From afa1b91f2a0971a537943a4959c1c6e88e66277d Mon Sep 17 00:00:00 2001 From: Moctar Date: Fri, 6 Nov 2020 17:14:38 +0100 Subject: [PATCH 1/3] intial helm charts --- infra/helm/.helmignore | 22 ++ infra/helm/README.md | 9 + infra/helm/all/Chart.yaml | 21 ++ infra/helm/all/templates/NOTES.txt | 1 + infra/helm/all/templates/database-service.yml | 13 + infra/helm/all/templates/database.yml | 38 +++ .../all/templates/elasticsearch-service.yml | 13 + infra/helm/all/templates/elasticsearch.yml | 33 ++ infra/helm/all/templates/gateway-ingress.yml | 25 ++ infra/helm/all/templates/gateway-service.yml | 13 + infra/helm/all/templates/gateway.yml | 57 ++++ .../helm/all/templates/phraseanet-service.yml | 13 + infra/helm/all/templates/phraseanet.yml | 166 +++++++++++ infra/helm/all/templates/rabbitmq-service.yml | 13 + infra/helm/all/templates/rabbitmq.yml | 27 ++ infra/helm/all/templates/redis-service.yml | 13 + infra/helm/all/templates/redis.yml | 21 ++ infra/helm/all/templates/worker.yml | 103 +++++++ infra/helm/all/values.yaml | 96 ++++++ infra/helm/myvalues.yaml | 96 ++++++ infra/helm_services/README.md | 9 + infra/helm_services/all/Chart.yaml | 21 ++ infra/helm_services/all/README.md | 39 +++ .../helm_services/all/templates/_helpers.tpl | 161 ++++++++++ .../all/templates/api-nginx-deployment.yaml | 35 +++ .../all/templates/api-nginx-ingress.yml | 64 ++++ .../all/templates/api-nginx-service.yml | 20 ++ .../all/templates/api-php-deployment.yml | 52 ++++ .../all/templates/api-php-service.yml | 20 ++ .../all/templates/auth/api-configmap.yaml | 6 + .../auth/default-user-admin-secret.yaml | 11 + .../jobs/create-admin-oauth-clients-job.yaml | 67 +++++ .../jobs/create-default-admin-user-job.yaml | 59 ++++ .../auth/jobs/create-oauth-clients-job.yaml | 79 +++++ .../all/templates/config/php-configmap.yaml | 7 + .../config/postgresql-configmap.yaml | 7 + .../templates/config/rabbitmq-configmap.yaml | 7 + .../all/templates/config/urls-configmap.yaml | 26 ++ .../config/volume-configs-configmap.yaml | 9 + .../dashboard/dashboard-deployment.yaml | 27 ++ .../templates/dashboard/dashboard-ingress.yml | 44 +++ .../dashboard/dashboard-service.yaml | 12 + .../all/templates/expose/api-configmap.yaml | 12 + .../templates/expose/client-configmap.yaml | 12 + .../all/templates/expose/client-ingress.yml | 44 +++ .../expose/expose-client-deployment.yml | 37 +++ .../expose/expose-client-service.yml | 14 + .../templates/expose/oauth-client-secret.yaml | 14 + .../all/templates/migrate-job.yaml | 43 +++ .../minio/minio-create-buckets-job.yaml | 55 ++++ .../all/templates/minio/minio-deployment.yaml | 37 +++ .../all/templates/minio/minio-ingress.yaml | 56 ++++ .../all/templates/minio/minio-pvc.yaml | 32 ++ .../all/templates/minio/minio-secret.yaml | 9 + .../all/templates/minio/minio-service.yaml | 14 + .../all/templates/notify/api-configmap.yaml | 9 + .../jobs/postgresql-create-databases-job.yaml | 45 +++ .../postgresql/postgresql-deployment.yaml | 40 +++ .../templates/postgresql/postgresql-pvc.yaml | 30 ++ .../postgresql/postgresql-secret.yaml | 13 + .../postgresql/postgresql-service.yaml | 12 + .../rabbitmq/jobs/rabbitmq-vhost-job.yaml | 57 ++++ .../rabbitmq/rabbitmq-configmap.yaml | 12 + .../rabbitmq/rabbitmq-deployment.yml | 55 ++++ .../all/templates/rabbitmq/rabbitmq-pvc.yaml | 30 ++ .../templates/rabbitmq/rabbitmq-secret.yaml | 13 + .../templates/rabbitmq/rabbitmq-service.yml | 25 ++ .../all/templates/redis/redis-deployment.yml | 20 ++ .../all/templates/redis/redis-service.yml | 12 + .../templates/report/report-deployment.yml | 28 ++ .../all/templates/report/report-service.yml | 12 + .../templates/secret/oauth-admin-secret.yaml | 18 ++ .../all/templates/secret/s3-secret.yaml | 23 ++ .../all/templates/setup-job.yaml | 44 +++ .../templates/tls/wildcard-tls-secret.yaml | 14 + .../all/templates/uploader/api-configmap.yaml | 14 + .../all/templates/uploader/client-ingress.yml | 44 +++ .../uploader/oauth-client-secret.yaml | 12 + .../uploader/uploader-client-deployment.yml | 33 ++ .../uploader/uploader-client-service.yml | 12 + .../all/templates/worker-deployment.yml | 46 +++ infra/helm_services/all/values.yaml | 281 ++++++++++++++++++ infra/helm_services/bin/test.sh | 10 + infra/helm_services/cert1.pem | 21 ++ infra/helm_services/myvalues.yml | 155 ++++++++++ .../post-provisionning-sample.yaml | 138 +++++++++ infra/helm_services/sample.yaml | 148 +++++++++ infra/ssl/create-root-ca.sh | 10 + infra/ssl/create-self-signed-certificate.sh | 19 ++ infra/ssl/server.csr.alchemy.kube.cnf | 14 + infra/ssl/server.csr.alchemy.local.cnf | 14 + infra/ssl/v3.alchemy.kube.ext | 7 + infra/ssl/v3.alchemy.local.ext | 7 + 93 files changed, 3451 insertions(+) create mode 100644 infra/helm/.helmignore create mode 100644 infra/helm/README.md create mode 100644 infra/helm/all/Chart.yaml create mode 100644 infra/helm/all/templates/NOTES.txt create mode 100644 infra/helm/all/templates/database-service.yml create mode 100644 infra/helm/all/templates/database.yml create mode 100644 infra/helm/all/templates/elasticsearch-service.yml create mode 100644 infra/helm/all/templates/elasticsearch.yml create mode 100644 infra/helm/all/templates/gateway-ingress.yml create mode 100644 infra/helm/all/templates/gateway-service.yml create mode 100644 infra/helm/all/templates/gateway.yml create mode 100644 infra/helm/all/templates/phraseanet-service.yml create mode 100644 infra/helm/all/templates/phraseanet.yml create mode 100644 infra/helm/all/templates/rabbitmq-service.yml create mode 100644 infra/helm/all/templates/rabbitmq.yml create mode 100644 infra/helm/all/templates/redis-service.yml create mode 100644 infra/helm/all/templates/redis.yml create mode 100644 infra/helm/all/templates/worker.yml create mode 100644 infra/helm/all/values.yaml create mode 100644 infra/helm/myvalues.yaml create mode 100644 infra/helm_services/README.md create mode 100644 infra/helm_services/all/Chart.yaml create mode 100644 infra/helm_services/all/README.md create mode 100644 infra/helm_services/all/templates/_helpers.tpl create mode 100644 infra/helm_services/all/templates/api-nginx-deployment.yaml create mode 100644 infra/helm_services/all/templates/api-nginx-ingress.yml create mode 100644 infra/helm_services/all/templates/api-nginx-service.yml create mode 100644 infra/helm_services/all/templates/api-php-deployment.yml create mode 100644 infra/helm_services/all/templates/api-php-service.yml create mode 100644 infra/helm_services/all/templates/auth/api-configmap.yaml create mode 100644 infra/helm_services/all/templates/auth/default-user-admin-secret.yaml create mode 100644 infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml create mode 100644 infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml create mode 100644 infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml create mode 100644 infra/helm_services/all/templates/config/php-configmap.yaml create mode 100644 infra/helm_services/all/templates/config/postgresql-configmap.yaml create mode 100644 infra/helm_services/all/templates/config/rabbitmq-configmap.yaml create mode 100644 infra/helm_services/all/templates/config/urls-configmap.yaml create mode 100644 infra/helm_services/all/templates/config/volume-configs-configmap.yaml create mode 100644 infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml create mode 100644 infra/helm_services/all/templates/dashboard/dashboard-ingress.yml create mode 100644 infra/helm_services/all/templates/dashboard/dashboard-service.yaml create mode 100644 infra/helm_services/all/templates/expose/api-configmap.yaml create mode 100644 infra/helm_services/all/templates/expose/client-configmap.yaml create mode 100644 infra/helm_services/all/templates/expose/client-ingress.yml create mode 100644 infra/helm_services/all/templates/expose/expose-client-deployment.yml create mode 100644 infra/helm_services/all/templates/expose/expose-client-service.yml create mode 100644 infra/helm_services/all/templates/expose/oauth-client-secret.yaml create mode 100644 infra/helm_services/all/templates/migrate-job.yaml create mode 100644 infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml create mode 100644 infra/helm_services/all/templates/minio/minio-deployment.yaml create mode 100644 infra/helm_services/all/templates/minio/minio-ingress.yaml create mode 100644 infra/helm_services/all/templates/minio/minio-pvc.yaml create mode 100644 infra/helm_services/all/templates/minio/minio-secret.yaml create mode 100644 infra/helm_services/all/templates/minio/minio-service.yaml create mode 100644 infra/helm_services/all/templates/notify/api-configmap.yaml create mode 100644 infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml create mode 100644 infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml create mode 100644 infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml create mode 100644 infra/helm_services/all/templates/postgresql/postgresql-secret.yaml create mode 100644 infra/helm_services/all/templates/postgresql/postgresql-service.yaml create mode 100644 infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml create mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml create mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml create mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml create mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml create mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml create mode 100644 infra/helm_services/all/templates/redis/redis-deployment.yml create mode 100644 infra/helm_services/all/templates/redis/redis-service.yml create mode 100644 infra/helm_services/all/templates/report/report-deployment.yml create mode 100644 infra/helm_services/all/templates/report/report-service.yml create mode 100644 infra/helm_services/all/templates/secret/oauth-admin-secret.yaml create mode 100644 infra/helm_services/all/templates/secret/s3-secret.yaml create mode 100644 infra/helm_services/all/templates/setup-job.yaml create mode 100644 infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml create mode 100644 infra/helm_services/all/templates/uploader/api-configmap.yaml create mode 100644 infra/helm_services/all/templates/uploader/client-ingress.yml create mode 100644 infra/helm_services/all/templates/uploader/oauth-client-secret.yaml create mode 100644 infra/helm_services/all/templates/uploader/uploader-client-deployment.yml create mode 100644 infra/helm_services/all/templates/uploader/uploader-client-service.yml create mode 100644 infra/helm_services/all/templates/worker-deployment.yml create mode 100644 infra/helm_services/all/values.yaml create mode 100755 infra/helm_services/bin/test.sh create mode 100644 infra/helm_services/cert1.pem create mode 100644 infra/helm_services/myvalues.yml create mode 100644 infra/helm_services/post-provisionning-sample.yaml create mode 100644 infra/helm_services/sample.yaml create mode 100755 infra/ssl/create-root-ca.sh create mode 100755 infra/ssl/create-self-signed-certificate.sh create mode 100644 infra/ssl/server.csr.alchemy.kube.cnf create mode 100644 infra/ssl/server.csr.alchemy.local.cnf create mode 100644 infra/ssl/v3.alchemy.kube.ext create mode 100644 infra/ssl/v3.alchemy.local.ext diff --git a/infra/helm/.helmignore b/infra/helm/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/infra/helm/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/helm/README.md b/infra/helm/README.md new file mode 100644 index 0000000000..3f4cd74151 --- /dev/null +++ b/infra/helm/README.md @@ -0,0 +1,9 @@ +# Helm Chart + +## Deploy chart + +First you should write your own configuration file named `myvalues.yaml` (see [sample.yaml](./sample.yaml)) + +```bash +helm install -f myvalues.yaml phraseanet ./all +``` diff --git a/infra/helm/all/Chart.yaml b/infra/helm/all/Chart.yaml new file mode 100644 index 0000000000..73faa82209 --- /dev/null +++ b/infra/helm/all/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: phraseanet +description: Helm chart for Phraseanet + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 4.0.0 diff --git a/infra/helm/all/templates/NOTES.txt b/infra/helm/all/templates/NOTES.txt new file mode 100644 index 0000000000..92d2d93cf1 --- /dev/null +++ b/infra/helm/all/templates/NOTES.txt @@ -0,0 +1 @@ +Phraseanet application. diff --git a/infra/helm/all/templates/database-service.yml b/infra/helm/all/templates/database-service.yml new file mode 100644 index 0000000000..792ce0d9a1 --- /dev/null +++ b/infra/helm/all/templates/database-service.yml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Service +metadata: + name: db +spec: + ports: + - port: 3306 + targetPort: 3306 + selector: + app: phraseanet + tier: db + diff --git a/infra/helm/all/templates/database.yml b/infra/helm/all/templates/database.yml new file mode 100644 index 0000000000..5d8f389591 --- /dev/null +++ b/infra/helm/all/templates/database.yml @@ -0,0 +1,38 @@ + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-db +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: phraseanet + tier: db + template: + metadata: + labels: + app: phraseanet + tier: db + spec: + volumes: + - name: database + persistentVolumeClaim: + claimName: {{ .Values.mysql.pvc_name }} + containers: + - name: db + image: {{ .Values.image.registry }}/phraseanet-db:{{ .Values.image.tag.phraseanet }} + imagePullPolicy: Always + terminationMessagePolicy: FallbackToLogsOnError + resources: +{{ toYaml .Values.mysql.resources | indent 12 }} + env: + - name: MYSQL_ROOT_PASSWORD + value: {{ .Values.mysql.root_password }} + - name : MYSQL_MAX_ALLOWED_PACKET + value : {{ .Values.mysql.max_allowed_packet }} + volumeMounts: + - name: "database" + mountPath: "/var/lib/mysql" diff --git a/infra/helm/all/templates/elasticsearch-service.yml b/infra/helm/all/templates/elasticsearch-service.yml new file mode 100644 index 0000000000..2fa9304f79 --- /dev/null +++ b/infra/helm/all/templates/elasticsearch-service.yml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Service +metadata: + name: elasticsearch +spec: + ports: + - name: + port: 9200 + targetPort: 9200 + selector: + app: phraseanet + tier: elasticsearch diff --git a/infra/helm/all/templates/elasticsearch.yml b/infra/helm/all/templates/elasticsearch.yml new file mode 100644 index 0000000000..b21a83c761 --- /dev/null +++ b/infra/helm/all/templates/elasticsearch.yml @@ -0,0 +1,33 @@ + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-elasticsearch +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: phraseanet + tier: elasticsearch + template: + metadata: + labels: + app: phraseanet + tier: elasticsearch + spec: + volumes: + - name: elastic-data + persistentVolumeClaim: + claimName: {{ .Values.elasticsearch.pvc_name }} + containers: + - name: elasticsearch + image: {{ .Values.image.registry }}/phraseanet-elasticsearch:{{ .Values.image.tag.phraseanet }} + imagePullPolicy: Always + terminationMessagePolicy: FallbackToLogsOnError + resources: +{{ toYaml .Values.elasticsearch.resources | indent 12 }} + volumeMounts: + - name: elastic-data + mountPath: "/usr/share/elasticsearch/data" diff --git a/infra/helm/all/templates/gateway-ingress.yml b/infra/helm/all/templates/gateway-ingress.yml new file mode 100644 index 0000000000..44404f052f --- /dev/null +++ b/infra/helm/all/templates/gateway-ingress.yml @@ -0,0 +1,25 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + labels: + app: phraseanet-gateway + name: phraseanet-gateway +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + serviceName: phraseanet-gateway + servicePort: 80 + path: / + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- end }} diff --git a/infra/helm/all/templates/gateway-service.yml b/infra/helm/all/templates/gateway-service.yml new file mode 100644 index 0000000000..d8db2edbb5 --- /dev/null +++ b/infra/helm/all/templates/gateway-service.yml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Service +metadata: + name: phraseanet-gateway +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: phraseanet + tier: gateway + diff --git a/infra/helm/all/templates/gateway.yml b/infra/helm/all/templates/gateway.yml new file mode 100644 index 0000000000..96b762f9a0 --- /dev/null +++ b/infra/helm/all/templates/gateway.yml @@ -0,0 +1,57 @@ + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-gateway +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet + tier: gateway + template: + metadata: + labels: + app: phraseanet + tier: gateway + spec: + volumes: + - name: phraseanet-datas + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.data }} + - name: phraseanet-thumbnails + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.thumbnails }} + - name: phraseanet-custom + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.custom }} + - name: phraseanet-wwwplugins + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.wwwplugins }} + + containers: + - name: gateway + image: {{ .Values.image.registry }}/phraseanet-nginx:{{ .Values.image.tag.phraseanet }} + imagePullPolicy: Always + terminationMessagePolicy: FallbackToLogsOnError + resources: +{{ toYaml .Values.app.gateway.resources | indent 12 }} + volumeMounts: + - name: "phraseanet-datas" + mountPath: "/var/alchemy/Phraseanet/datas" + - name: "phraseanet-thumbnails" + mountPath: "/var/alchemy/Phraseanet/www/thumbnails" + - name: "phraseanet-custom" + mountPath: "/var/alchemy/Phraseanet/www/custom" + - name: phraseanet-wwwplugins + mountPath: "/var/alchemy/Phraseanet/www/plugins" + env: + - name: "MAX_BODY_SIZE" + value: {{ .Values.http.max_body_size }} + - name: "GATEWAY_SEND_TIMEOUT" + value : "600" + - name: GATEWAY_PROXY_TIMEOUT + value: "1200" + - name: GATEWAY_FASTCGI_TIMEOUT + value: "1200" + \ No newline at end of file diff --git a/infra/helm/all/templates/phraseanet-service.yml b/infra/helm/all/templates/phraseanet-service.yml new file mode 100644 index 0000000000..134349da6a --- /dev/null +++ b/infra/helm/all/templates/phraseanet-service.yml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Service +metadata: + name: phraseanet +spec: + ports: + - port: 9000 + targetPort: 9000 + selector: + app: phraseanet + tier: fpm + diff --git a/infra/helm/all/templates/phraseanet.yml b/infra/helm/all/templates/phraseanet.yml new file mode 100644 index 0000000000..bbaebc20fb --- /dev/null +++ b/infra/helm/all/templates/phraseanet.yml @@ -0,0 +1,166 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-fpm +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet + tier: fpm + template: + metadata: + labels: + app: phraseanet + tier: fpm + spec: + volumes: + - name: phraseanet-config + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.config }} + - name: phraseanet-datas + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.data }} + - name: phraseanet-thumbnails + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.thumbnails }} + - name: phraseanet-custom + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.custom }} + - name: phraseanet-wwwplugins + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.wwwplugins }} + - name: phraseanet-tmp + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.tmp }} + - name: phraseanet-logs + emptyDir: + - name: phraseanet-cache + emptyDir: + + containers: + - name: phraseanet-fpm + image: {{ .Values.image.registry }}/phraseanet-fpm:{{ .Values.image.tag.phraseanet }} + imagePullPolicy: Always + terminationMessagePolicy: FallbackToLogsOnError + resources: +{{ toYaml .Values.app.web.resources | indent 12 }} + volumeMounts: + - name: phraseanet-config + mountPath: "/var/alchemy/Phraseanet/config" + - name: phraseanet-datas + mountPath: "/var/alchemy/Phraseanet/datas" + - name: phraseanet-tmp + mountPath: "/var/alchemy/Phraseanet/tmp" + - name: phraseanet-logs + mountPath: "/var/alchemy/Phraseanet/logs" + - name: phraseanet-thumbnails + mountPath: "/var/alchemy/Phraseanet/www/thumbnails" + - name: phraseanet-custom + mountPath: "/var/alchemy/Phraseanet/www/custom" + - name: phraseanet-wwwplugins + mountPath: "/var/alchemy/Phraseanet/www/plugins" + - name: phraseanet-cache + mountPath: "/var/alchemy/Phraseanet/cache" + + env: + - name: MAX_BODY_SIZE + value: {{ .Values.http.max_body_size | quote }} + - name: MAX_INPUT_VARS + value: {{ .Values.http.max_input_vars | quote }} + - name: MAX_EXECUTION_TIME + value: "600" + - name: MAX_INPUT_TIME + value: "60" + - name: GATEWAY_PROXY_TIMEOUT + value: "1200" + - name: GATEWAY_FASTCGI_TIMEOUT + value: "1200" + - name: REQUEST_TERMINATE_TIMEOUT + value: "1200s" + - name: OPCACHE_ENABLED + value: {{ .Values.php.opcache_enabled | quote }} + - name: PHP_LOG_LEVEL + value: {{ .Values.php.log_level | quote }} + - name: PHRASEANET_ADMIN_ACCOUNT_EMAIL + value: {{ .Values.app.phraseanet_admin_account_email | quote }} + - name: PHRASEANET_ADMIN_ACCOUNT_PASSWORD + value: {{ .Values.app.phraseanet_admin_account_password | quote }} + - name: PHRASEANET_DB_HOST + value: {{ .Values.app.phraseanet_db_host | quote }} + - name: PHRASEANET_DB_USER + value: {{ .Values.app.phraseanet_db_user | quote }} + - name: PHRASEANET_DB_PASSWORD + value: {{ .Values.app.phraseanet_db_password | quote }} + - name: INSTALL_DB_TEMPLATE + value: {{ .Values.app.install_db_template | quote }} + - name: INSTALL_APPBOX + value: {{ .Values.app.install_appbox | quote }} + - name: INSTALL_DATABOX + value: {{ .Values.app.install_databox | quote }} + - name: PHRASEANET_SERVER_NAME + value: {{ .Values.app.phraseanet_server_name | quote }} + - name: PHRASEANET_DOWNLOAD_DIR + value: "/var/alchemy/Phraseanet/datas/download" + - name: PHRASEANET_LAZARET_DIR + value: "/var/alchemy/Phraseanet/datas/lazaret" + - name: PHRASEANET_CAPTION_DIR + value: "/var/alchemy/Phraseanet/tmp/caption" + - name: PHRASEANET_FFMPEG_TIMEOUT + value: {{ .Values.app.phraseanet_ffmpeg_timeout | quote }} + - name: PHRASEANET_FFPROBE_TIMEOUT + value: {{ .Values.app.phraseanet_ffprobe_timeout | quote }} + - name: PHRASEANET_GS_TIMEOUT + value: {{ .Values.app.phraseanet_gs_timeout | quote }} + - name: PHRASEANET_MP4BOX_TIMEOUT + value: {{ .Values.app.phraseanet_mp4box_timeout | quote }} + - name: PHRASEANET_SWFTOOLS_TIMEOUT + value: {{ .Values.app.phraseanet_swftools_timeout | quote }} + - name: PHRASEANET_UNOCON_TIMEOUT + value: {{ .Values.app.phraseanet_unocon_timeout | quote }} + - name: PHRASEANET_EXIFTOOL_TIMEOUT + value: {{ .Values.app.phraseanet_exiftool_timeout | quote }} + - name: PHRASEANET_SMTP_ENABLED + value: {{ .Values.app.phraseanet_smtp_enabled | quote }} + - name: PHRASEANET_SMTP_AUTH_ENABLED + value: {{ .Values.app.phraseanet_smtp_auth_enabled | quote }} + - name: PHRASEANET_SMTP_SECURE_MODE + value: {{ .Values.app.phraseanet_smtp_secure_mode | quote }} + - name: PHRASEANET_SMTP_HOST + value: {{ .Values.app.phraseanet_smtp_host | quote }} + - name: PHRASEANET_SMTP_PORT + value: {{ .Values.app.phraseanet_smtp_port | quote }} + - name: PHRASEANET_SMTP_USER + value: {{ .Values.app.phraseanet_smtp_user | quote }} + - name: PHRASEANET_SMTP_PASSWORD + value: {{ .Values.app.phraseanet_smtp_password | quote }} + - name: PHRASEANET_EMITTER_EMAIL + value: {{ .Values.app.phraseanet_emitter_email | quote }} + - name: PHRASEANET_MAIL_OBJECT_PREFIX + value: {{ .Values.app.phraseanet_mail_object_prefix | quote }} + - name: PHRASEANET_RABBITMQ_USER + value: {{ .Values.rabbitmq.default_user | quote }} + - name: PHRASEANET_RABBITMQ_PASSWORD + value: {{ .Values.rabbitmq.default_pass | quote }} + - name: SESSION_CACHE_LIMITER + value: {{ .Values.php.session_cache_limiter | quote }} + - name: PHRASEANET_TRUSTED_PROXIES + value: {{ .Values.app.phraseanet_trusted_proxies | quote }} + - name: XDEBUG + value: "0" + - name: LC_MESSAGES + value: "C.UTF-8" + - name: LC_COLLATE + value: "C.UTF-8" + - name: LC_IDENTIFICATION + value: "C.UTF-8" + - name: LANG + value: "C.UTF-8" + - name: LC_MEASUREMENT + value: "C.UTF-8" + - name: LC_CTYPE + value: "C.UTF-8" + - name: LC_TIME + value: "C.UTF-8" + - name: LC_NAME + value: "C.UTF-8" diff --git a/infra/helm/all/templates/rabbitmq-service.yml b/infra/helm/all/templates/rabbitmq-service.yml new file mode 100644 index 0000000000..7e01fe5ec5 --- /dev/null +++ b/infra/helm/all/templates/rabbitmq-service.yml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Service +metadata: + name: rabbitmq +spec: + ports: + - port: 5672 + targetPort: 5672 + selector: + app: phraseanet + tier: rabbitmq + diff --git a/infra/helm/all/templates/rabbitmq.yml b/infra/helm/all/templates/rabbitmq.yml new file mode 100644 index 0000000000..2878d69193 --- /dev/null +++ b/infra/helm/all/templates/rabbitmq.yml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-rabbitmq +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet + tier: rabbitmq + template: + metadata: + labels: + app: phraseanet + tier: rabbitmq + spec: + containers: + - name: rabbitmq + image: rabbitmq:3-management + terminationMessagePolicy: FallbackToLogsOnError + resources: +{{ toYaml .Values.rabbitmq.resources | indent 12 }} + env: + - name: RABBITMQ_DEFAULT_USER + value: {{ .Values.rabbitmq.default_user }} + - name: RABBITMQ_DEFAULT_PASS + value: {{ .Values.rabbitmq.default_pass }} diff --git a/infra/helm/all/templates/redis-service.yml b/infra/helm/all/templates/redis-service.yml new file mode 100644 index 0000000000..400bad250a --- /dev/null +++ b/infra/helm/all/templates/redis-service.yml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - port: 6379 + targetPort: 6379 + selector: + app: phraseanet + tier: redis + diff --git a/infra/helm/all/templates/redis.yml b/infra/helm/all/templates/redis.yml new file mode 100644 index 0000000000..5fa6ea73c1 --- /dev/null +++ b/infra/helm/all/templates/redis.yml @@ -0,0 +1,21 @@ + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-redis +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet + tier: redis + template: + metadata: + labels: + app: phraseanet + tier: redis + spec: + containers: + - name: redis + image: redis:5.0.5 + terminationMessagePolicy: FallbackToLogsOnError diff --git a/infra/helm/all/templates/worker.yml b/infra/helm/all/templates/worker.yml new file mode 100644 index 0000000000..c8dd892d4d --- /dev/null +++ b/infra/helm/all/templates/worker.yml @@ -0,0 +1,103 @@ +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phraseanet-worker +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet + tier: worker + template: + metadata: + labels: + app: phraseanet + tier: worker + spec: + volumes: + - name: phraseanet-config + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.config }} + - name: phraseanet-datas + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.data }} + - name: phraseanet-thumbnails + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.thumbnails }} + - name: phraseanet-custom + persistentVolumeClaim: + claimName: {{ .Values.app.pvc_name.custom }} + - name: phraseanet-tmp + emptyDir: + - name: phraseanet-logs + emptyDir: + - name: phraseanet-cache + emptyDir: + + containers: + - name: phraseanet-worker + image: {{ .Values.image.registry }}/phraseanet-worker:{{ .Values.image.tag.phraseanet }} + imagePullPolicy: Always + terminationMessagePolicy: FallbackToLogsOnError + resources: +{{ toYaml .Values.app.worker.resources | indent 12 }} + volumeMounts: + - name: phraseanet-config + mountPath: "/var/alchemy/Phraseanet/config" + - name: phraseanet-datas + mountPath: "/var/alchemy/Phraseanet/datas" + - name: phraseanet-tmp + mountPath: "/var/alchemy/Phraseanet/tmp" + - name: phraseanet-logs + mountPath: "/var/alchemy/Phraseanet/logs" + - name: phraseanet-thumbnails + mountPath: "/var/alchemy/Phraseanet/www/thumbnails" + - name: phraseanet-custom + mountPath: "/var/alchemy/Phraseanet/www/custom" + - name: phraseanet-cache + mountPath: "/var/alchemy/Phraseanet/cache" + env: + - name: MAX_BODY_SIZE + value: {{ .Values.http.max_body_size | quote }} + - name: MAX_INPUT_VARS + value: {{ .Values.http.max_input_vars | quote }} + - name: OPCACHE_ENABLED + value: {{ .Values.php.opcache_enabled | quote }} + - name: PHP_LOG_LEVEL + value: {{ .Values.php.log_level | quote }} + - name: SESSION_CACHE_LIMITER + value: {{ .Values.php.session_cache_limiter | quote }} + - name: XDEBUG + value: "0" + - name: LC_MESSAGES + value: "C.UTF-8" + - name: LC_COLLATE + value: "C.UTF-8" + - name: LC_IDENTIFICATION + value: "C.UTF-8" + - name: LANG + value: "C.UTF-8" + - name: LC_MEASUREMENT + value: "C.UTF-8" + - name: LC_CTYPE + value: "C.UTF-8" + - name: LC_TIME + value: "C.UTF-8" + - name: LC_NAME + value: "C.UTF-8" + initContainers: + - name: create-tmp-locks + image: {{ .Values.image.registry }}/phraseanet-worker:{{ .Values.image.tag.phraseanet }} + volumeMounts: + - name: phraseanet-tmp + mountPath: "/var/alchemy/Phraseanet/tmp" + command: ['mkdir', '-p', '/var/alchemy/Phraseanet/tmp/locks'] + - name: chown-phraseanet-tmp + image: {{ .Values.image.registry }}/phraseanet-worker:{{ .Values.image.tag.phraseanet }} + volumeMounts: + - name: phraseanet-tmp + mountPath: "/var/alchemy/Phraseanet/tmp" + command: ['chown', '-R', 'app:app', '/var/alchemy/Phraseanet/tmp'] + diff --git a/infra/helm/all/values.yaml b/infra/helm/all/values.yaml new file mode 100644 index 0000000000..c99dccba35 --- /dev/null +++ b/infra/helm/all/values.yaml @@ -0,0 +1,96 @@ + +image: + registry: + tag: + phraseanet: master + database : master + elasticsearch : master + +mysql: + root_password: + max_allowed_packet: 16M + pvc_name: phraseanet-database + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + +elasticsearch: + pvc_name: phraseanet-elasticsearch + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + +rabbitmq: + default_user: rabbit + default_pass: + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + +http: + max_body_size: 2G + max_input_vars: 12000 + +php: + opcache_enabled: 1 + log_level: warning + session_cache_limiter: off + +ingress: + enabled: false + +app: + hostname: localhost + phraseanet_admin_account_email: support@alchemy.fr + phraseaenet_admin_account_password: phraseanet + phraseanet_db_host: db + phraseanet_db_user: root + phraseanet_db_password: root + install_db_template: DublinCore + install_appbox: ab_master + install_databox: db_databox1 + phraseanet_server_name: localhost + phraseanet_trusted_proxies: + gateway: + resources: + requests: + cpu: "50m" + memory: "32Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + web: + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + worker: + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + pvc_name: + data: phraseanet-datas + thumbnails: phraseanet-thumbnails + custom: phraseanet-custom + config: phraseanet-config + wwwplugins: phraseanet-wwwplugins + tmp: phraseanet-tmp diff --git a/infra/helm/myvalues.yaml b/infra/helm/myvalues.yaml new file mode 100644 index 0000000000..4a715a2160 --- /dev/null +++ b/infra/helm/myvalues.yaml @@ -0,0 +1,96 @@ + +image: + registry: alchemyfr + tag: + phraseanet: master + database : master + elasticsearch : master + +mysql: + root_password: + max_allowed_packet: 16M + pvc_name: phraseanet-database + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + +elasticsearch: + pvc_name: phraseanet-elasticsearch + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + +rabbitmq: + default_user: rabbit + default_pass: + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + +http: + max_body_size: 2G + max_input_vars: 12000 + +php: + opcache_enabled: 1 + log_level: warning + session_cache_limiter: off + +ingress: + enabled: false + +app: + hostname: localhost + phraseanet_admin_account_email: support@alchemy.fr + phraseaenet_admin_account_password: phraseanet + phraseanet_db_host: db + phraseanet_db_user: root + phraseanet_db_password: root + install_db_template: DublinCore + install_appbox: ab_master + install_databox: db_databox1 + phraseanet_server_name: localhost + phraseanet_trusted_proxies: + gateway: + resources: + requests: + cpu: "50m" + memory: "32Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + web: + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + worker: + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "4096Mi" + pvc_name: + data: phraseanet-datas + thumbnails: phraseanet-thumbnails + custom: phraseanet-custom + config: phraseanet-config + wwwplugins: phraseanet-wwwplugins + tmp: phraseanet-tmp diff --git a/infra/helm_services/README.md b/infra/helm_services/README.md new file mode 100644 index 0000000000..97371fff97 --- /dev/null +++ b/infra/helm_services/README.md @@ -0,0 +1,9 @@ +# Helm Chart + +## Deploy chart + +First you should write your own configuration file named `myvalues.yaml` (see [sample.yaml](./sample.yaml)) + +```bash +helm install -f myvalues.yaml ps ./all +``` diff --git a/infra/helm_services/all/Chart.yaml b/infra/helm_services/all/Chart.yaml new file mode 100644 index 0000000000..71c3e50663 --- /dev/null +++ b/infra/helm_services/all/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: phraseanet-services +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 1.16.0 diff --git a/infra/helm_services/all/README.md b/infra/helm_services/all/README.md new file mode 100644 index 0000000000..aa2778ada0 --- /dev/null +++ b/infra/helm_services/all/README.md @@ -0,0 +1,39 @@ +# PS Chart + +### TLS + +You can enable wildcard TLS: + +```yaml +ingress: + tls: + wildcard: + enabled: true + #externalSecretName: + # or + crt: | + ... + key: | + ... +``` + +or configure TLS for each ingress: +```yaml +uploader: + api: + ingress: + tls: + - secretName: uploader-api-tls-secret + # Optional: + # if not provided the hostname will be automatically set + # with the .Values.uploader.api.hostname value + host: api.uploader.com + client: + ingress: + tls: + - secretName: uploader-client-tls-secret + # Optional: + # if not provided the hostname will be automatically set + # with the .Values.uploader.client.hostname value + host: client.uploader.com +``` diff --git a/infra/helm_services/all/templates/_helpers.tpl b/infra/helm_services/all/templates/_helpers.tpl new file mode 100644 index 0000000000..45e3bad310 --- /dev/null +++ b/infra/helm_services/all/templates/_helpers.tpl @@ -0,0 +1,161 @@ +{{- define "ps.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "ps" .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "ps.name" -}} +{{- .Values.nameOverride | default "ps" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "volumes.configs" }} +- name: configs + configMap: + name: {{ .Values.globalConfig.externalConfigmapName | default (printf "%s-configs" .Release.Name) }} +{{- end }} + +{{- define "secretRef.adminOAuthClient" }} +- secretRef: + name: {{ .Values.params.adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" .Release.Name) }} +{{- end }} + +{{- define "secretName.rabbitmq" -}} +{{- .Values.rabbitmq.externalSecretName | default "rabbitmq-secret" -}} +{{- end }} +{{- define "secretName.postgresql" -}} +{{- .Values.postgresql.externalSecretName | default "postgresql-secret" -}} +{{- end }} + +{{- define "secretRef.ingress.tls.wildcard" -}} +{{- with .Values.ingress.tls.wildcard }} +{{- if and .enabled .externalSecretName -}} +{{- .externalSecretName -}} +{{- else -}} +gateway-tls +{{- end }} +{{- end }} +{{- end }} + +{{- define "envFrom.rabbitmq" }} +- configMapRef: + name: rabbitmq-php-config +- secretRef: + name: {{ include "secretName.rabbitmq" . }} +{{- end }} + +{{- define "envFrom.postgresql" }} +- configMapRef: + name: postgresql-php-config +- secretRef: + name: {{ include "secretName.postgresql" . }} +{{- end }} + +{{- define "secretRef.postgresql" }} +- secretRef: + name: {{ .Values.postgresql.externalSecretName | default "api-db-secret" }} +{{- end }} + +{{- define "configMapRef.phpApp" -}} +{{- $appName := .app }} +{{- $ctx := .ctx }} +{{- $glob := .glob }} +- configMapRef: + name: php-config +- configMapRef: + name: urls-config +{{- end }} + +{{- define "envRef.phpApp" -}} +{{- $appName := .app }} +{{- $ctx := .ctx }} +{{- $glob := .glob }} +{{- if or (eq $appName "uploader") (eq $appName "expose") }} +{{- $secretName := $ctx.api.config.s3Storage.externalSecretKey | default (printf "%s-s3-secret" $appName) }} +{{- $mapping := $ctx.api.config.s3Storage.externalSecretMapping }} +- name: S3_STORAGE_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: {{ $mapping.accessKey }} +- name: S3_STORAGE_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: {{ $mapping.secretKey }} +{{- end }} +{{- end }} + +{{- define "app.volumes" }} +{{- $appName := .app -}} +{{- $ctx := .ctx -}} +{{- $glob := .glob -}} +{{- if .glob.Values._internal.volumes }} +{{- if hasKey $glob.Values._internal.volumes $appName }} +{{- with (index $glob.Values._internal.volumes $appName) }} +{{- range $key, $value := . }} +- name: {{ $key }} +{{- if $ctx.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ $ctx.persistence.existingClaim | default (printf "%s-%s" $value.name (include "ps.fullname" $glob)) }} +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "app.volumesMounts" }} +{{- $appName := .app -}} +{{- $ctx := .ctx -}} +{{- $glob := .glob -}} +{{- if .glob.Values._internal.volumes }} +{{- if hasKey .glob.Values._internal.volumes $appName }} +{{- with (index .glob.Values._internal.volumes $appName) }} +{{- range $key, $value := . }} +- name: {{ $key }} + mountPath: {{ $value.mountPath }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "app.volumesUidInit" }} +{{- $appName := .app -}} +{{- $ctx := .ctx -}} +{{- $glob := .glob -}} +{{- if hasKey .glob.Values._internal.volumes $appName }} +{{- with (index .glob.Values._internal.volumes $appName) }} +{{- range $key, $value := . }} +{{- if $value.uid }} +initContainers: +- name: volume-set-uid-{{ $appName }}-{{ $key }} + image: busybox + command: ["sh", "-c", "chown -R {{ $value.uid }}:{{ $value.uid }} {{ $value.mountPath }}"] + volumeMounts: + - name: {{ $key }} + mountPath: {{ $value.mountPath }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "app.s3Storage.configMap" }} +{{- $ctx := .ctx -}} +{{- $glob := .glob -}} +S3_STORAGE_ENDPOINT: {{ $ctx.s3Storage.endpoint | default (ternary "http://minio:9000" "" $glob.Values.minio.enabled) | quote }} +S3_STORAGE_BASE_URL: {{ tpl $ctx.s3Storage.baseUrl $glob | quote }} +S3_STORAGE_REGION: {{ $ctx.s3Storage.region | default "eu-central-1" | quote }} +S3_STORAGE_USE_PATH_STYLE_ENDPOINT: {{ ternary "\"true\"" "\"false\"" (or $ctx.s3Storage.usePathSyleEndpoint $glob.Values.minio.enabled) }} +S3_STORAGE_BUCKET_NAME: {{ $ctx.s3Storage.bucketName | quote }} +{{- end }} diff --git a/infra/helm_services/all/templates/api-nginx-deployment.yaml b/infra/helm_services/all/templates/api-nginx-deployment.yaml new file mode 100644 index 0000000000..dd8a504ea2 --- /dev/null +++ b/infra/helm_services/all/templates/api-nginx-deployment.yaml @@ -0,0 +1,35 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $appName }}-api-nginx +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: {{ $appName }}-api-nginx + template: + metadata: + labels: + app: phraseanet-services + tier: {{ $appName }}-api-nginx + spec: + containers: + - name: {{ $appName }}-api-nginx + image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-nginx:{{ $.Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + {{- if .api.ingress }} + {{- if .api.ingress.maxBodySize }} + env: + - name: UPLOAD_MAX_FILE_SIZE + value: {{ .api.ingress.maxBodySize | quote }} + {{- end }} + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/api-nginx-ingress.yml b/infra/helm_services/all/templates/api-nginx-ingress.yml new file mode 100644 index 0000000000..8aa2f513fa --- /dev/null +++ b/infra/helm_services/all/templates/api-nginx-ingress.yml @@ -0,0 +1,64 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName).api }} +{{- $apiNode := . }} +{{- if .ingress }} +{{- if .ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $appName }}-api-ingress + annotations: +{{- if .ingress.annotations }} +{{ toYaml .ingress.annotations | indent 4 }} +{{- else }} + kubernetes.io/ingress.class: "nginx" +{{- if .ingress.maxBodySize }} + nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.maxBodySize | quote }} +{{- end }} +{{- with (index $.Values._internal $appName) }} +{{- if .api }} +{{- if .api.ingress }} +{{- if .api.ingress.annotations }} +{{ toYaml .api.ingress.annotations | indent 4 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- if .ingress.extraLabels }} + labels: +{{ toYaml .ingress.extraLabels | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .hostname }} + http: + paths: + - backend: + serviceName: {{ $appName }}-api + servicePort: 80 + path: / +{{- if .ingress.tls }} +{{- $tlsNode := .ingress.tls -}} +{{- range $value := $tlsNode }} + {{- if not (hasKey $value "hosts") }} + {{- $hosts := list $apiNode.hostname }} + {{- $_ := set $value "hosts" $hosts }} + {{- end -}} +{{- end }} + tls: +{{ toYaml $tlsNode | indent 2 }} +{{- else if $.Values.ingress.tls.wildcard.enabled }} + tls: + - hosts: + - {{ .hostname }} + secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} +{{- end }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/api-nginx-service.yml b/infra/helm_services/all/templates/api-nginx-service.yml new file mode 100644 index 0000000000..946b7074fa --- /dev/null +++ b/infra/helm_services/all/templates/api-nginx-service.yml @@ -0,0 +1,20 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $appName }}-api +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + app: phraseanet-services + tier: {{ $appName }}-api-nginx +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/api-php-deployment.yml b/infra/helm_services/all/templates/api-php-deployment.yml new file mode 100644 index 0000000000..4206c2f65e --- /dev/null +++ b/infra/helm_services/all/templates/api-php-deployment.yml @@ -0,0 +1,52 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +{{ $tplArgs := dict "app" $appName "ctx" . "glob" $ }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $appName }}-api-php +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: {{ $appName }}-api-php + template: + metadata: + labels: + app: phraseanet-services + tier: {{ $appName }}-api-php + spec: + volumes: +{{- include "volumes.configs" $ | indent 6 }} +{{- include "app.volumes" $tplArgs | indent 6 }} + containers: + - name: {{ $appName }}-api-php + image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-php:{{ $.Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: configs + mountPath: /configs +{{- include "app.volumesMounts" $tplArgs | indent 8 }} + env: +{{ include "envRef.phpApp" $tplArgs | indent 8 }} + {{- if .api.ingress }} + {{- if .api.ingress.maxBodySize }} + - name: UPLOAD_MAX_FILE_SIZE + value: {{ .api.ingress.maxBodySize | quote }} + {{- end }} + {{- end }} + envFrom: +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + - secretRef: + name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} + - configMapRef: + name: {{ $appName }}-api-config +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/api-php-service.yml b/infra/helm_services/all/templates/api-php-service.yml new file mode 100644 index 0000000000..a34a570010 --- /dev/null +++ b/infra/helm_services/all/templates/api-php-service.yml @@ -0,0 +1,20 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $appName }}-api-php +spec: + ports: + - name: http + port: 9000 + targetPort: 9000 + selector: + app: phraseanet-services + tier: {{ $appName }}-api-php +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/auth/api-configmap.yaml b/infra/helm_services/all/templates/auth/api-configmap.yaml new file mode 100644 index 0000000000..b06421e452 --- /dev/null +++ b/infra/helm_services/all/templates/auth/api-configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: auth-api-config +data: + REGISTRATION_VALIDATE_EMAIL: {{ ternary "\"true\"" "\"false\"" .Values.auth.api.config.registrationValidateEmail }} diff --git a/infra/helm_services/all/templates/auth/default-user-admin-secret.yaml b/infra/helm_services/all/templates/auth/default-user-admin-secret.yaml new file mode 100644 index 0000000000..e40428269a --- /dev/null +++ b/infra/helm_services/all/templates/auth/default-user-admin-secret.yaml @@ -0,0 +1,11 @@ +{{- with .Values.auth.defaultUser }} +{{- if not .externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: default-admin-user-secret +stringData: + DEFAULT_ADMIN_USER_USERNAME: {{ .username | quote }} + DEFAULT_ADMIN_USER_PASSWORD: {{ .password | quote }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml b/infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml new file mode 100644 index 0000000000..f9138c4377 --- /dev/null +++ b/infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml @@ -0,0 +1,67 @@ +{{- range .Values._internal.services }} +{{ $appName := . }} +{{- if and (index $.Values $appName).enabled (index $.Values $appName).adminOAuthClient }} +{{- with (index $.Values $appName) }} +{{ $tplArgs := dict "app" $appName "ctx" . "glob" $ }} +{{ $jobName := printf "%s-create-admin-oauth-client" $appName }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $jobName }}-script +data: + job.sh: | + #!/bin/sh + set -ex + + bin/console alchemy:oauth:create-client "${ADMIN_CLIENT_ID}" \ + --random-id="${ADMIN_CLIENT_RANDOM_ID}" \ + --secret="${ADMIN_CLIENT_SECRET}" \ + {{- range .adminOAuthClient.grantTypes }} + --grant-type {{ . }} \ + {{- end }} + {{- range .adminOAuthClient.scopes }} + --scope {{ . }} \ + {{- end }} + --redirect-uri {{ .api.baseUrl | quote }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobName }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: + - name: scripts + configMap: + name: {{ $jobName }}-script + defaultMode: 0777 + containers: + - name: {{ $jobName }} + image: {{ $.Values.repository.baseurl }}/ps-auth-api-php:{{ $.Values.repository.tag }} + args: ["/setup/job.sh"] + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: scripts + mountPath: /setup/job.sh + subPath: job.sh + env: +{{ include "envRef.phpApp" $tplArgs | indent 8 }} + envFrom: +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + - secretRef: + name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} + - configMapRef: + name: {{ $appName }}-api-config + restartPolicy: Never + backoffLimit: 0 +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml b/infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml new file mode 100644 index 0000000000..c827210b2f --- /dev/null +++ b/infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml @@ -0,0 +1,59 @@ +{{- $appName := "auth" }} +{{- $tplArgs := dict "app" $appName "ctx" .Values.auth "glob" $ }} +{{- if .Values.auth.defaultUser }} +{{ $jobName := "auth-create-default-admin-user" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $jobName }}-script +data: + job.sh: | + #!/bin/sh + set -e + + bin/console app:user:create \ + --update-if-exist "${DEFAULT_ADMIN_USER_USERNAME}" \ + -p "${DEFAULT_ADMIN_USER_PASSWORD}" \ + --roles ROLE_SUPER_ADMIN + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobName }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: + - name: scripts + configMap: + name: {{ $jobName }}-script + defaultMode: 0777 +{{- include "app.volumes" $tplArgs | indent 6 }} + containers: + - name: {{ $jobName }} + image: {{ $.Values.repository.baseurl }}/ps-auth-api-php:{{ $.Values.repository.tag }} + args: ["/setup/job.sh"] + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: scripts + mountPath: /setup/job.sh + subPath: job.sh +{{- include "app.volumesMounts" $tplArgs | indent 8 }} + env: +{{ include "envRef.phpApp" $tplArgs | indent 8 }} + envFrom: + - secretRef: + name: {{ .Values.auth.defaultUser.externalSecretName | default "default-admin-user-secret" }} + - configMapRef: + name: auth-api-config +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + restartPolicy: Never + backoffLimit: 0 +{{- end }} diff --git a/infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml b/infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml new file mode 100644 index 0000000000..4079650c33 --- /dev/null +++ b/infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml @@ -0,0 +1,79 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- $appNode := (index $.Values $appName) }} +{{- $tplArgs := dict "app" $appName "ctx" $appNode "glob" $ }} +{{- if and $appNode.enabled $appNode.client }} +{{- if $appNode.client.oauthClient }} +{{- $jobName := printf "%s-create-oauth-client" $appName }} +{{- with $appNode.client.oauthClient }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $jobName }}-script +data: + job.sh: | + #!/bin/sh + set -ex + + bin/console alchemy:oauth:create-client "${CLIENT_ID}" \ + --random-id="${CLIENT_RANDOM_ID}" \ + --secret="${CLIENT_SECRET}" \ + {{- range .grantTypes }} + --grant-type {{ . }} \ + {{- end }} + {{- range .scopes }} + --scope {{ . }} \ + {{- end }} + --redirect-uri={{ tpl .redirectUri $ | quote }} +--- +{{- if not .externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $jobName }} +stringData: + CLIENT_ID: {{ .id | quote }} + CLIENT_RANDOM_ID: {{ .randomId | quote }} + CLIENT_SECRET: {{ .secret | quote }} +--- +{{- end }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobName }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: + - name: scripts + configMap: + name: {{ $jobName }}-script + defaultMode: 0777 + containers: + - name: {{ $jobName }} + image: {{ $.Values.repository.baseurl }}/ps-auth-api-php:{{ $.Values.repository.tag }} + args: ["/setup/job.sh"] + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: scripts + mountPath: /setup/job.sh + subPath: job.sh + envFrom: + - secretRef: + name: {{ .externalSecretName | default $jobName }} + - configMapRef: + name: auth-api-config +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + restartPolicy: Never + backoffLimit: 0 +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/config/php-configmap.yaml b/infra/helm_services/all/templates/config/php-configmap.yaml new file mode 100644 index 0000000000..3b67ca4a7c --- /dev/null +++ b/infra/helm_services/all/templates/config/php-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: php-config +data: + APP_ENV: prod + TRUSTED_PROXIES: 127.0.0.1,REMOTE_ADDR diff --git a/infra/helm_services/all/templates/config/postgresql-configmap.yaml b/infra/helm_services/all/templates/config/postgresql-configmap.yaml new file mode 100644 index 0000000000..59c4224d2f --- /dev/null +++ b/infra/helm_services/all/templates/config/postgresql-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-php-config +data: + POSTGRES_HOST: {{ quote .Values.postgresql.host }} + POSTGRES_PORT: {{ quote .Values.postgresql.port }} diff --git a/infra/helm_services/all/templates/config/rabbitmq-configmap.yaml b/infra/helm_services/all/templates/config/rabbitmq-configmap.yaml new file mode 100644 index 0000000000..54bfc262a3 --- /dev/null +++ b/infra/helm_services/all/templates/config/rabbitmq-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: rabbitmq-php-config +data: + RABBITMQ_HOST: {{ quote .Values.rabbitmq.host }} + RABBITMQ_PORT: {{ quote .Values.rabbitmq.port }} diff --git a/infra/helm_services/all/templates/config/urls-configmap.yaml b/infra/helm_services/all/templates/config/urls-configmap.yaml new file mode 100644 index 0000000000..b4b20243a3 --- /dev/null +++ b/infra/helm_services/all/templates/config/urls-configmap.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: urls-config +data: +{{- if .Values.report.enabled }} + REPORT_BASE_URL: {{ quote .Values.report.api.baseUrl }} +{{- end }} +{{- if .Values.notify.enabled }} + NOTIFY_BASE_URL: {{ quote .Values.notify.api.baseUrl }} +{{- end }} +{{- if .Values.auth.enabled }} + AUTH_BASE_URL: {{ quote .Values.auth.api.baseUrl }} +{{- end }} +{{- if .Values.expose.enabled }} + EXPOSE_API_BASE_URL: {{ quote .Values.expose.api.baseUrl }} + EXPOSE_FRONT_BASE_URL: {{ quote .Values.expose.client.baseUrl }} +{{- end }} +{{- if .Values.uploader.enabled }} + UPLOADER_API_BASE_URL: {{ quote .Values.uploader.api.baseUrl }} + UPLOADER_FRONT_BASE_URL: {{ quote .Values.uploader.client.baseUrl }} +{{- end }} +{{- if .Values.dashboard.enabled }} + DASHBOARD_BASE_URL: {{ quote .Values.dashboard.baseUrl }} + DISPLAY_SERVICES_MENU: "true" +{{- end }} diff --git a/infra/helm_services/all/templates/config/volume-configs-configmap.yaml b/infra/helm_services/all/templates/config/volume-configs-configmap.yaml new file mode 100644 index 0000000000..e5a6eafb2c --- /dev/null +++ b/infra/helm_services/all/templates/config/volume-configs-configmap.yaml @@ -0,0 +1,9 @@ +{{ if empty .Values.globalConfig.externalConfigmapName -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configs +data: + config.json: | +{{ .Values.globalConfig.content | indent 4 }} +{{- end }} diff --git a/infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml b/infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml new file mode 100644 index 0000000000..415a911ca3 --- /dev/null +++ b/infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml @@ -0,0 +1,27 @@ +{{- with .Values.dashboard }} +{{- if .enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dashboard +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: dashboard + template: + metadata: + labels: + app: phraseanet-services + tier: dashboard + spec: + containers: + - name: dashboard + image: {{ $.Values.repository.baseurl }}/ps-dashboard:{{ $.Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + envFrom: + - configMapRef: + name: urls-config +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/dashboard/dashboard-ingress.yml b/infra/helm_services/all/templates/dashboard/dashboard-ingress.yml new file mode 100644 index 0000000000..c490a570be --- /dev/null +++ b/infra/helm_services/all/templates/dashboard/dashboard-ingress.yml @@ -0,0 +1,44 @@ +{{- if .Values.dashboard.enabled }} +{{- with .Values.dashboard }} +{{- if .ingress.enabled }} +{{- $ingressNode := . }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: dashboard-ingress +{{- if .ingress.annotations }} + annotations: +{{ toYaml .ingress.annotations | indent 4 }} +{{- end }} +{{- if .ingress.extraLabels }} + labels: +{{ toYaml .ingress.extraLabels | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .hostname }} + http: + paths: + - backend: + serviceName: dashboard + servicePort: 80 + path: / +{{- if .ingress.tls }} +{{- $tlsNode := .ingress.tls -}} +{{- range $value := $tlsNode }} + {{- if not (hasKey $value "hosts") }} + {{- $hosts := list $ingressNode.hostname }} + {{- $_ := set $value "hosts" $hosts }} + {{- end -}} +{{- end }} + tls: +{{ toYaml $tlsNode | indent 2 }} +{{- else if $.Values.ingress.tls.wildcard.enabled }} + tls: + - hosts: + - {{ .hostname }} + secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/dashboard/dashboard-service.yaml b/infra/helm_services/all/templates/dashboard/dashboard-service.yaml new file mode 100644 index 0000000000..0fab76f793 --- /dev/null +++ b/infra/helm_services/all/templates/dashboard/dashboard-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: dashboard +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + app: phraseanet-services + tier: dashboard diff --git a/infra/helm_services/all/templates/expose/api-configmap.yaml b/infra/helm_services/all/templates/expose/api-configmap.yaml new file mode 100644 index 0000000000..514e50ffc7 --- /dev/null +++ b/infra/helm_services/all/templates/expose/api-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.expose.enabled }} +{{- with .Values.expose.api.config }} +{{- $tplArgs := dict "app" "uploader" "ctx" . "glob" $ }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: expose-api-config +data: + EXPOSE_REQUEST_SIGNATURE_TTL: {{ .requestSignatureTtl | quote }} +{{ include "app.s3Storage.configMap" $tplArgs | indent 2 }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/expose/client-configmap.yaml b/infra/helm_services/all/templates/expose/client-configmap.yaml new file mode 100644 index 0000000000..bb1d60e18e --- /dev/null +++ b/infra/helm_services/all/templates/expose/client-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.expose.enabled }} +{{- with .Values.expose }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: expose-client-config +data: + DEV_MODE: "0" + EXPOSE_REQUEST_SIGNATURE_TTL: {{ .api.config.requestSignatureTtl | quote }} + MAPBOX_TOKEN: {{ required "Missing mapbox token at expose.client.mapbox.token" .client.mapbox.token | quote }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/expose/client-ingress.yml b/infra/helm_services/all/templates/expose/client-ingress.yml new file mode 100644 index 0000000000..5af5186af7 --- /dev/null +++ b/infra/helm_services/all/templates/expose/client-ingress.yml @@ -0,0 +1,44 @@ +{{- if .Values.expose.enabled }} +{{- with .Values.expose.client }} +{{- if .ingress.enabled }} +{{- $ingressNode := . }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: expose-client-ingress +{{- if .ingress.annotations }} + annotations: +{{ toYaml .ingress.annotations | indent 4 }} +{{- end }} +{{- if .ingress.extraLabels }} + labels: +{{ toYaml .ingress.extraLabels | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .hostname }} + http: + paths: + - backend: + serviceName: expose-client + servicePort: 80 + path: / +{{- if .ingress.tls }} +{{- $tlsNode := .ingress.tls -}} +{{- range $value := $tlsNode }} + {{- if not (hasKey $value "hosts") }} + {{- $hosts := list $ingressNode.hostname }} + {{- $_ := set $value "hosts" $hosts }} + {{- end -}} +{{- end }} + tls: +{{ toYaml $tlsNode | indent 2 }} +{{- else if $.Values.ingress.tls.wildcard.enabled }} + tls: + - hosts: + - {{ .hostname }} + secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/expose/expose-client-deployment.yml b/infra/helm_services/all/templates/expose/expose-client-deployment.yml new file mode 100644 index 0000000000..16f9db0eec --- /dev/null +++ b/infra/helm_services/all/templates/expose/expose-client-deployment.yml @@ -0,0 +1,37 @@ +{{- if .Values.expose.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: expose-client +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: expose-client + template: + metadata: + labels: + app: phraseanet-services + tier: expose-client + spec: + volumes: +{{- include "volumes.configs" $ | indent 8 }} + containers: + - name: expose-client + image: {{ $.Values.repository.baseurl }}/ps-expose-client:{{ $.Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: configs + mountPath: /configs + env: + - name: DEV_MODE + value: "false" + envFrom: + - configMapRef: + name: urls-config + - configMapRef: + name: expose-client-config + - secretRef: + name: {{ $.Values.expose.client.oauthClient.externalSecretName | default "expose-oauth-client-secret" }} +{{- end }} diff --git a/infra/helm_services/all/templates/expose/expose-client-service.yml b/infra/helm_services/all/templates/expose/expose-client-service.yml new file mode 100644 index 0000000000..1bc5a67312 --- /dev/null +++ b/infra/helm_services/all/templates/expose/expose-client-service.yml @@ -0,0 +1,14 @@ +{{- if .Values.expose.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: expose-client +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + app: phraseanet-services + tier: expose-client +{{- end }} diff --git a/infra/helm_services/all/templates/expose/oauth-client-secret.yaml b/infra/helm_services/all/templates/expose/oauth-client-secret.yaml new file mode 100644 index 0000000000..37c43cb4a1 --- /dev/null +++ b/infra/helm_services/all/templates/expose/oauth-client-secret.yaml @@ -0,0 +1,14 @@ +{{- if .Values.expose.enabled }} +{{- with .Values.expose.client.oauthClient }} +{{- if not .externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: expose-oauth-client-secret +stringData: + CLIENT_ID: {{ .id | quote }} + CLIENT_RANDOM_ID: {{ .randomId | quote }} + CLIENT_SECRET: {{ .secret | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/migrate-job.yaml b/infra/helm_services/all/templates/migrate-job.yaml new file mode 100644 index 0000000000..50c42b2077 --- /dev/null +++ b/infra/helm_services/all/templates/migrate-job.yaml @@ -0,0 +1,43 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +{{- $tplArgs := dict "app" $appName "ctx" . "glob" $ }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $appName }}-migrate + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: +{{- include "volumes.configs" $ | indent 6 }} +{{- include "app.volumes" $tplArgs | indent 6 }} + containers: + - name: {{ $appName }}-php-job + image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-php:{{ $.Values.repository.tag }} + args: ["bin/migrate.sh"] + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: configs + mountPath: /configs +{{- include "app.volumesMounts" $tplArgs | indent 8 }} + env: +{{ include "envRef.phpApp" $tplArgs | indent 8 }} + envFrom: +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + - secretRef: + name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} + - configMapRef: + name: {{ $appName }}-api-config + restartPolicy: Never + backoffLimit: 0 +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml b/infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml new file mode 100644 index 0000000000..c5948a24dd --- /dev/null +++ b/infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml @@ -0,0 +1,55 @@ +{{- if and .Values.minio.enabled .Values.expose.enabled }} +{{ $jobName := "minio-create-buckets" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $jobName }}-script +data: + job.sh: | + #!/bin/sh + set -ex + + while ! nc -z minio 80; do + echo "Wait for minio to startup..." && sleep 0.1; + done; + sleep 5 + mc config host add minio http://minio:80 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY + {{- if .Values.expose.enabled }} + mc mb --ignore-existing minio/{{ .Values.expose.api.config.s3Storage.bucketName }} + {{- end }} + {{- if .Values.uploader.enabled }} + mc mb --ignore-existing minio/{{ .Values.uploader.api.config.s3Storage.bucketName }} + {{- end }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobName }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: + - name: scripts + configMap: + name: {{ $jobName }}-script + defaultMode: 0777 + containers: + - name: {{ $jobName }} + image: minio/mc + command: ["sh", "-c"] + args: ["/setup/job.sh"] + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: scripts + mountPath: /setup/job.sh + subPath: job.sh + envFrom: + - secretRef: + name: minio-secret + restartPolicy: Never + backoffLimit: 0 +{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-deployment.yaml b/infra/helm_services/all/templates/minio/minio-deployment.yaml new file mode 100644 index 0000000000..63f3a61cb7 --- /dev/null +++ b/infra/helm_services/all/templates/minio/minio-deployment.yaml @@ -0,0 +1,37 @@ +{{- if .Values.minio.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: minio + template: + metadata: + labels: + app: phraseanet-services + tier: minio + spec: + containers: + - name: minio + image: minio/minio + terminationMessagePolicy: FallbackToLogsOnError + args: ["server", "/data"] + envFrom: + - secretRef: + name: minio-secret + volumeMounts: + - name: data + mountPath: "/data" + volumes: + - name: data + {{- if .Values.minio.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.minio.persistence.existingClaim | default (printf "%s-minio" (include "ps.fullname" .)) }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-ingress.yaml b/infra/helm_services/all/templates/minio/minio-ingress.yaml new file mode 100644 index 0000000000..a84a9c5790 --- /dev/null +++ b/infra/helm_services/all/templates/minio/minio-ingress.yaml @@ -0,0 +1,56 @@ +{{- if .Values.minio.enabled }} +{{- if .Values.minio.ingress.enabled }} +{{- with .Values.minio }} +{{- $ingressNode := . }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: minio-ingress + annotations: +{{- if .ingress.annotations }} +{{ toYaml .ingress.annotations | indent 4 }} +{{- else }} + kubernetes.io/ingress.class: "nginx" +{{- if .ingress.maxBodySize }} + nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.maxBodySize | quote }} +{{- end }} +{{- with $.Values._internal.minio }} +{{- if .ingress }} +{{- if .ingress.annotations }} +{{ toYaml .ingress.annotations | indent 4 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- if .ingress.extraLabels }} + labels: +{{ toYaml .ingress.extraLabels | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .hostname }} + http: + paths: + - backend: + serviceName: minio + servicePort: 80 + path: / +{{- if .ingress.tls }} +{{- $tlsNode := .ingress.tls -}} +{{- range $value := $tlsNode }} + {{- if not (hasKey $value "hosts") }} + {{- $hosts := list $ingressNode.hostname }} + {{- $_ := set $value "hosts" $hosts }} + {{- end -}} +{{- end }} + tls: +{{ toYaml $tlsNode | indent 2 }} +{{- else if $.Values.ingress.tls.wildcard.enabled }} + tls: + - hosts: + - {{ .hostname }} + secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-pvc.yaml b/infra/helm_services/all/templates/minio/minio-pvc.yaml new file mode 100644 index 0000000000..67958e7f39 --- /dev/null +++ b/infra/helm_services/all/templates/minio/minio-pvc.yaml @@ -0,0 +1,32 @@ +{{- if .Values.minio.enabled }} +{{ with .Values.minio }} +{{- if and .persistence.enabled (not .persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: +{{- if .persistence.annotations }} + annotations: +{{ toYaml .persistence.annotations | indent 4 }} +{{- end }} + name: {{ template "ps.fullname" $ }}-minio + labels: + "app.kubernetes.io/name": '{{ template "ps.name" $ }}' + "helm.sh/chart": "{{ $.Chart.Name }}-{{ $.Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" + "app.kubernetes.io/instance": "{{ $.Release.Name }}" +spec: + accessModes: + - {{ .persistence.accessMode | quote }} + resources: + requests: + storage: {{ .persistence.size | quote }} +{{- if .persistence.storageClass }} +{{- if (eq "-" .persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-secret.yaml b/infra/helm_services/all/templates/minio/minio-secret.yaml new file mode 100644 index 0000000000..0aa785634f --- /dev/null +++ b/infra/helm_services/all/templates/minio/minio-secret.yaml @@ -0,0 +1,9 @@ +{{- if .Values.minio.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: minio-secret +stringData: + MINIO_ACCESS_KEY: {{ quote .Values.minio.accessKey }} + MINIO_SECRET_KEY: {{ quote .Values.minio.secretKey }} +{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-service.yaml b/infra/helm_services/all/templates/minio/minio-service.yaml new file mode 100644 index 0000000000..231e28ae3e --- /dev/null +++ b/infra/helm_services/all/templates/minio/minio-service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.minio.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: minio +spec: + ports: + - name: minio + port: 80 + targetPort: 9000 + selector: + app: phraseanet-services + tier: minio +{{- end }} diff --git a/infra/helm_services/all/templates/notify/api-configmap.yaml b/infra/helm_services/all/templates/notify/api-configmap.yaml new file mode 100644 index 0000000000..9112df5c3b --- /dev/null +++ b/infra/helm_services/all/templates/notify/api-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: notify-api-config +data: + MAILER_DSN: {{ required "Missing .mailer.dsn value" .Values.mailer.dsn | quote }} +{{- if .Values.mailer.from }} + MAIL_FROM: {{ .Values.mailer.from | quote }} +{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml b/infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml new file mode 100644 index 0000000000..7cc1862fd4 --- /dev/null +++ b/infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml @@ -0,0 +1,45 @@ +{{ $jobName := "postgresql-create-databases" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $jobName }}-script +data: + job.sh: | + #!/bin/sh + set -ex + + DB="report" + + DSN="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@{{ .Values.postgresql.host }}:{{ .Values.postgresql.port }}" + psql ${DSN} -tc "SELECT 1 FROM pg_database WHERE datname = '$DB'" | grep -q 1 || psql ${DSN} -c "CREATE DATABASE $DB" + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobName }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: + - name: scripts + configMap: + name: {{ $jobName }}-script + defaultMode: 0777 + containers: + - name: {{ $jobName }} + image: jbergknoff/postgresql-client + command: ["/setup/job.sh"] + volumeMounts: + - name: scripts + mountPath: /setup/job.sh + subPath: job.sh + envFrom: + - secretRef: + name: {{ .Values.postgresql.externalSecretName | default "postgresql-secret" }} + restartPolicy: Never + backoffLimit: 10 diff --git a/infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml b/infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml new file mode 100644 index 0000000000..8ec435b6a3 --- /dev/null +++ b/infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml @@ -0,0 +1,40 @@ +{{- with .Values.postgresql }} +{{- if .enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgresql +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: phraseanet-services + tier: postgresql + template: + metadata: + labels: + app: phraseanet-services + tier: postgresql + spec: + volumes: + - name: data + {{- if .persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .persistence.existingClaim | default (printf "%s-postgresql" (include "ps.fullname" $)) }} + {{- else }} + emptyDir: {} + {{- end }} + containers: + - name: postgresql + image: postgres:11.2-alpine + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: data + mountPath: "/var/lib/postgresql/data" + envFrom: + - secretRef: + name: {{ include "secretName.postgresql" $ }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml b/infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml new file mode 100644 index 0000000000..f215060012 --- /dev/null +++ b/infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml @@ -0,0 +1,30 @@ +{{ with .Values.postgresql }} +{{- if and .persistence.enabled (not .persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: +{{- if .persistence.annotations }} + annotations: +{{ toYaml .persistence.annotations | indent 4 }} +{{- end }} + name: {{ template "ps.fullname" $ }}-postgresql + labels: + "app.kubernetes.io/name": '{{ template "ps.name" $ }}' + "helm.sh/chart": "{{ $.Chart.Name }}-{{ $.Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" + "app.kubernetes.io/instance": "{{ $.Release.Name }}" +spec: + accessModes: + - {{ .persistence.accessMode | quote }} + resources: + requests: + storage: {{ .persistence.size | quote }} +{{- if .persistence.storageClass }} +{{- if (eq "-" .persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/postgresql-secret.yaml b/infra/helm_services/all/templates/postgresql/postgresql-secret.yaml new file mode 100644 index 0000000000..9b9f1f6425 --- /dev/null +++ b/infra/helm_services/all/templates/postgresql/postgresql-secret.yaml @@ -0,0 +1,13 @@ +{{- with .Values.postgresql }} +{{- if .enabled }} +{{- if not .externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-secret +stringData: + POSTGRES_USER: {{ .user | quote }} + POSTGRES_PASSWORD: {{ .password | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/postgresql-service.yaml b/infra/helm_services/all/templates/postgresql/postgresql-service.yaml new file mode 100644 index 0000000000..3ac8bd5c42 --- /dev/null +++ b/infra/helm_services/all/templates/postgresql/postgresql-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: db +spec: + ports: + - name: postgre + port: 5432 + targetPort: 5432 + selector: + app: phraseanet-services + tier: postgresql diff --git a/infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml b/infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml new file mode 100644 index 0000000000..f70718945c --- /dev/null +++ b/infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml @@ -0,0 +1,57 @@ +{{ $jobName := "rabbitmq-vhost-setup" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $jobName }}-script +data: + job.sh: | + #!/bin/sh + set -ex + + n=0 + until [ "$n" -ge 20 ]; do + rabbitmqctl -n rabbit@rabbitmq await_startup && break + n=$((n+1)) + sleep 5 + done + + rabbitmqctl -n rabbit@rabbitmq await_startup +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} + VHOST="{{ (index $.Values $appName).rabbitmq.vhost }}" + rabbitmqctl -n rabbit@rabbitmq add_vhost ${VHOST} + rabbitmqctl -n rabbit@rabbitmq set_permissions -p ${VHOST} ${RABBITMQ_USER} '.*' '.*' '.*' +{{- end }} +{{- end }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $jobName }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: + - name: scripts + configMap: + name: {{ $jobName }}-script + defaultMode: 0777 + containers: + - name: rabbitmq + image: rabbitmq:3.7.14-management + args: ["/setup/job.sh"] + volumeMounts: + - name: scripts + mountPath: /setup/job.sh + subPath: job.sh + envFrom: + - secretRef: + name: {{ include "secretName.rabbitmq" . }} + - configMapRef: + name: rabbitmq-config + restartPolicy: Never + backoffLimit: 10 diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml new file mode 100644 index 0000000000..b8fb074118 --- /dev/null +++ b/infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml @@ -0,0 +1,12 @@ +{{- with .Values.rabbitmq }} +{{- if .enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: rabbitmq-config +data: + RABBITMQ_NODENAME: "rabbit@rabbitmq" + RABBITMQ_ERLANG_COOKIE: "H#75$3CjoTKn3129DNwcqlHvhfqs15" + ERL_EPMD_PORT: "55950" +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml new file mode 100644 index 0000000000..9accbda4a6 --- /dev/null +++ b/infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml @@ -0,0 +1,55 @@ +{{- with .Values.rabbitmq }} +{{- if .enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rabbitmq +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: phraseanet-services + tier: rabbitmq + template: + metadata: + labels: + app: phraseanet-services + tier: rabbitmq + spec: + volumes: + - name: data + {{- if .persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .persistence.existingClaim | default (printf "%s-rabbitmq" (include "ps.fullname" $)) }} + {{- else }} + emptyDir: {} + {{- end }} + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "rabbitmq" + containers: + - name: rabbitmq + image: rabbitmq:3.7.14-management + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: data + mountPath: "/var/lib/rabbitmq" + env: + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + name: {{ include "secretName.rabbitmq" $ }} + key: RABBITMQ_USER + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + name: {{ include "secretName.rabbitmq" $ }} + key: RABBITMQ_PASSWORD + envFrom: + - configMapRef: + name: rabbitmq-config +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml new file mode 100644 index 0000000000..c1a2af3cb0 --- /dev/null +++ b/infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml @@ -0,0 +1,30 @@ +{{- with .Values.rabbitmq }} +{{- if and .persistence.enabled (not .persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: +{{- if .persistence.annotations }} + annotations: +{{ toYaml .persistence.annotations | indent 4 }} +{{- end }} + name: {{ template "ps.fullname" $ }}-rabbitmq + labels: + "app.kubernetes.io/name": '{{ template "ps.name" $ }}' + "helm.sh/chart": "{{ $.Chart.Name }}-{{ $.Chart.Version }}" + "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" + "app.kubernetes.io/instance": "{{ $.Release.Name }}" +spec: + accessModes: + - {{ .persistence.accessMode | quote }} + resources: + requests: + storage: {{ .persistence.size | quote }} +{{- if .persistence.storageClass }} +{{- if (eq "-" .persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml new file mode 100644 index 0000000000..d67fad27ef --- /dev/null +++ b/infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml @@ -0,0 +1,13 @@ +{{- with .Values.rabbitmq }} +{{- if .enabled }} +{{- if not .externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: rabbitmq-secret +stringData: + RABBITMQ_USER: {{ quote .user }} + RABBITMQ_PASSWORD: {{ quote .password }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml new file mode 100644 index 0000000000..9d1ad6147c --- /dev/null +++ b/infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml @@ -0,0 +1,25 @@ +{{- with .Values.rabbitmq }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: rabbitmq +spec: + ports: + - name: rabbitmq + port: 5672 + targetPort: 5672 + - name: rabbitmq-cli-tool + port: 25672 + targetPort: 25672 + - name: rabbitmqctl + port: 4369 + targetPort: 4369 + - name: rabbitmq-clust + port: 55950 + targetPort: 55950 + selector: + app: phraseanet-services + tier: rabbitmq +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/redis/redis-deployment.yml b/infra/helm_services/all/templates/redis/redis-deployment.yml new file mode 100644 index 0000000000..61af98e1de --- /dev/null +++ b/infra/helm_services/all/templates/redis/redis-deployment.yml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: redis + template: + metadata: + labels: + app: phraseanet-services + tier: redis + spec: + containers: + - name: redis + image: redis:5.0.5-alpine + terminationMessagePolicy: FallbackToLogsOnError diff --git a/infra/helm_services/all/templates/redis/redis-service.yml b/infra/helm_services/all/templates/redis/redis-service.yml new file mode 100644 index 0000000000..661598e18f --- /dev/null +++ b/infra/helm_services/all/templates/redis/redis-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - name: redis + port: 6379 + targetPort: 6379 + selector: + app: phraseanet-services + tier: redis diff --git a/infra/helm_services/all/templates/report/report-deployment.yml b/infra/helm_services/all/templates/report/report-deployment.yml new file mode 100644 index 0000000000..dacaf1315f --- /dev/null +++ b/infra/helm_services/all/templates/report/report-deployment.yml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: report-api +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: report-api + template: + metadata: + labels: + app: phraseanet-services + tier: report-api + spec: + containers: + - name: report-api + image: {{ .Values.repository.baseurl }}/ps-report-api:{{ .Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + env: + - name: APP_ENV + value: prod + - name: POSTGRES_DATABASE + value: {{ .Values.report.databaseName | quote }} + envFrom: + - secretRef: + name: {{ include "secretName.postgresql" . }} diff --git a/infra/helm_services/all/templates/report/report-service.yml b/infra/helm_services/all/templates/report/report-service.yml new file mode 100644 index 0000000000..8602e80b68 --- /dev/null +++ b/infra/helm_services/all/templates/report/report-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: report-api +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + app: phraseanet-services + tier: report-api diff --git a/infra/helm_services/all/templates/secret/oauth-admin-secret.yaml b/infra/helm_services/all/templates/secret/oauth-admin-secret.yaml new file mode 100644 index 0000000000..b0a229362a --- /dev/null +++ b/infra/helm_services/all/templates/secret/oauth-admin-secret.yaml @@ -0,0 +1,18 @@ +{{- range .Values._internal.services }} +{{ $appName := . }} +{{- if and (index $.Values $appName).enabled (index $.Values $appName).adminOAuthClient }} +{{- with (index $.Values .) }} +{{- if not .adminOAuthClient.externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $appName }}-admin-oauth-client-secret +stringData: + ADMIN_CLIENT_ID: {{ quote .adminOAuthClient.id }} + ADMIN_CLIENT_RANDOM_ID: {{ quote .adminOAuthClient.randomId }} + ADMIN_CLIENT_SECRET: {{ quote .adminOAuthClient.secret }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/secret/s3-secret.yaml b/infra/helm_services/all/templates/secret/s3-secret.yaml new file mode 100644 index 0000000000..af424eac5a --- /dev/null +++ b/infra/helm_services/all/templates/secret/s3-secret.yaml @@ -0,0 +1,23 @@ +{{- range .Values._internal.services }} +{{ $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +{{- if .api }} +{{- if .api.config }} +{{- if .api.config.s3Storage }} +{{- if not .api.config.s3Storage.externalSecretKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $appName }}-s3-secret +stringData: + S3_STORAGE_ACCESS_KEY: {{ .api.config.s3Storage.accessKey | default (ternary $.Values.minio.accessKey "" $.Values.minio.enabled) | quote }} + S3_STORAGE_SECRET_KEY: {{ .api.config.s3Storage.secretKey | default (ternary $.Values.minio.secretKey "" $.Values.minio.enabled) | quote }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/setup-job.yaml b/infra/helm_services/all/templates/setup-job.yaml new file mode 100644 index 0000000000..d8c1cd8617 --- /dev/null +++ b/infra/helm_services/all/templates/setup-job.yaml @@ -0,0 +1,44 @@ +{{- range .Values._internal.services }} +{{ $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +{{ $tplArgs := dict "app" $appName "ctx" . "glob" $ }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $appName }}-setup + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + volumes: +{{- include "volumes.configs" $ | indent 6 }} +{{- include "app.volumes" $tplArgs | indent 6 }} + containers: + - name: {{ $appName }}-php-job + image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-php:{{ $.Values.repository.tag }} + args: ["bin/setup.sh"] + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: configs + mountPath: /configs +{{- include "app.volumesMounts" $tplArgs | indent 8 }} + env: +{{ include "envRef.phpApp" $tplArgs | indent 8 }} + envFrom: +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + - secretRef: + name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} + - configMapRef: + name: {{ $appName }}-api-config + restartPolicy: Never + backoffLimit: 0 +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml b/infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml new file mode 100644 index 0000000000..eae371eb5a --- /dev/null +++ b/infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml @@ -0,0 +1,14 @@ +{{- with .Values.ingress.tls.wildcard }} +{{- if and .enabled (not .externalSecretName) }} +apiVersion: v1 +kind: Secret +metadata: + name: gateway-tls +stringData: + tls.crt: | +{{ required "Missing ingress.tls.wildcard.crt" .crt | indent 4 }} + tls.key: | +{{ required "Missing ingress.tls.wildcard.key" .key | indent 4 }} +type: kubernetes.io/tls +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/uploader/api-configmap.yaml b/infra/helm_services/all/templates/uploader/api-configmap.yaml new file mode 100644 index 0000000000..3d20725f4e --- /dev/null +++ b/infra/helm_services/all/templates/uploader/api-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.uploader.enabled }} +{{- with .Values.uploader.api.config }} +{{- $tplArgs := dict "app" "uploader" "ctx" . "glob" $ }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: uploader-api-config +data: + UPLOADER_REQUEST_SIGNATURE_TTL: {{ .requestSignatureTtl | quote }} + ASSET_CONSUMER_COMMIT_URI: {{ .assetConsumerCommitUri | default "" | quote }} + ASSET_CONSUMER_ACCESS_TOKEN: {{ .assetConsumerAccessToken | default "" | quote }} +{{ include "app.s3Storage.configMap" $tplArgs | indent 2 }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/uploader/client-ingress.yml b/infra/helm_services/all/templates/uploader/client-ingress.yml new file mode 100644 index 0000000000..5df922a816 --- /dev/null +++ b/infra/helm_services/all/templates/uploader/client-ingress.yml @@ -0,0 +1,44 @@ +{{- if .Values.uploader.enabled }} +{{- with .Values.uploader.client }} +{{- if .ingress.enabled }} +{{- $ingressNode := . }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: uploader-client-ingress +{{- if .ingress.annotations }} + annotations: +{{ toYaml .ingress.annotations | indent 4 }} +{{- end }} +{{- if .ingress.extraLabels }} + labels: +{{ toYaml .ingress.extraLabels | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .hostname }} + http: + paths: + - backend: + serviceName: uploader-client + servicePort: 80 + path: / +{{- if .ingress.tls }} +{{- $tlsNode := .ingress.tls -}} +{{- range $value := $tlsNode }} + {{- if not (hasKey $value "hosts") }} + {{- $hosts := list $ingressNode.hostname }} + {{- $_ := set $value "hosts" $hosts }} + {{- end -}} +{{- end }} + tls: +{{ toYaml $tlsNode | indent 2 }} +{{- else if $.Values.ingress.tls.wildcard.enabled }} + tls: + - hosts: + - {{ .hostname }} + secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/uploader/oauth-client-secret.yaml b/infra/helm_services/all/templates/uploader/oauth-client-secret.yaml new file mode 100644 index 0000000000..43709c38e9 --- /dev/null +++ b/infra/helm_services/all/templates/uploader/oauth-client-secret.yaml @@ -0,0 +1,12 @@ +{{- with .Values.uploader.client.oauthClient }} +{{- if not .externalSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: uploader-oauth-client-secret +stringData: + CLIENT_ID: {{ .id | quote }} + CLIENT_RANDOM_ID: {{ .randomId | quote }} + CLIENT_SECRET: {{ .secret | quote }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/templates/uploader/uploader-client-deployment.yml b/infra/helm_services/all/templates/uploader/uploader-client-deployment.yml new file mode 100644 index 0000000000..f1c26eb2c3 --- /dev/null +++ b/infra/helm_services/all/templates/uploader/uploader-client-deployment.yml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: uploader-client +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: uploader-client + template: + metadata: + labels: + app: phraseanet-services + tier: uploader-client + spec: + volumes: +{{- include "volumes.configs" $ | indent 8 }} + containers: + - name: uploader-client + image: {{ $.Values.repository.baseurl }}/ps-uploader-client:{{ $.Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: configs + mountPath: /configs + env: + - name: DEV_MODE + value: "false" + envFrom: + - configMapRef: + name: urls-config + - secretRef: + name: {{ $.Values.uploader.client.oauthClient.externalSecretName | default "uploader-oauth-client-secret" }} diff --git a/infra/helm_services/all/templates/uploader/uploader-client-service.yml b/infra/helm_services/all/templates/uploader/uploader-client-service.yml new file mode 100644 index 0000000000..8d34617419 --- /dev/null +++ b/infra/helm_services/all/templates/uploader/uploader-client-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: uploader-client +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + app: phraseanet-services + tier: uploader-client diff --git a/infra/helm_services/all/templates/worker-deployment.yml b/infra/helm_services/all/templates/worker-deployment.yml new file mode 100644 index 0000000000..da5c0063a8 --- /dev/null +++ b/infra/helm_services/all/templates/worker-deployment.yml @@ -0,0 +1,46 @@ +{{- range .Values._internal.services }} +{{- $appName := . }} +{{- if (index $.Values $appName).enabled }} +{{- with (index $.Values $appName) }} +{{- $tplArgs := dict "app" $appName "ctx" . "glob" $ }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $appName }}-worker +spec: + replicas: 1 + selector: + matchLabels: + app: phraseanet-services + tier: {{ $appName }}-worker + template: + metadata: + labels: + app: phraseanet-services + tier: {{ $appName }}-worker + spec: + volumes: +{{- include "volumes.configs" $ | indent 6 }} +{{- include "app.volumes" $tplArgs | indent 6 }} + containers: + - name: {{ $appName }}-worker + image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-worker:{{ $.Values.repository.tag }} + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: configs + mountPath: /configs +{{- include "app.volumesMounts" $tplArgs | indent 8 }} + env: +{{ include "envRef.phpApp" $tplArgs | indent 8 }} + envFrom: +{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} +{{- include "envFrom.rabbitmq" $ | indent 8 }} +{{- include "envFrom.postgresql" $ | indent 8 }} + - secretRef: + name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} + - configMapRef: + name: {{ $appName }}-api-config +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm_services/all/values.yaml b/infra/helm_services/all/values.yaml new file mode 100644 index 0000000000..1dfb607248 --- /dev/null +++ b/infra/helm_services/all/values.yaml @@ -0,0 +1,281 @@ +repository: + baseurl: alchemyfr + tag: latest + +auth: + enabled: true + defaultUser: + externalSecretName: + username: admin@alchemy.fr + password: obIaHz6cVTkQKHqLBj + api: + hostname: + baseUrl: + config: + registrationValidateEmail: true + ingress: + enabled: true + annotations: {} + extraLabels: {} + tls: [] + adminOAuthClient: + externalSecretName: + id: auth-admin + randomId: 9mIGK + secret: 'H$ei3sHwIB0sfyMAp@P@CSnZC71EuDQ2' + grantTypes: + - authorization_code + rabbitmq: + vhost: auth + +expose: + enabled: true + api: + ingress: + enabled: true + annotations: {} + extraLabels: {} + maxBodySize: 22G + tls: [] + hostname: + baseUrl: + config: + requestSignatureTtl: 3600 + s3Storage: + baseUrl: "{{ .Values.minio.baseUrl }}" + endpoint: + region: + bucketName: expose + usePathSyleEndpoint: false + accessKey: + secretKey: + externalSecretKey: + externalSecretMapping: + accessKey: S3_STORAGE_ACCESS_KEY + secretKey: S3_STORAGE_SECRET_KEY + adminOAuthClient: + externalSecretName: + id: expose-admin + randomId: wIB0s + secret: 'MAp@P@CSnZC71EuDQ2H$ei3sHwIB0sfy' + grantTypes: + - authorization_code + - client_credentials + scopes: + - user:list + - group:list + client: + hostname: + baseUrl: + ingress: + enabled: true + annotations: {} + extraLabels: {} + tls: [] + oauthClient: + externalSecretName: + id: expose-app + randomId: difnr + secret: 'oYnq@8ujOtY@kga7LfWB8vTowf$9V9' + redirectUri: "{{ .Values.expose.client.baseUrl }}" + grantTypes: + - password + mapbox: + token: "define-me" + rabbitmq: + vhost: expose + +notify: + enabled: true + api: + hostname: + baseUrl: + ingress: + enabled: true + annotations: {} + extraLabels: {} + tls: [] + adminOAuthClient: + externalSecretName: + id: notify-admin + randomId: dUdGa + secret: 'BNvnbnS#DD@$5H$56@IbhNuJpDY3O#' + grantTypes: + - authorization_code + rabbitmq: + vhost: notify + +uploader: + enabled: true + api: + ingress: + enabled: true + annotations: {} + extraLabels: {} + maxBodySize: 22G + tls: [] + hostname: + baseUrl: + config: + assetConsumerCommitUri: + assetConsumerAccessToken: + requestSignatureTtl: 3600 + s3Storage: + baseUrl: "{{ .Values.minio.baseUrl }}" + endpoint: + region: + bucketName: uploader-deposit + usePathSyleEndpoint: false + accessKey: + secretKey: + externalSecretKey: + externalSecretMapping: + accessKey: S3_STORAGE_ACCESS_KEY + secretKey: S3_STORAGE_SECRET_KEY + adminOAuthClient: + externalSecretName: + id: uploader-admin + randomId: oqdsq + secret: 'C71EuDQ2H$eMAp@P@CSnZi3sHwIB0sfy' + grantTypes: + - authorization_code + - client_credentials + scopes: + - user:list + - group:list + client: + hostname: + ingress: + enabled: true + annotations: {} + extraLabels: {} + tls: [] + oauthClient: + externalSecretName: + id: uploader-app + randomId: oqdsq + secret: 'l$@fuDukPDpydN$mo7VZoOVw4inxqn' + redirectUri: "{{ .Values.uploader.client.baseUrl }}" + grantTypes: + - authorization_code + rabbitmq: + vhost: upload + +report: + enabled: true + api: + hostname: + baseUrl: + databaseName: report + +dashboard: + enabled: true + hostname: + baseUrl: + ingress: + enabled: true + annotations: {} + extraLabels: {} + tls: [] + +mailer: + dns: 'null://null' + from: 'no-reply@acme.com' + +postgresql: + enabled: true + externalSecretName: + host: db + port: 5432 + user: alchemy + password: 'iHdB$$tyVGmT9Zj6shv' + persistence: + enabled: true + existingClaim: + storageClass: + annotations: {} + accessMode: ReadWriteOnce + size: 10Gi + subPath: + +rabbitmq: + enabled: true + externalSecretName: + host: rabbitmq + port: 5672 + user: rabbit + password: '2rlTh4WyhyUZV7fEAnb$u4dqFchQDz' + persistence: + enabled: true + existingClaim: + storageClass: + annotations: {} + accessMode: ReadWriteOnce + size: 20Gi + subPath: + +minio: + enabled: true + hostname: + baseUrl: + accessKey: '1nW2poWjw2G5OskVG2VVXIyHsuQJIo' + secretKey: 'WfR6lXrgsbIYN#LuI9$ED9B0ck2scn' + ingress: + enabled: true + annotations: {} + extraLabels: {} + maxBodySize: 22G + tls: [] + persistence: + enabled: true + existingClaim: + storageClass: + annotations: {} + accessMode: ReadWriteOnce + size: 20Gi + subPath: + +ingress: + tls: + wildcard: + externalSecretName: + enabled: false + crt: + key: + +globalConfig: + externalConfigmapName: + content: | + {} + +_internal: + services: + - auth + - expose + - notify + - uploader + volumes: +# uploader: +# data: +# name: uploader-data +# mountPath: /var/data/upload +# uid: 1000 + auth: + expose: + api: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + #nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + notify: + uploader: + api: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + #nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + minio: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + #nginx.ingress.kubernetes.io/proxy-request-buffering: "off" diff --git a/infra/helm_services/bin/test.sh b/infra/helm_services/bin/test.sh new file mode 100755 index 0000000000..271ab52253 --- /dev/null +++ b/infra/helm_services/bin/test.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +helm uninstall all1 + +n=0 +until [ "$n" -ge 50 ]; do + helm install all1 ./all -f sample.yaml && break + n=$((n+1)) + sleep 2 +done diff --git a/infra/helm_services/cert1.pem b/infra/helm_services/cert1.pem new file mode 100644 index 0000000000..d52a929c07 --- /dev/null +++ b/infra/helm_services/cert1.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcDCCAligAwIBAgIRAPD+aG5yazX04dgnN5jxYQ0wDQYJKoZIhvcNAQELBQAw +SzEQMA4GA1UEChMHQWNtZSBDbzE3MDUGA1UEAxMuS3ViZXJuZXRlcyBJbmdyZXNz +IENvbnRyb2xsZXIgRmFrZSBDZXJ0aWZpY2F0ZTAeFw0yMDA3MDkwOTAzNTFaFw0y +MTA3MDkwOTAzNTFaMEsxEDAOBgNVBAoTB0FjbWUgQ28xNzA1BgNVBAMTLkt1YmVy +bmV0ZXMgSW5ncmVzcyBDb250cm9sbGVyIEZha2UgQ2VydGlmaWNhdGUwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGqXfn4mrjRP2xLn6qdxaguoYyfzXY +LStPRXz3/mBqImILQl7+lhlDnEIGm5s3/20btFoRLLOz+q3YTwHTyr6qSrQ/1b3+ +a8bxrF8WuuZ0FO5hgaUffW5REwKVPXsG2FeG3p+FagvgOQIs+BKVynbgZocPfVag +EVUx9Nih2wBnKUbIOFtUFjso0HIoQ0h3U0v1jOBJLwfN2MADeZ9jMwJk+VDxdCek +ijAfqkf8uHnZrsOW4fQyVH2jiG79LenWhkFDEEo1tsYmOJhr+iYETWFhspH5jv2m +HUPkPN9ZFkNyN2321ZrcI0qPxigg+SaU9QQ5t693Hs67Bpl1tGRJiUF1AgMBAAGj +TzBNMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMB +Af8EAjAAMBgGA1UdEQQRMA+CDWluZ3Jlc3MubG9jYWwwDQYJKoZIhvcNAQELBQAD +ggEBAJeN1XoDP6CbBuSBvx+M3xGOjO/lM5/eZgtsQwqZzNAXeVidkE4Mq/UQeB7y +ztyVbunc8uhlD8ZfDoVSSsSNwsrMznsTzM+Cd/5pVdWsEWrW5gQnzTVSMbmKlEbV +e1AaVxjPu0RBMI7nMXrGQB4GhIILMGOMnc+cQgVc1dj6fVwRV875Os31YEJzM6+o +1xuKiDtahc4m0leEgRiZzBWTCsN+rG/rls3kKBK3YxX5qlA9prBajugoTgJ4yxTC +PpgBHThfZiTcRZExmybsET/Gk7+FcLvH5lqb3zM0IPpWMIWmtYIbrWVixtLp0MbC +iF5JYQtFtNfpWzAYUMm/JzE/7Ps= +-----END CERTIFICATE----- diff --git a/infra/helm_services/myvalues.yml b/infra/helm_services/myvalues.yml new file mode 100644 index 0000000000..b1d30a9f3a --- /dev/null +++ b/infra/helm_services/myvalues.yml @@ -0,0 +1,155 @@ +auth: + api: + hostname: "auth.alchemy.kube" + baseUrl: "https://auth.alchemy.kube" + ingress: + annotations: + toto: titi +expose: + api: + hostname: "api-expose.alchemy.kube" + baseUrl: "https://api-expose.alchemy.kube" + ingress: + tls: + - secretName: fooo + client: + hostname: "expose.alchemy.kube" + baseUrl: "https://expose.alchemy.kube" + mapbox: + token: "pk.eyJ1IjoiYXJ0aHVyZGVtb3VsaW5zIiwiYSI6ImNrYXAybGNodTBqdGIycnBvNGs0cWhsanYifQ.AafKAw4dVuEOVvbnwWG9Vw" + +uploader: + api: + hostname: "api-uploader.alchemy.kube" + baseUrl: "https://api-uploader.alchemy.kube" + ingress: + annotations: + toto: titi + client: + hostname: "uploader.alchemy.kube" + baseUrl: "https://uploader.alchemy.kube" + ingress: + tls: + - secretName: yoyo + persistence: + enabled: false + +notify: + api: + hostname: "notify.alchemy.kube" + baseUrl: "https://notify.alchemy.kube" + +report: + api: + hostname: "report.alchemy.kube" + baseUrl: "https://report.alchemy.kube" + +mailerDsn: "smtp://localhost" + +minio: + enabled: true + hostname: "minio.alchemy.kube" + baseUrl: "https://minio.alchemy.kube" + +ingress: + tls: + wildcard: + enabled: true + crt: | + -----BEGIN CERTIFICATE----- + MIIDuzCCAqOgAwIBAgIUD95TKFJjI6CW+vQFIbPDOBEUnC8wDQYJKoZIhvcNAQEL + BQAwSDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEWMBQGA1UECgwNQWxj + aGVteSwgSW5jLjEQMA4GA1UEAwwHQWxjaGVteTAeFw0yMDA2MzAxMTAzMzFaFw0y + NTA2MjkxMTAzMzFaMIGOMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4w + DAYDVQQHDAVQYXJpczEQMA4GA1UECgwHQWxjaGVteTEQMA4GA1UECwwHQWxjaGVt + eTEhMB8GCSqGSIb3DQEJARYSY29udGFjdEBhbGNoZW15LmZyMRcwFQYDVQQDDA4q + LmFsY2hlbXkua3ViZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbi + vcx8msx09frw7rs79chiOcHALZ1zILJfCYT9vEmQTWlWI12wrP8LRWMh8YQOt/rs + TCqch/xPsIED0w0ShMryhRhThbq1SuIrARKpkBJWzi350+ge1vwhm2D1wT1rQm9J + AZBP/LGl2C5kR8WIIPtz3fGbpZLRBd66V7LT0/az/yj/ocSMGTC7bbVwc4Q2xOfS + rLQpMPwFBrY4+Xw+Wn+W5SaS8WWUE8gh+dYTv3XcMil7XSe6I1X0QgsAfahWAaEH + LWmfku+CRoQ9t2nVdGc6tH/aeuxOU4xL3cZld1DoZ/2imnqsIQ4m+7kYhbAzERg9 + bvYjnHTLpDzX4yH4JfMCAwEAAaNWMFQwHwYDVR0jBBgwFoAUNmzTskn998pLNs+3 + iCg4LiRGWs8wCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOKi5h + bGNoZW15Lmt1YmUwDQYJKoZIhvcNAQELBQADggEBAGT1z36Up4jOnuq93KGF6ase + bOrESSRrDZ8cen7XlvC/A+3nkIRfX0rwirX5h74IOJxE7xFKfL9n8RekL6OgSXWk + /Xjf8D2w9uH3GRdhLAST6yDynktB9GJmH526ZBcWpGceBBx3yUe0OyF9F3YnYaMO + 70s5ZFWVNdGz1GOqorPbHVCHYHKm2OHfZBwJz9Ouo1g6L5y54ZVm0ZmfySfwWAyn + u7DcYYXODFaEel5R8DfC/JrQcO1dl/bErUxvFI1Z+Rk09bZ5UMHFWTTJwP9SMsAv + i9iyPbmrvU80sjF7dwwxJyrgJVSJMNEA2OWErF/wVSsApyunhlf4DMPMdTh+xtE= + -----END CERTIFICATE----- + key: | + -----BEGIN PRIVATE KEY----- + MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC24r3MfJrMdPX6 + 8O67O/XIYjnBwC2dcyCyXwmE/bxJkE1pViNdsKz/C0VjIfGEDrf67EwqnIf8T7CB + A9MNEoTK8oUYU4W6tUriKwESqZASVs4t+dPoHtb8IZtg9cE9a0JvSQGQT/yxpdgu + ZEfFiCD7c93xm6WS0QXeuley09P2s/8o/6HEjBkwu221cHOENsTn0qy0KTD8BQa2 + OPl8Plp/luUmkvFllBPIIfnWE7913DIpe10nuiNV9EILAH2oVgGhBy1pn5LvgkaE + Pbdp1XRnOrR/2nrsTlOMS93GZXdQ6Gf9opp6rCEOJvu5GIWwMxEYPW72I5x0y6Q8 + 1+Mh+CXzAgMBAAECggEBAIcKlitQNt2R37AUB7Opaqs0HIG8bfI8+H+9PUI+ObH4 + I7EMMcEUnCkXIX05qyRf2eomYXd1bdQY47PgJw8YBYX13eFAixZ6l3i5WGl3WzKv + dj7solRbsVMrXZgS30WC1eNmfQkahvSGCUL4OSbahcAmplOpInFudm8oGWmqkHEw + 5lIqthsvep2myfm4SDtw4vU342HpajkcFy1TqhkLaUbR7ppqsyc2uXbAF3i5vgS7 + yo0TxYznknYOvrpUdq4QpvXVwoIfR3aK6jEmYMdQyeiDC+Z2RlBfzOF++eifknbW + nQaNTpR+YmccrnnvGjvCfFekwZBpWjyOAZCOf9h0gYECgYEA8Z2UNWzK6Cdzgf0m + eoHajsWTzueB+2qyxEkBpgjTCyl7Q/GbOU1PSCoAtd1HE2LiehJbLfQwnoIl9m2f + 3ZwbnwU/rpm9VYyO34JqmN48InYTbl8i/uN+sEmsiafrG4rfGGKpC3t/LnINwqXh + YKqTv2Wr8KFa4YQeXXCv2+GDtYsCgYEAwcYSNYF++IKxTVoSA5HdbROWYhXisNXj + 7U++4iHsCcqEIk4vIVZNK9599UAaolktL25bt1gz0nTqad5dnXPrDIkXOfTSEJR/ + A/8nyySJ83l8UN6OtD5xG2cgAkWzpRUAcgcCFI1uw0QIhNZJMZN/9W0n8DtrGiGZ + RMYP0Y1JbjkCgYEAkQvHQHdKLCoa1otRgTPZL+J+hDRIvNTl8p3dRn5/q3DAlh5B + 0BmQIcNNX+Ax3fp7+UpxwFmaol2BSrmuwgwILOOqwjd7CRNzZcxWD+VB9nIp4hVs + 3dVWZaAk2xKaOpOYsHvx/Xmq9Qf1KMgKT8y3G6x+lttWwpFc5T1T5U0xk1cCgYBD + pkL1KyCI4hfESY3AcUw8qHn4BGwAEKxiTVT23aDqSimXUHRjzx1iE2smFBs4UqnT + xVN/zutIrkiobVmBftawqavSMAamgzFU09+wrDD9L4yXLxvjEWmrh3VFVdBB8fMV + 3Bx90GK7CSVwOt+Sz0v9Av7Of/AET3aS7BLZtdnNAQKBgQCd+efqwaDhl0aGaESd + 4XPPcXsLcFPp05NQRhrN/8fNHh4PIzCyfCcAZmpBcAoPmLk0BgmlxyhDG2ODkvsm + Pq6KEEXqZzK5zGlvG6tMhU6bzhRG5NOqek9XfePHsUkcQw4seS/Adw9nDZKW5q93 + 8pbTjvtuTuqKn12bzeIlADZM7w== + -----END PRIVATE KEY----- + +globalConfig: + externalConfigmapName: + content: | + { + "available_locales": [ + "en", + "fr" + ], + "auth": { + "identity_providers": [] + }, + "uploader": { + "max_upload_file_size": null, + "max_upload_commit_size": null, + "max_upload_file_count": null, + "client": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "margin": "2px 10px" + } + }, + "admin": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "with": "80px" + } + } + }, + "notify": { + "admin": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "with": "80px" + } + } + }, + "expose": { + "admin": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "with": "80px" + } + } + } + } diff --git a/infra/helm_services/post-provisionning-sample.yaml b/infra/helm_services/post-provisionning-sample.yaml new file mode 100644 index 0000000000..1263a984a8 --- /dev/null +++ b/infra/helm_services/post-provisionning-sample.yaml @@ -0,0 +1,138 @@ +auth: + defaultUser: + externalSecretName: + # Secret must contain: + # - DEFAULT_ADMIN_USER_USERNAME + # - DEFAULT_ADMIN_USER_PASSWORD + api: + hostname: api-auth.phrasea.io + baseUrl: https://api-auth.phrasea.io + ingress: + annotations: {} + tls: [] + adminOAuthClient: + externalSecretName: + # Secret must contain: + # - ADMIN_CLIENT_ID + # - ADMIN_CLIENT_RANDOM_ID + # - ADMIN_CLIENT_SECRET + +expose: + api: + hostname: api-expose.phrasea.io + baseUrl: https://api-expose.phrasea.io + config: + s3Storage: + baseUrl: "https://s3.eu-west-1.amazonaws.com/expose" + # Leave me empty for AWS S3 + endpoint: "" + bucketName: expose + externalSecretKey: + # Secret must contain: + # - S3_STORAGE_ACCESS_KEY + # - S3_STORAGE_SECRET_KEY + + ingress: + annotations: {} + adminOAuthClient: + externalSecretName: + # Secret must contain: + # - ADMIN_CLIENT_ID + # - ADMIN_CLIENT_RANDOM_ID + # - ADMIN_CLIENT_SECRET + client: + hostname: expose.phrasea.io + baseUrl: https://expose.phrasea.io + ingress: + annotations: {} + tls: [] + oauthClient: + externalSecretName: + # Secret must contain: + # - CLIENT_ID + # - CLIENT_RANDOM_ID + # - CLIENT_SECRET + secret: "" + mapbox: + token: "" + +notify: + api: + hostname: api-notify.phrasea.io + baseUrl: https://api-notify.phrasea.io + ingress: + annotations: {} + tls: [] + adminOAuthClient: + externalSecretName: + # Secret must contain: + # - ADMIN_CLIENT_ID + # - ADMIN_CLIENT_RANDOM_ID + # - ADMIN_CLIENT_SECRET + +uploader: + persistence: + existingClaim: + api: + hostname: api-uploader.phrasea.io + baseUrl: https://api-uploader.phrasea.io + ingress: + annotations: {} + config: + s3Storage: + baseUrl: "https://s3.eu-west-1.amazonaws.com/uploader-deposit" + # Leave me empty for AWS S3 + endpoint: "" + bucketName: uploader-deposit + externalSecretKey: + # Secret must contain: + # - S3_STORAGE_ACCESS_KEY + # - S3_STORAGE_SECRET_KEY + + adminOAuthClient: + externalSecretName: + # Secret must contain: + # - ADMIN_CLIENT_ID + # - ADMIN_CLIENT_RANDOM_ID + # - ADMIN_CLIENT_SECRET + client: + hostname: uploader.phrasea.io + ingress: + annotations: {} + tls: [] + oauthClient: + externalSecretName: + # Secret must contain: + # - CLIENT_ID + # - CLIENT_RANDOM_ID + # - CLIENT_SECRET + +report: + api: + hostname: report.phrasea.io + baseUrl: https://report.phrasea.io + +mailer: + dsn: "" + +postgresql: + externalSecretName: + # Secret must contain: + # - POSTGRES_USER + # - POSTGRES_PASSWORD + persistence: + existingClaim: + +rabbitmq: + externalSecretName: + # Secret must contain: + # - RABBITMQ_USER + # - RABBITMQ_PASSWORD + persistence: + existingClaim: + +minio: + enabled: false + +globalConfig: + externalConfigmapName: diff --git a/infra/helm_services/sample.yaml b/infra/helm_services/sample.yaml new file mode 100644 index 0000000000..c331ea9612 --- /dev/null +++ b/infra/helm_services/sample.yaml @@ -0,0 +1,148 @@ +auth: + api: + hostname: "auth.alchemy.kube" + baseUrl: "https://auth.alchemy.kube" +expose: + api: + hostname: "api-expose.alchemy.kube" + baseUrl: "https://api-expose.alchemy.kube" + client: + hostname: "expose.alchemy.kube" + baseUrl: "https://expose.alchemy.kube" + mapbox: + token: "pk.eyJ1IjoiYXJ0aHVyZGVtb3VsaW5zIiwiYSI6ImNrYXAybGNodTBqdGIycnBvNGs0cWhsanYifQ.AafKAw4dVuEOVvbnwWG9Vw" + +uploader: + api: + hostname: "api-uploader.alchemy.kube" + baseUrl: "https://api-uploader.alchemy.kube" + client: + hostname: "uploader.alchemy.kube" + baseUrl: "https://uploader.alchemy.kube" + persistence: + enabled: false + +notify: + api: + hostname: "notify.alchemy.kube" + baseUrl: "https://notify.alchemy.kube" + +report: + api: + hostname: "report.alchemy.kube" + baseUrl: "https://report.alchemy.kube" + +dashboard: + hostname: "dashboard.alchemy.kube" + baseUrl: "https://dashboard.alchemy.kube" + +mailer: + dsn: "smtp://localhost" + +minio: + enabled: true + hostname: "minio.alchemy.kube" + baseUrl: "https://minio.alchemy.kube" + +ingress: + tls: + wildcard: + enabled: true + crt: | + -----BEGIN CERTIFICATE----- + MIIDuzCCAqOgAwIBAgIUD95TKFJjI6CW+vQFIbPDOBEUnC8wDQYJKoZIhvcNAQEL + BQAwSDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEWMBQGA1UECgwNQWxj + aGVteSwgSW5jLjEQMA4GA1UEAwwHQWxjaGVteTAeFw0yMDA2MzAxMTAzMzFaFw0y + NTA2MjkxMTAzMzFaMIGOMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4w + DAYDVQQHDAVQYXJpczEQMA4GA1UECgwHQWxjaGVteTEQMA4GA1UECwwHQWxjaGVt + eTEhMB8GCSqGSIb3DQEJARYSY29udGFjdEBhbGNoZW15LmZyMRcwFQYDVQQDDA4q + LmFsY2hlbXkua3ViZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbi + vcx8msx09frw7rs79chiOcHALZ1zILJfCYT9vEmQTWlWI12wrP8LRWMh8YQOt/rs + TCqch/xPsIED0w0ShMryhRhThbq1SuIrARKpkBJWzi350+ge1vwhm2D1wT1rQm9J + AZBP/LGl2C5kR8WIIPtz3fGbpZLRBd66V7LT0/az/yj/ocSMGTC7bbVwc4Q2xOfS + rLQpMPwFBrY4+Xw+Wn+W5SaS8WWUE8gh+dYTv3XcMil7XSe6I1X0QgsAfahWAaEH + LWmfku+CRoQ9t2nVdGc6tH/aeuxOU4xL3cZld1DoZ/2imnqsIQ4m+7kYhbAzERg9 + bvYjnHTLpDzX4yH4JfMCAwEAAaNWMFQwHwYDVR0jBBgwFoAUNmzTskn998pLNs+3 + iCg4LiRGWs8wCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOKi5h + bGNoZW15Lmt1YmUwDQYJKoZIhvcNAQELBQADggEBAGT1z36Up4jOnuq93KGF6ase + bOrESSRrDZ8cen7XlvC/A+3nkIRfX0rwirX5h74IOJxE7xFKfL9n8RekL6OgSXWk + /Xjf8D2w9uH3GRdhLAST6yDynktB9GJmH526ZBcWpGceBBx3yUe0OyF9F3YnYaMO + 70s5ZFWVNdGz1GOqorPbHVCHYHKm2OHfZBwJz9Ouo1g6L5y54ZVm0ZmfySfwWAyn + u7DcYYXODFaEel5R8DfC/JrQcO1dl/bErUxvFI1Z+Rk09bZ5UMHFWTTJwP9SMsAv + i9iyPbmrvU80sjF7dwwxJyrgJVSJMNEA2OWErF/wVSsApyunhlf4DMPMdTh+xtE= + -----END CERTIFICATE----- + key: | + -----BEGIN PRIVATE KEY----- + MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC24r3MfJrMdPX6 + 8O67O/XIYjnBwC2dcyCyXwmE/bxJkE1pViNdsKz/C0VjIfGEDrf67EwqnIf8T7CB + A9MNEoTK8oUYU4W6tUriKwESqZASVs4t+dPoHtb8IZtg9cE9a0JvSQGQT/yxpdgu + ZEfFiCD7c93xm6WS0QXeuley09P2s/8o/6HEjBkwu221cHOENsTn0qy0KTD8BQa2 + OPl8Plp/luUmkvFllBPIIfnWE7913DIpe10nuiNV9EILAH2oVgGhBy1pn5LvgkaE + Pbdp1XRnOrR/2nrsTlOMS93GZXdQ6Gf9opp6rCEOJvu5GIWwMxEYPW72I5x0y6Q8 + 1+Mh+CXzAgMBAAECggEBAIcKlitQNt2R37AUB7Opaqs0HIG8bfI8+H+9PUI+ObH4 + I7EMMcEUnCkXIX05qyRf2eomYXd1bdQY47PgJw8YBYX13eFAixZ6l3i5WGl3WzKv + dj7solRbsVMrXZgS30WC1eNmfQkahvSGCUL4OSbahcAmplOpInFudm8oGWmqkHEw + 5lIqthsvep2myfm4SDtw4vU342HpajkcFy1TqhkLaUbR7ppqsyc2uXbAF3i5vgS7 + yo0TxYznknYOvrpUdq4QpvXVwoIfR3aK6jEmYMdQyeiDC+Z2RlBfzOF++eifknbW + nQaNTpR+YmccrnnvGjvCfFekwZBpWjyOAZCOf9h0gYECgYEA8Z2UNWzK6Cdzgf0m + eoHajsWTzueB+2qyxEkBpgjTCyl7Q/GbOU1PSCoAtd1HE2LiehJbLfQwnoIl9m2f + 3ZwbnwU/rpm9VYyO34JqmN48InYTbl8i/uN+sEmsiafrG4rfGGKpC3t/LnINwqXh + YKqTv2Wr8KFa4YQeXXCv2+GDtYsCgYEAwcYSNYF++IKxTVoSA5HdbROWYhXisNXj + 7U++4iHsCcqEIk4vIVZNK9599UAaolktL25bt1gz0nTqad5dnXPrDIkXOfTSEJR/ + A/8nyySJ83l8UN6OtD5xG2cgAkWzpRUAcgcCFI1uw0QIhNZJMZN/9W0n8DtrGiGZ + RMYP0Y1JbjkCgYEAkQvHQHdKLCoa1otRgTPZL+J+hDRIvNTl8p3dRn5/q3DAlh5B + 0BmQIcNNX+Ax3fp7+UpxwFmaol2BSrmuwgwILOOqwjd7CRNzZcxWD+VB9nIp4hVs + 3dVWZaAk2xKaOpOYsHvx/Xmq9Qf1KMgKT8y3G6x+lttWwpFc5T1T5U0xk1cCgYBD + pkL1KyCI4hfESY3AcUw8qHn4BGwAEKxiTVT23aDqSimXUHRjzx1iE2smFBs4UqnT + xVN/zutIrkiobVmBftawqavSMAamgzFU09+wrDD9L4yXLxvjEWmrh3VFVdBB8fMV + 3Bx90GK7CSVwOt+Sz0v9Av7Of/AET3aS7BLZtdnNAQKBgQCd+efqwaDhl0aGaESd + 4XPPcXsLcFPp05NQRhrN/8fNHh4PIzCyfCcAZmpBcAoPmLk0BgmlxyhDG2ODkvsm + Pq6KEEXqZzK5zGlvG6tMhU6bzhRG5NOqek9XfePHsUkcQw4seS/Adw9nDZKW5q93 + 8pbTjvtuTuqKn12bzeIlADZM7w== + -----END PRIVATE KEY----- + +globalConfig: + externalConfigmapName: + content: | + { + "available_locales": [ + "en", + "fr" + ], + "auth": { + "identity_providers": [] + }, + "uploader": { + "max_upload_file_size": null, + "max_upload_commit_size": null, + "max_upload_file_count": null, + "client": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "margin": "2px 10px" + } + }, + "admin": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "with": "80px" + } + } + }, + "notify": { + "admin": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "with": "80px" + } + } + }, + "expose": { + "admin": { + "logo": { + "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", + "with": "80px" + } + } + } + } diff --git a/infra/ssl/create-root-ca.sh b/infra/ssl/create-root-ca.sh new file mode 100755 index 0000000000..bc2592a61e --- /dev/null +++ b/infra/ssl/create-root-ca.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +mkdir -p ~/ssl/ +openssl genrsa -des3 -out ~/ssl/AlchemyRootCA.key 2048 +openssl req -x509 -new -nodes -key ~/ssl/AlchemyRootCA.key -sha256 -days 1825 \ + -subj "/C=FR/ST=France/O=Alchemy, Inc./CN=Alchemy" \ + -out ~/ssl/AlchemyRootCA.pem + +echo "Done." diff --git a/infra/ssl/create-self-signed-certificate.sh b/infra/ssl/create-self-signed-certificate.sh new file mode 100755 index 0000000000..83171cc93d --- /dev/null +++ b/infra/ssl/create-self-signed-certificate.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -e + +DOMAIN=${1:-"alchemy.local"} + +PROJECT_DIR="$( cd "$(dirname "$0")" && pwd )" +SSL_DIR="/etc/nginx/ssl/${DOMAIN}" + +sudo mkdir -p $SSL_DIR + +sudo openssl req -new -sha256 -nodes -out $SSL_DIR/${DOMAIN}.csr -newkey rsa:2048 -keyout $SSL_DIR/${DOMAIN}.key \ + -config $PROJECT_DIR/server.csr.${DOMAIN}.cnf + +sudo openssl x509 -req -in $SSL_DIR/${DOMAIN}.csr -CA ~/ssl/AlchemyRootCA.pem -CAkey ~/ssl/AlchemyRootCA.key -CAcreateserial \ + -out $SSL_DIR/${DOMAIN}.crt -days 1825 -sha256 -extfile $PROJECT_DIR/v3.${DOMAIN}.ext + +sudo rm $SSL_DIR/${DOMAIN}.csr + +echo "Done." diff --git a/infra/ssl/server.csr.alchemy.kube.cnf b/infra/ssl/server.csr.alchemy.kube.cnf new file mode 100644 index 0000000000..387e508d85 --- /dev/null +++ b/infra/ssl/server.csr.alchemy.kube.cnf @@ -0,0 +1,14 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=FR +ST=France +L=Paris +O=Alchemy +OU=Alchemy +emailAddress=contact@alchemy.fr +CN = *.alchemy.kube diff --git a/infra/ssl/server.csr.alchemy.local.cnf b/infra/ssl/server.csr.alchemy.local.cnf new file mode 100644 index 0000000000..e3ea24850b --- /dev/null +++ b/infra/ssl/server.csr.alchemy.local.cnf @@ -0,0 +1,14 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=FR +ST=France +L=Paris +O=Alchemy +OU=Alchemy +emailAddress=contact@alchemy.fr +CN = *.alchemy.local diff --git a/infra/ssl/v3.alchemy.kube.ext b/infra/ssl/v3.alchemy.kube.ext new file mode 100644 index 0000000000..28c4b28e5e --- /dev/null +++ b/infra/ssl/v3.alchemy.kube.ext @@ -0,0 +1,7 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = *.alchemy.kube diff --git a/infra/ssl/v3.alchemy.local.ext b/infra/ssl/v3.alchemy.local.ext new file mode 100644 index 0000000000..387301b0c1 --- /dev/null +++ b/infra/ssl/v3.alchemy.local.ext @@ -0,0 +1,7 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = *.alchemy.local From e962b7ba688b4c71840075e49919637a03d4a9fc Mon Sep 17 00:00:00 2001 From: Moctar Date: Fri, 6 Nov 2020 17:16:49 +0100 Subject: [PATCH 2/3] remove services helm help --- infra/helm_services/README.md | 9 - infra/helm_services/all/Chart.yaml | 21 -- infra/helm_services/all/README.md | 39 --- .../helm_services/all/templates/_helpers.tpl | 161 ---------- .../all/templates/api-nginx-deployment.yaml | 35 --- .../all/templates/api-nginx-ingress.yml | 64 ---- .../all/templates/api-nginx-service.yml | 20 -- .../all/templates/api-php-deployment.yml | 52 ---- .../all/templates/api-php-service.yml | 20 -- .../all/templates/auth/api-configmap.yaml | 6 - .../auth/default-user-admin-secret.yaml | 11 - .../jobs/create-admin-oauth-clients-job.yaml | 67 ----- .../jobs/create-default-admin-user-job.yaml | 59 ---- .../auth/jobs/create-oauth-clients-job.yaml | 79 ----- .../all/templates/config/php-configmap.yaml | 7 - .../config/postgresql-configmap.yaml | 7 - .../templates/config/rabbitmq-configmap.yaml | 7 - .../all/templates/config/urls-configmap.yaml | 26 -- .../config/volume-configs-configmap.yaml | 9 - .../dashboard/dashboard-deployment.yaml | 27 -- .../templates/dashboard/dashboard-ingress.yml | 44 --- .../dashboard/dashboard-service.yaml | 12 - .../all/templates/expose/api-configmap.yaml | 12 - .../templates/expose/client-configmap.yaml | 12 - .../all/templates/expose/client-ingress.yml | 44 --- .../expose/expose-client-deployment.yml | 37 --- .../expose/expose-client-service.yml | 14 - .../templates/expose/oauth-client-secret.yaml | 14 - .../all/templates/migrate-job.yaml | 43 --- .../minio/minio-create-buckets-job.yaml | 55 ---- .../all/templates/minio/minio-deployment.yaml | 37 --- .../all/templates/minio/minio-ingress.yaml | 56 ---- .../all/templates/minio/minio-pvc.yaml | 32 -- .../all/templates/minio/minio-secret.yaml | 9 - .../all/templates/minio/minio-service.yaml | 14 - .../all/templates/notify/api-configmap.yaml | 9 - .../jobs/postgresql-create-databases-job.yaml | 45 --- .../postgresql/postgresql-deployment.yaml | 40 --- .../templates/postgresql/postgresql-pvc.yaml | 30 -- .../postgresql/postgresql-secret.yaml | 13 - .../postgresql/postgresql-service.yaml | 12 - .../rabbitmq/jobs/rabbitmq-vhost-job.yaml | 57 ---- .../rabbitmq/rabbitmq-configmap.yaml | 12 - .../rabbitmq/rabbitmq-deployment.yml | 55 ---- .../all/templates/rabbitmq/rabbitmq-pvc.yaml | 30 -- .../templates/rabbitmq/rabbitmq-secret.yaml | 13 - .../templates/rabbitmq/rabbitmq-service.yml | 25 -- .../all/templates/redis/redis-deployment.yml | 20 -- .../all/templates/redis/redis-service.yml | 12 - .../templates/report/report-deployment.yml | 28 -- .../all/templates/report/report-service.yml | 12 - .../templates/secret/oauth-admin-secret.yaml | 18 -- .../all/templates/secret/s3-secret.yaml | 23 -- .../all/templates/setup-job.yaml | 44 --- .../templates/tls/wildcard-tls-secret.yaml | 14 - .../all/templates/uploader/api-configmap.yaml | 14 - .../all/templates/uploader/client-ingress.yml | 44 --- .../uploader/oauth-client-secret.yaml | 12 - .../uploader/uploader-client-deployment.yml | 33 -- .../uploader/uploader-client-service.yml | 12 - .../all/templates/worker-deployment.yml | 46 --- infra/helm_services/all/values.yaml | 281 ------------------ infra/helm_services/bin/test.sh | 10 - infra/helm_services/cert1.pem | 21 -- infra/helm_services/myvalues.yml | 155 ---------- .../post-provisionning-sample.yaml | 138 --------- infra/helm_services/sample.yaml | 148 --------- 67 files changed, 2587 deletions(-) delete mode 100644 infra/helm_services/README.md delete mode 100644 infra/helm_services/all/Chart.yaml delete mode 100644 infra/helm_services/all/README.md delete mode 100644 infra/helm_services/all/templates/_helpers.tpl delete mode 100644 infra/helm_services/all/templates/api-nginx-deployment.yaml delete mode 100644 infra/helm_services/all/templates/api-nginx-ingress.yml delete mode 100644 infra/helm_services/all/templates/api-nginx-service.yml delete mode 100644 infra/helm_services/all/templates/api-php-deployment.yml delete mode 100644 infra/helm_services/all/templates/api-php-service.yml delete mode 100644 infra/helm_services/all/templates/auth/api-configmap.yaml delete mode 100644 infra/helm_services/all/templates/auth/default-user-admin-secret.yaml delete mode 100644 infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml delete mode 100644 infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml delete mode 100644 infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml delete mode 100644 infra/helm_services/all/templates/config/php-configmap.yaml delete mode 100644 infra/helm_services/all/templates/config/postgresql-configmap.yaml delete mode 100644 infra/helm_services/all/templates/config/rabbitmq-configmap.yaml delete mode 100644 infra/helm_services/all/templates/config/urls-configmap.yaml delete mode 100644 infra/helm_services/all/templates/config/volume-configs-configmap.yaml delete mode 100644 infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml delete mode 100644 infra/helm_services/all/templates/dashboard/dashboard-ingress.yml delete mode 100644 infra/helm_services/all/templates/dashboard/dashboard-service.yaml delete mode 100644 infra/helm_services/all/templates/expose/api-configmap.yaml delete mode 100644 infra/helm_services/all/templates/expose/client-configmap.yaml delete mode 100644 infra/helm_services/all/templates/expose/client-ingress.yml delete mode 100644 infra/helm_services/all/templates/expose/expose-client-deployment.yml delete mode 100644 infra/helm_services/all/templates/expose/expose-client-service.yml delete mode 100644 infra/helm_services/all/templates/expose/oauth-client-secret.yaml delete mode 100644 infra/helm_services/all/templates/migrate-job.yaml delete mode 100644 infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml delete mode 100644 infra/helm_services/all/templates/minio/minio-deployment.yaml delete mode 100644 infra/helm_services/all/templates/minio/minio-ingress.yaml delete mode 100644 infra/helm_services/all/templates/minio/minio-pvc.yaml delete mode 100644 infra/helm_services/all/templates/minio/minio-secret.yaml delete mode 100644 infra/helm_services/all/templates/minio/minio-service.yaml delete mode 100644 infra/helm_services/all/templates/notify/api-configmap.yaml delete mode 100644 infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml delete mode 100644 infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml delete mode 100644 infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml delete mode 100644 infra/helm_services/all/templates/postgresql/postgresql-secret.yaml delete mode 100644 infra/helm_services/all/templates/postgresql/postgresql-service.yaml delete mode 100644 infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml delete mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml delete mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml delete mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml delete mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml delete mode 100644 infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml delete mode 100644 infra/helm_services/all/templates/redis/redis-deployment.yml delete mode 100644 infra/helm_services/all/templates/redis/redis-service.yml delete mode 100644 infra/helm_services/all/templates/report/report-deployment.yml delete mode 100644 infra/helm_services/all/templates/report/report-service.yml delete mode 100644 infra/helm_services/all/templates/secret/oauth-admin-secret.yaml delete mode 100644 infra/helm_services/all/templates/secret/s3-secret.yaml delete mode 100644 infra/helm_services/all/templates/setup-job.yaml delete mode 100644 infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml delete mode 100644 infra/helm_services/all/templates/uploader/api-configmap.yaml delete mode 100644 infra/helm_services/all/templates/uploader/client-ingress.yml delete mode 100644 infra/helm_services/all/templates/uploader/oauth-client-secret.yaml delete mode 100644 infra/helm_services/all/templates/uploader/uploader-client-deployment.yml delete mode 100644 infra/helm_services/all/templates/uploader/uploader-client-service.yml delete mode 100644 infra/helm_services/all/templates/worker-deployment.yml delete mode 100644 infra/helm_services/all/values.yaml delete mode 100755 infra/helm_services/bin/test.sh delete mode 100644 infra/helm_services/cert1.pem delete mode 100644 infra/helm_services/myvalues.yml delete mode 100644 infra/helm_services/post-provisionning-sample.yaml delete mode 100644 infra/helm_services/sample.yaml diff --git a/infra/helm_services/README.md b/infra/helm_services/README.md deleted file mode 100644 index 97371fff97..0000000000 --- a/infra/helm_services/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Helm Chart - -## Deploy chart - -First you should write your own configuration file named `myvalues.yaml` (see [sample.yaml](./sample.yaml)) - -```bash -helm install -f myvalues.yaml ps ./all -``` diff --git a/infra/helm_services/all/Chart.yaml b/infra/helm_services/all/Chart.yaml deleted file mode 100644 index 71c3e50663..0000000000 --- a/infra/helm_services/all/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: phraseanet-services -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.16.0 diff --git a/infra/helm_services/all/README.md b/infra/helm_services/all/README.md deleted file mode 100644 index aa2778ada0..0000000000 --- a/infra/helm_services/all/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# PS Chart - -### TLS - -You can enable wildcard TLS: - -```yaml -ingress: - tls: - wildcard: - enabled: true - #externalSecretName: - # or - crt: | - ... - key: | - ... -``` - -or configure TLS for each ingress: -```yaml -uploader: - api: - ingress: - tls: - - secretName: uploader-api-tls-secret - # Optional: - # if not provided the hostname will be automatically set - # with the .Values.uploader.api.hostname value - host: api.uploader.com - client: - ingress: - tls: - - secretName: uploader-client-tls-secret - # Optional: - # if not provided the hostname will be automatically set - # with the .Values.uploader.client.hostname value - host: client.uploader.com -``` diff --git a/infra/helm_services/all/templates/_helpers.tpl b/infra/helm_services/all/templates/_helpers.tpl deleted file mode 100644 index 45e3bad310..0000000000 --- a/infra/helm_services/all/templates/_helpers.tpl +++ /dev/null @@ -1,161 +0,0 @@ -{{- define "ps.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default "ps" .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "ps.name" -}} -{{- .Values.nameOverride | default "ps" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "volumes.configs" }} -- name: configs - configMap: - name: {{ .Values.globalConfig.externalConfigmapName | default (printf "%s-configs" .Release.Name) }} -{{- end }} - -{{- define "secretRef.adminOAuthClient" }} -- secretRef: - name: {{ .Values.params.adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" .Release.Name) }} -{{- end }} - -{{- define "secretName.rabbitmq" -}} -{{- .Values.rabbitmq.externalSecretName | default "rabbitmq-secret" -}} -{{- end }} -{{- define "secretName.postgresql" -}} -{{- .Values.postgresql.externalSecretName | default "postgresql-secret" -}} -{{- end }} - -{{- define "secretRef.ingress.tls.wildcard" -}} -{{- with .Values.ingress.tls.wildcard }} -{{- if and .enabled .externalSecretName -}} -{{- .externalSecretName -}} -{{- else -}} -gateway-tls -{{- end }} -{{- end }} -{{- end }} - -{{- define "envFrom.rabbitmq" }} -- configMapRef: - name: rabbitmq-php-config -- secretRef: - name: {{ include "secretName.rabbitmq" . }} -{{- end }} - -{{- define "envFrom.postgresql" }} -- configMapRef: - name: postgresql-php-config -- secretRef: - name: {{ include "secretName.postgresql" . }} -{{- end }} - -{{- define "secretRef.postgresql" }} -- secretRef: - name: {{ .Values.postgresql.externalSecretName | default "api-db-secret" }} -{{- end }} - -{{- define "configMapRef.phpApp" -}} -{{- $appName := .app }} -{{- $ctx := .ctx }} -{{- $glob := .glob }} -- configMapRef: - name: php-config -- configMapRef: - name: urls-config -{{- end }} - -{{- define "envRef.phpApp" -}} -{{- $appName := .app }} -{{- $ctx := .ctx }} -{{- $glob := .glob }} -{{- if or (eq $appName "uploader") (eq $appName "expose") }} -{{- $secretName := $ctx.api.config.s3Storage.externalSecretKey | default (printf "%s-s3-secret" $appName) }} -{{- $mapping := $ctx.api.config.s3Storage.externalSecretMapping }} -- name: S3_STORAGE_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $secretName }} - key: {{ $mapping.accessKey }} -- name: S3_STORAGE_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ $secretName }} - key: {{ $mapping.secretKey }} -{{- end }} -{{- end }} - -{{- define "app.volumes" }} -{{- $appName := .app -}} -{{- $ctx := .ctx -}} -{{- $glob := .glob -}} -{{- if .glob.Values._internal.volumes }} -{{- if hasKey $glob.Values._internal.volumes $appName }} -{{- with (index $glob.Values._internal.volumes $appName) }} -{{- range $key, $value := . }} -- name: {{ $key }} -{{- if $ctx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ $ctx.persistence.existingClaim | default (printf "%s-%s" $value.name (include "ps.fullname" $glob)) }} -{{- else }} - emptyDir: {} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "app.volumesMounts" }} -{{- $appName := .app -}} -{{- $ctx := .ctx -}} -{{- $glob := .glob -}} -{{- if .glob.Values._internal.volumes }} -{{- if hasKey .glob.Values._internal.volumes $appName }} -{{- with (index .glob.Values._internal.volumes $appName) }} -{{- range $key, $value := . }} -- name: {{ $key }} - mountPath: {{ $value.mountPath }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "app.volumesUidInit" }} -{{- $appName := .app -}} -{{- $ctx := .ctx -}} -{{- $glob := .glob -}} -{{- if hasKey .glob.Values._internal.volumes $appName }} -{{- with (index .glob.Values._internal.volumes $appName) }} -{{- range $key, $value := . }} -{{- if $value.uid }} -initContainers: -- name: volume-set-uid-{{ $appName }}-{{ $key }} - image: busybox - command: ["sh", "-c", "chown -R {{ $value.uid }}:{{ $value.uid }} {{ $value.mountPath }}"] - volumeMounts: - - name: {{ $key }} - mountPath: {{ $value.mountPath }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "app.s3Storage.configMap" }} -{{- $ctx := .ctx -}} -{{- $glob := .glob -}} -S3_STORAGE_ENDPOINT: {{ $ctx.s3Storage.endpoint | default (ternary "http://minio:9000" "" $glob.Values.minio.enabled) | quote }} -S3_STORAGE_BASE_URL: {{ tpl $ctx.s3Storage.baseUrl $glob | quote }} -S3_STORAGE_REGION: {{ $ctx.s3Storage.region | default "eu-central-1" | quote }} -S3_STORAGE_USE_PATH_STYLE_ENDPOINT: {{ ternary "\"true\"" "\"false\"" (or $ctx.s3Storage.usePathSyleEndpoint $glob.Values.minio.enabled) }} -S3_STORAGE_BUCKET_NAME: {{ $ctx.s3Storage.bucketName | quote }} -{{- end }} diff --git a/infra/helm_services/all/templates/api-nginx-deployment.yaml b/infra/helm_services/all/templates/api-nginx-deployment.yaml deleted file mode 100644 index dd8a504ea2..0000000000 --- a/infra/helm_services/all/templates/api-nginx-deployment.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $appName }}-api-nginx -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: {{ $appName }}-api-nginx - template: - metadata: - labels: - app: phraseanet-services - tier: {{ $appName }}-api-nginx - spec: - containers: - - name: {{ $appName }}-api-nginx - image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-nginx:{{ $.Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - {{- if .api.ingress }} - {{- if .api.ingress.maxBodySize }} - env: - - name: UPLOAD_MAX_FILE_SIZE - value: {{ .api.ingress.maxBodySize | quote }} - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/api-nginx-ingress.yml b/infra/helm_services/all/templates/api-nginx-ingress.yml deleted file mode 100644 index 8aa2f513fa..0000000000 --- a/infra/helm_services/all/templates/api-nginx-ingress.yml +++ /dev/null @@ -1,64 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName).api }} -{{- $apiNode := . }} -{{- if .ingress }} -{{- if .ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $appName }}-api-ingress - annotations: -{{- if .ingress.annotations }} -{{ toYaml .ingress.annotations | indent 4 }} -{{- else }} - kubernetes.io/ingress.class: "nginx" -{{- if .ingress.maxBodySize }} - nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.maxBodySize | quote }} -{{- end }} -{{- with (index $.Values._internal $appName) }} -{{- if .api }} -{{- if .api.ingress }} -{{- if .api.ingress.annotations }} -{{ toYaml .api.ingress.annotations | indent 4 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if .ingress.extraLabels }} - labels: -{{ toYaml .ingress.extraLabels | indent 4 }} -{{- end }} -spec: - rules: - - host: {{ .hostname }} - http: - paths: - - backend: - serviceName: {{ $appName }}-api - servicePort: 80 - path: / -{{- if .ingress.tls }} -{{- $tlsNode := .ingress.tls -}} -{{- range $value := $tlsNode }} - {{- if not (hasKey $value "hosts") }} - {{- $hosts := list $apiNode.hostname }} - {{- $_ := set $value "hosts" $hosts }} - {{- end -}} -{{- end }} - tls: -{{ toYaml $tlsNode | indent 2 }} -{{- else if $.Values.ingress.tls.wildcard.enabled }} - tls: - - hosts: - - {{ .hostname }} - secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} -{{- end }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/api-nginx-service.yml b/infra/helm_services/all/templates/api-nginx-service.yml deleted file mode 100644 index 946b7074fa..0000000000 --- a/infra/helm_services/all/templates/api-nginx-service.yml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $appName }}-api -spec: - ports: - - name: http - port: 80 - targetPort: 80 - selector: - app: phraseanet-services - tier: {{ $appName }}-api-nginx ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/api-php-deployment.yml b/infra/helm_services/all/templates/api-php-deployment.yml deleted file mode 100644 index 4206c2f65e..0000000000 --- a/infra/helm_services/all/templates/api-php-deployment.yml +++ /dev/null @@ -1,52 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -{{ $tplArgs := dict "app" $appName "ctx" . "glob" $ }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $appName }}-api-php -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: {{ $appName }}-api-php - template: - metadata: - labels: - app: phraseanet-services - tier: {{ $appName }}-api-php - spec: - volumes: -{{- include "volumes.configs" $ | indent 6 }} -{{- include "app.volumes" $tplArgs | indent 6 }} - containers: - - name: {{ $appName }}-api-php - image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-php:{{ $.Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: configs - mountPath: /configs -{{- include "app.volumesMounts" $tplArgs | indent 8 }} - env: -{{ include "envRef.phpApp" $tplArgs | indent 8 }} - {{- if .api.ingress }} - {{- if .api.ingress.maxBodySize }} - - name: UPLOAD_MAX_FILE_SIZE - value: {{ .api.ingress.maxBodySize | quote }} - {{- end }} - {{- end }} - envFrom: -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - - secretRef: - name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} - - configMapRef: - name: {{ $appName }}-api-config ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/api-php-service.yml b/infra/helm_services/all/templates/api-php-service.yml deleted file mode 100644 index a34a570010..0000000000 --- a/infra/helm_services/all/templates/api-php-service.yml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $appName }}-api-php -spec: - ports: - - name: http - port: 9000 - targetPort: 9000 - selector: - app: phraseanet-services - tier: {{ $appName }}-api-php ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/auth/api-configmap.yaml b/infra/helm_services/all/templates/auth/api-configmap.yaml deleted file mode 100644 index b06421e452..0000000000 --- a/infra/helm_services/all/templates/auth/api-configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: auth-api-config -data: - REGISTRATION_VALIDATE_EMAIL: {{ ternary "\"true\"" "\"false\"" .Values.auth.api.config.registrationValidateEmail }} diff --git a/infra/helm_services/all/templates/auth/default-user-admin-secret.yaml b/infra/helm_services/all/templates/auth/default-user-admin-secret.yaml deleted file mode 100644 index e40428269a..0000000000 --- a/infra/helm_services/all/templates/auth/default-user-admin-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- with .Values.auth.defaultUser }} -{{- if not .externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: default-admin-user-secret -stringData: - DEFAULT_ADMIN_USER_USERNAME: {{ .username | quote }} - DEFAULT_ADMIN_USER_PASSWORD: {{ .password | quote }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml b/infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml deleted file mode 100644 index f9138c4377..0000000000 --- a/infra/helm_services/all/templates/auth/jobs/create-admin-oauth-clients-job.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- range .Values._internal.services }} -{{ $appName := . }} -{{- if and (index $.Values $appName).enabled (index $.Values $appName).adminOAuthClient }} -{{- with (index $.Values $appName) }} -{{ $tplArgs := dict "app" $appName "ctx" . "glob" $ }} -{{ $jobName := printf "%s-create-admin-oauth-client" $appName }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $jobName }}-script -data: - job.sh: | - #!/bin/sh - set -ex - - bin/console alchemy:oauth:create-client "${ADMIN_CLIENT_ID}" \ - --random-id="${ADMIN_CLIENT_RANDOM_ID}" \ - --secret="${ADMIN_CLIENT_SECRET}" \ - {{- range .adminOAuthClient.grantTypes }} - --grant-type {{ . }} \ - {{- end }} - {{- range .adminOAuthClient.scopes }} - --scope {{ . }} \ - {{- end }} - --redirect-uri {{ .api.baseUrl | quote }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $jobName }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: - - name: scripts - configMap: - name: {{ $jobName }}-script - defaultMode: 0777 - containers: - - name: {{ $jobName }} - image: {{ $.Values.repository.baseurl }}/ps-auth-api-php:{{ $.Values.repository.tag }} - args: ["/setup/job.sh"] - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: scripts - mountPath: /setup/job.sh - subPath: job.sh - env: -{{ include "envRef.phpApp" $tplArgs | indent 8 }} - envFrom: -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - - secretRef: - name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} - - configMapRef: - name: {{ $appName }}-api-config - restartPolicy: Never - backoffLimit: 0 ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml b/infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml deleted file mode 100644 index c827210b2f..0000000000 --- a/infra/helm_services/all/templates/auth/jobs/create-default-admin-user-job.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- $appName := "auth" }} -{{- $tplArgs := dict "app" $appName "ctx" .Values.auth "glob" $ }} -{{- if .Values.auth.defaultUser }} -{{ $jobName := "auth-create-default-admin-user" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $jobName }}-script -data: - job.sh: | - #!/bin/sh - set -e - - bin/console app:user:create \ - --update-if-exist "${DEFAULT_ADMIN_USER_USERNAME}" \ - -p "${DEFAULT_ADMIN_USER_PASSWORD}" \ - --roles ROLE_SUPER_ADMIN - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $jobName }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: - - name: scripts - configMap: - name: {{ $jobName }}-script - defaultMode: 0777 -{{- include "app.volumes" $tplArgs | indent 6 }} - containers: - - name: {{ $jobName }} - image: {{ $.Values.repository.baseurl }}/ps-auth-api-php:{{ $.Values.repository.tag }} - args: ["/setup/job.sh"] - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: scripts - mountPath: /setup/job.sh - subPath: job.sh -{{- include "app.volumesMounts" $tplArgs | indent 8 }} - env: -{{ include "envRef.phpApp" $tplArgs | indent 8 }} - envFrom: - - secretRef: - name: {{ .Values.auth.defaultUser.externalSecretName | default "default-admin-user-secret" }} - - configMapRef: - name: auth-api-config -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml b/infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml deleted file mode 100644 index 4079650c33..0000000000 --- a/infra/helm_services/all/templates/auth/jobs/create-oauth-clients-job.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- $appNode := (index $.Values $appName) }} -{{- $tplArgs := dict "app" $appName "ctx" $appNode "glob" $ }} -{{- if and $appNode.enabled $appNode.client }} -{{- if $appNode.client.oauthClient }} -{{- $jobName := printf "%s-create-oauth-client" $appName }} -{{- with $appNode.client.oauthClient }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $jobName }}-script -data: - job.sh: | - #!/bin/sh - set -ex - - bin/console alchemy:oauth:create-client "${CLIENT_ID}" \ - --random-id="${CLIENT_RANDOM_ID}" \ - --secret="${CLIENT_SECRET}" \ - {{- range .grantTypes }} - --grant-type {{ . }} \ - {{- end }} - {{- range .scopes }} - --scope {{ . }} \ - {{- end }} - --redirect-uri={{ tpl .redirectUri $ | quote }} ---- -{{- if not .externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $jobName }} -stringData: - CLIENT_ID: {{ .id | quote }} - CLIENT_RANDOM_ID: {{ .randomId | quote }} - CLIENT_SECRET: {{ .secret | quote }} ---- -{{- end }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $jobName }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: - - name: scripts - configMap: - name: {{ $jobName }}-script - defaultMode: 0777 - containers: - - name: {{ $jobName }} - image: {{ $.Values.repository.baseurl }}/ps-auth-api-php:{{ $.Values.repository.tag }} - args: ["/setup/job.sh"] - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: scripts - mountPath: /setup/job.sh - subPath: job.sh - envFrom: - - secretRef: - name: {{ .externalSecretName | default $jobName }} - - configMapRef: - name: auth-api-config -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - restartPolicy: Never - backoffLimit: 0 ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/config/php-configmap.yaml b/infra/helm_services/all/templates/config/php-configmap.yaml deleted file mode 100644 index 3b67ca4a7c..0000000000 --- a/infra/helm_services/all/templates/config/php-configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: php-config -data: - APP_ENV: prod - TRUSTED_PROXIES: 127.0.0.1,REMOTE_ADDR diff --git a/infra/helm_services/all/templates/config/postgresql-configmap.yaml b/infra/helm_services/all/templates/config/postgresql-configmap.yaml deleted file mode 100644 index 59c4224d2f..0000000000 --- a/infra/helm_services/all/templates/config/postgresql-configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgresql-php-config -data: - POSTGRES_HOST: {{ quote .Values.postgresql.host }} - POSTGRES_PORT: {{ quote .Values.postgresql.port }} diff --git a/infra/helm_services/all/templates/config/rabbitmq-configmap.yaml b/infra/helm_services/all/templates/config/rabbitmq-configmap.yaml deleted file mode 100644 index 54bfc262a3..0000000000 --- a/infra/helm_services/all/templates/config/rabbitmq-configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: rabbitmq-php-config -data: - RABBITMQ_HOST: {{ quote .Values.rabbitmq.host }} - RABBITMQ_PORT: {{ quote .Values.rabbitmq.port }} diff --git a/infra/helm_services/all/templates/config/urls-configmap.yaml b/infra/helm_services/all/templates/config/urls-configmap.yaml deleted file mode 100644 index b4b20243a3..0000000000 --- a/infra/helm_services/all/templates/config/urls-configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: urls-config -data: -{{- if .Values.report.enabled }} - REPORT_BASE_URL: {{ quote .Values.report.api.baseUrl }} -{{- end }} -{{- if .Values.notify.enabled }} - NOTIFY_BASE_URL: {{ quote .Values.notify.api.baseUrl }} -{{- end }} -{{- if .Values.auth.enabled }} - AUTH_BASE_URL: {{ quote .Values.auth.api.baseUrl }} -{{- end }} -{{- if .Values.expose.enabled }} - EXPOSE_API_BASE_URL: {{ quote .Values.expose.api.baseUrl }} - EXPOSE_FRONT_BASE_URL: {{ quote .Values.expose.client.baseUrl }} -{{- end }} -{{- if .Values.uploader.enabled }} - UPLOADER_API_BASE_URL: {{ quote .Values.uploader.api.baseUrl }} - UPLOADER_FRONT_BASE_URL: {{ quote .Values.uploader.client.baseUrl }} -{{- end }} -{{- if .Values.dashboard.enabled }} - DASHBOARD_BASE_URL: {{ quote .Values.dashboard.baseUrl }} - DISPLAY_SERVICES_MENU: "true" -{{- end }} diff --git a/infra/helm_services/all/templates/config/volume-configs-configmap.yaml b/infra/helm_services/all/templates/config/volume-configs-configmap.yaml deleted file mode 100644 index e5a6eafb2c..0000000000 --- a/infra/helm_services/all/templates/config/volume-configs-configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{ if empty .Values.globalConfig.externalConfigmapName -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-configs -data: - config.json: | -{{ .Values.globalConfig.content | indent 4 }} -{{- end }} diff --git a/infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml b/infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml deleted file mode 100644 index 415a911ca3..0000000000 --- a/infra/helm_services/all/templates/dashboard/dashboard-deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- with .Values.dashboard }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dashboard -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: dashboard - template: - metadata: - labels: - app: phraseanet-services - tier: dashboard - spec: - containers: - - name: dashboard - image: {{ $.Values.repository.baseurl }}/ps-dashboard:{{ $.Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - envFrom: - - configMapRef: - name: urls-config -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/dashboard/dashboard-ingress.yml b/infra/helm_services/all/templates/dashboard/dashboard-ingress.yml deleted file mode 100644 index c490a570be..0000000000 --- a/infra/helm_services/all/templates/dashboard/dashboard-ingress.yml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.dashboard.enabled }} -{{- with .Values.dashboard }} -{{- if .ingress.enabled }} -{{- $ingressNode := . }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: dashboard-ingress -{{- if .ingress.annotations }} - annotations: -{{ toYaml .ingress.annotations | indent 4 }} -{{- end }} -{{- if .ingress.extraLabels }} - labels: -{{ toYaml .ingress.extraLabels | indent 4 }} -{{- end }} -spec: - rules: - - host: {{ .hostname }} - http: - paths: - - backend: - serviceName: dashboard - servicePort: 80 - path: / -{{- if .ingress.tls }} -{{- $tlsNode := .ingress.tls -}} -{{- range $value := $tlsNode }} - {{- if not (hasKey $value "hosts") }} - {{- $hosts := list $ingressNode.hostname }} - {{- $_ := set $value "hosts" $hosts }} - {{- end -}} -{{- end }} - tls: -{{ toYaml $tlsNode | indent 2 }} -{{- else if $.Values.ingress.tls.wildcard.enabled }} - tls: - - hosts: - - {{ .hostname }} - secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/dashboard/dashboard-service.yaml b/infra/helm_services/all/templates/dashboard/dashboard-service.yaml deleted file mode 100644 index 0fab76f793..0000000000 --- a/infra/helm_services/all/templates/dashboard/dashboard-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: dashboard -spec: - ports: - - name: http - port: 80 - targetPort: 80 - selector: - app: phraseanet-services - tier: dashboard diff --git a/infra/helm_services/all/templates/expose/api-configmap.yaml b/infra/helm_services/all/templates/expose/api-configmap.yaml deleted file mode 100644 index 514e50ffc7..0000000000 --- a/infra/helm_services/all/templates/expose/api-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.expose.enabled }} -{{- with .Values.expose.api.config }} -{{- $tplArgs := dict "app" "uploader" "ctx" . "glob" $ }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: expose-api-config -data: - EXPOSE_REQUEST_SIGNATURE_TTL: {{ .requestSignatureTtl | quote }} -{{ include "app.s3Storage.configMap" $tplArgs | indent 2 }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/expose/client-configmap.yaml b/infra/helm_services/all/templates/expose/client-configmap.yaml deleted file mode 100644 index bb1d60e18e..0000000000 --- a/infra/helm_services/all/templates/expose/client-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.expose.enabled }} -{{- with .Values.expose }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: expose-client-config -data: - DEV_MODE: "0" - EXPOSE_REQUEST_SIGNATURE_TTL: {{ .api.config.requestSignatureTtl | quote }} - MAPBOX_TOKEN: {{ required "Missing mapbox token at expose.client.mapbox.token" .client.mapbox.token | quote }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/expose/client-ingress.yml b/infra/helm_services/all/templates/expose/client-ingress.yml deleted file mode 100644 index 5af5186af7..0000000000 --- a/infra/helm_services/all/templates/expose/client-ingress.yml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.expose.enabled }} -{{- with .Values.expose.client }} -{{- if .ingress.enabled }} -{{- $ingressNode := . }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: expose-client-ingress -{{- if .ingress.annotations }} - annotations: -{{ toYaml .ingress.annotations | indent 4 }} -{{- end }} -{{- if .ingress.extraLabels }} - labels: -{{ toYaml .ingress.extraLabels | indent 4 }} -{{- end }} -spec: - rules: - - host: {{ .hostname }} - http: - paths: - - backend: - serviceName: expose-client - servicePort: 80 - path: / -{{- if .ingress.tls }} -{{- $tlsNode := .ingress.tls -}} -{{- range $value := $tlsNode }} - {{- if not (hasKey $value "hosts") }} - {{- $hosts := list $ingressNode.hostname }} - {{- $_ := set $value "hosts" $hosts }} - {{- end -}} -{{- end }} - tls: -{{ toYaml $tlsNode | indent 2 }} -{{- else if $.Values.ingress.tls.wildcard.enabled }} - tls: - - hosts: - - {{ .hostname }} - secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/expose/expose-client-deployment.yml b/infra/helm_services/all/templates/expose/expose-client-deployment.yml deleted file mode 100644 index 16f9db0eec..0000000000 --- a/infra/helm_services/all/templates/expose/expose-client-deployment.yml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.expose.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: expose-client -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: expose-client - template: - metadata: - labels: - app: phraseanet-services - tier: expose-client - spec: - volumes: -{{- include "volumes.configs" $ | indent 8 }} - containers: - - name: expose-client - image: {{ $.Values.repository.baseurl }}/ps-expose-client:{{ $.Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: configs - mountPath: /configs - env: - - name: DEV_MODE - value: "false" - envFrom: - - configMapRef: - name: urls-config - - configMapRef: - name: expose-client-config - - secretRef: - name: {{ $.Values.expose.client.oauthClient.externalSecretName | default "expose-oauth-client-secret" }} -{{- end }} diff --git a/infra/helm_services/all/templates/expose/expose-client-service.yml b/infra/helm_services/all/templates/expose/expose-client-service.yml deleted file mode 100644 index 1bc5a67312..0000000000 --- a/infra/helm_services/all/templates/expose/expose-client-service.yml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.expose.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: expose-client -spec: - ports: - - name: http - port: 80 - targetPort: 80 - selector: - app: phraseanet-services - tier: expose-client -{{- end }} diff --git a/infra/helm_services/all/templates/expose/oauth-client-secret.yaml b/infra/helm_services/all/templates/expose/oauth-client-secret.yaml deleted file mode 100644 index 37c43cb4a1..0000000000 --- a/infra/helm_services/all/templates/expose/oauth-client-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.expose.enabled }} -{{- with .Values.expose.client.oauthClient }} -{{- if not .externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: expose-oauth-client-secret -stringData: - CLIENT_ID: {{ .id | quote }} - CLIENT_RANDOM_ID: {{ .randomId | quote }} - CLIENT_SECRET: {{ .secret | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/migrate-job.yaml b/infra/helm_services/all/templates/migrate-job.yaml deleted file mode 100644 index 50c42b2077..0000000000 --- a/infra/helm_services/all/templates/migrate-job.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -{{- $tplArgs := dict "app" $appName "ctx" . "glob" $ }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $appName }}-migrate - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: -{{- include "volumes.configs" $ | indent 6 }} -{{- include "app.volumes" $tplArgs | indent 6 }} - containers: - - name: {{ $appName }}-php-job - image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-php:{{ $.Values.repository.tag }} - args: ["bin/migrate.sh"] - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: configs - mountPath: /configs -{{- include "app.volumesMounts" $tplArgs | indent 8 }} - env: -{{ include "envRef.phpApp" $tplArgs | indent 8 }} - envFrom: -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - - secretRef: - name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} - - configMapRef: - name: {{ $appName }}-api-config - restartPolicy: Never - backoffLimit: 0 ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml b/infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml deleted file mode 100644 index c5948a24dd..0000000000 --- a/infra/helm_services/all/templates/minio/minio-create-buckets-job.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if and .Values.minio.enabled .Values.expose.enabled }} -{{ $jobName := "minio-create-buckets" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $jobName }}-script -data: - job.sh: | - #!/bin/sh - set -ex - - while ! nc -z minio 80; do - echo "Wait for minio to startup..." && sleep 0.1; - done; - sleep 5 - mc config host add minio http://minio:80 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY - {{- if .Values.expose.enabled }} - mc mb --ignore-existing minio/{{ .Values.expose.api.config.s3Storage.bucketName }} - {{- end }} - {{- if .Values.uploader.enabled }} - mc mb --ignore-existing minio/{{ .Values.uploader.api.config.s3Storage.bucketName }} - {{- end }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $jobName }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: - - name: scripts - configMap: - name: {{ $jobName }}-script - defaultMode: 0777 - containers: - - name: {{ $jobName }} - image: minio/mc - command: ["sh", "-c"] - args: ["/setup/job.sh"] - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: scripts - mountPath: /setup/job.sh - subPath: job.sh - envFrom: - - secretRef: - name: minio-secret - restartPolicy: Never - backoffLimit: 0 -{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-deployment.yaml b/infra/helm_services/all/templates/minio/minio-deployment.yaml deleted file mode 100644 index 63f3a61cb7..0000000000 --- a/infra/helm_services/all/templates/minio/minio-deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.minio.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: minio - template: - metadata: - labels: - app: phraseanet-services - tier: minio - spec: - containers: - - name: minio - image: minio/minio - terminationMessagePolicy: FallbackToLogsOnError - args: ["server", "/data"] - envFrom: - - secretRef: - name: minio-secret - volumeMounts: - - name: data - mountPath: "/data" - volumes: - - name: data - {{- if .Values.minio.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.minio.persistence.existingClaim | default (printf "%s-minio" (include "ps.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-ingress.yaml b/infra/helm_services/all/templates/minio/minio-ingress.yaml deleted file mode 100644 index a84a9c5790..0000000000 --- a/infra/helm_services/all/templates/minio/minio-ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.minio.enabled }} -{{- if .Values.minio.ingress.enabled }} -{{- with .Values.minio }} -{{- $ingressNode := . }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: minio-ingress - annotations: -{{- if .ingress.annotations }} -{{ toYaml .ingress.annotations | indent 4 }} -{{- else }} - kubernetes.io/ingress.class: "nginx" -{{- if .ingress.maxBodySize }} - nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.maxBodySize | quote }} -{{- end }} -{{- with $.Values._internal.minio }} -{{- if .ingress }} -{{- if .ingress.annotations }} -{{ toYaml .ingress.annotations | indent 4 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if .ingress.extraLabels }} - labels: -{{ toYaml .ingress.extraLabels | indent 4 }} -{{- end }} -spec: - rules: - - host: {{ .hostname }} - http: - paths: - - backend: - serviceName: minio - servicePort: 80 - path: / -{{- if .ingress.tls }} -{{- $tlsNode := .ingress.tls -}} -{{- range $value := $tlsNode }} - {{- if not (hasKey $value "hosts") }} - {{- $hosts := list $ingressNode.hostname }} - {{- $_ := set $value "hosts" $hosts }} - {{- end -}} -{{- end }} - tls: -{{ toYaml $tlsNode | indent 2 }} -{{- else if $.Values.ingress.tls.wildcard.enabled }} - tls: - - hosts: - - {{ .hostname }} - secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-pvc.yaml b/infra/helm_services/all/templates/minio/minio-pvc.yaml deleted file mode 100644 index 67958e7f39..0000000000 --- a/infra/helm_services/all/templates/minio/minio-pvc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.minio.enabled }} -{{ with .Values.minio }} -{{- if and .persistence.enabled (not .persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: -{{- if .persistence.annotations }} - annotations: -{{ toYaml .persistence.annotations | indent 4 }} -{{- end }} - name: {{ template "ps.fullname" $ }}-minio - labels: - "app.kubernetes.io/name": '{{ template "ps.name" $ }}' - "helm.sh/chart": "{{ $.Chart.Name }}-{{ $.Chart.Version }}" - "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" - "app.kubernetes.io/instance": "{{ $.Release.Name }}" -spec: - accessModes: - - {{ .persistence.accessMode | quote }} - resources: - requests: - storage: {{ .persistence.size | quote }} -{{- if .persistence.storageClass }} -{{- if (eq "-" .persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-secret.yaml b/infra/helm_services/all/templates/minio/minio-secret.yaml deleted file mode 100644 index 0aa785634f..0000000000 --- a/infra/helm_services/all/templates/minio/minio-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.minio.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: minio-secret -stringData: - MINIO_ACCESS_KEY: {{ quote .Values.minio.accessKey }} - MINIO_SECRET_KEY: {{ quote .Values.minio.secretKey }} -{{- end }} diff --git a/infra/helm_services/all/templates/minio/minio-service.yaml b/infra/helm_services/all/templates/minio/minio-service.yaml deleted file mode 100644 index 231e28ae3e..0000000000 --- a/infra/helm_services/all/templates/minio/minio-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.minio.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: minio -spec: - ports: - - name: minio - port: 80 - targetPort: 9000 - selector: - app: phraseanet-services - tier: minio -{{- end }} diff --git a/infra/helm_services/all/templates/notify/api-configmap.yaml b/infra/helm_services/all/templates/notify/api-configmap.yaml deleted file mode 100644 index 9112df5c3b..0000000000 --- a/infra/helm_services/all/templates/notify/api-configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: notify-api-config -data: - MAILER_DSN: {{ required "Missing .mailer.dsn value" .Values.mailer.dsn | quote }} -{{- if .Values.mailer.from }} - MAIL_FROM: {{ .Values.mailer.from | quote }} -{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml b/infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml deleted file mode 100644 index 7cc1862fd4..0000000000 --- a/infra/helm_services/all/templates/postgresql/jobs/postgresql-create-databases-job.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ $jobName := "postgresql-create-databases" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $jobName }}-script -data: - job.sh: | - #!/bin/sh - set -ex - - DB="report" - - DSN="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@{{ .Values.postgresql.host }}:{{ .Values.postgresql.port }}" - psql ${DSN} -tc "SELECT 1 FROM pg_database WHERE datname = '$DB'" | grep -q 1 || psql ${DSN} -c "CREATE DATABASE $DB" - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $jobName }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: - - name: scripts - configMap: - name: {{ $jobName }}-script - defaultMode: 0777 - containers: - - name: {{ $jobName }} - image: jbergknoff/postgresql-client - command: ["/setup/job.sh"] - volumeMounts: - - name: scripts - mountPath: /setup/job.sh - subPath: job.sh - envFrom: - - secretRef: - name: {{ .Values.postgresql.externalSecretName | default "postgresql-secret" }} - restartPolicy: Never - backoffLimit: 10 diff --git a/infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml b/infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml deleted file mode 100644 index 8ec435b6a3..0000000000 --- a/infra/helm_services/all/templates/postgresql/postgresql-deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- with .Values.postgresql }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: postgresql -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: phraseanet-services - tier: postgresql - template: - metadata: - labels: - app: phraseanet-services - tier: postgresql - spec: - volumes: - - name: data - {{- if .persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .persistence.existingClaim | default (printf "%s-postgresql" (include "ps.fullname" $)) }} - {{- else }} - emptyDir: {} - {{- end }} - containers: - - name: postgresql - image: postgres:11.2-alpine - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: data - mountPath: "/var/lib/postgresql/data" - envFrom: - - secretRef: - name: {{ include "secretName.postgresql" $ }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml b/infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml deleted file mode 100644 index f215060012..0000000000 --- a/infra/helm_services/all/templates/postgresql/postgresql-pvc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ with .Values.postgresql }} -{{- if and .persistence.enabled (not .persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: -{{- if .persistence.annotations }} - annotations: -{{ toYaml .persistence.annotations | indent 4 }} -{{- end }} - name: {{ template "ps.fullname" $ }}-postgresql - labels: - "app.kubernetes.io/name": '{{ template "ps.name" $ }}' - "helm.sh/chart": "{{ $.Chart.Name }}-{{ $.Chart.Version }}" - "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" - "app.kubernetes.io/instance": "{{ $.Release.Name }}" -spec: - accessModes: - - {{ .persistence.accessMode | quote }} - resources: - requests: - storage: {{ .persistence.size | quote }} -{{- if .persistence.storageClass }} -{{- if (eq "-" .persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/postgresql-secret.yaml b/infra/helm_services/all/templates/postgresql/postgresql-secret.yaml deleted file mode 100644 index 9b9f1f6425..0000000000 --- a/infra/helm_services/all/templates/postgresql/postgresql-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- with .Values.postgresql }} -{{- if .enabled }} -{{- if not .externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: postgresql-secret -stringData: - POSTGRES_USER: {{ .user | quote }} - POSTGRES_PASSWORD: {{ .password | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/postgresql/postgresql-service.yaml b/infra/helm_services/all/templates/postgresql/postgresql-service.yaml deleted file mode 100644 index 3ac8bd5c42..0000000000 --- a/infra/helm_services/all/templates/postgresql/postgresql-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: db -spec: - ports: - - name: postgre - port: 5432 - targetPort: 5432 - selector: - app: phraseanet-services - tier: postgresql diff --git a/infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml b/infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml deleted file mode 100644 index f70718945c..0000000000 --- a/infra/helm_services/all/templates/rabbitmq/jobs/rabbitmq-vhost-job.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{ $jobName := "rabbitmq-vhost-setup" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $jobName }}-script -data: - job.sh: | - #!/bin/sh - set -ex - - n=0 - until [ "$n" -ge 20 ]; do - rabbitmqctl -n rabbit@rabbitmq await_startup && break - n=$((n+1)) - sleep 5 - done - - rabbitmqctl -n rabbit@rabbitmq await_startup -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} - VHOST="{{ (index $.Values $appName).rabbitmq.vhost }}" - rabbitmqctl -n rabbit@rabbitmq add_vhost ${VHOST} - rabbitmqctl -n rabbit@rabbitmq set_permissions -p ${VHOST} ${RABBITMQ_USER} '.*' '.*' '.*' -{{- end }} -{{- end }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $jobName }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: - - name: scripts - configMap: - name: {{ $jobName }}-script - defaultMode: 0777 - containers: - - name: rabbitmq - image: rabbitmq:3.7.14-management - args: ["/setup/job.sh"] - volumeMounts: - - name: scripts - mountPath: /setup/job.sh - subPath: job.sh - envFrom: - - secretRef: - name: {{ include "secretName.rabbitmq" . }} - - configMapRef: - name: rabbitmq-config - restartPolicy: Never - backoffLimit: 10 diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml deleted file mode 100644 index b8fb074118..0000000000 --- a/infra/helm_services/all/templates/rabbitmq/rabbitmq-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- with .Values.rabbitmq }} -{{- if .enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: rabbitmq-config -data: - RABBITMQ_NODENAME: "rabbit@rabbitmq" - RABBITMQ_ERLANG_COOKIE: "H#75$3CjoTKn3129DNwcqlHvhfqs15" - ERL_EPMD_PORT: "55950" -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml deleted file mode 100644 index 9accbda4a6..0000000000 --- a/infra/helm_services/all/templates/rabbitmq/rabbitmq-deployment.yml +++ /dev/null @@ -1,55 +0,0 @@ -{{- with .Values.rabbitmq }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rabbitmq -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: phraseanet-services - tier: rabbitmq - template: - metadata: - labels: - app: phraseanet-services - tier: rabbitmq - spec: - volumes: - - name: data - {{- if .persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .persistence.existingClaim | default (printf "%s-rabbitmq" (include "ps.fullname" $)) }} - {{- else }} - emptyDir: {} - {{- end }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "rabbitmq" - containers: - - name: rabbitmq - image: rabbitmq:3.7.14-management - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: data - mountPath: "/var/lib/rabbitmq" - env: - - name: RABBITMQ_DEFAULT_USER - valueFrom: - secretKeyRef: - name: {{ include "secretName.rabbitmq" $ }} - key: RABBITMQ_USER - - name: RABBITMQ_DEFAULT_PASS - valueFrom: - secretKeyRef: - name: {{ include "secretName.rabbitmq" $ }} - key: RABBITMQ_PASSWORD - envFrom: - - configMapRef: - name: rabbitmq-config -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml deleted file mode 100644 index c1a2af3cb0..0000000000 --- a/infra/helm_services/all/templates/rabbitmq/rabbitmq-pvc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- with .Values.rabbitmq }} -{{- if and .persistence.enabled (not .persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: -{{- if .persistence.annotations }} - annotations: -{{ toYaml .persistence.annotations | indent 4 }} -{{- end }} - name: {{ template "ps.fullname" $ }}-rabbitmq - labels: - "app.kubernetes.io/name": '{{ template "ps.name" $ }}' - "helm.sh/chart": "{{ $.Chart.Name }}-{{ $.Chart.Version }}" - "app.kubernetes.io/managed-by": "{{ $.Release.Service }}" - "app.kubernetes.io/instance": "{{ $.Release.Name }}" -spec: - accessModes: - - {{ .persistence.accessMode | quote }} - resources: - requests: - storage: {{ .persistence.size | quote }} -{{- if .persistence.storageClass }} -{{- if (eq "-" .persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml deleted file mode 100644 index d67fad27ef..0000000000 --- a/infra/helm_services/all/templates/rabbitmq/rabbitmq-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- with .Values.rabbitmq }} -{{- if .enabled }} -{{- if not .externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: rabbitmq-secret -stringData: - RABBITMQ_USER: {{ quote .user }} - RABBITMQ_PASSWORD: {{ quote .password }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml b/infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml deleted file mode 100644 index 9d1ad6147c..0000000000 --- a/infra/helm_services/all/templates/rabbitmq/rabbitmq-service.yml +++ /dev/null @@ -1,25 +0,0 @@ -{{- with .Values.rabbitmq }} -{{- if .enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rabbitmq -spec: - ports: - - name: rabbitmq - port: 5672 - targetPort: 5672 - - name: rabbitmq-cli-tool - port: 25672 - targetPort: 25672 - - name: rabbitmqctl - port: 4369 - targetPort: 4369 - - name: rabbitmq-clust - port: 55950 - targetPort: 55950 - selector: - app: phraseanet-services - tier: rabbitmq -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/redis/redis-deployment.yml b/infra/helm_services/all/templates/redis/redis-deployment.yml deleted file mode 100644 index 61af98e1de..0000000000 --- a/infra/helm_services/all/templates/redis/redis-deployment.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: redis - template: - metadata: - labels: - app: phraseanet-services - tier: redis - spec: - containers: - - name: redis - image: redis:5.0.5-alpine - terminationMessagePolicy: FallbackToLogsOnError diff --git a/infra/helm_services/all/templates/redis/redis-service.yml b/infra/helm_services/all/templates/redis/redis-service.yml deleted file mode 100644 index 661598e18f..0000000000 --- a/infra/helm_services/all/templates/redis/redis-service.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: redis -spec: - ports: - - name: redis - port: 6379 - targetPort: 6379 - selector: - app: phraseanet-services - tier: redis diff --git a/infra/helm_services/all/templates/report/report-deployment.yml b/infra/helm_services/all/templates/report/report-deployment.yml deleted file mode 100644 index dacaf1315f..0000000000 --- a/infra/helm_services/all/templates/report/report-deployment.yml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: report-api -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: report-api - template: - metadata: - labels: - app: phraseanet-services - tier: report-api - spec: - containers: - - name: report-api - image: {{ .Values.repository.baseurl }}/ps-report-api:{{ .Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - env: - - name: APP_ENV - value: prod - - name: POSTGRES_DATABASE - value: {{ .Values.report.databaseName | quote }} - envFrom: - - secretRef: - name: {{ include "secretName.postgresql" . }} diff --git a/infra/helm_services/all/templates/report/report-service.yml b/infra/helm_services/all/templates/report/report-service.yml deleted file mode 100644 index 8602e80b68..0000000000 --- a/infra/helm_services/all/templates/report/report-service.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: report-api -spec: - ports: - - name: http - port: 80 - targetPort: 80 - selector: - app: phraseanet-services - tier: report-api diff --git a/infra/helm_services/all/templates/secret/oauth-admin-secret.yaml b/infra/helm_services/all/templates/secret/oauth-admin-secret.yaml deleted file mode 100644 index b0a229362a..0000000000 --- a/infra/helm_services/all/templates/secret/oauth-admin-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range .Values._internal.services }} -{{ $appName := . }} -{{- if and (index $.Values $appName).enabled (index $.Values $appName).adminOAuthClient }} -{{- with (index $.Values .) }} -{{- if not .adminOAuthClient.externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $appName }}-admin-oauth-client-secret -stringData: - ADMIN_CLIENT_ID: {{ quote .adminOAuthClient.id }} - ADMIN_CLIENT_RANDOM_ID: {{ quote .adminOAuthClient.randomId }} - ADMIN_CLIENT_SECRET: {{ quote .adminOAuthClient.secret }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/secret/s3-secret.yaml b/infra/helm_services/all/templates/secret/s3-secret.yaml deleted file mode 100644 index af424eac5a..0000000000 --- a/infra/helm_services/all/templates/secret/s3-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range .Values._internal.services }} -{{ $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -{{- if .api }} -{{- if .api.config }} -{{- if .api.config.s3Storage }} -{{- if not .api.config.s3Storage.externalSecretKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $appName }}-s3-secret -stringData: - S3_STORAGE_ACCESS_KEY: {{ .api.config.s3Storage.accessKey | default (ternary $.Values.minio.accessKey "" $.Values.minio.enabled) | quote }} - S3_STORAGE_SECRET_KEY: {{ .api.config.s3Storage.secretKey | default (ternary $.Values.minio.secretKey "" $.Values.minio.enabled) | quote }} ---- -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/setup-job.yaml b/infra/helm_services/all/templates/setup-job.yaml deleted file mode 100644 index d8c1cd8617..0000000000 --- a/infra/helm_services/all/templates/setup-job.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- range .Values._internal.services }} -{{ $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -{{ $tplArgs := dict "app" $appName "ctx" . "glob" $ }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $appName }}-setup - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - volumes: -{{- include "volumes.configs" $ | indent 6 }} -{{- include "app.volumes" $tplArgs | indent 6 }} - containers: - - name: {{ $appName }}-php-job - image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-api-php:{{ $.Values.repository.tag }} - args: ["bin/setup.sh"] - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: configs - mountPath: /configs -{{- include "app.volumesMounts" $tplArgs | indent 8 }} - env: -{{ include "envRef.phpApp" $tplArgs | indent 8 }} - envFrom: -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - - secretRef: - name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} - - configMapRef: - name: {{ $appName }}-api-config - restartPolicy: Never - backoffLimit: 0 ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml b/infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml deleted file mode 100644 index eae371eb5a..0000000000 --- a/infra/helm_services/all/templates/tls/wildcard-tls-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.ingress.tls.wildcard }} -{{- if and .enabled (not .externalSecretName) }} -apiVersion: v1 -kind: Secret -metadata: - name: gateway-tls -stringData: - tls.crt: | -{{ required "Missing ingress.tls.wildcard.crt" .crt | indent 4 }} - tls.key: | -{{ required "Missing ingress.tls.wildcard.key" .key | indent 4 }} -type: kubernetes.io/tls -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/uploader/api-configmap.yaml b/infra/helm_services/all/templates/uploader/api-configmap.yaml deleted file mode 100644 index 3d20725f4e..0000000000 --- a/infra/helm_services/all/templates/uploader/api-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.uploader.enabled }} -{{- with .Values.uploader.api.config }} -{{- $tplArgs := dict "app" "uploader" "ctx" . "glob" $ }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: uploader-api-config -data: - UPLOADER_REQUEST_SIGNATURE_TTL: {{ .requestSignatureTtl | quote }} - ASSET_CONSUMER_COMMIT_URI: {{ .assetConsumerCommitUri | default "" | quote }} - ASSET_CONSUMER_ACCESS_TOKEN: {{ .assetConsumerAccessToken | default "" | quote }} -{{ include "app.s3Storage.configMap" $tplArgs | indent 2 }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/uploader/client-ingress.yml b/infra/helm_services/all/templates/uploader/client-ingress.yml deleted file mode 100644 index 5df922a816..0000000000 --- a/infra/helm_services/all/templates/uploader/client-ingress.yml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.uploader.enabled }} -{{- with .Values.uploader.client }} -{{- if .ingress.enabled }} -{{- $ingressNode := . }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: uploader-client-ingress -{{- if .ingress.annotations }} - annotations: -{{ toYaml .ingress.annotations | indent 4 }} -{{- end }} -{{- if .ingress.extraLabels }} - labels: -{{ toYaml .ingress.extraLabels | indent 4 }} -{{- end }} -spec: - rules: - - host: {{ .hostname }} - http: - paths: - - backend: - serviceName: uploader-client - servicePort: 80 - path: / -{{- if .ingress.tls }} -{{- $tlsNode := .ingress.tls -}} -{{- range $value := $tlsNode }} - {{- if not (hasKey $value "hosts") }} - {{- $hosts := list $ingressNode.hostname }} - {{- $_ := set $value "hosts" $hosts }} - {{- end -}} -{{- end }} - tls: -{{ toYaml $tlsNode | indent 2 }} -{{- else if $.Values.ingress.tls.wildcard.enabled }} - tls: - - hosts: - - {{ .hostname }} - secretName: {{ include "secretRef.ingress.tls.wildcard" $ }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/uploader/oauth-client-secret.yaml b/infra/helm_services/all/templates/uploader/oauth-client-secret.yaml deleted file mode 100644 index 43709c38e9..0000000000 --- a/infra/helm_services/all/templates/uploader/oauth-client-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- with .Values.uploader.client.oauthClient }} -{{- if not .externalSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: uploader-oauth-client-secret -stringData: - CLIENT_ID: {{ .id | quote }} - CLIENT_RANDOM_ID: {{ .randomId | quote }} - CLIENT_SECRET: {{ .secret | quote }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/templates/uploader/uploader-client-deployment.yml b/infra/helm_services/all/templates/uploader/uploader-client-deployment.yml deleted file mode 100644 index f1c26eb2c3..0000000000 --- a/infra/helm_services/all/templates/uploader/uploader-client-deployment.yml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: uploader-client -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: uploader-client - template: - metadata: - labels: - app: phraseanet-services - tier: uploader-client - spec: - volumes: -{{- include "volumes.configs" $ | indent 8 }} - containers: - - name: uploader-client - image: {{ $.Values.repository.baseurl }}/ps-uploader-client:{{ $.Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: configs - mountPath: /configs - env: - - name: DEV_MODE - value: "false" - envFrom: - - configMapRef: - name: urls-config - - secretRef: - name: {{ $.Values.uploader.client.oauthClient.externalSecretName | default "uploader-oauth-client-secret" }} diff --git a/infra/helm_services/all/templates/uploader/uploader-client-service.yml b/infra/helm_services/all/templates/uploader/uploader-client-service.yml deleted file mode 100644 index 8d34617419..0000000000 --- a/infra/helm_services/all/templates/uploader/uploader-client-service.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: uploader-client -spec: - ports: - - name: http - port: 80 - targetPort: 80 - selector: - app: phraseanet-services - tier: uploader-client diff --git a/infra/helm_services/all/templates/worker-deployment.yml b/infra/helm_services/all/templates/worker-deployment.yml deleted file mode 100644 index da5c0063a8..0000000000 --- a/infra/helm_services/all/templates/worker-deployment.yml +++ /dev/null @@ -1,46 +0,0 @@ -{{- range .Values._internal.services }} -{{- $appName := . }} -{{- if (index $.Values $appName).enabled }} -{{- with (index $.Values $appName) }} -{{- $tplArgs := dict "app" $appName "ctx" . "glob" $ }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $appName }}-worker -spec: - replicas: 1 - selector: - matchLabels: - app: phraseanet-services - tier: {{ $appName }}-worker - template: - metadata: - labels: - app: phraseanet-services - tier: {{ $appName }}-worker - spec: - volumes: -{{- include "volumes.configs" $ | indent 6 }} -{{- include "app.volumes" $tplArgs | indent 6 }} - containers: - - name: {{ $appName }}-worker - image: {{ $.Values.repository.baseurl }}/ps-{{ $appName }}-worker:{{ $.Values.repository.tag }} - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: configs - mountPath: /configs -{{- include "app.volumesMounts" $tplArgs | indent 8 }} - env: -{{ include "envRef.phpApp" $tplArgs | indent 8 }} - envFrom: -{{ include "configMapRef.phpApp" $tplArgs | indent 8 }} -{{- include "envFrom.rabbitmq" $ | indent 8 }} -{{- include "envFrom.postgresql" $ | indent 8 }} - - secretRef: - name: {{ .adminOAuthClient.externalSecretName | default (printf "%s-admin-oauth-client-secret" $appName) }} - - configMapRef: - name: {{ $appName }}-api-config ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/infra/helm_services/all/values.yaml b/infra/helm_services/all/values.yaml deleted file mode 100644 index 1dfb607248..0000000000 --- a/infra/helm_services/all/values.yaml +++ /dev/null @@ -1,281 +0,0 @@ -repository: - baseurl: alchemyfr - tag: latest - -auth: - enabled: true - defaultUser: - externalSecretName: - username: admin@alchemy.fr - password: obIaHz6cVTkQKHqLBj - api: - hostname: - baseUrl: - config: - registrationValidateEmail: true - ingress: - enabled: true - annotations: {} - extraLabels: {} - tls: [] - adminOAuthClient: - externalSecretName: - id: auth-admin - randomId: 9mIGK - secret: 'H$ei3sHwIB0sfyMAp@P@CSnZC71EuDQ2' - grantTypes: - - authorization_code - rabbitmq: - vhost: auth - -expose: - enabled: true - api: - ingress: - enabled: true - annotations: {} - extraLabels: {} - maxBodySize: 22G - tls: [] - hostname: - baseUrl: - config: - requestSignatureTtl: 3600 - s3Storage: - baseUrl: "{{ .Values.minio.baseUrl }}" - endpoint: - region: - bucketName: expose - usePathSyleEndpoint: false - accessKey: - secretKey: - externalSecretKey: - externalSecretMapping: - accessKey: S3_STORAGE_ACCESS_KEY - secretKey: S3_STORAGE_SECRET_KEY - adminOAuthClient: - externalSecretName: - id: expose-admin - randomId: wIB0s - secret: 'MAp@P@CSnZC71EuDQ2H$ei3sHwIB0sfy' - grantTypes: - - authorization_code - - client_credentials - scopes: - - user:list - - group:list - client: - hostname: - baseUrl: - ingress: - enabled: true - annotations: {} - extraLabels: {} - tls: [] - oauthClient: - externalSecretName: - id: expose-app - randomId: difnr - secret: 'oYnq@8ujOtY@kga7LfWB8vTowf$9V9' - redirectUri: "{{ .Values.expose.client.baseUrl }}" - grantTypes: - - password - mapbox: - token: "define-me" - rabbitmq: - vhost: expose - -notify: - enabled: true - api: - hostname: - baseUrl: - ingress: - enabled: true - annotations: {} - extraLabels: {} - tls: [] - adminOAuthClient: - externalSecretName: - id: notify-admin - randomId: dUdGa - secret: 'BNvnbnS#DD@$5H$56@IbhNuJpDY3O#' - grantTypes: - - authorization_code - rabbitmq: - vhost: notify - -uploader: - enabled: true - api: - ingress: - enabled: true - annotations: {} - extraLabels: {} - maxBodySize: 22G - tls: [] - hostname: - baseUrl: - config: - assetConsumerCommitUri: - assetConsumerAccessToken: - requestSignatureTtl: 3600 - s3Storage: - baseUrl: "{{ .Values.minio.baseUrl }}" - endpoint: - region: - bucketName: uploader-deposit - usePathSyleEndpoint: false - accessKey: - secretKey: - externalSecretKey: - externalSecretMapping: - accessKey: S3_STORAGE_ACCESS_KEY - secretKey: S3_STORAGE_SECRET_KEY - adminOAuthClient: - externalSecretName: - id: uploader-admin - randomId: oqdsq - secret: 'C71EuDQ2H$eMAp@P@CSnZi3sHwIB0sfy' - grantTypes: - - authorization_code - - client_credentials - scopes: - - user:list - - group:list - client: - hostname: - ingress: - enabled: true - annotations: {} - extraLabels: {} - tls: [] - oauthClient: - externalSecretName: - id: uploader-app - randomId: oqdsq - secret: 'l$@fuDukPDpydN$mo7VZoOVw4inxqn' - redirectUri: "{{ .Values.uploader.client.baseUrl }}" - grantTypes: - - authorization_code - rabbitmq: - vhost: upload - -report: - enabled: true - api: - hostname: - baseUrl: - databaseName: report - -dashboard: - enabled: true - hostname: - baseUrl: - ingress: - enabled: true - annotations: {} - extraLabels: {} - tls: [] - -mailer: - dns: 'null://null' - from: 'no-reply@acme.com' - -postgresql: - enabled: true - externalSecretName: - host: db - port: 5432 - user: alchemy - password: 'iHdB$$tyVGmT9Zj6shv' - persistence: - enabled: true - existingClaim: - storageClass: - annotations: {} - accessMode: ReadWriteOnce - size: 10Gi - subPath: - -rabbitmq: - enabled: true - externalSecretName: - host: rabbitmq - port: 5672 - user: rabbit - password: '2rlTh4WyhyUZV7fEAnb$u4dqFchQDz' - persistence: - enabled: true - existingClaim: - storageClass: - annotations: {} - accessMode: ReadWriteOnce - size: 20Gi - subPath: - -minio: - enabled: true - hostname: - baseUrl: - accessKey: '1nW2poWjw2G5OskVG2VVXIyHsuQJIo' - secretKey: 'WfR6lXrgsbIYN#LuI9$ED9B0ck2scn' - ingress: - enabled: true - annotations: {} - extraLabels: {} - maxBodySize: 22G - tls: [] - persistence: - enabled: true - existingClaim: - storageClass: - annotations: {} - accessMode: ReadWriteOnce - size: 20Gi - subPath: - -ingress: - tls: - wildcard: - externalSecretName: - enabled: false - crt: - key: - -globalConfig: - externalConfigmapName: - content: | - {} - -_internal: - services: - - auth - - expose - - notify - - uploader - volumes: -# uploader: -# data: -# name: uploader-data -# mountPath: /var/data/upload -# uid: 1000 - auth: - expose: - api: - ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - #nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - notify: - uploader: - api: - ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - #nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - minio: - ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - #nginx.ingress.kubernetes.io/proxy-request-buffering: "off" diff --git a/infra/helm_services/bin/test.sh b/infra/helm_services/bin/test.sh deleted file mode 100755 index 271ab52253..0000000000 --- a/infra/helm_services/bin/test.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -helm uninstall all1 - -n=0 -until [ "$n" -ge 50 ]; do - helm install all1 ./all -f sample.yaml && break - n=$((n+1)) - sleep 2 -done diff --git a/infra/helm_services/cert1.pem b/infra/helm_services/cert1.pem deleted file mode 100644 index d52a929c07..0000000000 --- a/infra/helm_services/cert1.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDcDCCAligAwIBAgIRAPD+aG5yazX04dgnN5jxYQ0wDQYJKoZIhvcNAQELBQAw -SzEQMA4GA1UEChMHQWNtZSBDbzE3MDUGA1UEAxMuS3ViZXJuZXRlcyBJbmdyZXNz -IENvbnRyb2xsZXIgRmFrZSBDZXJ0aWZpY2F0ZTAeFw0yMDA3MDkwOTAzNTFaFw0y -MTA3MDkwOTAzNTFaMEsxEDAOBgNVBAoTB0FjbWUgQ28xNzA1BgNVBAMTLkt1YmVy -bmV0ZXMgSW5ncmVzcyBDb250cm9sbGVyIEZha2UgQ2VydGlmaWNhdGUwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGqXfn4mrjRP2xLn6qdxaguoYyfzXY -LStPRXz3/mBqImILQl7+lhlDnEIGm5s3/20btFoRLLOz+q3YTwHTyr6qSrQ/1b3+ -a8bxrF8WuuZ0FO5hgaUffW5REwKVPXsG2FeG3p+FagvgOQIs+BKVynbgZocPfVag -EVUx9Nih2wBnKUbIOFtUFjso0HIoQ0h3U0v1jOBJLwfN2MADeZ9jMwJk+VDxdCek -ijAfqkf8uHnZrsOW4fQyVH2jiG79LenWhkFDEEo1tsYmOJhr+iYETWFhspH5jv2m -HUPkPN9ZFkNyN2321ZrcI0qPxigg+SaU9QQ5t693Hs67Bpl1tGRJiUF1AgMBAAGj -TzBNMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMB -Af8EAjAAMBgGA1UdEQQRMA+CDWluZ3Jlc3MubG9jYWwwDQYJKoZIhvcNAQELBQAD -ggEBAJeN1XoDP6CbBuSBvx+M3xGOjO/lM5/eZgtsQwqZzNAXeVidkE4Mq/UQeB7y -ztyVbunc8uhlD8ZfDoVSSsSNwsrMznsTzM+Cd/5pVdWsEWrW5gQnzTVSMbmKlEbV -e1AaVxjPu0RBMI7nMXrGQB4GhIILMGOMnc+cQgVc1dj6fVwRV875Os31YEJzM6+o -1xuKiDtahc4m0leEgRiZzBWTCsN+rG/rls3kKBK3YxX5qlA9prBajugoTgJ4yxTC -PpgBHThfZiTcRZExmybsET/Gk7+FcLvH5lqb3zM0IPpWMIWmtYIbrWVixtLp0MbC -iF5JYQtFtNfpWzAYUMm/JzE/7Ps= ------END CERTIFICATE----- diff --git a/infra/helm_services/myvalues.yml b/infra/helm_services/myvalues.yml deleted file mode 100644 index b1d30a9f3a..0000000000 --- a/infra/helm_services/myvalues.yml +++ /dev/null @@ -1,155 +0,0 @@ -auth: - api: - hostname: "auth.alchemy.kube" - baseUrl: "https://auth.alchemy.kube" - ingress: - annotations: - toto: titi -expose: - api: - hostname: "api-expose.alchemy.kube" - baseUrl: "https://api-expose.alchemy.kube" - ingress: - tls: - - secretName: fooo - client: - hostname: "expose.alchemy.kube" - baseUrl: "https://expose.alchemy.kube" - mapbox: - token: "pk.eyJ1IjoiYXJ0aHVyZGVtb3VsaW5zIiwiYSI6ImNrYXAybGNodTBqdGIycnBvNGs0cWhsanYifQ.AafKAw4dVuEOVvbnwWG9Vw" - -uploader: - api: - hostname: "api-uploader.alchemy.kube" - baseUrl: "https://api-uploader.alchemy.kube" - ingress: - annotations: - toto: titi - client: - hostname: "uploader.alchemy.kube" - baseUrl: "https://uploader.alchemy.kube" - ingress: - tls: - - secretName: yoyo - persistence: - enabled: false - -notify: - api: - hostname: "notify.alchemy.kube" - baseUrl: "https://notify.alchemy.kube" - -report: - api: - hostname: "report.alchemy.kube" - baseUrl: "https://report.alchemy.kube" - -mailerDsn: "smtp://localhost" - -minio: - enabled: true - hostname: "minio.alchemy.kube" - baseUrl: "https://minio.alchemy.kube" - -ingress: - tls: - wildcard: - enabled: true - crt: | - -----BEGIN CERTIFICATE----- - MIIDuzCCAqOgAwIBAgIUD95TKFJjI6CW+vQFIbPDOBEUnC8wDQYJKoZIhvcNAQEL - BQAwSDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEWMBQGA1UECgwNQWxj - aGVteSwgSW5jLjEQMA4GA1UEAwwHQWxjaGVteTAeFw0yMDA2MzAxMTAzMzFaFw0y - NTA2MjkxMTAzMzFaMIGOMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4w - DAYDVQQHDAVQYXJpczEQMA4GA1UECgwHQWxjaGVteTEQMA4GA1UECwwHQWxjaGVt - eTEhMB8GCSqGSIb3DQEJARYSY29udGFjdEBhbGNoZW15LmZyMRcwFQYDVQQDDA4q - LmFsY2hlbXkua3ViZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbi - vcx8msx09frw7rs79chiOcHALZ1zILJfCYT9vEmQTWlWI12wrP8LRWMh8YQOt/rs - TCqch/xPsIED0w0ShMryhRhThbq1SuIrARKpkBJWzi350+ge1vwhm2D1wT1rQm9J - AZBP/LGl2C5kR8WIIPtz3fGbpZLRBd66V7LT0/az/yj/ocSMGTC7bbVwc4Q2xOfS - rLQpMPwFBrY4+Xw+Wn+W5SaS8WWUE8gh+dYTv3XcMil7XSe6I1X0QgsAfahWAaEH - LWmfku+CRoQ9t2nVdGc6tH/aeuxOU4xL3cZld1DoZ/2imnqsIQ4m+7kYhbAzERg9 - bvYjnHTLpDzX4yH4JfMCAwEAAaNWMFQwHwYDVR0jBBgwFoAUNmzTskn998pLNs+3 - iCg4LiRGWs8wCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOKi5h - bGNoZW15Lmt1YmUwDQYJKoZIhvcNAQELBQADggEBAGT1z36Up4jOnuq93KGF6ase - bOrESSRrDZ8cen7XlvC/A+3nkIRfX0rwirX5h74IOJxE7xFKfL9n8RekL6OgSXWk - /Xjf8D2w9uH3GRdhLAST6yDynktB9GJmH526ZBcWpGceBBx3yUe0OyF9F3YnYaMO - 70s5ZFWVNdGz1GOqorPbHVCHYHKm2OHfZBwJz9Ouo1g6L5y54ZVm0ZmfySfwWAyn - u7DcYYXODFaEel5R8DfC/JrQcO1dl/bErUxvFI1Z+Rk09bZ5UMHFWTTJwP9SMsAv - i9iyPbmrvU80sjF7dwwxJyrgJVSJMNEA2OWErF/wVSsApyunhlf4DMPMdTh+xtE= - -----END CERTIFICATE----- - key: | - -----BEGIN PRIVATE KEY----- - MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC24r3MfJrMdPX6 - 8O67O/XIYjnBwC2dcyCyXwmE/bxJkE1pViNdsKz/C0VjIfGEDrf67EwqnIf8T7CB - A9MNEoTK8oUYU4W6tUriKwESqZASVs4t+dPoHtb8IZtg9cE9a0JvSQGQT/yxpdgu - ZEfFiCD7c93xm6WS0QXeuley09P2s/8o/6HEjBkwu221cHOENsTn0qy0KTD8BQa2 - OPl8Plp/luUmkvFllBPIIfnWE7913DIpe10nuiNV9EILAH2oVgGhBy1pn5LvgkaE - Pbdp1XRnOrR/2nrsTlOMS93GZXdQ6Gf9opp6rCEOJvu5GIWwMxEYPW72I5x0y6Q8 - 1+Mh+CXzAgMBAAECggEBAIcKlitQNt2R37AUB7Opaqs0HIG8bfI8+H+9PUI+ObH4 - I7EMMcEUnCkXIX05qyRf2eomYXd1bdQY47PgJw8YBYX13eFAixZ6l3i5WGl3WzKv - dj7solRbsVMrXZgS30WC1eNmfQkahvSGCUL4OSbahcAmplOpInFudm8oGWmqkHEw - 5lIqthsvep2myfm4SDtw4vU342HpajkcFy1TqhkLaUbR7ppqsyc2uXbAF3i5vgS7 - yo0TxYznknYOvrpUdq4QpvXVwoIfR3aK6jEmYMdQyeiDC+Z2RlBfzOF++eifknbW - nQaNTpR+YmccrnnvGjvCfFekwZBpWjyOAZCOf9h0gYECgYEA8Z2UNWzK6Cdzgf0m - eoHajsWTzueB+2qyxEkBpgjTCyl7Q/GbOU1PSCoAtd1HE2LiehJbLfQwnoIl9m2f - 3ZwbnwU/rpm9VYyO34JqmN48InYTbl8i/uN+sEmsiafrG4rfGGKpC3t/LnINwqXh - YKqTv2Wr8KFa4YQeXXCv2+GDtYsCgYEAwcYSNYF++IKxTVoSA5HdbROWYhXisNXj - 7U++4iHsCcqEIk4vIVZNK9599UAaolktL25bt1gz0nTqad5dnXPrDIkXOfTSEJR/ - A/8nyySJ83l8UN6OtD5xG2cgAkWzpRUAcgcCFI1uw0QIhNZJMZN/9W0n8DtrGiGZ - RMYP0Y1JbjkCgYEAkQvHQHdKLCoa1otRgTPZL+J+hDRIvNTl8p3dRn5/q3DAlh5B - 0BmQIcNNX+Ax3fp7+UpxwFmaol2BSrmuwgwILOOqwjd7CRNzZcxWD+VB9nIp4hVs - 3dVWZaAk2xKaOpOYsHvx/Xmq9Qf1KMgKT8y3G6x+lttWwpFc5T1T5U0xk1cCgYBD - pkL1KyCI4hfESY3AcUw8qHn4BGwAEKxiTVT23aDqSimXUHRjzx1iE2smFBs4UqnT - xVN/zutIrkiobVmBftawqavSMAamgzFU09+wrDD9L4yXLxvjEWmrh3VFVdBB8fMV - 3Bx90GK7CSVwOt+Sz0v9Av7Of/AET3aS7BLZtdnNAQKBgQCd+efqwaDhl0aGaESd - 4XPPcXsLcFPp05NQRhrN/8fNHh4PIzCyfCcAZmpBcAoPmLk0BgmlxyhDG2ODkvsm - Pq6KEEXqZzK5zGlvG6tMhU6bzhRG5NOqek9XfePHsUkcQw4seS/Adw9nDZKW5q93 - 8pbTjvtuTuqKn12bzeIlADZM7w== - -----END PRIVATE KEY----- - -globalConfig: - externalConfigmapName: - content: | - { - "available_locales": [ - "en", - "fr" - ], - "auth": { - "identity_providers": [] - }, - "uploader": { - "max_upload_file_size": null, - "max_upload_commit_size": null, - "max_upload_file_count": null, - "client": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "margin": "2px 10px" - } - }, - "admin": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "with": "80px" - } - } - }, - "notify": { - "admin": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "with": "80px" - } - } - }, - "expose": { - "admin": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "with": "80px" - } - } - } - } diff --git a/infra/helm_services/post-provisionning-sample.yaml b/infra/helm_services/post-provisionning-sample.yaml deleted file mode 100644 index 1263a984a8..0000000000 --- a/infra/helm_services/post-provisionning-sample.yaml +++ /dev/null @@ -1,138 +0,0 @@ -auth: - defaultUser: - externalSecretName: - # Secret must contain: - # - DEFAULT_ADMIN_USER_USERNAME - # - DEFAULT_ADMIN_USER_PASSWORD - api: - hostname: api-auth.phrasea.io - baseUrl: https://api-auth.phrasea.io - ingress: - annotations: {} - tls: [] - adminOAuthClient: - externalSecretName: - # Secret must contain: - # - ADMIN_CLIENT_ID - # - ADMIN_CLIENT_RANDOM_ID - # - ADMIN_CLIENT_SECRET - -expose: - api: - hostname: api-expose.phrasea.io - baseUrl: https://api-expose.phrasea.io - config: - s3Storage: - baseUrl: "https://s3.eu-west-1.amazonaws.com/expose" - # Leave me empty for AWS S3 - endpoint: "" - bucketName: expose - externalSecretKey: - # Secret must contain: - # - S3_STORAGE_ACCESS_KEY - # - S3_STORAGE_SECRET_KEY - - ingress: - annotations: {} - adminOAuthClient: - externalSecretName: - # Secret must contain: - # - ADMIN_CLIENT_ID - # - ADMIN_CLIENT_RANDOM_ID - # - ADMIN_CLIENT_SECRET - client: - hostname: expose.phrasea.io - baseUrl: https://expose.phrasea.io - ingress: - annotations: {} - tls: [] - oauthClient: - externalSecretName: - # Secret must contain: - # - CLIENT_ID - # - CLIENT_RANDOM_ID - # - CLIENT_SECRET - secret: "" - mapbox: - token: "" - -notify: - api: - hostname: api-notify.phrasea.io - baseUrl: https://api-notify.phrasea.io - ingress: - annotations: {} - tls: [] - adminOAuthClient: - externalSecretName: - # Secret must contain: - # - ADMIN_CLIENT_ID - # - ADMIN_CLIENT_RANDOM_ID - # - ADMIN_CLIENT_SECRET - -uploader: - persistence: - existingClaim: - api: - hostname: api-uploader.phrasea.io - baseUrl: https://api-uploader.phrasea.io - ingress: - annotations: {} - config: - s3Storage: - baseUrl: "https://s3.eu-west-1.amazonaws.com/uploader-deposit" - # Leave me empty for AWS S3 - endpoint: "" - bucketName: uploader-deposit - externalSecretKey: - # Secret must contain: - # - S3_STORAGE_ACCESS_KEY - # - S3_STORAGE_SECRET_KEY - - adminOAuthClient: - externalSecretName: - # Secret must contain: - # - ADMIN_CLIENT_ID - # - ADMIN_CLIENT_RANDOM_ID - # - ADMIN_CLIENT_SECRET - client: - hostname: uploader.phrasea.io - ingress: - annotations: {} - tls: [] - oauthClient: - externalSecretName: - # Secret must contain: - # - CLIENT_ID - # - CLIENT_RANDOM_ID - # - CLIENT_SECRET - -report: - api: - hostname: report.phrasea.io - baseUrl: https://report.phrasea.io - -mailer: - dsn: "" - -postgresql: - externalSecretName: - # Secret must contain: - # - POSTGRES_USER - # - POSTGRES_PASSWORD - persistence: - existingClaim: - -rabbitmq: - externalSecretName: - # Secret must contain: - # - RABBITMQ_USER - # - RABBITMQ_PASSWORD - persistence: - existingClaim: - -minio: - enabled: false - -globalConfig: - externalConfigmapName: diff --git a/infra/helm_services/sample.yaml b/infra/helm_services/sample.yaml deleted file mode 100644 index c331ea9612..0000000000 --- a/infra/helm_services/sample.yaml +++ /dev/null @@ -1,148 +0,0 @@ -auth: - api: - hostname: "auth.alchemy.kube" - baseUrl: "https://auth.alchemy.kube" -expose: - api: - hostname: "api-expose.alchemy.kube" - baseUrl: "https://api-expose.alchemy.kube" - client: - hostname: "expose.alchemy.kube" - baseUrl: "https://expose.alchemy.kube" - mapbox: - token: "pk.eyJ1IjoiYXJ0aHVyZGVtb3VsaW5zIiwiYSI6ImNrYXAybGNodTBqdGIycnBvNGs0cWhsanYifQ.AafKAw4dVuEOVvbnwWG9Vw" - -uploader: - api: - hostname: "api-uploader.alchemy.kube" - baseUrl: "https://api-uploader.alchemy.kube" - client: - hostname: "uploader.alchemy.kube" - baseUrl: "https://uploader.alchemy.kube" - persistence: - enabled: false - -notify: - api: - hostname: "notify.alchemy.kube" - baseUrl: "https://notify.alchemy.kube" - -report: - api: - hostname: "report.alchemy.kube" - baseUrl: "https://report.alchemy.kube" - -dashboard: - hostname: "dashboard.alchemy.kube" - baseUrl: "https://dashboard.alchemy.kube" - -mailer: - dsn: "smtp://localhost" - -minio: - enabled: true - hostname: "minio.alchemy.kube" - baseUrl: "https://minio.alchemy.kube" - -ingress: - tls: - wildcard: - enabled: true - crt: | - -----BEGIN CERTIFICATE----- - MIIDuzCCAqOgAwIBAgIUD95TKFJjI6CW+vQFIbPDOBEUnC8wDQYJKoZIhvcNAQEL - BQAwSDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEWMBQGA1UECgwNQWxj - aGVteSwgSW5jLjEQMA4GA1UEAwwHQWxjaGVteTAeFw0yMDA2MzAxMTAzMzFaFw0y - NTA2MjkxMTAzMzFaMIGOMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMQ4w - DAYDVQQHDAVQYXJpczEQMA4GA1UECgwHQWxjaGVteTEQMA4GA1UECwwHQWxjaGVt - eTEhMB8GCSqGSIb3DQEJARYSY29udGFjdEBhbGNoZW15LmZyMRcwFQYDVQQDDA4q - LmFsY2hlbXkua3ViZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbi - vcx8msx09frw7rs79chiOcHALZ1zILJfCYT9vEmQTWlWI12wrP8LRWMh8YQOt/rs - TCqch/xPsIED0w0ShMryhRhThbq1SuIrARKpkBJWzi350+ge1vwhm2D1wT1rQm9J - AZBP/LGl2C5kR8WIIPtz3fGbpZLRBd66V7LT0/az/yj/ocSMGTC7bbVwc4Q2xOfS - rLQpMPwFBrY4+Xw+Wn+W5SaS8WWUE8gh+dYTv3XcMil7XSe6I1X0QgsAfahWAaEH - LWmfku+CRoQ9t2nVdGc6tH/aeuxOU4xL3cZld1DoZ/2imnqsIQ4m+7kYhbAzERg9 - bvYjnHTLpDzX4yH4JfMCAwEAAaNWMFQwHwYDVR0jBBgwFoAUNmzTskn998pLNs+3 - iCg4LiRGWs8wCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwGQYDVR0RBBIwEIIOKi5h - bGNoZW15Lmt1YmUwDQYJKoZIhvcNAQELBQADggEBAGT1z36Up4jOnuq93KGF6ase - bOrESSRrDZ8cen7XlvC/A+3nkIRfX0rwirX5h74IOJxE7xFKfL9n8RekL6OgSXWk - /Xjf8D2w9uH3GRdhLAST6yDynktB9GJmH526ZBcWpGceBBx3yUe0OyF9F3YnYaMO - 70s5ZFWVNdGz1GOqorPbHVCHYHKm2OHfZBwJz9Ouo1g6L5y54ZVm0ZmfySfwWAyn - u7DcYYXODFaEel5R8DfC/JrQcO1dl/bErUxvFI1Z+Rk09bZ5UMHFWTTJwP9SMsAv - i9iyPbmrvU80sjF7dwwxJyrgJVSJMNEA2OWErF/wVSsApyunhlf4DMPMdTh+xtE= - -----END CERTIFICATE----- - key: | - -----BEGIN PRIVATE KEY----- - MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC24r3MfJrMdPX6 - 8O67O/XIYjnBwC2dcyCyXwmE/bxJkE1pViNdsKz/C0VjIfGEDrf67EwqnIf8T7CB - A9MNEoTK8oUYU4W6tUriKwESqZASVs4t+dPoHtb8IZtg9cE9a0JvSQGQT/yxpdgu - ZEfFiCD7c93xm6WS0QXeuley09P2s/8o/6HEjBkwu221cHOENsTn0qy0KTD8BQa2 - OPl8Plp/luUmkvFllBPIIfnWE7913DIpe10nuiNV9EILAH2oVgGhBy1pn5LvgkaE - Pbdp1XRnOrR/2nrsTlOMS93GZXdQ6Gf9opp6rCEOJvu5GIWwMxEYPW72I5x0y6Q8 - 1+Mh+CXzAgMBAAECggEBAIcKlitQNt2R37AUB7Opaqs0HIG8bfI8+H+9PUI+ObH4 - I7EMMcEUnCkXIX05qyRf2eomYXd1bdQY47PgJw8YBYX13eFAixZ6l3i5WGl3WzKv - dj7solRbsVMrXZgS30WC1eNmfQkahvSGCUL4OSbahcAmplOpInFudm8oGWmqkHEw - 5lIqthsvep2myfm4SDtw4vU342HpajkcFy1TqhkLaUbR7ppqsyc2uXbAF3i5vgS7 - yo0TxYznknYOvrpUdq4QpvXVwoIfR3aK6jEmYMdQyeiDC+Z2RlBfzOF++eifknbW - nQaNTpR+YmccrnnvGjvCfFekwZBpWjyOAZCOf9h0gYECgYEA8Z2UNWzK6Cdzgf0m - eoHajsWTzueB+2qyxEkBpgjTCyl7Q/GbOU1PSCoAtd1HE2LiehJbLfQwnoIl9m2f - 3ZwbnwU/rpm9VYyO34JqmN48InYTbl8i/uN+sEmsiafrG4rfGGKpC3t/LnINwqXh - YKqTv2Wr8KFa4YQeXXCv2+GDtYsCgYEAwcYSNYF++IKxTVoSA5HdbROWYhXisNXj - 7U++4iHsCcqEIk4vIVZNK9599UAaolktL25bt1gz0nTqad5dnXPrDIkXOfTSEJR/ - A/8nyySJ83l8UN6OtD5xG2cgAkWzpRUAcgcCFI1uw0QIhNZJMZN/9W0n8DtrGiGZ - RMYP0Y1JbjkCgYEAkQvHQHdKLCoa1otRgTPZL+J+hDRIvNTl8p3dRn5/q3DAlh5B - 0BmQIcNNX+Ax3fp7+UpxwFmaol2BSrmuwgwILOOqwjd7CRNzZcxWD+VB9nIp4hVs - 3dVWZaAk2xKaOpOYsHvx/Xmq9Qf1KMgKT8y3G6x+lttWwpFc5T1T5U0xk1cCgYBD - pkL1KyCI4hfESY3AcUw8qHn4BGwAEKxiTVT23aDqSimXUHRjzx1iE2smFBs4UqnT - xVN/zutIrkiobVmBftawqavSMAamgzFU09+wrDD9L4yXLxvjEWmrh3VFVdBB8fMV - 3Bx90GK7CSVwOt+Sz0v9Av7Of/AET3aS7BLZtdnNAQKBgQCd+efqwaDhl0aGaESd - 4XPPcXsLcFPp05NQRhrN/8fNHh4PIzCyfCcAZmpBcAoPmLk0BgmlxyhDG2ODkvsm - Pq6KEEXqZzK5zGlvG6tMhU6bzhRG5NOqek9XfePHsUkcQw4seS/Adw9nDZKW5q93 - 8pbTjvtuTuqKn12bzeIlADZM7w== - -----END PRIVATE KEY----- - -globalConfig: - externalConfigmapName: - content: | - { - "available_locales": [ - "en", - "fr" - ], - "auth": { - "identity_providers": [] - }, - "uploader": { - "max_upload_file_size": null, - "max_upload_commit_size": null, - "max_upload_file_count": null, - "client": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "margin": "2px 10px" - } - }, - "admin": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "with": "80px" - } - } - }, - "notify": { - "admin": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "with": "80px" - } - } - }, - "expose": { - "admin": { - "logo": { - "src": "https://www.phraseanet.com/wp-content/uploads/2014/05/PICTO_PHRASEANET.png", - "with": "80px" - } - } - } - } From cd3b7039e2942b7cad142c9a847db62a7afb0778 Mon Sep 17 00:00:00 2001 From: nmaillat Date: Mon, 19 Apr 2021 10:13:27 +0200 Subject: [PATCH 3/3] add minikube readme and doc repo --- .dockerignore | 1 + doc/infra/minikube.md | 52 ++++++++++++++++++++++++++++++++++++ infra/dev/deploy-minikube.sh | 51 +++++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 doc/infra/minikube.md create mode 100755 infra/dev/deploy-minikube.sh diff --git a/.dockerignore b/.dockerignore index 12389ce613..87ac5d9034 100644 --- a/.dockerignore +++ b/.dockerignore @@ -11,6 +11,7 @@ /.travis.yml /AUTHORS /CONTRIBUTORS +/doc /Dockerfile /LICENSE /bin diff --git a/doc/infra/minikube.md b/doc/infra/minikube.md new file mode 100644 index 0000000000..5e4b745f88 --- /dev/null +++ b/doc/infra/minikube.md @@ -0,0 +1,52 @@ +# Deploy stack to minikube + +## Setup + +status : Alpha + + + +```bash +minikube start +minikube addons enable ingress +``` + +Get the minikube IP: + +```bash +minikube ip +``` + + +Refer to [sample.yaml](../infra/helm/sample.yaml) to get all domains. +Add these domains to your `/etc/hosts`: + +``` +# Alchemy Minikube +192.168.49.2 phraseanet-bo.alchemy.kube +# ... add other domains +``` + +For a quicker setup we will use the nginx configuration explained in [dev-with-nginx](./dev-with-nginx.md) + +## Build local image in minikube + +If you need to test your fresh image directly into minikube cluster, you need to build them +with the Mminikube Docker daemon: + +```bash +eval $(minikube docker-env) +docker-compose build +``` + +Alternatively you can run a registry in minikube and push your images: +https://minikube.sigs.k8s.io/docs/handbook/pushing/#4-pushing-to-an-in-cluster-using-registry-add + +If your minikube server name is not "minikube" define it in MINIKUBE_NAME + + +```bash +infra/dev/deploy-minikube.sh install +infra/dev/deploy-minikube.sh update +infra/dev/deploy-minikube.sh uninstall +``` \ No newline at end of file diff --git a/infra/dev/deploy-minikube.sh b/infra/dev/deploy-minikube.sh new file mode 100755 index 0000000000..c158a7eba5 --- /dev/null +++ b/infra/dev/deploy-minikube.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +set -ex + + +BASEDIR="$(dirname $0)" +DIR="${BASEDIR}" + +#MINIKUBE_NAME:${MINIKUBE_NAME:-"minikube"} + +NS=${NS:-"phraseanet"} +RELEASE_NAME="phraseanet" +CHART_DIR="infra/helm/all" +VALUE_SRC="infra/helm/myvalues.yaml" + +#kubectl config use-context $MINIKUBE_NAME + +case $1 in + uninstall) + helm uninstall ${RELEASE_NAME} || true; + ;; + validate) + helm install --dry-run --debug ${RELEASE_NAME} "${CHART_DIR}" \ + -f "${VALUE_SRC}" \ + --namespace $NS + ;; + update) + echo "Updating..." + helm upgrade ${RELEASE_NAME} "${CHART_DIR}" \ + -f "${VALUE_SRC}" \ + --namespace $NS + ;; + + *) + if [ ! -d "${CHART_DIR}/charts" ]; then + (cd "${CHART_DIR}" && helm dependency update) + fi + kubectl create ns $NS || true + helm uninstall ${RELEASE_NAME} --namespace $NS || true; + # kubectl -n $NS delete pvc elasticsearch-master-elasticsearch-master-0 || true + while [ $(kubectl -n $NS get pvc | wc -l) -gt 0 ] || [ $(kubectl -n $NS get pods | wc -l) -gt 0 ] + do + echo "Waiting for resources to be deleted..." + sleep 5 + done + echo "Installing release ${RELEASE_NAME} in namespace $NS..." + helm install ${RELEASE_NAME} "${CHART_DIR}" \ + -f "${VALUE_SRC}" \ + --namespace $NS + ;; +esac