Add new values file and template changes

charts/prod-oralhistory-values.yaml

@@ -13,22 +13,38 @@ image:
 # Chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/solr
 solr:
   # TODO: Solr heap size? docker-compose has SOLR_HEAP=4g
+  replicaCount: 1
+  collectionReplicas: 1
   enabled: true
+
+  javaMem: "-XX:MaxRAMPercentage=80"
+  resources:
+    limits:
+      memory: 4Gi
+    requests:
+      memory: 4Gi
+
+  coreNames: ["blacklight-core"]
+
+  # Disable solr cloud
+  cloudEnabled: false
+  cloudBootstrap: false
+  zookeeper:
+    enabled: false
+
   image:
     repository: bitnami/solr
     # This is the image version, not the chart version.
     tag: 8.11.1
   auth:
     enabled: true
     adminUsername: admin
-    secretKeys:
-      adminPasswordKey: SOLR_ADMIN_PASSWORD
-      userPasswordKey: SOLR_ADMIN_PASSWORD
     existingSecret: oral-history-secrets
+    existingSecretPasswordKey: SOLR_ADMIN_PASSWORD
   persistence:
     enabled: true
     storageClass: "vsphere-csi-sc"
-    size: 8Gi
+    size: 20Gi
     mountPath: /bitnami/solr
 # Chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
 postgresql:
@@ -39,40 +55,53 @@ postgresql:
     tag: 12.3.0
 
   auth:
-    username: blacklight
-    database: blacklight
+    database: oral_history
     secretKeys:
       adminPasswordKey: POSTGRES_PASSWORD
-      userPasswordKey: POSTGRES_PASSWORD
+      userPasswordKey: POSTGRES_USER
     existingSecret: oral-history-secrets
   service:
     ports:
       postgresql: 5432
   primary:
     persistence:
       # TODO: Should enabled be true?
-      enabled: false
-      size: 10Gi
+      enabled: true
+      size: 20Gi
 
 # TODO: Variable names and values were copied from .env - is this all right?
 web:
+  # Due to the current Helm template mechanism, any additional ENVs will have to be added in the oral-history-env ConfigMap template
   env:
+    # Solr Environment Variables
+    # The values should be matched with values used in the Solr Dependent Chart
     SOLR_ADMIN_USER: admin
-    SOLR_HOST: oral-history-public-web-solr
+
+    # DNS pointer to the Solr Service Name
+    SOLR_HOST: prod-oral-history-public-web-solr
+
     SOLR_PORT: 8983
+
+    # Postgres environment variables
+    # The values should be matched with values used in the Postgre Dependent Chart
     POSTGRES_DB: oral_history
-    POSTGRES_HOST: postgres
-    POSTGRES_USER: postgres
-    DEPLOY_HOOK: CHANGEME
-    DOCKER_PORTS: 80
-    MAKE_WAVES: false
+
+    # DNS pointer to the Postgres Service Name
+    POSTGRES_HOST: prod-oral-history-public-web-postgresql
+
+    # Rails specific environment variables
+    MAKE_WAVES: true
     PASSENGER_APP_ENV: production
-    REGISTRY_HOST: index.docker.io/
-    REGISTRY_URI: uclalibrary
-    # TODO: Real value
+    RAILS_ENV: production
+    RACK_ENV: production
+    RAILS_LOG_TO_STDOUT: true
+    SMTP_ADDRESS: smtp.ucla.edu
+    SMTP_DOMAIN: library.ucla.edu
+    SMTP_FROM: [email protected]
+    SMTP_HOST: oralhistory.library.ucla.edu
+    SMTP_HTTP_PROTOCOL: https
+
     SITE_URI: oralhistory-k8s.library.ucla.edu
-    TAG: staging
-    TEST_DB: oral_history_test
 
 worker:
   replicaCount: 1
@@ -92,22 +121,28 @@ externalsecrets:
     argocd.argoproj.io/sync-wave: "-3"
   enabled: true
   # Reference to ClusterSecretStore name
-  ref: systems-clustersecretstore
+  ref: apps-clustersecretstore
   secrets:
     application:
       data:
+        - secretKey: ROLLBAR_ACCESS_TOKEN
+          remoteRef:
+            key: /apps/prodrke01/oh-public/rollbar_access_token
         - secretKey: NEGATIVE_CAPTCHA_SECRET
           remoteRef:
-            key: /systems/prodrke01/oh-public/negative_captcha_secret
+            key: /apps/prodrke01/oh-public/negative_captcha_secret
         - secretKey: POSTGRES_PASSWORD
           remoteRef:
-            key: /systems/prodrke01/oh-public/db_password
+            key: /apps/prodrke01/oh-public/db_password
+        - secretKey: POSTGRES_USER
+          remoteRef:
+            key: /apps/prodrke01/oh-public/db_username
         - secretKey: SECRET_KEY_BASE
           remoteRef:
-            key: /systems/prodrke01/oh-public/secret_key_base
-        - secretKey: solr-password
+            key: /apps/prodrke01/oh-public/secret_key_base
+        - secretKey: SOLR_ADMIN_PASSWORD
           remoteRef:
-            key: /systems/prodrke01/oh-public/solr_admin_password
+            key: /apps/prodrke01/oh-public/solr_admin_password
 
 # configure a registry token for access to your container registry, needs read permissions, create secret in Rancher, follow instructions:
 # https://ranchermanager.docs.rancher.com/v2.5/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries#creating-a-registry
@@ -133,34 +168,29 @@ ingress:
   enabled: "true"
   ingressClassName: "nginx"
   annotations:
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     cert-manager.io/cluster-issuer: sectigo-acme-clusterissuer
     kubernetes.io/tls-acme: "true"
-
   hosts:
     # TODO: Set real production name
     - host: oralhistory-k8s.library.ucla.edu
       paths:
         - "/"
-
   tls:
     # TODO: Set real production name
    - secretName: oralhistory-k8s-tls
      hosts:
        - oralhistory-k8s.library.ucla.edu
 
-resources: {}
+
+resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+  limits:
+    memory: 4Gi
+  requests:
+    memory: 4Gi
 
 autoscaling:
   enabled: false