Add LTPS-recon chart

ubc · Oct 31, 2024 · 764f096 · 764f096
1 parent df98147
commit 764f096
Show file tree

Hide file tree

Showing 9 changed files with 370 additions and 0 deletions.
diff --git a/ltps-recon/.helmignore b/ltps-recon/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/ltps-recon/Chart.yaml b/ltps-recon/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A Helm chart for LTPS-Recon
+name: ltps-recon
+version: 0.1.0
diff --git a/ltps-recon/templates/NOTES.txt b/ltps-recon/templates/NOTES.txt
@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }}
+{{- end }}
diff --git a/ltps-recon/templates/_helpers.tpl b/ltps-recon/templates/_helpers.tpl
@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/ltps-recon/templates/deployment.yaml b/ltps-recon/templates/deployment.yaml
@@ -0,0 +1,114 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.image.pullSecret }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.config.cacerts }}
+          env:
+            - name: JAVA_OPTS
+              value: "-Djavax.net.ssl.trustStore={{ .Values.config.cacerts }}"
+          {{- end }}
+          args: [
+            "--logging.level.ca.ubc={{ .Values.logging.level }}",
+            "--logging.level.edu.ksu.canvas.net={{ .Values.logging.rest}}",
+            "--canvas.url={{ .Values.canvas.url }}",
+            "--canvas.token={{ .Values.canvas.token }}",
+            "--canvas.timeout.connect={{ .Values.canvas.timeout.connect }}",
+            "--canvas.timeout.read={{ .Values.canvas.timeout.read }}",
+            "--server.ssl.enabled={{ .Values.server.ssl.enabled }}",
+            {{- if .Values.server.useForwardHeaders }}
+            "--server.use-forward-headers={{ .Values.server.useForwardHeaders }}",
+            {{- end }}
+            {{- if .Values.server.tomcat }}
+            {{- if .Values.server.tomcat.remoteIpHeader }}
+            "--server.tomcat.remote-ip-header={{ .Values.server.tomcat.remoteIpHeader }}",
+            {{- end }}
+            {{- end }}
+            "--saml.sp.key-store={{ .Values.saml.sp.keyStore }}",
+            "--saml.sp.key-store-password={{ .Values.saml.sp.keyStorePassword }}",
+            "--saml.sp.key-name={{ .Values.saml.sp.keyName }}",
+            "--saml.sp.key-password={{ .Values.saml.sp.keyPassword }}",
+            "--saml.sp.entityId={{ .Values.saml.sp.entityId }}",
+            "--saml.sp.entityBaseUrl={{ .Values.saml.sp.entityBaseUrl }}",
+            "--saml.idp.metadata.uri={{ .Values.saml.idp.metadataUri }}",
+            "--saml.idp.attribute.puid={{ .Values.saml.idp.attribute.puid }}",
+            "--saml.lb.scheme={{ .Values.saml.lb.scheme }}",
+            "--saml.lb.serverName={{ .Values.saml.lb.serverName }}",
+            "--saml.lb.serverPort={{ .Values.saml.lb.serverPort }}",
+            "--saml.lb.contextPath={{ .Values.saml.lb.contextPath }}",
+            "--saml.lb.includeServerPortInRequestURL={{ .Values.saml.lb.includeServerPortInRequestURL }}",
+            "--saml.logging.messages={{ .Values.saml.logging.messages }}",
+            "--ltps.v2.url={{ .Values.ltps.v2.url }}",
+            "--ltps.v2.username={{ .Values.ltps.v2.username }}",
+            "--ltps.v2.password={{ .Values.ltps.v2.password }}",
+            "--recon.username={{ .Values.recon.username }}",
+            "--recon.password={{ .Values.recon.password }}",
+            "--recon.validation.abortOnMissingPUIDs={{ .Values.recon.validation.abortOnMissingPUIDs }}",
+            "--recon.validation.abortOnMissingEnrollmentsAnySection={{ .Values.recon.validation.abortOnMissingEnrollmentsAnySection }}",
+            "--recon.validation.abortOnMissingEnrollmentsAllSections={{ .Values.recon.validation.abortOnMissingEnrollmentsAllSections }}",
+            "--recon.gradebook.bulk={{ .Values.recon.gradebook.bulk }}",
+            "--management.endpoints.web.exposure.include={{ .Values.management.endpoints.web.exposure.include }}",
+            {{- if and .Values.devmode.enabled .Values.devmode.puid }}
+            "--devMode.puid={{ .Values.devmode.puid }}"
+            {{- end }}
+          ]
+          ports:
+            - containerPort: {{ .Values.service.internalPort }}
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: 10
+            timeoutSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /actuator/health
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: 10
+            timeoutSeconds: 10
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+          volumeMounts:
+          {{- if .Values.persistence.enabled }}
+          - name: {{ template "fullname" . }}-persistent-storage
+            mountPath: /data
+          {{- end }}
+          - name: {{ template "fullname" . }}-config
+            mountPath: /config
+      volumes:
+      {{- if .Values.persistence.enabled }}
+      - name: {{ template "fullname" . }}-persistent-storage
+        persistentVolumeClaim:
+          claimName: {{ template "fullname" . }}
+      {{- end }}
+      - name: {{ template "fullname" . }}-config
+        configMap:
+          name: {{ template "fullname" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
diff --git a/ltps-recon/templates/ingress.yaml b/ltps-recon/templates/ingress.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "fullname" . -}}
+{{- $servicePort := .Values.service.externalPort -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    {{- range $key, $value := .Values.ingress.annotations }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ $host }}
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: {{ $serviceName }}
+              port:
+                number: {{ $servicePort }}
+    {{- end -}}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end -}}
diff --git a/ltps-recon/templates/pvc.yaml b/ltps-recon/templates/pvc.yaml
@@ -0,0 +1,32 @@
+---
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+  {{- if .Values.persistence.storageClass }}
+    volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
+  {{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+  {{- if not .Values.persistence.storageClass }}
+  storageClassName: ""
+  selector:
+    matchLabels:
+      app: {{ template "name" . }}
+      chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+      release: {{ .Release.Name }}
+      heritage: {{ .Release.Service }}
+  {{- end }}
+{{- end }}
+
diff --git a/ltps-recon/templates/service.yaml b/ltps-recon/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: {{ .Values.service.name }}
+  selector:
+    app: {{ template "name" . }}
+    release: {{ .Release.Name }}
diff --git a/ltps-recon/values.yaml b/ltps-recon/values.yaml
@@ -0,0 +1,110 @@
+# Default values for ltps-ui.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: 1
+
+image:
+  repository: gcr.io/ctlt-apps/ltps-recon
+  tag: latest
+  pullPolicy: IfNotPresent
+  # pullSecret:
+
+service:
+  name: ltps-recon
+  type: ClusterIP
+  externalPort: 8480
+  internalPort: 8480
+
+ingress:
+  enabled: false
+  # Used to create an Ingress record.
+  hosts:
+    - ltps-recon.local
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+  tls:
+    # Secrets must be manually created in the namespace.
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+
+persistence:
+  enabled: false
+  storageClass: default
+  accessMode: ReadOnlyMany
+  size: 1G
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+logging:
+  level: INFO
+  rest: DEBUG
+
+canvas:
+  url: https://beta.instructure.com
+  token:
+  timeout:
+    connect: 5000 # in ms
+    read: 120000 # in ms
+  timeout:
+    connect: 5000 # in ms
+    read: 120000 # in ms
+
+saml:
+  sp:
+    keyStore: /data/conf/saml.jks
+    keyStorePassword:
+    keyName:
+    keyPassword:
+    entityId:
+    entityBaseUrl:
+  idp:
+    metadataUri: https://shibboleth2.stg.id.ubc.ca/metadata/ubcit-idp-metadata.xml
+    attribute:
+      puid: urn:oid:1.3.6.1.4.1.60.1.7.2 # ubcEduCwlPuid
+  lb:
+    scheme:
+    serverName:
+    serverPort:
+    contextPath:
+    includeServerPortInRequestURL:
+  logging:
+    messages: false
+
+ltps:
+  v2:
+    url: http://localhost:8080/ctc-ws-v2
+    username:
+    password:
+
+recon:
+  username:
+  password:
+  validation:
+    abortOnMissingPUIDs: true
+    abortOnMissingEnrollmentsAnySection: true
+    abortOnMissingEnrollmentsAllSections: true
+  gradebook:
+    bulk:  true
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info
+
+devmode:
+  enabled: false
+  # PUID of your choice (this replaces the puid normally passed in via SAML authentication.)
+  # puid: