2gis · Efber · Nov 27, 2024 · Nov 28, 2024 · Nov 28, 2024 · Dec 2, 2024
@@ -0,0 +1,35 @@
+releases:
+{{ $releaseVersion :=  .Values.global.version }}
+{{- range $release, $v := .Values.apps }}
+- name: {{ $release }}
+  labels:
+    app: {{ $release }}
+  chart: {{ $v.repo }}/{{ $v.chart }}
+  {{- if $v | getOrNil "version" }}
+  version: {{ $v.version }}
+  {{- else }}
+  version: {{ $releaseVersion }}
+  {{- end }}
+  {{- if $v | getOrNil "namespace" }}
+  namespace: {{ $v.namespace }}
+  {{- end }}
+  missingFileHandler: Info
+  values:
+    {{- if $v | getOrNil "valueFiles" }}
+    {{- range $valueFile := $v.valueFiles }}
+    - releases/{{ $valueFile }}
+    {{- end }}
+    {{- else }}
+    - releases/{{ $release }}.yaml.gotmpl
+    {{- end }}
+    - releases/_override.yaml.gotmpl
+  {{- if ($v | getOrNil "installed") }}
+  installed: true
+  {{- else }}
+  installed: false
+  {{- end }}
+  {{- if ($v | getOrNil "needs") }}
+  needs:
+    {{- toYaml $v.needs | trim | nindent 4 }}
+  {{- end }}
+{{- end }}
@@ -0,0 +1,3 @@
+repositories:
+- name: 2gis-on-premise
+  url: https://2gis.github.io/on-premise-helm-charts
@@ -0,0 +1,16 @@
+apps:
+  license:
+    repo: 2gis-on-premise
+    chart: license
+
+  keys:
+    repo: 2gis-on-premise
+    chart: keys
+
+  traffic-proxy-first:
+    repo: 2gis-on-premise
+    chart: traffic-proxy
+
+  traffic-proxy-second:
+    repo: 2gis-on-premise
+    chart: traffic-proxy
@@ -0,0 +1,27 @@
+templates:
+  .default: &default
+    missingFileHandler: Info
+    values:
+      # Apps
+      - apps/*.*
+      # Env
+      - envs/{{ .Environment.Name }}/*.*
+      # Values
+      - envs/{{ .Environment.Name }}/values/*.*
+
+environments:
+
+  example/prod:
+    <<: *default
+
+  example/stage:
+    missingFileHandler: Info
+    values:
+      # Apps
+      - apps/*.*
+      # Env
+      - envs/example/prod/*.*
+      - envs/{{ .Environment.Name }}/*.*
+      # Values
+      - envs/example/prod/values/*.*
+      - envs/{{ .Environment.Name }}/values/*.*
@@ -0,0 +1,42 @@
+global:
+  version: 1.31.0
+  domain: prod.example.com
+  tlsSecret: 'secret-tls'
+  dgctlDockerRegistry: registry.example.com
+  dgctlStorage:
+    bucket: 'onpremise-artifacts'
+  s3Storage:
+    host: 's3.example.com'
+    secure: false
+    region: 'US'
+    accessKey: 'AKIAIOSFODNN7EXAMPLE'
+    secretKey: 'wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY'
+
+apps:
+  license:
+    installed: false
+    ingress:
+      enabled: true
+
+  keys:
+    installed: false
+    api:
+      ingress:
+        enabled: true
+    admin:
+      ingress:
+        enabled: true
+
+  traffic-proxy-first:
+    installed: true
+    ingress:
+      enabled: true
+    valueFiles:
+    - traffic-proxy.yaml.gotmpl
+
+  traffic-proxy-second:
+    installed: true
+    ingress:
+      enabled: true
+    valueFiles:
+    - traffic-proxy.yaml.gotmpl
@@ -0,0 +1,6 @@
+license:
+  license:
+    type: 1
+  persistence:
+    bucket: 'onpremise-artifacts'
+    root: 'license_state'
@@ -0,0 +1,3 @@
+traffic-proxy-first:
+  proxy:
+    host: https://host1.example.com
@@ -0,0 +1,3 @@
+traffic-proxy-second:
+  proxy:
+    host: https://host2.example.com
@@ -0,0 +1,21 @@
+global:
+  version: 1.31.0
+  domain: stage.example.com
+  tlsSecret: 'secret-tls'
+  dgctlDockerRegistry: registry.example.com
+  dgctlStorage:
+    bucket: 'onpremise-artifacts-stage'
+  s3Storage:
+    host: 's3.example.com'
+    secure: false
+    region: 'US'
+    accessKey: 'AKIAIOSFODNN7EXAMPLE'
+    secretKey: 'wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY'
+
+apps:
+  traffic-proxy-second:
+    installed: false
+    ingress:
+      enabled: true
+    valueFiles:
+    - traffic-proxy.yaml.gotmpl
@@ -0,0 +1,6 @@
+traffic-proxy-first:
+  proxy:
+    host: https://host1.STAGE.example.com
+
+  ingress:
+    enabled: true
@@ -0,0 +1,13 @@
+bases:
+  - envs/environments.yaml
+---
+bases:
+  - .helmfile/repositories.yaml
+  - .helmfile/releases.yaml
+---
+
+helmDefaults:
+  wait: true
+  atomic: true
+  devel: true
+  createNamespace: true
@@ -0,0 +1,28 @@
+{{- define "ingress" -}}
+{{- if .isEnabled -}}
+enabled: true
+className: nginx
+hosts:
+- host: {{ .name }}.{{ .Values.global.domain }}
+  paths:
+  - path: /
+    pathType: Prefix
+tls:
+- hosts:
+  - {{ .name }}.{{ .Values.global.domain }}
+  secretName: {{ .Values.global.tlsSecret }}
+{{- else -}}
+enabled: false
+className: nginx
+hosts:
+- host: {{ .name }}.{{ .Values.global.domain }}
+  paths:
+  - path: /
+    pathType: Prefix
+tls: []
+{{- end -}}
+{{- end -}}
+
+{{- define "ingress2" }}
+{{ . | toYaml }}
+{{- end }}
@@ -0,0 +1,3 @@
+{{- if (.Values | getOrNil .Release.Name) }}
+{{ .Values | getOrNil .Release.Name | toYaml }}
+{{- end }}
@@ -0,0 +1,43 @@
+{{ $IsIngressEnabled :=  .Values.apps | get "keys.api.ingress.enabled" false -}}
+{{- $ingressData := dict "name" "keys-api" "Values" $.Values "isEnabled" $IsIngressEnabled -}}
+
+api:
+  ingress:
+  {{- include "ingress" $ingressData | nindent 4 }}
+
+{{ $IsIngressEnabled :=  .Values.apps | get "keys.admin.ingress.enabled" false -}}
+{{- $ingressData := dict "name" "keys-admin" "Values" $.Values "isEnabled" $IsIngressEnabled -}}
+
+admin:
+  ingress:
+  {{- include "ingress" $ingressData | nindent 4 }}
+
+
+postgres:
+  ro:
+    host: '!!!'
+    port: 5432
+    timeout: 3s
+    name: '!!!'
+    schema: '!!!'
+    username: '!!!'
+    password: '!!!'
+
+  rw:
+    host: '!!!'
+    port: 5432
+    timeout: 3s
+    name: '!!!'
+    schema: '!!!'
+    username: '!!!'
+    password: '!!!'
+
+kafka:
+  audit:
+    bootstrapServers: '!!!'
+    username: '!!!'
+    password: '!!!'
+    topic: '!!!'
+    produce:
+      retryCount: 5
+      idempotentWrite: true
@@ -0,0 +1,30 @@
+dgctlDockerRegistry: {{ .Values.global.dgctlDockerRegistry }}
+dgctlStorage:
+  host: {{ .Values.global.s3Storage.host }}
+  secure: {{ .Values.global.s3Storage.secure }}
+  region: {{ .Values.global.s3Storage.region }}
+  bucket: {{ .Values.global.dgctlStorage.bucket }}
+  accessKey: {{ .Values.global.s3Storage.accessKey }}
+  secretKey: {{ .Values.global.s3Storage.secretKey }}
+
+license:
+  type: ''
+  retryPeriod: 30s
+  softBlockPeriod: 2w
+  statusPort: 8080
+  apiPort: 8443
+
+{{ $IsIngressEnabled :=  .Values.apps | get "license.ingress.enabled" false -}}
+{{- $ingressData := dict "name" "license" "Values" $.Values "isEnabled" $IsIngressEnabled -}}
+
+ingress:
+  {{- include "ingress" $ingressData | nindent 2 }}
+
+persistence:
+  host: {{ .Values.global.s3Storage.host }}
+  secure: {{ .Values.global.s3Storage.secure }}
+  region: {{ .Values.global.s3Storage.region }}
+  bucket: ''
+  root: ''
+  accessKey: {{ .Values.global.s3Storage.accessKey }}
+  secretKey: {{ .Values.global.s3Storage.secretKey }}
@@ -0,0 +1,55 @@
+dgctlDockerRegistry: {{ .Values.global.dgctlDockerRegistry }}
+
+proxy:
+  host: ''
+  listen: 8080
+  protocol: https  # don't document
+  upstreams: []  # don't document
+  cache:
+    enabled: true
+    age: 1m
+    size: 32m
+  worker:
+    processes: 2
+    connections: 1024
+  log:
+    customFormats: []
+    # - name: small
+    #   escape: json
+    #   format: |
+    #     '{"time_local":"$time_local",'
+    #     '"remote_addr":"$remote_addr",'
+    #     '"request":"$request",'
+    #     '"status":"$status",'
+    #     '"host":"$host"}'
+    errorLog:
+      level: error
+
+    accessLog: off
+    # accessLog: '/dev/stdout main'
+
+  keepaliveTimeout: 65
+
+  locations: []
+  # - path: /test/
+  #   definition: |
+  #     default_type text/html;
+  #     return 200 "<!DOCTYPE html><h2>test page</h2>\n";
+
+  httpServers: {}
+      # examplecfg: |
+      # server {
+      #   listen 0.0.0.0:8080;
+
+      #   location / {
+      #       default_type text/html;
+      #       return 200 "<!DOCTYPE html><h2>test page</h2>\n";
+      #   }
+      # }
+
+{{ $a := print .Release.Name ".ingress.enabled" }}
+{{ $IsIngressEnabled :=  .Values.apps | get $a false -}}
+{{- $ingressData := dict "name" .Release.Name "Values" $.Values "isEnabled" $IsIngressEnabled -}}
+
+ingress:
+  {{- include "ingress" $ingressData | nindent 2 }}
@@ -0,0 +1,38 @@
+helmDefaults:
+  createNamespace: false
+  atomic: true
+  wait: true
+  historyMax: 1
+
+repositories:
+- name: 2gis-on-premise
+  url: https://2gis.github.io/on-premise-helm-charts
+
+environments:
+  example-prod:
+    values:
+    - &example_prod
+      version: 1.31.0
+      domain: example.com
+      namespace: default
+      kubeContext: 2gis-staging
+      tlsSecret: secret-tls
+      dgctlDockerRegistry: registry.example.com
+      dgctlStorage:
+        bucket: 'onpremise-artifacts'
+      s3Storage:
+        host: 's3.example.com'
+        secure: false
+        region: 'US'
+        accessKey: 'AKIAIOSFODNN7EXAMPLE'
+        secretKey: 'wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY'
+      trafficProxy: ["first", "second"]
+
+  example-stage:
+    values:
+    - << : *example_prod
+    - version: 1.30.0
+    -   domain: stage.example.com
+    -   dgctlStorage:
+          bucket: 'onpremise-artifacts-stage'
+    -   trafficProxy: ["first"]