config properties
##
encryption_salt: ""
## config properties
##
secret_key_base: ""
## config properties
##
signing_salt: ""
## config properties
##
github_token: ""
## config properties
##
disable_db_automigration: false
## config properties
##
seeds_user: ""
## config properties
##
seeds_pw: ""
## config properties
##
web_push_public_key: ""
## config properties
##
web_push_private_key: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
debug: false
service:
type: ClusterIP
port: 3000
## Persistence Parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
@ -335,7 +269,6 @@ persistence:
##
annotations: {}
networkPolicy:
## @param networkPolicy.enabled Enable network policies
## If ingress.enabled is true, configure networkPolicy.ingress selectors to allow communication
@ -423,10 +356,8 @@ networkPolicy:
postgresql:
enabled: true
auth:
host: ""
# port: 5432
username: fcoscore
database: bonfire
username: zenflow
database: fcos_zenflow
audit:
logHostname: true
logConnections: true
@ -434,15 +365,6 @@ postgresql:
pgAuditLogCatalog: "on"
clientMinMessages: error
extensions: hstore,pg_trgm,postgis
# primary:
# initdb:
# scripts:
# init.sql: |
# CREATE DATABASE bonfire;
# CREATE EXTENSION IF NOT EXISTS postgis;
# CREATE EXTENSION IF NOT EXISTS hstore;
# GRANT ALL ON bonfire TO fcoscore;
# # CREATE USER usr_fcos_core WITH PASSWORD 'pwd_fcos_core';
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false