diff --git a/helm/xas-standards/.helmignore b/helm/xas-standards/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/xas-standards/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/xas-standards/Chart.yaml b/helm/xas-standards/Chart.yaml new file mode 100644 index 0000000..b60c3df --- /dev/null +++ b/helm/xas-standards/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +name: xas-standards +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the versqion the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependencies: + - name: postgresql + version: "12.4.1" + repository: https://charts.bitnami.com/bitnami + - name: oauth2-proxy + version: "7.5.1" + repository: https://oauth2-proxy.github.io/manifests/ diff --git a/helm/xas-standards/templates/NOTES.txt b/helm/xas-standards/templates/NOTES.txt new file mode 100644 index 0000000..283994f --- /dev/null +++ b/helm/xas-standards/templates/NOTES.txt @@ -0,0 +1 @@ +Xas Standards deploy \ No newline at end of file diff --git a/helm/xas-standards/templates/_helpers.tpl b/helm/xas-standards/templates/_helpers.tpl new file mode 100644 index 0000000..16361be --- /dev/null +++ b/helm/xas-standards/templates/_helpers.tpl @@ -0,0 +1,55 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "xas-standards.name" -}} +{{- default .Values.global.name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "xas-standards.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Values.global.name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{/* +Selector labels +*/}} +{{- define "xas-standards.selectorLabels" -}} +app.kubernetes.io/name: {{ include "xas-standards.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "xas-standards.frontend.selectorLabels" -}} +app.kubernetes.io/name: {{ include "xas-standards.name" . }}-frontend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "xas-standards.backend.selectorLabels" -}} +app.kubernetes.io/name: {{ include "xas-standards.name" . }}-backend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +# {{- define "xas-standards.serviceAccountName" -}} +# {{- if .Values.serviceAccount.create }} +# {{- default (include "xas-standards.fullname" .) .Values.serviceAccount.name }} +# {{- else }} +# {{- default "default" .Values.serviceAccount.name }} +# {{- end }} +# {{- end }} diff --git a/helm/xas-standards/templates/backend_service.yaml b/helm/xas-standards/templates/backend_service.yaml new file mode 100644 index 0000000..7637518 --- /dev/null +++ b/helm/xas-standards/templates/backend_service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "xas-standards.fullname" . }}-backend +spec: + ports: + - name: http + port: {{ .Values.global.backend.port }} + protocol: TCP + targetPort: {{ .Values.backend.service.targetPort }} + selector: + app: {{ include "xas-standards.fullname" . }}-backend-statefulset + type: {{ .Values.backend.service.type }} diff --git a/helm/xas-standards/templates/backend_statefulset.yaml b/helm/xas-standards/templates/backend_statefulset.yaml new file mode 100644 index 0000000..ee3484d --- /dev/null +++ b/helm/xas-standards/templates/backend_statefulset.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "xas-standards.fullname" . }}-backend-statefulset +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "xas-standards.fullname" . }}-backend-statefulset + template: + metadata: + labels: + app: {{ include "xas-standards.fullname" . }}-backend-statefulset + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.global.backend.port }} + protocol: TCP + volumeMounts: + - mountPath: {{ .Values.backend.volumeMounts.mountPath }} + name: {{ .Values.backend.volumeMounts.name }} + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: pguser-password + key: password + - name: POSTGRES_PROT + value: {{ .Values.backend.databaseConfig.protocol }} + - name: POSTGRES_USERNAME + value: {{ .Values.backend.databaseConfig.username }} + - name: POSTGRES_DB_NAME + value: {{ .Values.backend.databaseConfig.dbname }} + - name: POSTGRES_ADDRESS + value: {{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local + - name: POSTGRESURL + value: "$(POSTGRES_PROT)://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_ADDRESS)/$(POSTGRES_DB_NAME)" + - name: OIDC_USER_INFO_ENDPOINT + value: {{ .Values.backend.authConfig.userInfoEndpoint}} + - name: OIDC_ID_KEY + value: {{ .Values.backend.authConfig.idKey}} + - name: PVC_LOCATION + value: {{ .Values.backend.volumeMounts.mountPath }} + + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.backend.persistentVolumeClaim.whenDeleted }} + volumeClaimTemplates: + - metadata: + name: {{ .Values.backend.volumeMounts.name }} + spec: + {{- toYaml .Values.backend.persistentVolumeClaim.spec | nindent 12 }} + # storageClassName: db-nvme-storage diff --git a/helm/xas-standards/templates/configmap.yaml b/helm/xas-standards/templates/configmap.yaml new file mode 100644 index 0000000..ddd7ebd --- /dev/null +++ b/helm/xas-standards/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dbtables-configmap +data: + tables.sql: |- +{{ .Files.Get "tables.sql" | indent 4 }} diff --git a/helm/xas-standards/templates/frontend_deployment.yaml b/helm/xas-standards/templates/frontend_deployment.yaml new file mode 100644 index 0000000..6ab3246 --- /dev/null +++ b/helm/xas-standards/templates/frontend_deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "xas-standards.fullname" . }}-frontend-deployment +spec: + selector: + matchLabels: + app: {{ include "xas-standards.fullname" . }}-frontend-deployment + template: + metadata: + labels: + app: {{ include "xas-standards.fullname" . }}-frontend-deployment + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.global.frontend.port }} + protocol: TCP + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} diff --git a/helm/xas-standards/templates/frontend_service.yaml b/helm/xas-standards/templates/frontend_service.yaml new file mode 100644 index 0000000..68cc349 --- /dev/null +++ b/helm/xas-standards/templates/frontend_service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "xas-standards.fullname" . }}-frontend +spec: + ports: + - name: http + port: {{ .Values.global.frontend.port }} + protocol: TCP + targetPort: {{ .Values.frontend.service.targetPort }} + selector: + app: {{ include "xas-standards.fullname" . }}-frontend-deployment + type: {{ .Values.frontend.service.type }} diff --git a/helm/xas-standards/templates/user_configmap.yaml b/helm/xas-standards/templates/user_configmap.yaml new file mode 100644 index 0000000..cada7d4 --- /dev/null +++ b/helm/xas-standards/templates/user_configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dbpersons-configmap +data: + users.sql: |- +{{ .Files.Get "users.sql" | indent 4 }} diff --git a/helm/xas-standards/values.yaml b/helm/xas-standards/values.yaml new file mode 100644 index 0000000..6414f78 --- /dev/null +++ b/helm/xas-standards/values.yaml @@ -0,0 +1,153 @@ +# Default values for xas-standards. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +#need these to be global for tpl-ing of the oauth2-proxy config +global: + name: xas-standards + frontend: + port: 8081 + backend: + port: 8080 + +postgresql: + image: + debug: true + auth: + existingSecret: postgres-passwords + secretKeys: + adminPasswordKey: password + primary: + service: + type: LoadBalancer + podAntiAffinityPreset: hard + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 2Gi + initdb: + scriptsSecret: postgres-init-script + extraVolumeMounts: + - name: custom-init-scripts-volume + mountPath: /docker-entrypoint-initdb.d/tables + - name: custom-user-scripts-volume + mountPath: /docker-entrypoint-initdb.d/users + extraVolumes: + - name: custom-init-scripts-volume + configMap: + name: dbtables-configmap + - name: custom-user-scripts-volume + configMap: + name: dbpersons-configmap + persistence: + storageClass: db-nvme-storage + size: 50Gi + +replicaCount: 1 + +frontend: + service: + type: ClusterIP + targetPort: 80 + image: + repository: "" + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: latest + resources: + limits: + cpu: "1" + memory: 300M + +backend: + service: + type: ClusterIP + targetPort: 5000 + image: + repository: "" + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: latest + resources: + limits: + cpu: "1" + memory: 300M + volumeMounts: + name: my-pv-volume + mountPath: "/scratch/xas-standards-pretend-pvc" + persistentVolumeClaim: + whenDeleted: Retain + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 1Gi + databaseConfig: + username: xasadmin + dbname: xasstandarddb + protocol: "postgresql+psycopg2" + authConfig: + userInfoEndpoint: "" + idKey: "" + +# alpha +oauth2-proxy: + extraVolumeMounts: + - name: proxy-secret + mountPath: "/etc/alpha" + readOnly: true + extraVolumes: + - name: proxy-secret + secret: + secretName: oidc-secrets + items: + - key: client-secret + path: client-secret + config: + configFile: |- + email_domains = [ "*" ] + skip_auth_routes = ["GET=^/api/standards", "/static","GET=^/api/metadata", "GET=^/api/data", "GET=^/$","GET=^/assets"] + api_routes = ["^/api"] + skip_provider_button = true + ingress: + enabled: true + pathType: Prefix + hostname: "" + hosts: [] + path: / + alphaConfig: + enabled: true + configFile: | + upstreamConfig: + proxyRawPath: true + upstreams: + - id: api + path: /api/ + uri: http://{{ include "xas-standards.fullname" . }}-backend:{{.Values.global.backend.port}} + - id: client + path: / + #rewriteTarget: / + uri: http://{{ include "xas-standards.fullname" . }}-frontend:{{.Values.global.frontend.port}} + configData: + providers: [] + injectRequestHeaders: + - name: Authorization + values: + - claim: access_token + prefix: "Bearer " + - name: x-forwarded-user + values: + - claim: user + - name: x-auth-request-user + values: + - claim: user + injectResponseHeaders: + - name: Identity + values: + - claim: id_token + redis: + enabled: false diff --git a/xas-standards-api/.pre-commit-config.yaml b/xas-standards-api/.pre-commit-config.yaml index 6bbed96..05b93f6 100644 --- a/xas-standards-api/.pre-commit-config.yaml +++ b/xas-standards-api/.pre-commit-config.yaml @@ -4,6 +4,7 @@ repos: hooks: - id: check-added-large-files - id: check-yaml + exclude: ^helm\/.*\/templates\/.*|catalog-info.yaml - id: check-merge-conflict - repo: local diff --git a/xas-standards-api/pyproject.toml b/xas-standards-api/pyproject.toml index 2872910..a69d45b 100644 --- a/xas-standards-api/pyproject.toml +++ b/xas-standards-api/pyproject.toml @@ -28,6 +28,7 @@ requires-python = ">=3.7" [project.optional-dependencies] dev = [ "black", + "httpx", "mypy", "pipdeptree", "pre-commit",