From 90170f73c38350a020a21e540c00fdc1cda05f59 Mon Sep 17 00:00:00 2001 From: st Date: Wed, 15 Nov 2023 16:03:47 +0100 Subject: [PATCH] fix: rename chart --- charts/teuto-portal/Chart.lock | 6 + charts/teuto-portal/Chart.yaml | 19 ++ charts/teuto-portal/templates/_helpers.tpl | 8 + charts/teuto-portal/templates/deployment.yaml | 68 ++++++ charts/teuto-portal/templates/secret.yaml | 12 + charts/teuto-portal/templates/service.yaml | 14 ++ .../templates/servicemonitor.yaml | 15 ++ charts/teuto-portal/values.schema.json | 230 ++++++++++++++++++ charts/teuto-portal/values.yaml | 50 ++++ 9 files changed, 422 insertions(+) create mode 100644 charts/teuto-portal/Chart.lock create mode 100644 charts/teuto-portal/Chart.yaml create mode 100644 charts/teuto-portal/templates/_helpers.tpl create mode 100644 charts/teuto-portal/templates/deployment.yaml create mode 100644 charts/teuto-portal/templates/secret.yaml create mode 100644 charts/teuto-portal/templates/service.yaml create mode 100644 charts/teuto-portal/templates/servicemonitor.yaml create mode 100644 charts/teuto-portal/values.schema.json create mode 100644 charts/teuto-portal/values.yaml diff --git a/charts/teuto-portal/Chart.lock b/charts/teuto-portal/Chart.lock new file mode 100644 index 0000000000..de74bc049b --- /dev/null +++ b/charts/teuto-portal/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.11.1 +digest: sha256:a49deb9114cec3a3aa67de5f3183afc07e63eda9d3fdd12c42822c509d84e3c2 +generated: "2023-09-18T16:19:04.662258662+02:00" diff --git a/charts/teuto-portal/Chart.yaml b/charts/teuto-portal/Chart.yaml new file mode 100644 index 0000000000..1af935c47a --- /dev/null +++ b/charts/teuto-portal/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: teuto-portal +description: A Helm chart for deploying the portal worker application to k8s +type: application +version: 0.1.0 +appVersion: "1.0.0" + +maintainers: + - name: Chris Werner Rau + email: cwr@teuto.net + - name: Marvin Wolf + email: mw@teuto.net + - name: Sven Tasche + email: st@teuto.net + +dependencies: + - name: common + version: 2.11.1 + repository: https://charts.bitnami.com/bitnami diff --git a/charts/teuto-portal/templates/_helpers.tpl b/charts/teuto-portal/templates/_helpers.tpl new file mode 100644 index 0000000000..62f743cc73 --- /dev/null +++ b/charts/teuto-portal/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{- define "portalworker.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.worker.image "global" .Values.global) }} +{{- end -}} + +{{- define "portalworker.jdbc" -}} +{{- $portString := .Values.worker.database.port | int -}} +{{ printf "jdbc:postgresql://%s:%d/teuto_domain?currentSchema=app_public" .Values.worker.database.host $portString }} +{{- end -}} \ No newline at end of file diff --git a/charts/teuto-portal/templates/deployment.yaml b/charts/teuto-portal/templates/deployment.yaml new file mode 100644 index 0000000000..f20eec2179 --- /dev/null +++ b/charts/teuto-portal/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + template: + metadata: + labels: {{- include "common.labels.standard" $ | nindent 8 }} + spec: + {{- include "common.images.renderPullSecrets" ( dict "images" (list .Values.worker.image) "context" $) | indent 6 }} + securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: {{- toYaml .Values.global.podSecurityContext | nindent 12 }} + image: {{ template "portalworker.image". }} + {{- if .Values.worker.image.digest }} + imagePullPolicy: IfNotPresent + {{- else }} + imagePullPolicy: Always + {{- end }} + env: + - name: JDBC_URL + value: {{ include "portalworker.jdbc" . | quote }} + - name: DB_PORT + value: {{ .Values.worker.database.port | quote }} + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.worker.existingSecret "defaultNameSuffix" "db-credentials" "context" $) }} + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.worker.existingSecret "defaultNameSuffix" "db-credentials" "context" $) }} + key: password + + {{- range $k, $v := .Values.worker.config }} + {{- if or (typeIs "bool" $v) ($v) }} + - name: {{ regexReplaceAll `_(\d+)` ($k | snakecase | upper) "$1" }} + value: {{ $v | quote }} + {{- end -}} + {{- end }} + ports: + - name: metrics + containerPort: 9090 + protocol: TCP + livenessProbe: + httpGet: + path: /-/healthy + port: metrics + resources: {{- toYaml .Values.worker.resources | nindent 12 }} + volumeMounts: + - mountPath: /kubeconfig + name: clusterconfig + readOnly: true + - mountPath: /tmp + name: tmp + volumes: + - name: tmp + emptyDir: {} + - name: clusterconfig + secret: + secretName: {{ required "k8s access token for the management cluster must be provided" .Values.worker.kubeconfig.secret.name }} \ No newline at end of file diff --git a/charts/teuto-portal/templates/secret.yaml b/charts/teuto-portal/templates/secret.yaml new file mode 100644 index 0000000000..19e0931713 --- /dev/null +++ b/charts/teuto-portal/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.worker.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.worker.existingSecret "defaultNameSuffix" "db-credentials" "context" $) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4}} +type: Opaque +data: + username: {{ .Values.worker.database.user | b64enc }} + password: {{ required "You have to specify a password for the database user" .Values.worker.database.password | b64enc }} +{{- end -}} \ No newline at end of file diff --git a/charts/teuto-portal/templates/service.yaml b/charts/teuto-portal/templates/service.yaml new file mode 100644 index 0000000000..6e1bba3439 --- /dev/null +++ b/charts/teuto-portal/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-service + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + ports: + - name: metrics + protocol: TCP + port: 9090 + targetPort: metrics + type: ClusterIP \ No newline at end of file diff --git a/charts/teuto-portal/templates/servicemonitor.yaml b/charts/teuto-portal/templates/servicemonitor.yaml new file mode 100644 index 0000000000..0873b8db85 --- /dev/null +++ b/charts/teuto-portal/templates/servicemonitor.yaml @@ -0,0 +1,15 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{- include "common.labels.standard" $ | nindent 4 }} + name: "{{ include "common.names.fullname" . }}-service" + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} \ No newline at end of file diff --git a/charts/teuto-portal/values.schema.json b/charts/teuto-portal/values.schema.json new file mode 100644 index 0000000000..b928088593 --- /dev/null +++ b/charts/teuto-portal/values.schema.json @@ -0,0 +1,230 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema", + "type": "object", + "title": "portal worker helmchart", + "properties": { + "global": { + "imageRegistry": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "privileged": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + }, + "runAsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "fsGroupChangePolicy": { + "type": "string", + "enum": [ + "Always", + "OnRootMismatch" + ] + } + }, + "additionalProperties": false + } + }, + "worker": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "The host of the registry", + "examples": [ + "docker.io" + ] + }, + "repository": { + "type": "string", + "description": "The image path in the registry", + "examples": [ + "bitnami/kubectl" + ] + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + }, + "additionalProperties": false + }, + "database": { + "type": "object", + "properties": { + "user": { + "type": "string" + }, + "password": { + "type": "string" + }, + "host": { + "type": "string" + }, + "port": { + "type": "integer", + "minimum": 1, + "maximum": 65535 + } + }, + "additionalProperties": false, + "required": [ + "user", + "password", + "host" + ] + }, + "kubeconfig": { + "type": "object", + "properties": { + "secret": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "name" + ] + }, + "additionalProperties": false + }, + "additionalProperties": false + }, + "config": { + "type": "object", + "properties": { + "dryRun": { + "type": "boolean" + }, + "singleRun": { + "type": "boolean" + }, + "otelExporterTracesEndpoint": { + "type": "string" + }, + "syncInterval": { + "type": "string", + "pattern": "(^(\\d+[h,m,s] *){1,3}$)" + }, + "watchK8sEvents": { + "type": "boolean" + }, + "minimumCPUFlavour": { + "type": "integer", + "minimum": 1 + }, + "flavourPrefixFilter": { + "type": "string" + }, + "clusterNamespace": { + "type": "string" + }, + "k8sVersion": { + "type": "string", + "pattern": "^(\\d+.*){1,3}$" + }, + "loggingFormat": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "additionalProperties": false + }, + "request": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } +} \ No newline at end of file diff --git a/charts/teuto-portal/values.yaml b/charts/teuto-portal/values.yaml new file mode 100644 index 0000000000..07e63524c7 --- /dev/null +++ b/charts/teuto-portal/values.yaml @@ -0,0 +1,50 @@ +global: + imageRegistry: registry-gitlab.teuto.net + imagePullSecrets: [] + podSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsUser: 1000 + + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroupChangePolicy: OnRootMismatch + +worker: + image: + repository: 4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker + tag: 1.0.0 + database: + user: root + password: "" + host: localhost + port: 5432 + kubeconfig: + secret: + name: "" + config: + dryRun: false + singleRun: false + otelExporterTracesEndpoint: "" + syncInterval: 10s + watchK8sEvents: false + minimumCPUFlavour: 2 + flavourPrefixFilter: "" + clusterNamespace: customer-clusters + k8sVersion: 1.26.8 + loggingFormat: json + resources: + limits: + cpu: 100m + memory: 1Gi + request: + memory: 256Mi \ No newline at end of file