From 3b7931a57a95122252e0617a576c9162da069885 Mon Sep 17 00:00:00 2001 From: Sebastian Wendel Date: Tue, 25 Oct 2022 13:38:56 +0200 Subject: [PATCH] addopted helm config to the new zenflow container --- .editorconfig | 4 + Chart.lock | 11 +- Chart.yaml | 14 +- Makefile | 109 ++++++++++++++ flake.lock | 72 --------- flake.nix | 13 +- k3d-dev.yaml | 2 +- shell.nix | 91 ++++-------- templates/NOTES.txt | 27 ++-- templates/_helpers.tpl | 38 ++++- templates/configmaps.yaml | 65 -------- templates/deployment.yaml | 182 +++++++++++++---------- templates/secrets-database.yaml | 18 --- templates/secrets-fcoscore.yaml | 26 ---- templates/secrets.yaml | 17 +++ templates/service.yaml | 23 ++- templates/tests/test-connection.yaml | 16 -- values.yaml | 214 +++++++++------------------ 18 files changed, 414 insertions(+), 528 deletions(-) create mode 100644 Makefile delete mode 100644 templates/configmaps.yaml delete mode 100644 templates/secrets-database.yaml delete mode 100644 templates/secrets-fcoscore.yaml create mode 100644 templates/secrets.yaml delete mode 100644 templates/tests/test-connection.yaml diff --git a/.editorconfig b/.editorconfig index a65d818..4931a0b 100644 --- a/.editorconfig +++ b/.editorconfig @@ -15,3 +15,7 @@ indent_style = space [*.md] indent_size = 2 indent_style = space + +[{Makefile, *.make}] +indent_size = 4 +indent_style = tab diff --git a/Chart.lock b/Chart.lock index 7942ca5..c5bff0a 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.16.0 + version: 1.17.1 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 11.6.7 -- name: meilisearch - repository: https://meilisearch.github.io/meilisearch-kubernetes - version: 0.1.35 -digest: sha256:70e320755869e63e382e3f1398f99aadba81d9bd538fe04092f24fb64eea984e -generated: "2022-06-22T00:09:39.352294916+02:00" + version: 11.9.11 +digest: sha256:0042e55164e56c2a5c4c62caa278095edaf48ab9e0a0428e07d652d628764470 +generated: "2022-10-24T12:23:47.26450072+02:00" diff --git a/Chart.yaml b/Chart.yaml index 778611d..25958f8 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,21 +3,22 @@ name: fcoscore description: Fab City OS Core Chart using Kubernetes Helm version: 0.0.1 type: application -appVersion: 0.1.0-beta.280 +appVersion: latest home: https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart icon: https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png sources: - - https://github.com/dyne/reflow-os + - https://github.com/dyne/zenflows + - https://github.com/dyne/zenflows-crypto - https://www.interfacerproject.eu/ keywords: - - bonfire - fabcity - fcos + - zenflow + - zvmlet - fediverse - graphql - reflowos - valueflows - - zenroom maintainers: - name: Sebastian Wendel email: s.wendel@fabcity.hamburg @@ -34,8 +35,3 @@ dependencies: name: postgresql repository: https://charts.bitnami.com/bitnami version: 11.x.x - - name: meilisearch - version: 0.1.35 - repository: https://meilisearch.github.io/meilisearch-kubernetes - tags: - - meilisearch diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ab20766 --- /dev/null +++ b/Makefile @@ -0,0 +1,109 @@ +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Setup + +up: k3d-create update build ## Create a local k3d development cluster. +down: k3d-delete ## Delete the local k3d development cluster. + +k3d-create: ## Create a local K3D development cluster. + @k3d cluster create fcos-dev --config k3d-dev.yaml + +k3d-delete: ## Delete the local K3D development cluster + @k3d cluster delete fcos-dev + +info: ## Show k3d cluster info + @k3d cluster list + @kubectl cluster-info + +##@ Helm + +update: ## Update helm dependencies + @helm dependency update + +build: ## Build helm dependencies + @helm dependency build + +dry-run: ## Run helm dry run + @helm install --dry-run fcoscore . + +install: ## Run helm install + @helm install fcoscore . + +uninstall: ## Run helm uninstall + @helm uninstall fcoscore || true + +reinstall: uninstall install ## Run helm reinstall + +clean: down up ## Clean the local Kubernetes development cluster. + +##@ Lint + +lint: helm ## Lint all input files. + +lint-yaml: ## Lint YAML files. + @yamllint -f auto . + +lint-markdown: ## Lint Markdown files. + @mdl . + +lint-chart: ## Lint Charts files. + @ct lint + +lint-helm: ## Lint Helm files. + @helm lint . + +##@ Show + +get: ## Get specific Kubernetes resources from all namespaces. + @kubectl get --all-namespaces $(filter-out $@, $(MAKECMDGOALS)) + +get-pods: ## Get Kubernetes pods from all namespaces. + @kubectl get --all-namespaces pods + +get-events: ## Get Kubernetes events from all namespaces. + @kubectl get --all-namespaces events + +get-all: ## Get the state of all Kubernetes resources. + @kubectl get all --all-namespaces + +get-ns: ## Get all Kubernetes namespaces. + @kubectl get namespaces + +get-api: ## Get all Kubernetes api resources. + @kubectl api-resources + +get-crd: ## Get all Kubernetes api resources. + @kubectl get crd + +get-node: ## Get all Kubernetes nodes. + @kubectl get nodes -o wide + +watch-all: ## Watch the state of all Kubernetes resources. + @watch -n 1 kubectl get all --all-namespaces + +##@ Log + +events: ## Show all Kubernetes cluster events. + @kubectl get events --watch --all-namespaces + +##@ Tools + +nav: ## Start K9s to view and manage your Kubernetes clusters. + @k9s --all-namespaces --headless + +%: + @true diff --git a/flake.lock b/flake.lock index 8d04749..64e1c48 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "nixpkgs": [ - "ragenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1648942457, - "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", - "owner": "ryantm", - "repo": "agenix", - "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -53,64 +32,13 @@ "type": "github" } }, - "ragenix": { - "inputs": { - "agenix": "agenix", - "flake-utils": [ - "utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1651391319, - "narHash": "sha256-KmNO8/Ll8M4kKyvLxeELmr02TYX8ADLDKVQO4t9OaDk=", - "owner": "yaxitech", - "repo": "ragenix", - "rev": "36964905ee503b51de804d9cf29319a5004779cd", - "type": "github" - }, - "original": { - "owner": "yaxitech", - "repo": "ragenix", - "type": "github" - } - }, "root": { "inputs": { "flake-compat": "flake-compat", "nixpkgs": "nixpkgs", - "ragenix": "ragenix", "utils": "utils" } }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "ragenix", - "flake-utils" - ], - "nixpkgs": [ - "ragenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1651286718, - "narHash": "sha256-sPGOKDL6TNRfLnwarbdlmeD0FW4BmPfOoB/AMax91pg=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8a687a6e5dc1f5c39715b01521a7aa0122529a05", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1652776076, diff --git a/flake.nix b/flake.nix index 80689f8..cbf4d47 100644 --- a/flake.nix +++ b/flake.nix @@ -2,22 +2,13 @@ description = "fc k8s runtime flake"; inputs = { - nixpkgs = { - url = "github:NixOS/nixpkgs/nixos-unstable-small"; - }; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + utils.url = "github:numtide/flake-utils"; flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; - - utils.url = "github:numtide/flake-utils"; - - ragenix = { - url = "github:yaxitech/ragenix"; - inputs.flake-utils.follows = "utils"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { self, nixpkgs, utils, ... }@inputs: diff --git a/k3d-dev.yaml b/k3d-dev.yaml index 518f267..493b6fb 100644 --- a/k3d-dev.yaml +++ b/k3d-dev.yaml @@ -3,7 +3,7 @@ apiVersion: k3d.io/v1alpha4 kind: Simple servers: 1 agents: 1 -image: docker.io/rancher/k3s:v1.23.4-k3s1 +image: docker.io/rancher/k3s:v1.24.4-k3s1 options: kubeconfig: updateDefaultKubeconfig: true diff --git a/shell.nix b/shell.nix index bfd6d69..76dad53 100644 --- a/shell.nix +++ b/shell.nix @@ -1,62 +1,31 @@ -{ pkgs ? import { } }: +{pkgs ? import {}}: +with pkgs; + mkShell { + name = "fcoscore-chart"; + nativeBuildInputs = with pkgs; [ + chart-testing + editorconfig-checker + git + gnumake + k9s + kube3d + kubectl + kubectx + kubernetes-helm + mdl + nixpkgs-fmt + pre-commit + rnix-lsp + vscodium-fhs + yaml-language-server + yamllint + ]; -with pkgs; mkShell { - - name = "fcoscore-chart"; - nativeBuildInputs = with pkgs; [ - chart-testing - delve - dgoss - dotenv-linter - editorconfig-checker - git - git-lfs - gitlint - gnumake - go - go-outline - go-tools - gocode - gocode-gomod - godef - golangci-lint - gopkgs - gopls - goss - grype - hadolint - k9s - kube3d - kubebuilder - kubeconform - kubectl - kubectx - kubernetes-helm - kubeval - kubeval-schema - kustomize - mdl - mdsh - nix-build-uncached - nix-linter - nixpkgs-fmt - pre-commit - rnix-lsp - shfmt - skaffold - trivy - vscodium-fhs - yamale - yaml-language-server - yamllint - ]; - - postInstall = '' - . <(helm completion $(basename $SHELL)) - . <(k3d completion $(basename $SHELL)) - . <(k9s completion $(basename $SHELL)) - . <(kubectl completion $(basename $SHELL)) - . <(kustomize completion $(basename $SHELL)) - . <(golangci-lint completion $(basename $SHELL)) - ''; -} + postInstall = '' + . <(helm completion $(basename $SHELL)) + . <(k3d completion $(basename $SHELL)) + . <(k9s completion $(basename $SHELL)) + . <(kubectl completion $(basename $SHELL)) + . <(ct completion $(basename $SHELL)) + ''; + } diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 97fe5a5..6c6f8b6 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -1,15 +1,12 @@ ->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - ________ ________ ________ ________ ___ _________ ___ ___ ________ ________ -|\ _____\\ __ \|\ __ \ |\ ____\|\ \|\___ ___\ |\ \ / /| |\ __ \|\ ____\ -\ \ \__/\ \ \|\ \ \ \|\ /_ \ \ \___|\ \ \|___ \ \_| \ \ \/ / / \ \ \|\ \ \ \___|_ - \ \ __\\ \ __ \ \ __ \ \ \ \ \ \ \ \ \ \ \ \ / / \ \ \\\ \ \_____ \ - \ \ \_| \ \ \ \ \ \ \|\ \ \ \ \____\ \ \ \ \ \ \/ / / \ \ \\\ \|____|\ \ - \ \__\ \ \__\ \__\ \_______\ \ \_______\ \__\ \ \__\__/ / / \ \_______\____\_\ \ - \|__| \|__|\|__|\|_______| \|_______|\|__| \|__|\___/ / \|_______|\_________\ - \|___|/ \|_________| +>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + ____ __ ____ ____ _____ + / _/___ / /____ _____/ __/___ _________ _____/ __ \/ ___/ + / // __ \/ __/ _ \/ ___/ /_/ __ `/ ___/ _ \/ ___/ / / /\__ \ + _/ // / / / /_/ __/ / / __/ /_/ / /__/ __/ / / /_/ /___/ / +/___/_/ /_/\__/\___/_/ /_/ \__,_/\___/\___/_/ \____//____/ -<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Get the application URL by running these commands: @@ -19,29 +16,29 @@ Get the application URL by running these commands: http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.zenflow.service.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fcoscore.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.zenflow.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fcoscore.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fcoscore.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} + echo http://$SERVICE_IP:{{ .Values.zenflow.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} +{{- else if contains "ClusterIP" .Values.zenflow.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fcoscore.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application" + echo "Visit http://127.0.0.1:{{ .Values.zenflow.service.port }} to use your application" {{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 06c7af8..907b182 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -23,6 +23,15 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fcoscore.zvmlet.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" . ) ( .Values.zvmlet.name) }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} @@ -97,9 +106,9 @@ Return true if a secret object for FabCityOS should be created {{- end -}} {{/* -Return the FabCityOS secret name +Return the zenflow secret name */}} -{{- define "fcoscore.secretName" -}} +{{- define "zenflow.secretName" -}} {{- default (include "common.names.fullname" .) -}} {{- end -}} @@ -216,6 +225,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}} {{- end -}} +{{- define "fcoscore.zvmlet.host" -}} +{{- printf "%s" (include "fcoscore.zvmlet.fullname" . ) -}} +{{- end -}} + +{{- define "fcoscore.zvmlet.port" -}} +{{- .Values.zvmlet.service.port | quote -}} +{{- end -}} + {{- define "fcoscore.meilisearch.host" -}} {{- include "common.names.dependency.fullname" (dict "chartName" "meilisearch" "chartValues" .Values.meilisearch "context" $) -}} {{- end }} @@ -243,3 +260,20 @@ Return true if FabCityOS SMTP uses password authentication {{- true -}} {{- end -}} {{- end -}} + +{{- /* + Returns given number of random Hex characters. + - randNumeric 4 | atoi generates a random number in [0, 10^4) + This is a range range evenly divisble by 16, but even if off by one, + that last partial interval offsetting randomness is only 1 part in 625. + - mod N 16 maps to the range 0-15 + - printf "%x" represents a single number 0-15 as a single hex character +*/}} +{{- define "randHex" -}} + {{- $result := "" }} + {{- range $i := until . }} + {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }} + {{- $result = print $result $rand_hex_char }} + {{- end }} + {{- $result }} +{{- end }} diff --git a/templates/configmaps.yaml b/templates/configmaps.yaml deleted file mode 100644 index 53c3826..0000000 --- a/templates/configmaps.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - APP_NAME: {{ include "fcoscore.fullname" . | quote }} - MIX_ENV: {{ .Values.fcoscore.mix_env | quote }} - ORG_NAME: {{ .Values.fcoscore.org_name | quote }} - FLAVOUR: {{ .Values.fcoscore.flavour | quote }} - HOSTNAME: {{ include "fcoscore.host" . | quote }} - INSTANCE_DESCRIPTION: {{ .Values.siteName | quote }} - INVITE_ONLY: {{ .Values.fcoscore.invite_only | quote }} - INVITE_KEY: {{ .Values.fcoscore.invite_key | quote }} - REPLACE_OS_VARS: {{ .Values.fcoscore.replace_os_vars | quote }} - LANG: {{ .Values.fcoscore.lang | quote }} - ERLANG_COOKIE: {{ .Values.fcoscore.erlang_cookie | quote }} - PUBLIC_PORT: {{ .Values.service.port | quote }} - SERVER_PORT: {{ .Values.service.port | quote }} - LIVEVIEW_ENABLED: {{ .Values.fcoscore.liveview_enabled | quote }} - UPLOAD_LIMIT: {{ .Values.fcoscore.upload_limit | quote }} - ACME_AGREE: {{ .Values.fcoscore.acme_agree | quote }} - SEEDS_USER: {{ .Values.fcoscore.seeds_user | quote }} - GEOLOCATE_OPENCAGEDATA: {{ .Values.fcoscore.geolocate_opencagedata | quote }} - WEB_PUSH_PUBLIC_KEY: {{ .Values.fcoscore.web_push_public_key | quote }} - WEB_PUSH_SUBJECT: {{ .Values.fcoscore.web_push.subject | quote }} - SEARCH_MEILI_INSTANCE: {{ include "fcoscore.meilisearch.url" . | quote }} - {{- if .Values.smtp.enabled }} - MAIL_BACKEND: {{ .Values.smtp.backend | quote }} - MAIL_DOMAIN: {{ .Values.smtp.host | quote }} - MAIL_SERVER: {{ .Values.smtp.host | quote }} - MAIL_PORT: {{ .Values.smtp.port | quote }} - MAIL_FROM: {{ .Values.smtp.from | quote }} - MAIL_USER: {{ .Values.smtp.user | quote }} - {{- end }} - DISABLE_DB_AUTOMIGRATION: {{ .Values.fcoscore.disable_db_automigration | quote }} - {{- if .Values.postgresql.enabled }} - POSTGRES_DB: {{ include "fcoscore.database.name" . }} - POSTGRES_HOST: {{ include "fcoscore.database.host" . }} - POSTGRES_PORT: {{ include "fcoscore.database.port" . }} - POSTGRES_USER: {{ include "fcoscore.database.user" . }} - POSTGRES_TIMEOUT: {{ .Values.fcoscore.timeout | quote }} - {{- end }} - {{- if or .Values.postgresql.enabled .Values.externalDatabase.create }} - POSTGRESQL_CLIENT_DATABASE_HOST: {{ include "fcoscore.database.host" . }} - POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER: {{ include "fcoscore.database.port" . }} - POSTGRESQL_CLIENT_DATABASE_NAME: {{ include "fcoscore.database.name" . }} - - {{- if or .Values.postgresql.enabled (not .Values.externalDatabase.postgresUser) }} - POSTGRESQL_CLIENT_POSTGRES_USER: "postgres" - {{- else }} - POSTGRESQL_CLIENT_POSTGRES_USER: {{ .Values.externalDatabase.postgresUser | quote }} - POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME: {{ .Values.externalDatabase.user | quote }} - {{- end }} - POSTGRESQL_CLIENT_CREATE_DATABASE_NAME: {{ include "fcoscore.database.name" . }} - POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS: {{ .Values.postgresql.extensions | quote }} - {{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 12ba789..d078c50 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "fcoscore.fullname" . }} + name: "{{ .Chart.Name }}-{{ .Values.zenflow.name }}" labels: {{- include "fcoscore.labels" . | nindent 4 }} spec: @@ -29,11 +29,11 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: {{ .Values.zenflow.name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.zenflow.repository }}:{{ .Values.zenflow.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.zenflow.pullPolicy }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} @@ -52,94 +52,126 @@ spec: {{- end }} env: {{- if or .Values.postgresql.enabled .Values.externalDatabase.create }} - - name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.database.secretName" . }} - key: {{ include "fcoscore.database.secretPostgresPasswordKey" . }} - - name: POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.database.secretName" . }} - key: {{ include "fcoscore.database.secretPasswordKey" . }} - - name: POSTGRES_PASSWORD + - name: DB_HOST + value: {{ template "fcoscore.database.host" . }} + - name: DB_PORT + value: {{ template "fcoscore.database.port" . }} + - name: DB_NAME + value: {{ template "fcoscore.database.name" . }} + - name: DB_USER + value: {{ template "fcoscore.database.user" . }} + - name: DB_PASS valueFrom: secretKeyRef: name: {{ include "fcoscore.database.secretName" . }} key: {{ include "fcoscore.database.secretPasswordKey" . }} {{- end }} - - name: SECRET_KEY_BASE + - name: ROOM_HOST + value: {{ template "fcoscore.zvmlet.host" . }} + - name: ROOM_PORT + value: {{ template "fcoscore.zvmlet.port" . }} + - name: ROOM_SALT valueFrom: secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: secret_key_base - - name: SIGNING_SALT + name: {{ include "zenflow.secretName" . }} + key: room-salt + - name: ADMIN_KEY valueFrom: secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: signing_salt - - name: ENCRYPTION_SALT - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: encryption_salt - - name: SEEDS_PW - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: seeds_pw - {{- if (include "smtp.password.enabled" .) }} - - name: MAIL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "smtp.secretName" . }} - key: smtp_password - - name: MAIL_KEY - valueFrom: - secretKeyRef: - name: {{ include "smtp.api_key" . }} - key: smtp_api_key - {{- end }} - - name: MEILI_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: meili_master_key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: web_push_private_key - - name: GITHUB_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "fcoscore.secretName" . }} - key: github_token - {{- if .Values.fcoscore.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.fcoscore.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - - configMapRef: - name: {{ include "common.names.fullname" . }} - {{- if .Values.fcoscore.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.fcoscore.extraEnvVarsCM }} - {{- end }} - {{- if .Values.fcoscore.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.fcoscore.extraEnvVarsSecret }} - {{- end }} + name: {{ include "zenflow.secretName" . }} + key: admin-key ports: - name: http - containerPort: {{ .Values.service.port }} + containerPort: {{ .Values.zenflow.service.port }} + protocol: TCP + # livenessProbe: + # httpGet: + # path: / + # port: http + # readinessProbe: + # httpGet: + # path: / + # port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Chart.Name }}-{{ .Values.zvmlet.name }}" + labels: + {{- include "fcoscore.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "fcoscore.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "fcoscore.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "fcoscore.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Values.zvmlet.name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.zvmlet.repository }}:{{ .Values.zvmlet.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.zvmlet.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: HTTP_PORT + value: {{ .Values.zvmlet.service.port | quote }} + ports: + - name: http + containerPort: {{ .Values.zvmlet.service.port }} protocol: TCP livenessProbe: httpGet: - path: / + path: /docs/ port: http readinessProbe: httpGet: - path: / + path: /docs/ port: http resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/templates/secrets-database.yaml b/templates/secrets-database.yaml deleted file mode 100644 index 8195464..0000000 --- a/templates/secrets-database.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-database" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{ include "fcoscore.database.secretPasswordKey" . }}: {{ .Values.externalDatabase.password | b64enc | quote }} - {{ include "fcoscore.database.secretPostgresPasswordKey" . }}: {{ .Values.externalDatabase.postgresPassword | b64enc | quote }} -{{- end }} diff --git a/templates/secrets-fcoscore.yaml b/templates/secrets-fcoscore.yaml deleted file mode 100644 index 1f2e97e..0000000 --- a/templates/secrets-fcoscore.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - seeds_pw: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-discourse" (include "common.names.fullname" .)) "key" "seeds_pw" "providedValues" (list "auth.password") "context" $) }} - meili_master_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "meili_master_key" "providedValues" (list "fcoscore.meili_master_key") "context" $) }} - encryption_salt: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "encryption_salt" "providedValues" (list "fcoscore.encryption_salt") "context" $) }} - secret_key_base: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "secret_key_base" "providedValues" (list "fcoscore.secret_key_base") "context" $) }} - signing_salt: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "signing_salt" "providedValues" (list "fcoscore.signing_salt") "context" $) }} - github_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "github_token" "providedValues" (list "fcoscore.github_token") "context" $) }} - web_push_private_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "web_push_private_key" "providedValues" (list "fcoscore.web_push_private_key") "context" $) }} - {{- if and .Values.smtp.enabled .Values.smtp.password (not .Values.smtp.existingSecret) }} - smtp_password: {{ .Values.smtp.password | b64enc | quote }} - smtp_api_key: {{ .Values.smtp.api_key | b64enc | quote }} - {{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml new file mode 100644 index 0000000..f246ac9 --- /dev/null +++ b/templates/secrets.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + room-salt: {{ ternary (randAlphaNum 64 | b64enc) .Values.zenflow.room.salt (empty .Values.zenflow.room.salt) | b64enc | quote }} + admin-key: {{ ternary (include "randHex" 128) .Values.auth.password (empty .Values.auth.password) | b64enc | quote }} diff --git a/templates/service.yaml b/templates/service.yaml index f2af973..aef555f 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -1,15 +1,30 @@ - --- apiVersion: v1 kind: Service metadata: - name: {{ include "fcoscore.fullname" . }} + name: "{{ .Chart.Name }}-{{ .Values.zenflow.name }}" labels: {{- include "fcoscore.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.zenflow.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.zenflow.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "fcoscore.selectorLabels" . | nindent 4 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Chart.Name }}-{{ .Values.zvmlet.name }}" + labels: + {{- include "fcoscore.labels" . | nindent 4 }} +spec: + type: {{ .Values.zvmlet.service.type }} + ports: + - port: {{ .Values.zvmlet.service.port }} targetPort: http protocol: TCP name: http diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml deleted file mode 100644 index 5bc8f81..0000000 --- a/templates/tests/test-connection.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "fcoscore.fullname" . }}-test-connection" - labels: - {{- include "fcoscore.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "fcoscore.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/values.yaml b/values.yaml index 4c0bd21..67e96ac 100644 --- a/values.yaml +++ b/values.yaml @@ -33,37 +33,6 @@ diagnosticMode: args: - infinity -## @param image.registry fcoscore image registry -## @param image.repository fcoscore image repository -## @param image.pullPolicy fcoscore image pull policy -## @param image.pullSecrets fcoscore image pull secrets -## @param image.tag fcoscore image tag -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: dyne/reflow - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - # Overrides the image tag whose default is the chart appVersion. - # tag: "" - tag: "" - # debug: false - debug: true - audit: pgAuditLog: true logLinePrefix: "" @@ -75,9 +44,6 @@ fullnameOverride: "" ## Authentication parameters ## auth: - ## @param auth.username FabCityOS admin user - ## - username: root ## @param auth.password FabCityOS admin password. WARNING: Minimum length of 10 characters ## Defaults to a random 10-character alphanumeric string if not set ## @@ -94,7 +60,7 @@ auth: host: "" ## @param siteName fcoscore site name ## -siteName: 'Fab City Core node for valueflows circular economy networks' +siteName: "Fab City Core node for valueflows circular economy networks" ## fcoscore SMTP settings ## @param smtp.enabled Enable/disable SMTP @@ -131,7 +97,8 @@ serviceAccount: podAnnotations: {} -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -139,14 +106,11 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 -service: - type: ClusterIP - port: 4000 - ingress: enabled: false className: "" - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -159,7 +123,8 @@ ingress: # hosts: # - chart-example.local -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -176,7 +141,8 @@ resources: {} ## @param podSecurityContext.enabled Enabled Odoo pods' Security Context ## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup ## -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 ## Configure Container Security Context (only main container) @@ -201,101 +167,69 @@ tolerations: [] affinity: {} -fcoscore: - secretName: fcoscore - ## @param fcoscore.command Custom command to override image cmd +## @param image.registry fcoscore image registry +## @param image.repository fcoscore image repository +## @param image.pullPolicy fcoscore image pull policy +## @param image.pullSecrets fcoscore image pull secrets +## @param image.tag fcoscore image tag +## @param image.debug Enable image debug mode +## +zenflow: + name: zenflow + registry: docker.io + repository: fabcityhamburg/zenflows + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - command: [] - ## @param fcoscore.args Custom args for the custom command + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - args: [] - ## @param fcoscore.extraEnvVars Array with extra environment variables to add fcoscore pods + pullSecrets: [] + ## Set to true if you would like to see extra information on logs ## - extraEnvVars: [] - ## @param fcoscore.extraEnvVarsCM ConfigMap containing extra environment variables for fcoscore pods + # Overrides the image tag whose default is the chart appVersion. + # tag: "" + tag: "" + secretName: "" + existingSecret: "" + debug: false + service: + type: ClusterIP + port: 8000 + room: + salt: "" + +zvmlet: + name: zvmlet + registry: docker.io + repository: fabcityhamburg/zvmlet + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - extraEnvVarsCM: "" - ## @param fcoscore.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for fcoscore pods + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - extraEnvVarsSecret: "" - ## config properties + pullSecrets: [] + ## Set to true if you would like to see extra information on logs ## - org_name: "FabCity" - ## config properties - ## - mix_env: "prod" - ## config properties - ## - flavour: "reflow" - ## config properties - ## - lang: "en_US.UTF-8" - ## config properties - ## - upload_limit: "30000000" - ## config properties - ## - timeout: "10000" - ## config properties - ## - invite_only: true - ## config properties - ## - invite_key: "" - ## config properties - ## - replace_os_vars: true - ## config properties - ## - liveview_enabled: true - ## config properties - ## - acme_agree: true - ## config properties - ## - erlang_cookie: "bonfire" - ## config properties - ## - web_push: - ## config properties - ## - subject: "mailto:hostmaster@example.com" - ## config properties - ## - public_key: "" - ## config properties - ## - geolocate_opencagedata: "" - ## config properties - ## - meili_master_key: "" - ## config properties - ## - encryption_salt: "" - ## config properties - ## - secret_key_base: "" - ## config properties - ## - signing_salt: "" - ## config properties - ## - github_token: "" - ## config properties - ## - disable_db_automigration: false - ## config properties - ## - seeds_user: "" - ## config properties - ## - seeds_pw: "" - ## config properties - ## - web_push_public_key: "" - ## config properties - ## - web_push_private_key: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + debug: false + service: + type: ClusterIP + port: 3000 ## Persistence Parameters ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ @@ -335,7 +269,6 @@ persistence: ## annotations: {} - networkPolicy: ## @param networkPolicy.enabled Enable network policies ## If ingress.enabled is true, configure networkPolicy.ingress selectors to allow communication @@ -423,10 +356,8 @@ networkPolicy: postgresql: enabled: true auth: - host: "" - # port: 5432 - username: fcoscore - database: bonfire + username: zenflow + database: fcos_zenflow audit: logHostname: true logConnections: true @@ -434,15 +365,6 @@ postgresql: pgAuditLogCatalog: "on" clientMinMessages: error extensions: hstore,pg_trgm,postgis - # primary: - # initdb: - # scripts: - # init.sql: | - # CREATE DATABASE bonfire; - # CREATE EXTENSION IF NOT EXISTS postgis; - # CREATE EXTENSION IF NOT EXISTS hstore; - # GRANT ALL ON bonfire TO fcoscore; - # # CREATE USER usr_fcos_core WITH PASSWORD 'pwd_fcos_core'; ## External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false