temp: devspace files

charts/CHANGELOG

@@ -0,0 +1,188 @@
+0.8.18
+Fix ingress configuration snippet so that it is not bound by allow_django_admin
+
+0.8.17
+Feature to add NewRelic HTTP header and client-max-body-size to ingress
+
+0.8.16
+Updated the User ID use in k8s-cli-utils. It was updated in this PR (https://github.com/edx/k8s-cli-utils/pull/14)
+
+0.8.15
+Switch k8s-cli-utils image from dockerhub to ECR
+
+0.8.14
+Feature to allow configurable resource limits for CronJobs
+
+0.8.13
+Add feature to allow custom migration commands
+
+0.8.12
+Fix feature to allow worker resource limits to be configurable
+
+0.8.11
+Properly quote and escape shell script interpolations for deployments and cron jobs as well.
+
+0.8.10
+Add feature to allow worker resource limits to be configurable
+
+0.8.9
+Fix app deployment issue by adding the missing mounted volumes section when migrations are disabled
+
+0.8.8
+Proceed with running Django migrations only when it is enabled
+
+0.8.7
+Added additionalLabels env, owner and team for kubecost aggregations using range
+
+0.8.6
+Increase memory limit for celery workers to fix discovery celery workers from crashing due to resource limits being exceeded
+
+0.8.5
+Fix YAML injection prevention; `quote` output's escaping is only compatible with YAML, not Bash strings
+
+0.8.4
+Prevented YAML injection in worker command
+
+0.8.3
+Updated the Cron job template to support schedules that need to be quoted.
+
+0.8.2
+Updated the Cron job Api version to batch/v1. Previous api version was deprecated in k8s 1.21 and removed in 1.25.
+
+0.8.1
+Add option to configure the name of python (e.g. python, python3, python3.9) used to run command in migration init
+container. Defaults to python3.
+
+0.8.0
+Removed ingress class variable in favor of new className variable. The class variable is used to set the old annotation
+kubernetes.io/ingress.class which has been replaced by ingressClassName in the spec of the v1 of the ingress api
+
+0.7.2
+Add extra_tls_hosts variable to allow adding extra hostnames to TLS certs
+Make ingress and tls secret names stable on ingresses using the new className variable to prevent shuffling. 
+
+0.7.1
+Add new ingress class variable to fix issue with 0.7.0 that causes new ingresses to not be created, because kubernetes
+doesn't allow you to set the new className variable on the spec and the old annotation at the same time.
+
+0.7.0
+Add ingressClassName to ingress spec for compatibility with networking.k8s.io/v1 Ingress and Kubernetes 1.22
+
+0.6.2
+Add custom annotation to ingress object for external dns cloudflare
+
+0.6.1
+Adding option to specify command for collectstatic job
+
+0.6.0
+Changed imagePullPolicy to Always for app containers to fix issue with images not updating after rebuild. Currently
+image tags are not immutable, so we need to always check the Docker image repository for updates images.
+
+0.5.8
+Add custom annotation for external dns
+
+0.5.7
+Add health_check.host_header to customize livenessProbe HTTP Host header
+
+0.5.6
+Add support for DB_MIGRATION_PASS with Bash special characters
+
+0.5.5
+Only create app HPA resource if app is enabled
+
+0.5.4
+Add option to toggle off app deployment (default set to True)
+
+0.5.3
+Upgrade ingress apiVersion from extensions/v1beta1 to networking.k8s.io/v1
+
+0.5.2
+Adding option to specify resources for POD.
+
+0.5.1
+Adding option to specify initialDelaySeconds for readiness and liveness probes.
+
+0.5.0
+Removeing migrations from cronjobs and workers since this makes the db state harder to reason about.  
+Migrations will only be run when the application image is deployed.  Remove migration secrets from cronjobs and workers since they
+are no longer needed.
+
+0.4.1
+Removing mysql and elasticsearch subcharts
+
+0.4.0
+Removing support for development_mysql and development_elasticsearch
+
+0.3.8
+Default vault url updated to https://vault.prod.edx.org
+
+0.3.7
+Enabled tls by default for django-ida helm chart
+added flag vault.use_tls to disable this behaviour.
+
+0.3.6
+New version of k8s-cli-util
+Move from the older stable url to the newer one for the dev mysql deployment
+
+0.3.5
+New version of k8s-cli-util
+
+0.3.4
+Moved autoscaler api endpoints to use apps/v1 instead of apps/v1beta1, requires K8s > 1.10, but should 
+otherwise be reverse compatible.
+
+0.3.3
+Ingresses now have a generated number after them to prevent names colliding
+
+0.3.2
+Added parameter to allow the customization of the healthcheck endpoint with
+/health as the default value.
+health_check.endpoint: "/health"
+
+Added a liveness check that is different from the readiness check.
+
+0.3.1
+Added ability to override the app.port, default is backwards compatible
+        app.port: 18170
+
+0.3.0
+Change defaults for the following variables as it was discovered
+that the apps are mostly consistent, it is vault that is inconsistent.
+        app.migrations.migrate_db_user_env_name: DB_MIGRATION_USER
+        app.migrations.migrate_db_pass_env_name: DB_MIGRATION_PASS
+
+0.2.2
+Fix secret render indentation to fit configmap
+
+0.2.1
+Render config as Yaml instead of as a serialized map
+
+v0.2.0
+Added the following values to allow user to overwrite migration env names,
+since they differ between applications.  The following defaults were assigned:
+
+        app.migrations.migrate_db_user_env_name: DATABASE_MIGRATE_USER
+        app.migrations.migrate_db_pass_env_name: DATABASE_MIGRATE_PASSWORD
+
+This is a breaking change since the default migrate_db_pass_env_name was
+previously: DB_MIGRATION_PASS
+
+v0.1.1
+Fixed bug where image:tag pairings were not valid
+
+v0.1.0
+Added overridable issuer for ingresses for the cert issuer.
+You will need to add an 'issuer' to each ingress using this version.
+
+v0.0.4
+Fix bug that resulted in an impossible autoscaling configuration min > max
+
+v0.0.3
+Allow applications to not specify a role_arn. Removed fake role ARN from service accounts by default.
+
+v0.0.2
+Added support for arbitrary application environment variables that get passed into all containers running the application image
+to support applications that have non standard ENV setups.  
+
+v0.0.1
+Initial commit

charts/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: django-ida
+  repository: https://25c38c15078aaa07ab0119be78db03b720b5e014@raw.githubusercontent.com/edx/helm-repo/master/
+  version: 0.8.16
+digest: sha256:0e92ca10d7d40f4c92e8515b0db1c0ba1c6bcc2a43a5863bcbbf7ff75cab9679
+generated: "2023-10-30T14:08:00.791802-04:00"

charts/Chart.yaml

@@ -0,0 +1,3 @@
+name: registrar
+version: 0.0.1
+apiVersion: v2

charts/development-config.yaml

@@ -0,0 +1,130 @@
+django-ida:
+  app: 
+    name: registrar
+    role_arn: arn:aws:iam::708756755355:role/development-edx-registrar
+    command: 'gunicorn --workers=2 --name registrar -c /edx/app/registrar/registrar/docker_gunicorn_configuration.py --log-file - --max-requests=1000 registrar.wsgi:application'
+
+    port: 18734
+
+    secret_file_env_name: REGISTRAR_CFG
+    secret_file_name: registrar.yml
+    service_account_name: registrar
+    migrations:
+      name: registrar-migrations
+      enabled: true
+      database_migrate_user: db-user
+
+    autoscaling:
+      enabled: false
+      minReplicas: 3
+      maxReplicas: 10
+      targetCPUUtilizationPercentage: 50
+
+    health_check:
+      liveness_probe_initial_delay_seconds: 30
+      readiness_probe_initial_delay_seconds: 30
+
+    # FILL-ME-IN
+    config:
+      API_ROOT: https://api.development.edx.org/registrar
+      BACKEND_SERVICE_EDX_OAUTH2_KEY: '{{ .Data.data.BACKEND_SERVICE_EDX_OAUTH2_KEY }}'
+      BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL: https://courses.development.edx.org/oauth2
+      BACKEND_SERVICE_EDX_OAUTH2_SECRET: '{{ .Data.data.BACKEND_SERVICE_EDX_OAUTH2_SECRET}}'
+      CACHES:
+        default:
+          BACKEND: django.core.cache.backends.memcached.MemcachedCache
+          KEY_PREFIX: registrar
+          LOCATION:
+          - development-edx-registrar.6sxrym.0001.use1.cache.amazonaws.com
+          - development-edx-registrar.6sxrym.0002.use1.cache.amazonaws.com
+      CELERY_ALWAYS_EAGER: false
+      CELERY_BROKER_HOSTNAME: edx-development-queues.6sxrym.ng.0001.use1.cache.amazonaws.com:6379
+      CELERY_BROKER_PASSWORD: ''
+      CELERY_BROKER_TRANSPORT: redis
+      CELERY_BROKER_USER: ''
+      CELERY_BROKER_VHOST: 0
+      CELERY_DEFAULT_EXCHANGE: registrar
+      CELERY_DEFAULT_QUEUE: registrar.default
+      CELERY_DEFAULT_ROUTING_KEY: registrar
+      CORS_ORIGIN_WHITELIST:
+      - https://development-edx-registrar.edx.org
+      - https://registrar.development.edx.org
+      - https://program-console.development.edx.org
+      CSRF_COOKIE_SECURE: true
+      CSRF_TRUSTED_ORIGINS:
+      - .edx.org
+      CSRF_TRUSTED_ORIGINS_WITH_SCHEMES:
+      - https://*.edx.org
+      DATABASES:
+        default:
+          ATOMIC_REQUESTS: false
+          CONN_MAX_AGE: 60
+          ENGINE: django.db.backends.mysql
+          HOST: mysql.mysql
+          NAME: db
+          OPTIONS:
+            connect_timeout: 10
+            init_command: SET sql_mode='STRICT_TRANS_TABLES'
+          PASSWORD: '{{ .Data.data.DATABASE_DEFAULT_PASSWORD }}'
+          PORT: '3306'
+          USER: db-user
+      DISCOVERY_BASE_URL: https://discovery.development.edx.org
+      EDX_DRF_EXTENSIONS:
+        OAUTH2_USER_INFO_URL: https://courses.development.edx.org/oauth2/user_info
+      JWT_AUTH:
+        JWT_AUTH_COOKIE_HEADER_PAYLOAD: development-edx-jwt-cookie-header-payload
+        JWT_AUTH_COOKIE_SIGNATURE: development-edx-jwt-cookie-signature
+        JWT_ISSUERS:
+        - AUDIENCE: '{{ .Data.data.JWT_ISSUERS_0_AUDIENCE }}'
+          ISSUER: https://courses.development.edx.org/oauth2
+          SECRET_KEY: '{{ .Data.data.JWT_ISSUERS_0_SECRET_KEY }}'
+        JWT_PUBLIC_SIGNING_JWK_SET: '{"keys": [{"n": "hcm7899L5XQ6AVNYwNo3Yu-rx47f0FMAN3am6WgurbDulrcCIfhyTivzpnuOY0W-2tntlR51j4hHzywSSCqdOgG1MZLfVSJwVpVUhd9ROLuIRbifXyRJ1_d7C_L3YZdyYqFY7k8W5f62UqCePxVCh-zCKtkfjCJkhRujgDw4YeL63j80We48T0LYK5ZSRBOEj2N4fjbzsi9T2d1qCBaLvXwgYzMnUTc8mch6JMP8HWsrgqV4kkPyP3il_IgRARV5BF5cdJbUg2-__5QirmLF16xl9j0vo9yLyBnqlYZXWYjFOECI7FatHLGQDT5TopXWT4YF82_aZSNuIQUoDY8hDQ",
+          "kty": "RSA", "e": "AQAB", "kid": "lmsdevelopment002"}]}'
+      LMS_BASE_URL: https://courses.development.edx.org
+      MEDIA_STORAGE_BACKEND:
+        AWS_DEFAULT_ACL: null
+        AWS_LOCATION: ''
+        AWS_QUERYSTRING_AUTH: true
+        AWS_QUERYSTRING_EXPIRE: 3600
+        DEFAULT_FILE_STORAGE: storages.backends.s3boto3.S3Boto3Storage
+        REGISTRAR_BUCKET: development-edx-registrar
+        PROGRAM_REPORTS_BUCKET: development-edx-program-reports
+      REGISTRAR_SERVICE_USER: registrar_service_user
+      SECRET_KEY: '{{ .Data.data.SECRET_KEY }}'
+      SEGMENT_KEY: '{{ .Data.data.SEGMENT_KEY }}'
+      SESSION_COOKIE_SECURE: true
+      SOCIAL_AUTH_EDX_OAUTH2_ISSUER: https://courses.development.edx.org
+      SOCIAL_AUTH_EDX_OAUTH2_KEY: '{{ .Data.data.SOCIAL_AUTH_EDX_OAUTH2_KEY }}'
+      SOCIAL_AUTH_EDX_OAUTH2_LOGOUT_URL: https://courses.development.edx.org/logout
+      SOCIAL_AUTH_EDX_OAUTH2_SECRET: '{{ .Data.data.SOCIAL_AUTH_EDX_OAUTH2_SECRET }}'
+      SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT: https://courses.development.edx.org
+      STATIC_ROOT: /tmp/static
+
+  workers: []
+  # - name: registrar-worker
+  #     command: celery -A registrar worker --loglevel info
+  #     minReplicas: 3
+  #     maxReplicas: 6
+  #     targetCPUUtilizationPercentage: 100
+
+  newrelic:
+    enabled: false
+    app_name: development-edx-registrar
+    log_level: info
+
+  collectstatic:
+    enabled: false
+
+  vault:
+    enabled: false
+    vault_role: registrar
+    vault_addr: https://vault.stage.edx.org
+    secret_name: kv/registrar
+    secret_version: 8
+
+  ingresses:
+    - host: registrar-eks.development.edx.org
+      class: nginx
+      issuer: selfsigning-issuer
+
+  cronjobs: []