diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..43e0006 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "scibec"] + path = scibec + url = https://gitlab.psi.ch/bec/scibec diff --git a/helm/charts/cron_chart/.helmignore b/helm/charts/cron_chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/cron_chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/cron_chart/Chart.yaml b/helm/charts/cron_chart/Chart.yaml new file mode 100644 index 0000000..b12b310 --- /dev/null +++ b/helm/charts/cron_chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: cron-chart +description: A Helm chart for scheduling cron jobs + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/charts/cron_chart/README.md b/helm/charts/cron_chart/README.md new file mode 100644 index 0000000..07d4b5a --- /dev/null +++ b/helm/charts/cron_chart/README.md @@ -0,0 +1,51 @@ +# Cron-chart + +A simple chart to deploy a cronJob runner mounting secrets + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release cron_chart +``` + +The command deploys a cron chart on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following table lists the configurable parameters of the chart and their default values. + +### Common parameters + +| Parameter | Description | Default | +|---------------------|----------------------------------------------------------------------|--------------------------------| +| `nameOverride` | String to partially override fullname | `nil` | +| `fullnameOverride` | String to fully override fullname | `nil` | + +### cron-chart parameters + +| Parameter | Description | Default | +|------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `image.repository` | Image name | `busybox` | +| `image.tag` | Image tag | `latest` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `cronjob.restartPolicy` | Set the cronjob restart policy | `OnFailure` | +| `cronjob.schedule` | Set the schedule of the cronjob in the usual cron format command | `0 7 * * 1` | +| `cronjob.secret` | Name of the secret used by the cronjob to fetch env vars | `nil` | +| `secrets` | Object of objects which create secrets, in the form: { secretName:{ type:Opaque,data:{ key1:value1,key2:value2,key3:value3 } } } + | `nil` | +| `volumes` | Object of arrays with volumes to mount, in the form: https://kubernetes.io/docs/concepts/storage/volumes/#background | `nil` | +| `volumeMounts` | Object of arrays with volumes to mount and where, in the form: https://kubernetes.io/docs/concepts/storage/volumes/#background | `nil` | diff --git a/helm/charts/cron_chart/templates/NOTES.txt b/helm/charts/cron_chart/templates/NOTES.txt new file mode 100644 index 0000000..e5e9d6f --- /dev/null +++ b/helm/charts/cron_chart/templates/NOTES.txt @@ -0,0 +1,6 @@ +1. Get the application resources by running: + $ kubectl get all -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm_chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" +2. Get the application configmaps by running: + $ kubectl get configmaps -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm_chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" +3. Get the application secrets by running: + $ kubectl get secrets -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm_chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/charts/cron_chart/templates/_helpers.tpl b/helm/charts/cron_chart/templates/_helpers.tpl new file mode 100644 index 0000000..13939b6 --- /dev/null +++ b/helm/charts/cron_chart/templates/_helpers.tpl @@ -0,0 +1,74 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm_chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm_chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- .Release.Name }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm_chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm_chart.labels" -}} +helm.sh/chart: {{ include "helm_chart.chart" . }} +{{ include "helm_chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm_chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "helm_chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "helm_chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "helm_chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Validate the secret, checking if base64 encoded +*/}} +{{- define "validateSecret" -}} +{{ $secret := regexReplaceAllLiteral "\u0026#x3D;" (regexReplaceAllLiteral "\u0026#x2F;" . "/") "=" }} +{{- if (b64dec $secret | hasPrefix "illegal base64") -}} +{{ fail "Please b64 encode your secrets!" }} +{{- else }} +{{- $secret }} +{{- end }} +{{- end }} diff --git a/helm/charts/cron_chart/templates/cronjob.yaml b/helm/charts/cron_chart/templates/cronjob.yaml new file mode 100644 index 0000000..6e32741 --- /dev/null +++ b/helm/charts/cron_chart/templates/cronjob.yaml @@ -0,0 +1,34 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ include "helm_chart.fullname" . }} + labels: + {{- include "helm_chart.labels" $ | nindent 4 }} +spec: + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + schedule: {{ .Values.cronjob.schedule | quote }} + jobTemplate: + spec: + template: + metadata: + labels: + {{- include "helm_chart.selectorLabels" . | nindent 12 }} + spec: + restartPolicy: {{ .Values.cronjob.restartPolicy }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 10 }} + {{- end }} + containers: + - name: {{ include "helm_chart.fullname" . }} + image: {{ tpl .Values.image.repository $ }}:{{ tpl .Values.image.tag $ }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + {{- with .Values.volumes}} + volumes: + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} diff --git a/helm/charts/cron_chart/templates/secrets.yaml b/helm/charts/cron_chart/templates/secrets.yaml new file mode 100644 index 0000000..e62d84c --- /dev/null +++ b/helm/charts/cron_chart/templates/secrets.yaml @@ -0,0 +1,14 @@ +{{- range $name, $values := $.Values.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ tpl $name $ }} + labels: + {{- include "helm_chart.labels" $ | nindent 4 }} +type: {{ $values.type }} +data: + {{- range $k, $v := $values.data }} + {{ $k }}: + {{- tpl (printf "%s" $v) $ | include "validateSecret" | indent 4 }} + {{- end }} +{{- end }} diff --git a/helm/charts/cron_chart/values.yaml b/helm/charts/cron_chart/values.yaml new file mode 100644 index 0000000..e88fda9 --- /dev/null +++ b/helm/charts/cron_chart/values.yaml @@ -0,0 +1,18 @@ +# Default values for search-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: "busybox" + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: latest + +nameOverride: "" +fullnameOverride: "" + +cronjob: + restartPolicy: OnFailure + schedule: 0 7 * * 1 diff --git a/helm/charts/generic_service/.helmignore b/helm/charts/generic_service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/generic_service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/generic_service/Chart.yaml b/helm/charts/generic_service/Chart.yaml new file mode 100644 index 0000000..1277aba --- /dev/null +++ b/helm/charts/generic_service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: generic-service-chart +description: A Helm chart for Kubernetes to deploy a generic service. Highly configurable, app specific values can be set as files or as values + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/charts/generic_service/README.md b/helm/charts/generic_service/README.md new file mode 100644 index 0000000..adc7841 --- /dev/null +++ b/helm/charts/generic_service/README.md @@ -0,0 +1,120 @@ +# Generic-service-chart + +The idea is to have a chart which is generic enough to be applied to many simple applications. Custom values, like config maps, volumes, env vars and others can be set as values or from file + +## TL;DR + +```bash +$ helm repo add internal http://melanie.gitpages.psi.ch/templates +$ helm install my-release internal/generic-service-chart +``` + +## Introduction + +This chart bootstraps a generic service deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release internal/generic-service-chart +``` + +The command deploys a generic service on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following table lists the configurable parameters of the chart and their default values. + +### Common parameters + +| Parameter | Description | Default | +|---------------------|----------------------------------------------------------------------|--------------------------------| +| `nameOverride` | String to partially override fullname | `nil` | +| `fullnameOverride` | String to fully override fullname | `nil` | + +### generic-service-chart parameters + +| Parameter | Description | Default | +|------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `image.repository` | Image name | `busybox` | +| `image.tag` | Image tag | `latest` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `run.command` | Command to be executed by the container | `nil` | +| `run.args` | Arguments to pass the the container command | `nil` | +| `env` | Envaironment variables to use in the deployment. It follows the same sintax as environment variabels in k8s | `[]` | +| `volumes` | Define what volumes to use in the deployment. It follows the same syntax as volumes in k8s | `nil` | +| `volumeMounts` | Define what volumes to mount in the deployment. It follows the same syntax as volumesMounts in k8s | `nil` | +| `configMaps` | Dictionary of `configmapName-> {key:value,}` used to define configmaps. An example `{cm1: {k1:v1,k2:v2}, cm2: {k3:v3}}` | `{}` | +| `test` | Test to run when using `helm test`. It follows the same syntax as containers in k8s | `nil` (evaluated as a template) | +| `initialDelaySeconds` | Number of seconds after the container has started before liveness or readiness probes are initiated | `nil` | + +### Statefulset parameters + +| Parameter | Description | Default | +|-----------------------------|-------------------------------------------------------------------------------------------|--------------------------------| +| `replicaCount` | Number of nodes | `1` | + +### Exposure parameters + +| Parameter | Description | Default | +|--------------------------------------|-----------------------------------------------------------------------------------|--------------------------------| +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.externalPort` | Service external port | `3000` | +| `service.internalPort` | Service internal port name | `80` | +| `ingress.enabled` | Enable ingress resource for Management console | `false` | +| `ingress.hosts[0].host` | Host | `nil` | +| `ingress.hosts[0].paths[0].path` | Path for the default host | `/` | +| `ingress.hosts[0].tls[0].secretName` | Name of existing secret contiaining the tls certificate | `nil` | +| `ingress.hosts[0].tls[0].hosts[0]` | Host on which to apply the tls encription | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` or `--set-file key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set configMaps.cm.key=value \ + --set-file configMaps.cm.key1=path_to_file \ + internal/generic-service-chart +``` + +The above command sets and creates a configmap, named cm, with two values: one with key `key` and value `value` and the second with key `key1` and value equal to the content of the file in `path_to_file`. + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### Define helm tests + +To set the test to run, define this command: +```bash +$ TESTCASE=`cat << EOF +containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "helm_chart.fullname" . }}:{{ .Values.service.externalPort }}'] +EOF` +$ helm install my-release \ + --set test=$TESTCASE +$ helm test my-release +``` + +### Scale horizontally + +To horizontally scale this chart once it has been deployed, two options are available: + +- Use the `kubectl scale` command. +- Upgrade the chart modifying the `replicaCount` parameter. diff --git a/helm/charts/generic_service/templates/NOTES.txt b/helm/charts/generic_service/templates/NOTES.txt new file mode 100644 index 0000000..940c48f --- /dev/null +++ b/helm/charts/generic_service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helm_chart.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helm_chart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helm_chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm_chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/charts/generic_service/templates/_helpers.tpl b/helm/charts/generic_service/templates/_helpers.tpl new file mode 100644 index 0000000..13939b6 --- /dev/null +++ b/helm/charts/generic_service/templates/_helpers.tpl @@ -0,0 +1,74 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm_chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm_chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- .Release.Name }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm_chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm_chart.labels" -}} +helm.sh/chart: {{ include "helm_chart.chart" . }} +{{ include "helm_chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm_chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "helm_chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "helm_chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "helm_chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Validate the secret, checking if base64 encoded +*/}} +{{- define "validateSecret" -}} +{{ $secret := regexReplaceAllLiteral "\u0026#x3D;" (regexReplaceAllLiteral "\u0026#x2F;" . "/") "=" }} +{{- if (b64dec $secret | hasPrefix "illegal base64") -}} +{{ fail "Please b64 encode your secrets!" }} +{{- else }} +{{- $secret }} +{{- end }} +{{- end }} diff --git a/helm/charts/generic_service/templates/configmap.yaml b/helm/charts/generic_service/templates/configmap.yaml new file mode 100644 index 0000000..6478530 --- /dev/null +++ b/helm/charts/generic_service/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- range $name, $values := $.Values.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ tpl $name $ }} + labels: + {{- include "helm_chart.labels" $ | nindent 4 }} +data: + {{- range $k, $v := $values }} + {{ $k }}: | +{{ tpl $v $ | indent 4}} + {{- end }} +{{- end }} diff --git a/helm/charts/generic_service/templates/deployment.yaml b/helm/charts/generic_service/templates/deployment.yaml new file mode 100644 index 0000000..ed221e5 --- /dev/null +++ b/helm/charts/generic_service/templates/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm_chart.fullname" . }} + labels: + {{- include "helm_chart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "helm_chart.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ .Values.configMaps | toJson | sha256sum }} + checksum/secrets: {{ .Values.secrets | toJson | sha256sum }} + labels: + {{- include "helm_chart.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.image.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ tpl .Values.image.repository $ }}:{{ tpl .Values.image.tag $ | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + protocol: TCP + livenessProbe: + {{- with .Values.probeChecks }} + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + httpGet: + path: {{ .Values.service.probePath | default "/" }} + port: {{ .Values.service.internalPort }} + readinessProbe: + {{- with .Values.probeChecks }} + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + httpGet: + path: {{ .Values.service.probePath | default "/" }} + port: {{ .Values.service.internalPort }} + {{- with .Values.run }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- with .Values.env }} + env: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + {{- with .Values.volumes}} + volumes: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} diff --git a/helm/charts/generic_service/templates/ingress.yaml b/helm/charts/generic_service/templates/ingress.yaml new file mode 100644 index 0000000..3aa8882 --- /dev/null +++ b/helm/charts/generic_service/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "helm_chart.fullname" . -}} +{{- $svcPort := .Values.service.externalPort -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "helm_chart.labels" . | nindent 4 }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else -}} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }}7 + {{- end }} + {{- end }} + {{- end }} + {{- end }} diff --git a/helm/charts/generic_service/templates/secrets.yaml b/helm/charts/generic_service/templates/secrets.yaml new file mode 100644 index 0000000..e62d84c --- /dev/null +++ b/helm/charts/generic_service/templates/secrets.yaml @@ -0,0 +1,14 @@ +{{- range $name, $values := $.Values.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ tpl $name $ }} + labels: + {{- include "helm_chart.labels" $ | nindent 4 }} +type: {{ $values.type }} +data: + {{- range $k, $v := $values.data }} + {{ $k }}: + {{- tpl (printf "%s" $v) $ | include "validateSecret" | indent 4 }} + {{- end }} +{{- end }} diff --git a/helm/charts/generic_service/templates/service.yaml b/helm/charts/generic_service/templates/service.yaml new file mode 100644 index 0000000..5141c7f --- /dev/null +++ b/helm/charts/generic_service/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm_chart.fullname" . }} + labels: + {{- include "helm_chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + protocol: TCP + selector: + {{- include "helm_chart.selectorLabels" . | nindent 4 }} diff --git a/helm/charts/generic_service/templates/tests/test.yaml b/helm/charts/generic_service/templates/tests/test.yaml new file mode 100644 index 0000000..6a40a17 --- /dev/null +++ b/helm/charts/generic_service/templates/tests/test.yaml @@ -0,0 +1,14 @@ +{{- with .Values.test }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "helm_chart.fullname" $ }}-test" + labels: + {{- include "helm_chart.labels" $ | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + restartPolicy: Never +{{- tpl . $ | nindent 2}} +{{- end }} diff --git a/helm/charts/generic_service/values.yaml b/helm/charts/generic_service/values.yaml new file mode 100644 index 0000000..bf04cf0 --- /dev/null +++ b/helm/charts/generic_service/values.yaml @@ -0,0 +1,22 @@ +# Default values for search-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: "busybox" + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: latest + +nameOverride: "" +fullnameOverride: "" + +service: + type: ClusterIP + externalPort: 80 + internalPort: 3000 + +ingress: + enabled: false diff --git a/helm/configs/backend/development/values.yaml b/helm/configs/backend/development/values.yaml new file mode 100644 index 0000000..760a0f5 --- /dev/null +++ b/helm/configs/backend/development/values.yaml @@ -0,0 +1 @@ +host: bec.development.psi.ch diff --git a/helm/configs/backend/production/values.yaml b/helm/configs/backend/production/values.yaml new file mode 100644 index 0000000..462cd7e --- /dev/null +++ b/helm/configs/backend/production/values.yaml @@ -0,0 +1,3 @@ +host: bec.psi.ch +replicaCount: 2 +sessionStoreBuilder: "true" diff --git a/helm/configs/backend/qa/values.yaml b/helm/configs/backend/qa/values.yaml new file mode 100644 index 0000000..11e84e1 --- /dev/null +++ b/helm/configs/backend/qa/values.yaml @@ -0,0 +1 @@ +host: bec.qa.psi.ch diff --git a/helm/configs/backend/values.yaml b/helm/configs/backend/values.yaml new file mode 100644 index 0000000..dd30cc7 --- /dev/null +++ b/helm/configs/backend/values.yaml @@ -0,0 +1,82 @@ +replicaCount: 1 + +image: + repository: "{{ .Values.ciRepository }}" + pullPolicy: IfNotPresent + tag: "{{ .Values.ciTag }}" + +service: + type: ClusterIP + externalPort: 80 + internalPort: 3000 + probePath: /api/v1 + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/proxy-buffer-size: 8k + hosts: + - host: "{{ .Values.host }}" + paths: + - path: /api + pathType: Prefix + tls: + - hosts: + - "{{ .Values.host }}" + secretName: "scilog-certificate" + +volumes: + - name: secrets-volume + secret: + secretName: "{{ .Release.Name }}-s" + +secrets: + "{{ .Release.Name }}-s": + type: Opaque + data: + datasource.json: "{{ .Values.secretsJson.DATASOURCE }}" + oidc.json: "{{ .Values.secretsJson.OIDC }}" + functionalAccounts.json: "{{ .Values.secretsJson.FUNCTIONAL_ACCOUNTS }}" + jwt_secret: "{{ .Values.secretsJson.JWT_SECRET }}" + session_secret: "{{ .Values.secretsJson.SESSION_SECRET }}" + +env: + - name: BASE_PATH + value: /api/v1 + - name: JWT_ACCESS_TOKEN_EXPIRES_IN + value: '1.21e+6' + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-s" + key: jwt_secret + - name: DEBUG + value: '{{ default "" .Values.debug }}' + - name: CHROME_BIN + value : /usr/bin/chromium + - name: SESSION_STORE_BUILDER + value : "{{ .Values.sessionStoreBuilder }}" + - name: SESSION_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-s" + key: session_secret + +volumeMounts: + - name: secrets-volume + mountPath: /home/node/app/datasource.json + subPath: datasource.json + - name: secrets-volume + mountPath: /home/node/app/oidc.json + subPath: oidc.json + - name: secrets-volume + mountPath: /home/node/app/functionalAccounts.json + subPath: functionalAccounts.json + +probeChecks: + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 5 diff --git a/helm/configs/frontend/development/values.yaml b/helm/configs/frontend/development/values.yaml new file mode 100644 index 0000000..ddf6c73 --- /dev/null +++ b/helm/configs/frontend/development/values.yaml @@ -0,0 +1,12 @@ +host: bec.development.psi.ch + +config: | + { + "lbBaseURL": "https://bec.development.psi.ch/api/v1/", + "help": "https://gitlab.psi.ch/bec/scibec/", + "oAuth2Endpoint": { + "authURL": "auth/keycloak", + "displayText": "PSI account", + "toolTipText": "...like any normal user, including e-accounts, connected to your identity management system. Note that you may be redirected to an identity provider" + } + } diff --git a/helm/configs/frontend/production/values.yaml b/helm/configs/frontend/production/values.yaml new file mode 100644 index 0000000..ee47e0c --- /dev/null +++ b/helm/configs/frontend/production/values.yaml @@ -0,0 +1,13 @@ +host: bec.psi.ch + +config: | + { + "lbBaseURL": "https://bec.psi.ch/api/v1/", + "help": "https://gitlab.psi.ch/bec/scibec/", + "oAuth2Endpoint": { + "authURL": "auth/keycloak", + "displayText": "PSI account", + "toolTipText": "...like any normal user, including e-accounts, connected to your identity management system. Note that you may be redirected to an identity provider" + } + + } diff --git a/helm/configs/frontend/qa/values.yaml b/helm/configs/frontend/qa/values.yaml new file mode 100644 index 0000000..2f464fa --- /dev/null +++ b/helm/configs/frontend/qa/values.yaml @@ -0,0 +1,12 @@ +host: bec.qa.psi.ch + +config: | + { + "lbBaseURL": "https://bec.qa.psi.ch/api/v1/", + "help": "https://gitlab.psi.ch/bec/scibec/", + "oAuth2Endpoint": { + "authURL": "auth/keycloak", + "displayText": "PSI account", + "toolTipText": "...like any normal user, including e-accounts, connected to your identity management system. Note that you may be redirected to an identity provider" + } + } diff --git a/helm/configs/frontend/values.yaml b/helm/configs/frontend/values.yaml new file mode 100644 index 0000000..892b18c --- /dev/null +++ b/helm/configs/frontend/values.yaml @@ -0,0 +1,40 @@ +replicaCount: 1 + +image: + repository: "{{ .Values.ciRepository }}" + pullPolicy: Always + tag: "{{ .Values.ciTag }}" + +service: + type: ClusterIP + externalPort: 80 + internalPort: 80 + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: "{{ .Values.host }}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - "{{ .Values.host }}" + secretName: "scilog-certificate" + +configMaps: + "{{ .Release.Name }}-cm": + config.json: "{{ .Values.config | indent 4 }}" + +volumes: + - name: config-volume + configMap: + name: "{{ .Release.Name }}-cm" + +volumeMounts: + - name: config-volume + mountPath: /usr/share/nginx/html/assets/config.json + subPath: config.json diff --git a/helm/configs/proposal-sync/development/values.yaml b/helm/configs/proposal-sync/development/values.yaml new file mode 100644 index 0000000..2515ac9 --- /dev/null +++ b/helm/configs/proposal-sync/development/values.yaml @@ -0,0 +1,3 @@ +cronjob: + restartPolicy: OnFailure + schedule: 0 5 * * 4 diff --git a/helm/configs/proposal-sync/production/values.yaml b/helm/configs/proposal-sync/production/values.yaml new file mode 100644 index 0000000..c808bd1 --- /dev/null +++ b/helm/configs/proposal-sync/production/values.yaml @@ -0,0 +1,3 @@ +cronjob: + restartPolicy: OnFailure + schedule: 15 5 * * 4 diff --git a/helm/configs/proposal-sync/qa/values.yaml b/helm/configs/proposal-sync/qa/values.yaml new file mode 100644 index 0000000..2417c70 --- /dev/null +++ b/helm/configs/proposal-sync/qa/values.yaml @@ -0,0 +1,3 @@ +cronjob: + restartPolicy: OnFailure + schedule: 30 5 * * 4 diff --git a/helm/configs/proposal-sync/values.yaml b/helm/configs/proposal-sync/values.yaml new file mode 100644 index 0000000..730feee --- /dev/null +++ b/helm/configs/proposal-sync/values.yaml @@ -0,0 +1,41 @@ +image: + repository: "{{ .Values.ciRepository }}" + pullPolicy: Always + tag: "{{ .Values.ciTag }}" + +secrets: + "{{ .Release.Name }}-s": + type: Opaque + data: + .env: "{{ .Values.secretsJson.PSYNC_ENV }}" + +volumes: + - name: secrets-volume + secret: + secretName: "{{ .Release.Name }}-s" + - name: downloaddir + emptyDir: {} + +volumeMounts: + - name: secrets-volume + mountPath: /usr/src/app/.env + subPath: .env + - name: downloaddir + mountPath: /usr/src/app/default_logbook_icon.jpg + subPath: default_logbook_icon.jpg + +initContainers: + - name: install + image: alpine + command: + - "/bin/sh" + - -c + args: + - >- + apk update && apk add ca-certificates && update-ca-certificates; + wget + -O /download-dir/default_logbook_icon.jpg + https://raw.githubusercontent.com/paulscherrerinstitute/scilog/main/sci-log-db/src/scilog_config_PSI/default_logbook_icon.jpg; + volumeMounts: + - name: downloaddir + mountPath: "/download-dir" diff --git a/scibec b/scibec new file mode 160000 index 0000000..4ae0462 --- /dev/null +++ b/scibec @@ -0,0 +1 @@ +Subproject commit 4ae04620bd015beda86146a9267a5e0f26931331