From 2fb2a9dc00a69fc6a17cfe5c93463efa3848a17d Mon Sep 17 00:00:00 2001 From: abdennour Date: Thu, 30 May 2024 21:38:01 +0300 Subject: [PATCH] feat: web-app 3.2.x with super-features --- charts/web-app/Chart.lock | 3 + charts/web-app/Chart.yaml | 17 +- charts/web-app/README.md | 8 +- charts/web-app/templates/NOTES.txt | 32 +-- charts/web-app/templates/_apm_pod_chunks.tpl | 48 ++++ charts/web-app/templates/_helpers.tpl | 197 ++++++++++++--- charts/web-app/templates/_pod.tpl | 175 ++++++++++++++ .../templates/apigateway/3scale-backend.yaml | 14 ++ charts/web-app/templates/apm/configmap.yaml | 19 ++ charts/web-app/templates/apm/secret.yaml | 10 + charts/web-app/templates/configmap-file.yaml | 10 +- charts/web-app/templates/cronjob.yaml | 22 +- .../web-app/templates/deployment-config.yaml | 136 +---------- charts/web-app/templates/deployment.yaml | 118 ++------- charts/web-app/templates/hpa.yaml | 35 +-- charts/web-app/templates/image-stream.yaml | 10 +- charts/web-app/templates/ingress.yaml | 10 +- charts/web-app/templates/job.yaml | 19 ++ .../templates/poddisruptionbudget.yaml | 12 + charts/web-app/templates/pvc-extra.yaml | 10 +- charts/web-app/templates/pvc.yaml | 7 +- .../templates/rbac/rbac-scc-privileged.yaml | 37 +++ .../rbac/rolebinding-scc-anyuid.yaml | 21 ++ charts/web-app/templates/route.yaml | 17 +- .../templates/secret-env-vars-sealed.yaml | 9 +- charts/web-app/templates/secret-env-vars.yaml | 11 +- .../web-app/templates/service-headless.yaml | 25 ++ charts/web-app/templates/service.yaml | 19 +- charts/web-app/templates/serviceaccount.yaml | 10 +- charts/web-app/templates/statefulset.yaml | 50 ++++ .../templates/tests/test-connection.yaml | 6 +- charts/web-app/values.schema.json | 140 ----------- charts/web-app/values.yaml | 225 ++++++++++++++---- 33 files changed, 915 insertions(+), 567 deletions(-) create mode 100644 charts/web-app/Chart.lock create mode 100755 charts/web-app/templates/_apm_pod_chunks.tpl create mode 100755 charts/web-app/templates/_pod.tpl create mode 100755 charts/web-app/templates/apigateway/3scale-backend.yaml create mode 100755 charts/web-app/templates/apm/configmap.yaml create mode 100755 charts/web-app/templates/apm/secret.yaml create mode 100755 charts/web-app/templates/job.yaml create mode 100755 charts/web-app/templates/poddisruptionbudget.yaml create mode 100755 charts/web-app/templates/rbac/rbac-scc-privileged.yaml create mode 100755 charts/web-app/templates/rbac/rolebinding-scc-anyuid.yaml create mode 100755 charts/web-app/templates/service-headless.yaml create mode 100755 charts/web-app/templates/statefulset.yaml delete mode 100644 charts/web-app/values.schema.json diff --git a/charts/web-app/Chart.lock b/charts/web-app/Chart.lock new file mode 100644 index 0000000..83f4afb --- /dev/null +++ b/charts/web-app/Chart.lock @@ -0,0 +1,3 @@ +dependencies: [] +digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 +generated: "2024-05-30T21:36:36.73281+03:00" diff --git a/charts/web-app/Chart.yaml b/charts/web-app/Chart.yaml index c1368b5..d595ab5 100644 --- a/charts/web-app/Chart.yaml +++ b/charts/web-app/Chart.yaml @@ -1,11 +1,13 @@ apiVersion: v2 -name: webapp +name: web-app description: | - A Helm chart to install any web application that requires - a single deployment(pod), with a single container. + This is a very generic helm chart that allows you deploy any Web Application + with couple of features like Observability (APM, PBD, ..etc) like persistence + It allow you also to switch between Pod controllers easilty: Deployment, Statefulset,...etc +icon: https://raw.githubusercontent.com/ElmCompany/helm-charts/master/assets/icons/generic-app.png keywords: - - webapp + - web-app - pod - route - web @@ -15,7 +17,8 @@ keywords: - openshift - ocp3 - openshift3 - - elm + - apm + - openshift4 # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -29,12 +32,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.1 +version: 3.2.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: latest +appVersion: 1.16.0 dependencies: [] sources: diff --git a/charts/web-app/README.md b/charts/web-app/README.md index 7951083..fc0e41f 100644 --- a/charts/web-app/README.md +++ b/charts/web-app/README.md @@ -16,17 +16,17 @@ If so, this chart should answer your needs. # Values -Check default Values of this chart [here](https://github.com/ElmCompany/helm-charts/blob/master/charts/webapp/values.yaml) +Check default Values of this chart [here](https://github.com/ElmCompany/helm-charts/blob/master/charts/web-app/values.yaml)) # How to install the app -**Set Elm Repo** ```sh helm repo add elm https://raw.githubusercontent.com/ElmCompany/helm-charts/gh-pages -helm repo update +-helm repo update ``` -**Use it** `helm install elm/webapp` +Also this helm chart requires a Helm release name in this format: +`{project}-{app}-{environment}` where environment is "ci", "dev", "qa","staging" or "prod" # Authors diff --git a/charts/web-app/templates/NOTES.txt b/charts/web-app/templates/NOTES.txt index bc5739a..b36d152 100644 --- a/charts/web-app/templates/NOTES.txt +++ b/charts/web-app/templates/NOTES.txt @@ -4,44 +4,24 @@ {{- end }} 1. Get the application URL by running these commands: {{- if .Values.route.enabled }} - app is accessible at https://{{ include "webapp.host" . }} + app is accessible at https://{{ include "web-app.host" . }} {{- end }} {{- if contains "NodePort" .Values.service.type -}} - export NODE_PORT=$({{ $kubeclient }} get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "webapp.fullname" . }}) + export NODE_PORT=$({{ $kubeclient }} get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "web-app.fullname" . }}) export NODE_IP=$({{ $kubeclient }} get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running '{{ $kubeclient }} get --namespace {{ .Release.Namespace }} svc -w {{ include "webapp.fullname" . }}' - export SERVICE_IP=$({{ $kubeclient }} get svc --namespace {{ .Release.Namespace }} {{ include "webapp.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running '{{ $kubeclient }} get --namespace {{ .Release.Namespace }} svc -w {{ include "web-app.fullname" . }}' + export SERVICE_IP=$({{ $kubeclient }} get svc --namespace {{ .Release.Namespace }} {{ include "web-app.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$({{ $kubeclient }} get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "webapp.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$({{ $kubeclient }} get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "web-app.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" {{ $kubeclient }} --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 {{- end }} {{- if .Values.envVarsSealed }} You are providing values for "envVarsSealed": -Make sure that you encrypted it in the right way: -{{- if eq .Values.sealScope "cluster-wide" }} -echo -n YOUR_CLEAR_VALUE | \ - kubeseal --cert https://seal.dev-apps.elm.sa/v1/cert.pem \ - --raw --from-file=/dev/stdin \ - --scope cluster-wide -{{- else if eq .Values.sealScope "namespace-wide" }} -echo -n YOUR_CLEAR_VALUE | \ - kubeseal --cert https://seal.dev-apps.elm.sa/v1/cert.pem \ - --raw --from-file=/dev/stdin \ - --scope namespace-wide \ - --namespace {{ .Release.Namespace }} -{{- else if eq .Values.sealScope "strict" }} -echo -n YOUR_CLEAR_VALUE | \ - kubeseal --cert https://seal.dev-apps.elm.sa/v1/cert.pem \ - --raw --from-file=/dev/stdin \ - --scope namespace-wide \ - --namespace {{ .Release.Namespace }} \ - --name {{ include "webapp.fullname" . }}-env-vars-sealed -{{- end }} - +Make sure that you encrypted it in the right way {{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/_apm_pod_chunks.tpl b/charts/web-app/templates/_apm_pod_chunks.tpl new file mode 100755 index 0000000..14f8375 --- /dev/null +++ b/charts/web-app/templates/_apm_pod_chunks.tpl @@ -0,0 +1,48 @@ +{{- define "web-app.apmRuntimeDefined" }} +{{- if and .Values.apm.enabled (not (has .Values.apm.runtime .Values.apmProvider.supportedRuntimes)) }} +{{- fail (printf ".Values.apm.runtime must be set . Choose Value from the following: %s" (.Values.apmProvider.supportedRuntimes | join "|")) }} +{{- end }} +{{- end }} + +{{- define "web-app.apmEnvFrom" -}} +- configMapRef: + name: apm-{{ include "web-app.fullname" . }} +- secretRef: + name: apm-{{ include "web-app.fullname" . }} +{{- end -}} + +{{- define "web-app.apmInitContainers" -}} +- name: apm-init + image: {{printf "%s/cloudnative/sidecar-elastic-apm-agent:%s" .Values.image.registry .Values.apm.imageTag }} + command: + - sh + - -c + - >- + cp -r /agents/* /tmp/apm-agents/; + volumeMounts: + - name: apm-agents + # /elastic-apm-agent.jar + mountPath: /tmp/apm-agents +{{- end -}} + +{{- define "web-app.apmVolumeMounts" -}} +- name: apm-agents + mountPath: "{{ include "web-app.apmAgentMountPath" . }}" +{{- end -}} + +{{- define "web-app.apmVolumes" -}} +- name: apm-agents + emptyDir: {} +{{- end -}} + +{{- define "web-app.apmAgentMountPath" }} +{{- printf "/tmp/apm-agents" }} +{{- end }} + +{{- define "web-app.apmJavaOpts" }} +{{- if .Values.envVars.JAVA_OPTS }} +{{- printf "-javaagent:%s/elastic-apm-agent.jar %s" (include "web-app.apmAgentMountPath" . ) (.Values.envVars.JAVA_OPTS | trim) }} +{{- else }} +{{- printf "-javaagent:%s/elastic-apm-agent.jar" (include "web-app.apmAgentMountPath" . ) }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/_helpers.tpl b/charts/web-app/templates/_helpers.tpl index b81001a..fa21d33 100644 --- a/charts/web-app/templates/_helpers.tpl +++ b/charts/web-app/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "webapp.name" -}} +{{- define "web-app.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "webapp.fullname" -}} +{{- define "web-app.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -27,36 +27,37 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "webapp.chart" -}} +{{- define "web-app.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "webapp.labels" -}} -helm.sh/chart: {{ include "webapp.chart" . }} -{{ include "webapp.selectorLabels" . }} +{{- define "web-app.labels" -}} +helm.sh/chart: {{ include "web-app.chart" . }} +{{ include "web-app.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "web-app.corporateLabels" . }} {{- end }} {{/* Selector labels */}} -{{- define "webapp.selectorLabels" -}} -app.kubernetes.io/name: {{ include "webapp.name" . }} +{{- define "web-app.selectorLabels" -}} +app.kubernetes.io/name: {{ include "web-app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "webapp.serviceAccountName" -}} +{{- define "web-app.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "webapp.fullname" .) .Values.serviceAccount.name }} +{{- default (include "web-app.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -67,41 +68,35 @@ Create the name of the service account to use # {{- if .Values.existingImageStream.name }} # name: {{ .Values.existingImageStream.name }}:latest # {{- else }} - # name: {{ include "webapp.fullname" . }}:latest + # name: {{ include "web-app.fullname" . }}:latest # {{- end }} {{/* image repo */}} -{{- define "webapp.imageRepo" -}} -{{- if .Values.image.repository }} -{{- .Values.image.repository }} +{{- define "web-app.imageRepo" -}} +{{- if and .Values.image.stream .Values.image.stream.name}} + {{- if .Values.image.registry }} +{{- printf "%s/%s/%s" .Values.image.registry (default .Release.Namespace .Values.image.stream.namespace) .Values.image.stream.name }} + {{- else }} +{{- printf "\nimage.registry must be specified since .Values.image.stream.name is specified (%s)" .Values.image.stream.name | fail -}} + {{- end}} +{{- else if .Values.image.repository }} + {{- if contains "." .Values.image.repository }} + {{- printf "\n Seems like your image.repositroy includes registry host. Use image.registry for registry host" | fail -}} + {{- else }} +{{- printf "%s/%s" (default "docker.io" .Values.image.registry) .Values.image.repository }} + {{- end}} {{- else }} -{{- printf "%s/%s/%s" .Values.image.stream.registry .Values.image.stream.namespace .Values.image.stream.name }} -{{- end }} -{{- end }} - -{{- define "webapp.imageTag" -}} -{{- if .Values.image.tag }} -{{- .Values.image.tag }} -{{- else }} -{{- .Chart.AppVersion }} -{{- end }} -{{- end }} - -{{- define "webapp.cronjobImageTag" -}} -{{- if .Values.cronjob.image.tag }} -{{- .Values.cronjob.image.tag }} -{{- else }} -{{- .Chart.AppVersion }} +{{- printf "\n One of the following must be specified: Either image.repository Or image.stream(name+namespace)" | fail -}} {{- end }} {{- end }} {{/* host name */}} -{{- define "webapp.host" -}} +{{- define "web-app.host" -}} {{- if .Values.route.host }} {{- .Values.route.host }} {{- else if .Values.route.domain }} @@ -112,14 +107,146 @@ host name {{/* all host names */}} -{{- define "webapp.hosts" -}} -{{- $hosts := prepend .Values.route.extraHosts (include "webapp.host" . ) }} +{{- define "web-app.hosts" -}} +{{- $hosts := prepend .Values.route.extraHosts (include "web-app.host" . ) }} {{- join "@" $hosts }} {{- end }} + +{{/* +all ports +*/}} +{{- define "web-app.ports" -}} +{{- $ports := prepend .Values.extraPorts .Values.port }} +{{- join "@" $ports }} +{{- end }} + +{{- define "web-app.is-statefulset" -}} +{{- ternary "true" "false" (eq .Values.deployment.kind "Statefulset") }} +{{- end -}} + + +{{- define "web-app.is-job" -}} +{{- ternary "true" "false" (eq .Values.deployment.kind "Job") }} +{{- end -}} + +{{/* +volumeClaimTemplates from Persistence(s) +*/}} +{{- define "web-app.hasVolumeclaimtemplatesFromPersistence" -}} +{{- ternary "true" "false" (and (eq (include "web-app.is-statefulset" . ) "true") (or .Values.persistence.enabled .Values.extraPersistence.enabled)) -}} +{{- end -}} + +{{- define "web-app.volumeclaimtemplatesFromPersistence" -}} +{{- if .Values.persistence.enabled -}} +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: pvc-1 + labels: + storage.{{ .Values.companyDomain }}/class: '{{ default "default" (ternary "default" .Values.persistence.storageClass (eq .Values.persistence.storageClass "-")) }}' + {{- include "web-app.selectorLabels" . | nindent 6 }} + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} +{{- end -}} +{{- if .Values.extraPersistence.enabled }} +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: pvc-2 + labels: + storage.{{ .Values.companyDomain }}/class: '{{ default "default" (ternary "default" .Values.extraPersistence.storageClass (eq .Values.extraPersistence.storageClass "-")) }}' + {{- include "web-app.selectorLabels" . | nindent 6 }} + spec: + accessModes: + - {{ .Values.extraPersistence.accessMode }} + resources: + requests: + storage: {{ .Values.extraPersistence.size }} + {{- if .Values.extraPersistence.storageClass }} + {{- if (eq "-" .Values.extraPersistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.extraPersistence.storageClass }}" + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* Volumes from persistence*/}} +{{- define "web-app.hasVolumesFromPersistence" -}} +{{- ternary "true" "false" (and (not (eq (include "web-app.is-statefulset" . ) "true")) (or .Values.persistence.enabled .Values.extraPersistence.enabled)) }} +{{- end -}} + +{{- define "web-app.volumesFromPersistence" -}} +{{- if .Values.persistence.enabled }} +- name: pvc-1 + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "web-app.fullname" .) }} +{{- end -}} +{{- if .Values.extraPersistence.enabled }} +- name: pvc-2 + persistentVolumeClaim: + claimName: {{ include "web-app.fullname" . }}-extra +{{- end -}} +{{- end -}} + {{/* seal scopes */}} -{{- define "webapp.seal-scopes" -}} +{{- define "web-app.seal-scopes" -}} {{- list "cluster-wide" "namespace-wide" "strict" }} +{{- end }} +{{/* +Helm Release Parts : {proj}-{app}-{env} +*/}} +{{- define "web-app.releaseNameMatch" }} +{{- if not (mustRegexMatch "^[a-z0-9]+-+[a-z0-9-]+-+[a-z]{2,}$" .Release.Name) }} +{{- fail "Helm Release Name does not match the pattern : {proj}-{app}-{env}." }} +{{- else }} + {{- if not (mustRegexMatch "^[a-z0-9]+-+[a-z0-9-]+-+(dev|ci|qa|staging|prod)$" .Release.Name) }} + {{- fail "Helm Release Name does not match the pattern : {proj}-{app}-{env}. And {env} must be either: dev, qa, staging or prod" }} + {{- else }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "web-app.env" }} +{{- include "web-app.releaseNameMatch" . }} +{{- regexFind "[^-]+$" .Release.Name }} +{{- end }} + +{{- define "web-app.project" }} +{{- include "web-app.releaseNameMatch" . }} +{{- regexFind "^[^-]*[^-]" .Release.Name }} +{{- end }} + +{{- define "web-app.app" }} +{{- include "web-app.releaseNameMatch" . }} +{{- trimAll "-" (trimSuffix (include "web-app.env" .) (trimPrefix (include "web-app.project" .) .Release.Name)) }} +{{- end }} + +{{- define "web-app.appUniq" }} +{{- include "web-app.releaseNameMatch" . }} +{{- regexReplaceAll "-[^-]*$" .Release.Name "" }} +{{- end }} + +{{/* + Corporate Labels +*/}} +{{- define "web-app.corporateLabels" -}} +{{ .Values.companyDomain }}/project: {{ include "web-app.project" . }} +{{ .Values.companyDomain }}/app: {{ include "web-app.app" . }} +{{ .Values.companyDomain }}/environment: {{ include "web-app.env" . }} {{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/_pod.tpl b/charts/web-app/templates/_pod.tpl new file mode 100755 index 0000000..c3e875e --- /dev/null +++ b/charts/web-app/templates/_pod.tpl @@ -0,0 +1,175 @@ +{{- define "web-app.pod" -}} +{{- if eq .Values.deployment.kind "Job" }} +restartPolicy: {{ .Values.job.restartPolicy }} +{{- end }} +{{- if .Values.image.pullSecret }} +imagePullSecrets: + - name: {{ .Values.image.pullSecret }} +{{- end }} +{{ if .Values.serviceAccount.create }} +serviceAccount: {{ include "web-app.serviceAccountName" . }} +serviceAccountName: {{ include "web-app.serviceAccountName" . }} +{{ end }} +{{- with .Values.podSecurityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- if or .Values.initContainers .Values.apm.enabled }} +initContainers: +{{- end }} +{{- if .Values.apm.enabled }} + {{- (include "web-app.apmRuntimeDefined" .) }} + {{- include "web-app.apmInitContainers" . | nindent 2 -}} +{{- end }} +{{- with .Values.initContainers }} + {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .Values.hostAliases }} +hostAliases: + {{- toYaml . | nindent 2 }} +{{- end }} +containers: +{{- with .Values.containers }} + {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} + - name: {{ include "web-app.fullname" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 6 }} + {{- end }} + image: "{{ include "web-app.imageRepo" . }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.command }} + command: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.args }} + args: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 6 }} + {{- end }} + ports: + {{- range $index,$port := ( splitList "@" (include "web-app.ports" . )) }} + - name: {{ printf "%s" (ternary "http" (printf "tcp-%s" $port) (eq $index 0)) }} + containerPort: {{ $port | int }} + protocol: TCP + {{- end }} + {{- with .Values.env }} + env: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.deployment.mountEnvVars }} + {{- if or .Values.envVars .Values.envVarsSealed .Values.envFrom .Values.apm.enabled }} + envFrom: + {{- end }} + {{- with .Values.envVars }} + - secretRef: + name: {{ include "web-app.fullname" $ }}-env-vars + {{- end }} + {{- with .Values.envVarsSealed }} + - secretRef: + name: {{ include "web-app.fullname" $ }}-env-vars-sealed + {{- end }} + {{- if .Values.apm.enabled }} + {{- include "web-app.apmEnvFrom" . | nindent 6 -}} + {{- end }} + {{- with .Values.envFrom }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- with .Values.startupProbe }} + startupProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if or .Values.volumeMounts .Values.configFile.mount .Values.persistence.enabled .Values.extraPersistence.enabled .Values.apm.enabled }} + volumeMounts: + {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.configFile.mount }} + - mountPath: {{ .Values.configFile.mount }} + name: config-file + readOnly: true + {{- end }} + {{- if .Values.persistence.enabled }} + - name: pvc-1 + mountPath: {{ .Values.persistence.mount }} + {{- end }} + {{- if .Values.extraPersistence.enabled }} + - name: pvc-2 + mountPath: {{ .Values.extraPersistence.mount }} + readOnly: {{ .Values.extraPersistence.readOnly }} + {{- end }} + {{- if .Values.apm.enabled }} + {{- include "web-app.apmVolumeMounts" . | nindent 6 -}} + {{- end}} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- if or .Values.volumes .Values.configFile.mount .Values.apm.enabled (eq (include "web-app.hasVolumesFromPersistence" .) "true") }} +volumes: +{{- end }} +{{- with .Values.volumes }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- if .Values.configFile.mount }} + - name: config-file + configMap: + defaultMode: 420 + name: {{ include "web-app.fullname" . }}-file + # items: + # - key: {{ .Values.configFile.name }} + # path: {{ .Values.configFile.name }} +{{- end }} +# Volumes From Persistence + {{- if eq (include "web-app.hasVolumesFromPersistence" .) "true" }} + {{- include "web-app.volumesFromPersistence" . | indent 2 -}} + {{- end }} +{{- if .Values.apm.enabled }} + {{- include "web-app.apmVolumes" . | nindent 2 -}} +{{- end}} + +{{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- if and (or .Values.autoscaling.enabled (gt (int .Values.replicaCount) 1)) (not .Values.affinity)}} +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "web-app.name" . }} + topologyKey: kubernetes.io/hostname +{{- end }} +{{- with .Values.tolerations }} +tolerations: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/web-app/templates/apigateway/3scale-backend.yaml b/charts/web-app/templates/apigateway/3scale-backend.yaml new file mode 100755 index 0000000..f752935 --- /dev/null +++ b/charts/web-app/templates/apigateway/3scale-backend.yaml @@ -0,0 +1,14 @@ +{{/* +{{ if .Values.apiGateway.enabled }} +kind: Backend +apiVersion: capabilities.3scale.net/v1beta1 +metadata: + name: backend1-sample + namespace: platform-3scale +spec: + {{ toYaml .Values.apiGateway.spec }} + ... + +{{ .end }} + +*/}} \ No newline at end of file diff --git a/charts/web-app/templates/apm/configmap.yaml b/charts/web-app/templates/apm/configmap.yaml new file mode 100755 index 0000000..34e7df4 --- /dev/null +++ b/charts/web-app/templates/apm/configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.apm.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: apm-{{ include "web-app.fullname" . }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +data: + ELASTIC_APM_SERVER_URL: {{ .Values.apmProvider.endpoint }} + ELASTIC_APM_ENVIRONMENT: {{ include "web-app.env" . }} + ELASTIC_APM_SERVICE_VERSION: {{ .Values.image.tag }} + ELASTIC_APM_SERVICE_NAME: {{ ternary ( include "web-app.appUniq" . ) (printf "%s-%s" ( include "web-app.project" . ) .Values.apm.appName) (eq .Values.apm.appName "") }} + ELASTIC_APM_LOG_LEVEL: {{ .Values.apm.logLevel }} + {{- if eq .Values.apm.runtime "java" }} + ELASTIC_APM_APPLICATION_PACKAGES: {{ .Values.apm.packages }} + JAVA_OPTS: "{{ include "web-app.apmJavaOpts" . }}" + {{- end }} + +{{- end }} diff --git a/charts/web-app/templates/apm/secret.yaml b/charts/web-app/templates/apm/secret.yaml new file mode 100755 index 0000000..655d707 --- /dev/null +++ b/charts/web-app/templates/apm/secret.yaml @@ -0,0 +1,10 @@ +{{- if .Values.apm.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: apm-{{ include "web-app.fullname" . }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +data: + ELASTIC_APM_SECRET_TOKEN: {{ .Values.apmProvider.token }} +{{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/configmap-file.yaml b/charts/web-app/templates/configmap-file.yaml index 3819dc2..ac48ac3 100755 --- a/charts/web-app/templates/configmap-file.yaml +++ b/charts/web-app/templates/configmap-file.yaml @@ -2,10 +2,14 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "webapp.fullname" . }}-file + name: {{ include "web-app.fullname" . }}-file labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} +{{- if eq (include "web-app.is-job" . ) "true" }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +{{- end }} data: {{ .Values.configFile.name }}: | - {{ .Values.configFile.content | nindent 4 }} + {{- tpl .Values.configFile.content . | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/cronjob.yaml b/charts/web-app/templates/cronjob.yaml index d8aa559..6269709 100644 --- a/charts/web-app/templates/cronjob.yaml +++ b/charts/web-app/templates/cronjob.yaml @@ -1,10 +1,10 @@ {{ if .Values.cronjob.enabled }} -apiVersion: batch/v1beta1 +apiVersion: batch/v1 kind: CronJob metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} spec: concurrencyPolicy: {{ .Values.cronjob.concurrencyPolicy }} {{- if .Values.cronjob.failedJobsHistoryLimit }} @@ -15,15 +15,15 @@ spec: template: spec: {{- if .Values.serviceAccount.create }} - serviceAccount: {{ include "webapp.serviceAccountName" . }} - serviceAccountName: {{ include "webapp.serviceAccountName" . }} + serviceAccount: {{ include "web-app.serviceAccountName" . }} + serviceAccountName: {{ include "web-app.serviceAccountName" . }} {{- end }} containers: - - image: '{{ .Values.cronjob.image.repository }}:{{ include "webapp.cronjobImageTag" . }}' + - image: '{{ .Values.cronjob.image.repository }}:{{ .Values.cronjob.image.tag }}' imagePullPolicy: {{ .Values.cronjob.image.pullPolicy }} {{- with .Values.cronjob.command }} command: - {{- toYaml . | nindent 14 }} + {{- tpl (toYaml .) $ | nindent 14 }} {{- end }} {{- if .Values.cronjob.args }} args: @@ -40,11 +40,11 @@ spec: {{- end }} {{- with .Values.envVars }} - secretRef: - name: {{ include "webapp.fullname" $ }}-env-vars + name: {{ include "web-app.fullname" $ }}-env-vars {{- end }} {{- with .Values.envVarsSealed }} - secretRef: - name: {{ include "webapp.fullname" $ }}-env-vars-sealed + name: {{ include "web-app.fullname" $ }}-env-vars-sealed {{- end }} {{- end }} {{- if or .Values.cronjob.persistentMountPath .Values.cronjob.extraPersistentMountPath }} @@ -80,12 +80,12 @@ spec: {{- if .Values.cronjob.persistentMountPath }} - name: pvc-1 persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "webapp.fullname" .) }} + claimName: {{ .Values.persistence.existingClaim | default (include "web-app.fullname" .) }} {{- end }} {{- if .Values.cronjob.extraPersistentMountPath }} - name: pvc-2 persistentVolumeClaim: - claimName: {{ include "webapp.fullname" . }}-extra + claimName: {{ include "web-app.fullname" . }}-extra {{- end }} schedule: "{{ .Values.cronjob.schedule | toString }}" successfulJobsHistoryLimit: 3 diff --git a/charts/web-app/templates/deployment-config.yaml b/charts/web-app/templates/deployment-config.yaml index 51a8608..0ae22f0 100755 --- a/charts/web-app/templates/deployment-config.yaml +++ b/charts/web-app/templates/deployment-config.yaml @@ -3,9 +3,9 @@ apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} @@ -14,15 +14,14 @@ spec: - imageChangeParams: automatic: {{ .Values.deployment.triggers.imageStreamChange }} containerNames: - - {{ include "webapp.fullname" . }} + - {{ include "web-app.fullname" . }} from: kind: ImageStreamTag - name: {{ printf "%s:%s" (include "webapp.fullname" .) .Values.image.tag }} + name: {{ printf "%s:%s" (include "web-app.fullname" .) .Values.image.tag }} type: ImageChange selector: - {{- include "webapp.labels" . | nindent 4 }} - deploymentconfig: {{ include "webapp.fullname" . }} - revisionHistoryLimit: 10 + {{- include "web-app.labels" . | nindent 4 }} + deploymentconfig: {{ include "web-app.fullname" . }} strategy: activeDeadlineSeconds: 21600 resources: @@ -37,8 +36,8 @@ spec: template: metadata: labels: - {{- include "webapp.labels" . | nindent 8 }} - deploymentconfig: {{ include "webapp.fullname" . }} + {{- include "web-app.labels" . | nindent 8 }} + deploymentconfig: {{ include "web-app.fullname" . }} annotations: {{- if .Values.envVars }} checksum/configenvvars: {{ include (print $.Template.BasePath "/secret-env-vars.yaml") . | sha256sum }} @@ -50,124 +49,7 @@ spec: checksum/configfile: {{ include (print $.Template.BasePath "/configmap-file.yaml") . | sha256sum }} {{- end }} spec: - {{- if .Values.serviceAccount.create }} - serviceAccount: {{ include "webapp.serviceAccountName" . }} - serviceAccountName: {{ include "webapp.serviceAccountName" . }} - {{- end }} - {{- if .Values.image.pullSecret }} - imagePullSecrets: - - name: {{ .Values.image.pullSecret }} - {{- end }} -{{- if .Values.initContainers }} - initContainers: -{{ tpl (toYaml .Values.initContainers) . | indent 8 }} -{{- end }} - containers: - - name: {{ include "webapp.fullname" . }} - imagePullPolicy: Always - {{- if .Values.command }} - command: - {{- toYaml .Values.command | nindent 10 }} - {{- end }} - {{- if .Values.args }} - args: - {{- toYaml .Values.args | nindent 10 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.port }} - protocol: TCP - resources: - {{- toYaml .Values.resources | nindent 10 }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - {{- if .Values.deployment.mountEnvVars }} - {{- if or .Values.envVars .Values.envVarsSealed }} - envFrom: - {{- end }} - {{- with .Values.envVars }} - - secretRef: - name: {{ include "webapp.fullname" $ }}-env-vars - {{- end }} - {{- with .Values.envVarsSealed }} - - secretRef: - name: {{ include "webapp.fullname" $ }}-env-vars-sealed - {{- end }} - {{- end }} - {{- if .Values.runAsUser }} - securityContext: - runAsUser: {{ .Values.runAsUser }} - {{- end }} - volumeMounts: -{{- if .Values.volumeMounts }} -{{ tpl (toYaml .Values.volumeMounts | indent 10) . }} -{{- end }} - {{- if .Values.configFile.mount }} - - mountPath: {{ .Values.configFile.mount }} - name: config-file - readOnly: true - {{- end }} - {{- if .Values.persistence.enabled }} - - name: pvc-1 - mountPath: {{ .Values.persistence.mount }} - {{- end }} - {{- if .Values.extraPersistence.enabled }} - - name: pvc-2 - mountPath: {{ .Values.extraPersistence.mount }} - readOnly: {{ .Values.extraPersistence.readOnly }} - {{- end }} - dnsPolicy: ClusterFirst - restartPolicy: Always - terminationGracePeriodSeconds: 30 - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: -{{- if .Values.volumes }} -{{ tpl (toYaml .Values.volumes | indent 8) . }} -{{- end }} - {{- if .Values.configFile.mount }} - - name: config-file - configMap: - defaultMode: 420 - name: {{ include "webapp.fullname" . }}-file - # items: - # - key: {{ .Values.configFile.name }} - # path: {{ .Values.configFile.name }} - {{- end }} - {{- if .Values.persistence.enabled }} - - name: pvc-1 - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "webapp.fullname" .) }} - {{- end }} - {{- if .Values.extraPersistence.enabled }} - - name: pvc-2 - persistentVolumeClaim: - claimName: {{ include "webapp.fullname" . }}-extra - {{- end }} - securityContext: - {{- toYaml .Values.securityContext | nindent 8 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "web-app.pod" . | nindent 6 -}} test: false {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/deployment.yaml b/charts/web-app/templates/deployment.yaml index 22dd8ce..cff33e1 100644 --- a/charts/web-app/templates/deployment.yaml +++ b/charts/web-app/templates/deployment.yaml @@ -3,16 +3,25 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} + {{- if or .Values.deployment.annotations .Values.autoscaling.enabled }} + annotations: + {{- end }} + {{- if .Values.autoscaling.enabled }} + app.kubernetes.io/horizontal-autoscaled: "true" + {{- end }} + + spec: + revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - {{- include "webapp.selectorLabels" . | nindent 6 }} + {{- include "web-app.selectorLabels" . | nindent 6 }} template: metadata: annotations: @@ -29,107 +38,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "webapp.selectorLabels" . | nindent 8 }} + {{- include "web-app.selectorLabels" . | nindent 8 }} spec: - {{- if .Values.image.pullSecret }} - imagePullSecrets: - - name: {{ .Values.image.pullSecret }} - {{- end }} - {{- if .Values.serviceAccount.create }} - serviceAccount: {{ include "webapp.serviceAccountName" . }} - serviceAccountName: {{ include "webapp.serviceAccountName" . }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} -{{- if .Values.initContainers }} - initContainers: -{{ tpl (toYaml .Values.initContainers) . | indent 8 }} -{{- end }} - containers: - - name: {{ include "webapp.fullname" . }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: '{{ include "webapp.imageRepo" . }}:{{ include "webapp.imageTag" . }}' - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.port }} - protocol: TCP - {{- if .Values.deployment.mountEnvVars }} - {{- if or .Values.envVars .Values.envVarsSealed }} - envFrom: - {{- end }} - {{- with .Values.envVars }} - - secretRef: - name: {{ include "webapp.fullname" $ }}-env-vars - {{- end }} - {{- with .Values.envVarsSealed }} - - secretRef: - name: {{ include "webapp.fullname" $ }}-env-vars-sealed - {{- end }} - {{- end }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - volumeMounts: - {{- if .Values.volumeMounts }} - {{ tpl (toYaml .Values.volumeMounts | indent 10) . }} - {{- end }} - {{- if .Values.configFile.mount }} - - mountPath: {{ .Values.configFile.mount }} - name: config-file - readOnly: true - {{- end }} - {{- if .Values.persistence.enabled }} - - name: pvc-1 - mountPath: {{ .Values.persistence.mount }} - {{- end }} - {{- if .Values.extraPersistence.enabled }} - - name: pvc-2 - mountPath: {{ .Values.extraPersistence.mount }} - readOnly: {{ .Values.extraPersistence.readOnly }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumes: -{{- if .Values.volumes }} -{{ tpl (toYaml .Values.volumes | indent 8) . }} -{{- end }} - {{- if .Values.configFile.mount }} - - name: config-file - configMap: - defaultMode: 420 - name: {{ include "webapp.fullname" . }}-file - # items: - # - key: {{ .Values.configFile.name }} - # path: {{ .Values.configFile.name }} - {{- end }} - {{- if .Values.persistence.enabled }} - - name: pvc-1 - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "webapp.fullname" .) }} - {{- end }} - {{- if .Values.extraPersistence.enabled }} - - name: pvc-2 - persistentVolumeClaim: - claimName: {{ include "webapp.fullname" . }}-extra - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "web-app.pod" . | nindent 6 -}} {{- end }} {{- end }} diff --git a/charts/web-app/templates/hpa.yaml b/charts/web-app/templates/hpa.yaml index ba6c5e4..420a0dc 100644 --- a/charts/web-app/templates/hpa.yaml +++ b/charts/web-app/templates/hpa.yaml @@ -1,10 +1,10 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} spec: scaleTargetRef: {{- if eq .Values.deployment.kind "DeploymentConfig" }} @@ -13,20 +13,23 @@ spec: apiVersion: apps/v1 {{- end }} kind: {{ .Values.deployment.kind }} - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + # TODO : auto-default it based on env ( prod=50 , dev=85) + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + # type: AverageValue + # averageValue: 500m {{- end }} diff --git a/charts/web-app/templates/image-stream.yaml b/charts/web-app/templates/image-stream.yaml index 4f160a7..64bf645 100755 --- a/charts/web-app/templates/image-stream.yaml +++ b/charts/web-app/templates/image-stream.yaml @@ -2,16 +2,16 @@ apiVersion: image.openshift.io/v1 kind: ImageStream metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} spec: - dockerImageRepository: {{ include "webapp.imageRepo" . }} + dockerImageRepository: {{ include "web-app.imageRepo" . }} tags: - - name: {{ (include "webapp.imageTag" .) | quote }} + - name: {{ .Values.image.tag | quote }} from: kind: DockerImage - name: '{{ include "webapp.imageRepo" . }}:{{ include "webapp.imageTag" . }}' + name: '{{ include "web-app.imageRepo" . }}:{{ .Values.image.tag }}' lookupPolicy: local: false {{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/ingress.yaml b/charts/web-app/templates/ingress.yaml index de7510b..f4ee3f1 100755 --- a/charts/web-app/templates/ingress.yaml +++ b/charts/web-app/templates/ingress.yaml @@ -2,27 +2,25 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "webapp.fullname" $ }} + name: {{ include "web-app.fullname" $ }} {{- with .Values.route.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} spec: rules: - {{- range $index,$host := ( splitList "@" (include "webapp.hosts" . )) }} + {{- range $index,$host := ( splitList "@" (include "web-app.hosts" . )) }} - host: {{ $host }} http: paths: - backend: service: - name: {{ include "webapp.fullname" $ }} + name: {{ include "web-app.fullname" $ }} port: name: tcp-{{ $.Values.port }} pathType: ImplementationSpecific - {{- if $.Values.route.path -}} path: {{ $.Values.route.path }} - {{- end -}} {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/web-app/templates/job.yaml b/charts/web-app/templates/job.yaml new file mode 100755 index 0000000..098acb5 --- /dev/null +++ b/charts/web-app/templates/job.yaml @@ -0,0 +1,19 @@ +{{- if eq (include "web-app.is-job" . ) "true" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "web-app.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- with .Values.job.annotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +spec: + backoffLimit: {{ .Values.job.backoffLimit }} + template: + spec: + {{- include "web-app.pod" . | nindent 6 -}} + +{{ end }} diff --git a/charts/web-app/templates/poddisruptionbudget.yaml b/charts/web-app/templates/poddisruptionbudget.yaml new file mode 100755 index 0000000..062325c --- /dev/null +++ b/charts/web-app/templates/poddisruptionbudget.yaml @@ -0,0 +1,12 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "web-app.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +spec: + minAvailable: {{ .Values.replicaMinAvailable }} + selector: + matchLabels: + {{- include "web-app.selectorLabels" . | nindent 6 }} \ No newline at end of file diff --git a/charts/web-app/templates/pvc-extra.yaml b/charts/web-app/templates/pvc-extra.yaml index a0f2c66..d04d295 100644 --- a/charts/web-app/templates/pvc-extra.yaml +++ b/charts/web-app/templates/pvc-extra.yaml @@ -1,10 +1,13 @@ +{{- if eq (include "web-app.is-statefulset" . ) "false" }} {{ if .Values.extraPersistence.enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ include "webapp.fullname" . }}-extra + name: {{ include "web-app.fullname" . }}-extra labels: - {{- include "webapp.labels" . | nindent 4 }} + storage.{{ .Values.companyDomain }}/class: '{{ default "default" (ternary "default" .Values.extraPersistence.storageClass (eq .Values.extraPersistence.storageClass "-")) }}' + {{- include "web-app.labels" . | nindent 4 }} + # finalizers: # - kubernetes.io/pvc-protection spec: @@ -23,4 +26,5 @@ spec: storageClassName: "{{ .Values.extraPersistence.storageClass }}" {{- end }} {{- end }} -{{ end }} +{{- end }} +{{- end }} diff --git a/charts/web-app/templates/pvc.yaml b/charts/web-app/templates/pvc.yaml index cf47ba4..2dd4c03 100644 --- a/charts/web-app/templates/pvc.yaml +++ b/charts/web-app/templates/pvc.yaml @@ -1,10 +1,12 @@ +{{- if eq (include "web-app.is-statefulset" . ) "false" }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + storage.{{ .Values.companyDomain }}/class: '{{ default "default" (ternary "default" .Values.persistence.storageClass (eq .Values.persistence.storageClass "-")) }}' + {{- include "web-app.labels" . | nindent 4 }} # finalizers: # - kubernetes.io/pvc-protection spec: @@ -24,3 +26,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/rbac/rbac-scc-privileged.yaml b/charts/web-app/templates/rbac/rbac-scc-privileged.yaml new file mode 100755 index 0000000..2a3b8d8 --- /dev/null +++ b/charts/web-app/templates/rbac/rbac-scc-privileged.yaml @@ -0,0 +1,37 @@ +{{ if .Values.serviceAccount.privileged }} +{{ if .Values.serviceAccount.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ printf "privileged-scc-%s" ( include "web-app.fullname" . ) }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ printf "privileged-scc-%s" ( include "web-app.fullname" . ) }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ printf "privileged-scc-%s" ( include "web-app.fullname" . ) }} +subjects: +- kind: ServiceAccount + name: {{ include "web-app.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ else }} +{{- printf "\n serviceAccount.privileged=true requires non-default serviceAccount. Fix it by setting serviceAccount.create=true" | fail -}} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/web-app/templates/rbac/rolebinding-scc-anyuid.yaml b/charts/web-app/templates/rbac/rolebinding-scc-anyuid.yaml new file mode 100755 index 0000000..622bd16 --- /dev/null +++ b/charts/web-app/templates/rbac/rolebinding-scc-anyuid.yaml @@ -0,0 +1,21 @@ +{{ if .Values.serviceAccount.anyuid }} +{{ if .Values.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ printf "anyuid-scc-%s" ( include "web-app.fullname" . ) }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:anyuid +subjects: +- kind: ServiceAccount + name: {{ include "web-app.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ else }} +{{- printf "\n serviceAccount.anyuid=true requires non-default serviceAccount. Fix it by setting serviceAccount.create=true" | fail -}} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/web-app/templates/route.yaml b/charts/web-app/templates/route.yaml index 5bdcce4..f5fca47 100755 --- a/charts/web-app/templates/route.yaml +++ b/charts/web-app/templates/route.yaml @@ -1,20 +1,24 @@ {{- if and .Values.openshift .Values.route.enabled -}} -{{- range $index,$host := ( splitList "@" (include "webapp.hosts" . )) }} +{{- range $index,$host := ( splitList "@" (include "web-app.hosts" . )) }} --- apiVersion: route.openshift.io/v1 kind: Route metadata: {{- if eq $index 0 }} - name: {{ include "webapp.fullname" $ }} + name: {{ include "web-app.fullname" $ }} {{- else }} - name: {{ include "webapp.fullname" $ }}-extra{{ $index }} + name: {{ include "web-app.fullname" $ }}-extra{{ $index }} {{- end }} - {{- with $.Values.route.annotations }} annotations: + {{- if or $.Values.autoscaling.enabled (gt (int $.Values.replicaCount) 1) }} + haproxy.router.openshift.io/balance: roundrobin + haproxy.router.openshift.io/disable_cookies: 'true' + {{- end }} + {{- with $.Values.route.annotations }} {{- toYaml . | nindent 4 }} {{- end }} labels: - {{- include "webapp.labels" $ | nindent 4 }} + {{- include "web-app.labels" $ | nindent 4 }} spec: host: {{ $host }} {{- if and (eq $index 0) $.Values.route.secure }} @@ -25,11 +29,12 @@ spec: tls: termination: {{ $.Values.route.termination }} {{- end }} + path: {{ $.Values.route.path }} port: targetPort: tcp-{{ $.Values.port }} to: kind: Service - name: {{ include "webapp.fullname" $ }} + name: {{ include "web-app.fullname" $ }} weight: 100 wildcardPolicy: None {{- end }} diff --git a/charts/web-app/templates/secret-env-vars-sealed.yaml b/charts/web-app/templates/secret-env-vars-sealed.yaml index 7e830ff..133d2de 100644 --- a/charts/web-app/templates/secret-env-vars-sealed.yaml +++ b/charts/web-app/templates/secret-env-vars-sealed.yaml @@ -2,14 +2,17 @@ apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - name: {{ include "webapp.fullname" $ }}-env-vars-sealed + name: {{ include "web-app.fullname" $ }}-env-vars-sealed {{- if not (eq $.Values.sealScope "strict") }} annotations: sealedsecrets.bitnami.com/{{ $.Values.sealScope }}: "true" sealedsecrets.bitnami.com/scope: {{ $.Values.sealScope }} + {{- if eq (include "web-app.is-job" $ ) "true" }} + {{- toYaml $.Values.job.annotations | nindent 4 }} + {{- end }} {{- end }} labels: - {{- include "webapp.labels" $ | nindent 4 }} + {{- include "web-app.labels" $ | nindent 4 }} spec: encryptedData: {{- range $key, $value:= . }} @@ -24,7 +27,7 @@ spec: sealedsecrets.bitnami.com/scope: {{ $.Values.sealScope }} {{- end }} creationTimestamp: null - name: {{ include "webapp.fullname" $ }}-env-vars-sealed + name: {{ include "web-app.fullname" $ }}-env-vars-sealed {{- if not (eq $.Values.sealScope "cluster-wide") }} namespace: {{ $.Release.Namespace }} {{- end }} diff --git a/charts/web-app/templates/secret-env-vars.yaml b/charts/web-app/templates/secret-env-vars.yaml index 8c156bb..447b465 100755 --- a/charts/web-app/templates/secret-env-vars.yaml +++ b/charts/web-app/templates/secret-env-vars.yaml @@ -2,12 +2,17 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "webapp.fullname" $ }}-env-vars + name: {{ include "web-app.fullname" $ }}-env-vars labels: - {{- include "webapp.labels" $ | nindent 4 }} + {{- include "web-app.labels" $ | nindent 4 }} + {{- if eq (include "web-app.is-job" $ ) "true" }} + annotations: + {{- toYaml $.Values.job.annotations | nindent 4 }} + {{- end }} + data: {{- range $key, $value:= . }} - {{ $key }}: {{ $value | toString | b64enc }} + {{ $key }}: {{ (tpl ($value |toString) $) | b64enc }} {{- end }} {{- end }} diff --git a/charts/web-app/templates/service-headless.yaml b/charts/web-app/templates/service-headless.yaml new file mode 100755 index 0000000..84a8203 --- /dev/null +++ b/charts/web-app/templates/service-headless.yaml @@ -0,0 +1,25 @@ +{{- if eq (include "web-app.is-statefulset" . ) "true" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "web-app.fullname" . }}-headless + labels: + {{- include "web-app.labels" . | nindent 4 }} +spec: + ports: +{{- range $index,$port := ( splitList "@" (include "web-app.ports" . )) }} + - name: tcp-{{ $port }} + port: {{ $port | int }} + protocol: TCP + targetPort: {{ $port | int }} +{{- end }} + + selector: + {{- include "web-app.selectorLabels" . | nindent 4 }} + {{- if eq .Values.deployment.kind "DeploymentConfig" }} + deploymentconfig: {{ include "web-app.fullname" . }} + {{- end }} + sessionAffinity: None + type: ClusterIP + clusterIP: None +{{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/service.yaml b/charts/web-app/templates/service.yaml index 621fd81..1cd7b43 100755 --- a/charts/web-app/templates/service.yaml +++ b/charts/web-app/templates/service.yaml @@ -1,19 +1,24 @@ +{{- if eq (include "web-app.is-job" . ) "false" }} apiVersion: v1 kind: Service metadata: - name: {{ include "webapp.fullname" . }} + name: {{ include "web-app.fullname" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} spec: ports: - - name: tcp-{{ .Values.port }} - port: {{ .Values.port }} +{{- range $index,$port := ( splitList "@" (include "web-app.ports" . )) }} + - name: tcp-{{ $port }} + port: {{ $port | int }} protocol: TCP - targetPort: {{ .Values.port }} + targetPort: {{ $port | int }} +{{- end }} + selector: - {{- include "webapp.selectorLabels" . | nindent 4 }} + {{- include "web-app.selectorLabels" . | nindent 4 }} {{- if eq .Values.deployment.kind "DeploymentConfig" }} - deploymentconfig: {{ include "webapp.fullname" . }} + deploymentconfig: {{ include "web-app.fullname" . }} {{- end }} sessionAffinity: None type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/serviceaccount.yaml b/charts/web-app/templates/serviceaccount.yaml index ecc6021..3042f03 100644 --- a/charts/web-app/templates/serviceaccount.yaml +++ b/charts/web-app/templates/serviceaccount.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "webapp.serviceAccountName" . }} + name: {{ include "web-app.serviceAccountName" . }} labels: - {{- include "webapp.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} + {{- include "web-app.labels" . | nindent 4 }} + {{- if eq (include "web-app.is-job" . ) "true" }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- toYaml .Values.job.annotations | nindent 4 }} + {{- end -}} {{- end }} diff --git a/charts/web-app/templates/statefulset.yaml b/charts/web-app/templates/statefulset.yaml new file mode 100755 index 0000000..c166f2a --- /dev/null +++ b/charts/web-app/templates/statefulset.yaml @@ -0,0 +1,50 @@ +{{- if .Values.deployment.enabled }} +{{- if eq (include "web-app.is-statefulset" . ) "true" }} +apiVersion: "apps/v1" +kind: StatefulSet +metadata: + name: {{ include "web-app.fullname" . }} + labels: + {{- include "web-app.labels" . | nindent 4 }} +spec: + serviceName: {{ include "web-app.fullname" . }}-headless + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + updateStrategy: + type: {{ .Values.rollout.type }} + selector: + matchLabels: + {{- include "web-app.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if .Values.envVars }} + checksum/configenvvars: {{ include (print $.Template.BasePath "/secret-env-vars.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.envVarsSealed }} + checksum/configenvvarssealed: {{ include (print $.Template.BasePath "/secret-env-vars-sealed.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configFile.name }} + checksum/configfile: {{ include (print $.Template.BasePath "/configmap-file.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "web-app.selectorLabels" . | nindent 8 }} + spec: + {{- include "web-app.pod" . | nindent 6 -}} + + {{- if or .Values.volumeClaimTemplates (eq (include "web-app.hasVolumeclaimtemplatesFromPersistence" .) "true") }} + volumeClaimTemplates: + {{- with .Values.volumeClaimTemplates }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if eq (include "web-app.hasVolumeclaimtemplatesFromPersistence" .) "true" }} + {{- include "web-app.volumeclaimtemplatesFromPersistence" . | nindent 4 -}} + {{- end }} + {{- end }} {{/*IF ends */}} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/web-app/templates/tests/test-connection.yaml b/charts/web-app/templates/tests/test-connection.yaml index c65f773..d622c4f 100644 --- a/charts/web-app/templates/tests/test-connection.yaml +++ b/charts/web-app/templates/tests/test-connection.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "webapp.fullname" . }}-test-connection" + name: "{{ include "web-app.fullname" . }}-test-connection" labels: - {{- include "webapp.labels" . | nindent 4 }} + {{- include "web-app.labels" . | nindent 4 }} annotations: "helm.sh/hook": test-success spec: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "webapp.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "web-app.fullname" . }}:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/charts/web-app/values.schema.json b/charts/web-app/values.schema.json deleted file mode 100644 index 671be6d..0000000 --- a/charts/web-app/values.schema.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "affinity": { - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "deployTriggers": { - "type": "object", - "properties": { - "imageStreamChange": { - "type": "boolean" - } - } - }, - "envVars": { - "type": "object" - }, - "existingImageStream": { - "type": "object", - "properties": { - "tag": { - "type": "string" - } - } - }, - "extraPorts": { - "type": "array" - }, - "fullnameOverride": { - "type": "string" - }, - "image": { - "type": "object", - "properties": { - "pullSecret": { - "type": "string" - } - } - }, - "maxDeploymentRevision": { - "type": "integer" - }, - "nameOverride": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "openshift": { - "type": "boolean" - }, - "podAnnotations": { - "type": "object" - }, - "podSecurityContext": { - "type": "object" - }, - "port": { - "type": "integer", - "minimum": 1, - "maximum": 9999 - }, - "replicaCount": { - "type": "integer", - "minimum": 0, - "maximum": 10 - }, - "resources": { - "type": "object" - }, - "rollout": { - "type": "object", - "properties": { - "resources": { - "type": "object" - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "extraHosts": { - "type": "array" - } - } - }, - "securityContext": { - "type": "object" - }, - "service": { - "type": "object", - "properties": { - "port": { - "type": "integer" - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "tolerations": { - "type": "array" - } - } -} diff --git a/charts/web-app/values.yaml b/charts/web-app/values.yaml index e6c50fd..22dedfa 100644 --- a/charts/web-app/values.yaml +++ b/charts/web-app/values.yaml @@ -1,63 +1,97 @@ -# Default values for webapp. +# @param companyDomain - used for labeling resources if required +companyDomain: company.com +# Default values for web-app. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -openshift: false +openshift: true +## @param replicaCount replicaCount: 1 +## @param replicaMinAvailable it's PodDisruptionBudget.spec.minAvailable +## An eviction is allowed if at least "minAvailable" pods selected by +## "selector" will still be available after the eviction, i.e. even in the +## absence of the evicted pod. So for example you can prevent all voluntary +## evictions by specifying "100%". +replicaMinAvailable: 1 +## @section App Image + +## @param image.registry App image registry (i.e. registry.company.lan ) +## @param image.tag App image tag (i.e v1.2.2) +## @param image.pullSecret secret allows the App to be pulled from the registry +## @param image.stream Openshift image stream configuration Instead Of image.repository. Includes 2 fields: name and namespace image: + ## @param image.registry + registry: "" ## tag: latest (check image tag pushed by pipeline service after build) - tag: + tag: "" + ## @param image.repository + ## ## One of two is REQUIRED: either image.repository or image.stream...and NOT both - ## repository: .e.g. my.registry/myproject/myapp - repository: + ## repository: .e.g. registry.company.lan/myproj/myapp + ## it's the full image name , except the tag + ## Useful if the image is outside the internal + ## registry of the OCP cluster (e.g. dev, qa) + ## (check image repo pushed by pipeline service after build) + repository: "" ## pullSecret: if repository is private, use pullSecret + ## defaults to nexus pullSecret: "" ## imagestream - relative to the Cluster where resources will be deployed ## useful if the image is inside the internal ## registry of the OCP cluster (.e.g staging, prod) - ## for example, if the image is availabe in OCP internal registry under - ## this name: "registry.ocp.company.co/ocp-project/myapp:v1.0.0" - ## then: + # stream: # name: myapp - # namespace: myocp-project + # namespace: + # @param image.stream Openshift Image Stream Settings + ## It requires image.registry (i.e. docker-registry.default.svc:5000) stream: - ## imagestream resource name + ## @param image.stream.name imagestream resource name name: - ## namespace like: myocp-project : depends where is your imagestream - ## it defaults to namespace of the RELEASE + ## @param image.stream.namespace + ## namespace like: myproject or openshift : depends where is your imagestream + ## it defaults to namespace of the RELEASE (.Release.Namespace) namespace: - registry: docker-registry.default.svc:5000 -# alternative of entrypoint in docker-compose +## @param command alternative of entrypoint in docker-compose +## command: [] -# alternative of command in docker-compose +## @param args alternative of command in docker-compose args: [] -### more props about deployment ### + + +## @param deployment more props about deployment +## @param deployment.enabled Enable Pod run as Deployment not as cronjob or something else +## @param deployment.kind Kind of Resource running the App : Deployment or DeploymentConfig deployment: enabled: true - ## the kind of deployment : Deployment or DeploymentConfig + ## the kind of deployment : Deployment or DeploymentConfig or Job kind: Deployment mountEnvVars: true + annotations: {} ## about how many replicaset should be kept in the history revisionHistoryLimit: 5 ## triggers for auto rolling-update pods. triggers: imageStreamChange: true -## your app port (container port) +## @param port your app port (container port) # port: 5000 # maybe for python app # port: 3000 # maybe for nodejs, react app,.. so on port: 8080 +## @param extraPorts extra ports +# extraPorts: [1378, 5040] extraPorts: [] -## Assiging public Hostname to your app + +## @param route Assiging public Hostname to your app route: enabled: false - ## domain: dev-apps.elm.sa + ## domain: i.e. cluster.apps.company.lan ## if you specify domain, the chart will automatically calculate ## the subdomain , then the full hostname will be subdomain.domain - domain: + domain: '' ## specify the exact hostname as you want ## without delegating it to the automation - host: + host: '' + path: / extraHosts: [] ## .Values.route.secure ## To enable tls for host, set secure: true @@ -69,13 +103,11 @@ route: termination: edge ## .Values.route.annotations # annotations: - # kubernetes.io/ingress.class: nginx # nginx.ingress.kubernetes.io/rewrite-target: /scm/$1 annotations: {} ## .Values.route.path # path: /(.*) # useful when rewrite-target used - # path: / - path: + path: / #### ## Environment Variables to be populated inside the container of the app @@ -86,15 +118,15 @@ route: envVars: {} #### ## Environment Variables where -## its values has been SEALED with kubeseal: -## https://wiki.elm.sa/display/TAKS/kubeseal +## its values has been SEALED with kubeseal - cluster-wide scope by default: +## Check : https://github.com/bitnami-labs/sealed-secrets # envVarsSealed: # DB_PASS: AgAhm1kcbWFHW...... envVarsSealed: {} ### sealScope: ## One of 3 values: cluster-wide, namespace-wide or strict ### if cluster-wide, you have to kubeseal with --scope cluster-wide.. so on -## More details: https://wiki.elm.sa/display/TAKS/kubeseal +## More details: https://github.com/bitnami-labs/sealed-secrets sealScope: cluster-wide # https://github.com/bitnami-labs/sealed-secrets#scopes sealScopes: @@ -102,6 +134,30 @@ sealScopes: - namespace-wide - strict #### +## Environment Variables Already exist in some configMap or/and secrets +# envFrom: +# - configMapRef: +# name: my-existing-configmap +# - secretRef: +# name: my-existing-secret +#### +envFrom: [] + +##### +## Environment Variables Already in some ocnfigMap or/and Secrets +## But you wanna mount it with different keys. +# - name: SPRING_BUCKET_NAME +# valueFrom: +# configMapKeyRef: +# name: +# key: BUCKET_NAME +# - name: SPRING_S3_ACCESS_KEY +# valueFrom: +# secretKeyRef: +# name: +# key: AWS_ACCESS_KEY_ID +###### +env: [] ### configFile is useful to mount a whole config file ### configFile: name: # application.properties @@ -117,12 +173,16 @@ configFile: mount: # /opt/app serviceAccount: ## Specifies whether a service account should be created - create: false + create: true ## Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" + # @param serviceAccount.anyuid - grant the SCC anyuid for the serviceaccount + anyuid: false + # @param serviceAccount.privileged - use case when securityContext requires capability SYS_CHROOT and runAsUser 0, and runAsGroup 0 + privileged: false podAnnotations: {} @@ -132,19 +192,15 @@ podSecurityContext: {} # runAsUser: 1001 runAsUser: -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - service: type: ClusterIP port: 80 -## livenessProbe ## +## @param startupProbe +### Use case for legacy app which has long startup +startupProbe: {} + +## @param livenessProbe ## ## How to know that your app is alive. If it's not alive, it will keep restarting ## more details: oc explain dc.spec.template.spec.containers.livenessProbe ## If you do want to specify resources, uncomment the following @@ -171,7 +227,7 @@ livenessProbe: {} # tcpSocket: # port: 6379 -## readinessProbe ## +## @param readinessProbe ## ## How to know that your app is READY to receive traffic? ## If it's not ready, endpoint between service/pod will not be created ## then traffic will not be forwarded to the pod @@ -196,12 +252,22 @@ resources: {} # cpu: 100m # memory: 128Mi -## securityContext Pod Level: +## @param securityContext Pod Level +## ## Get fields of this value by running "oc explain dc.spec.template.spec.securityContext" ## If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'securityContext:'. +## securityContext: +## capabilities: +## drop: +## - ALL +## readOnlyRootFilesystem: true +## runAsNonRoot: true +## runAsUser: 1000 securityContext: {} rollout: + # In kind=Statefulset, 2 values available: RollingUpdate or OnDelete + type: RollingUpdate resources: {} # limits: # cpu: 100m @@ -214,8 +280,8 @@ autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 + targetCPUUtilizationPercentage: 70 + targetMemoryUtilizationPercentage: 70 nameOverride: "" fullnameOverride: "" @@ -226,6 +292,7 @@ tolerations: [] affinity: {} + ### Do you requires any data persistence ? ### persistence: enabled: false @@ -233,7 +300,7 @@ persistence: readOnly: false size: 1Gi existingClaim: - accessMode: ReadWriteMany # or ReadWriteOnce + accessMode: ReadWriteOnce # ReadWriteMany ## jenkins data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -250,7 +317,7 @@ extraPersistence: mount: # .e.g /var/lib/redis/data readOnly: false size: 1Gi - accessMode: ReadWriteMany # or ReadWriteOnce + accessMode: ReadWriteOnce # ReadWriteMany ## jenkins data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -261,9 +328,9 @@ extraPersistence: ########### Additional Resources ############ ## initContainers ## it's List / Array -initContainers: +initContainers: [] # - name: env-generator - # image: docker.io/abdennour/dotenv-to-js-object:4ea + # image: abdennour/dotenv-to-js-object:4ea # args: # - --dest=/data # - --env-vars-filter=REACT_APP_ @@ -274,33 +341,89 @@ initContainers: # envFrom: # - secretRef: +### Same Shape as initContainers +containers: [] ## additional volumeMounts ## it's List / Array -volumeMounts: +volumeMounts: [] # - name: data-env # mountPath: /usr/share/nginx/html/config ## additional volumes ## it's list / Array -volumes: +volumes: [] # - name: data-env # emptyDir: {} +## additional volumeClaimTemplates +# volumeClaimTemplates: +# - apiVersion: v1 +# kind: PersistentVolumeClaim +# metadata: +# name: data +# spec: +# accessModes: +# - "ReadWriteOnce" +# resources: +# requests: +# storage: "10Gi" +volumeClaimTemplates: [] + networkPolicy: 3scale: enabled: false namespace: 3scale labels: app: APIcast + +apm: + enabled: false + # java, dotnet, nodejs, python, go, rust, php + runtime: "" + # default to a smart calculation of app name + appName: "" + # One of: OFF, ERROR, CRITICAL, WARN, WARNING, INFO, DEBUG, TRACE + logLevel: INFO # INFO # TRACE + # https://www.elastic.co/guide/en/apm/agent/java/current/config-logging.html + logFile: /dev/stdout # System.out + packages: com.company + # @param apm.imageTag last released image from cloudnative/sidecar-elastic-apm-agent + imageTag: v1.45-afd238e # 1.36.0-9b76405 +apmProvider: + name: elastic + endpoint: http://apm.services + token: user:pass_base64Deoced + supportedRuntimes: + - java + - dotnet + - php + - python + - go + - nodejs + - rust + + +# \@param job Customize the app if it runs as job @param .deployment.kind == Job +job: + restartPolicy: Never # OnFailure + # @param job.backoffLimit - Specifies the number of retries before marking this job failed. + backoffLimit: 0 + # @param job.annotations specify the Job hook ( pre, post, ..etc). Default to Pre Hook + annotations: + argocd.argoproj.io/sync-wave: "0" + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation # HookSucceeded + + cronjob: enabled: false image: - # .i.e: my.registry/myproject/myapp + # .i.e: registry.company.lan/myproject/myapp repository: # .i.e: 1.0.0-er3299 tag: pullPolicy: IfNotPresent - # i.e: nexus-registry-secret - pullSecret: "" + # i.e: nexus + pullSecret: restartPolicy: Always # OnFailure ## command ------------ # command: