From 4348e392969fee91990636cc66f2469fde97862d Mon Sep 17 00:00:00 2001 From: Lalith Kota Date: Mon, 24 Jun 2024 20:25:19 +0530 Subject: [PATCH] Helm Charts Reorganized: Corrected Hostnames client ids secrets and dependency default enables Signed-off-by: Lalith Kota --- .github/workflows/push_trigger.yml | 2 +- charts/openg2p-pbms-p2/questions.yaml | 40 ++-- .../templates/superset/gateway.yaml | 4 +- .../templates/superset/virtualservice.yaml | 4 +- charts/openg2p-pbms-p2/values.yaml | 50 ++--- charts/openg2p-pbms/Chart.yaml | 3 +- charts/openg2p-pbms/questions.yaml | 208 +++++++++++------- charts/openg2p-pbms/templates/gateway.yaml | 4 +- .../logging/opensearch/configmap.yaml | 23 ++ .../templates/logging/opensearch/gateway.yaml | 38 ++++ .../templates/logging/opensearch/output.yaml | 22 ++ .../logging/opensearch/virtualservice.yaml | 28 +++ .../openg2p-pbms/templates/minio/gateway.yaml | 6 +- .../templates/minio/virtualservice.yaml | 8 +- .../templates/opensearch/configmap.yaml | 23 -- .../templates/opensearch/gateway.yaml | 38 ---- .../templates/opensearch/output.yaml | 22 -- .../templates/opensearch/virtualservice.yaml | 28 --- .../templates/postgresql/gateway.yaml | 2 +- .../templates/postgresql/virtualservice.yaml | 2 +- .../templates/selfservice-gateway.yaml | 4 +- .../templates/selfservice-virtualservice.yaml | 6 +- .../templates/serviceprovider-gateway.yaml | 4 +- .../serviceprovider-virtualservice.yaml | 6 +- .../templates/virtualservice.yaml | 8 +- charts/openg2p-pbms/values.yaml | 110 ++++----- 26 files changed, 378 insertions(+), 315 deletions(-) create mode 100644 charts/openg2p-pbms/templates/logging/opensearch/configmap.yaml create mode 100644 charts/openg2p-pbms/templates/logging/opensearch/gateway.yaml create mode 100644 charts/openg2p-pbms/templates/logging/opensearch/output.yaml create mode 100644 charts/openg2p-pbms/templates/logging/opensearch/virtualservice.yaml delete mode 100644 charts/openg2p-pbms/templates/opensearch/configmap.yaml delete mode 100644 charts/openg2p-pbms/templates/opensearch/gateway.yaml delete mode 100644 charts/openg2p-pbms/templates/opensearch/output.yaml delete mode 100644 charts/openg2p-pbms/templates/opensearch/virtualservice.yaml diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index a31c889..2bf5b4a 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -96,7 +96,7 @@ jobs: done helm repo index --url https://openg2p.github.io/openg2p-helm/ --merge rancher/index.yaml rancher for chartname in $RANCHER_CHARTS; do - rm rancher/${chartname}*.tgz + rm rancher/${chartname}*.tgz || true done if: env.SKIP != 'TRUE' diff --git a/charts/openg2p-pbms-p2/questions.yaml b/charts/openg2p-pbms-p2/questions.yaml index 67490b2..bddc10d 100644 --- a/charts/openg2p-pbms-p2/questions.yaml +++ b/charts/openg2p-pbms-p2/questions.yaml @@ -3,29 +3,21 @@ questions: description: Keycloak Base Url used in all components type: string label: Keycloak Base URL + group: General Settings +# Superset Settings - variable: superset.enabled description: This installs Superset for reporting type: boolean label: Install Superset? + group: Superset Settings -- variable: esignet.enabled - description: This installs eSignet for mocking user authentication - type: boolean - label: Install eSignet? - -- variable: esignet.mock-identity-system.enabled - description: This installs Mock Identity System with eSignet - type: boolean - label: Install Mock Identity System? - show_if: "esignet.enabled=true" - -# Superset Settings -- variable: global.supersetHostname +- variable: superset.hostname description: Hostname for Superset Dashboards type: string label: Superset Hostname group: Superset Settings + show_if: "superset.enabled=true" - variable: superset.oidcClientId description: OIDC Client ID for Superset login @@ -49,11 +41,18 @@ questions: show_if: "superset.enabled=true" # eSignet -- variable: global.esignetHostname +- variable: esignet.enabled + description: This installs eSignet for mocking user authentication + type: boolean + label: Install eSignet? + group: eSignet Settings + +- variable: esignet.hostname description: Hostname under which eSignet should be accessible type: string label: eSignet Hostname group: eSignet Settings + show_if: "esignet.enabled=true" - variable: esignet.springConfig.profile type: string @@ -119,6 +118,19 @@ questions: show_if: "esignet.enabled=true&&esignet.springConfig.gitRepo.enabled=false" # Mock Identity Settings +- variable: esignet.mock-identity-system.enabled + description: This installs Mock Identity System with eSignet + type: boolean + label: Install Mock Identity System? + show_if: "esignet.enabled=true" + +- variable: esignet.mock-identity-system.hostname + description: Hostname under which Mock Identity System should be accessible + type: string + label: Mock Identity System Hostname + group: Mock Identity System Settings + show_if: "esignet.enabled=true&&esignet.mock-identity-system.enabled=true" + - variable: esignet.mock-identity-system.springConfig.profile type: string label: Spring Config Profile diff --git a/charts/openg2p-pbms-p2/templates/superset/gateway.yaml b/charts/openg2p-pbms-p2/templates/superset/gateway.yaml index e4ec4d7..d535802 100644 --- a/charts/openg2p-pbms-p2/templates/superset/gateway.yaml +++ b/charts/openg2p-pbms-p2/templates/superset/gateway.yaml @@ -22,7 +22,7 @@ spec: number: 8080 protocol: HTTP2 hosts: - - {{ default .Values.global.supersetHostname .Values.superset.istio.gateway.host | quote }} + - {{ default .Values.superset.hostname .Values.superset.istio.gateway.host | quote }} {{- if .Values.superset.istio.gateway.httpTlsRedirect }} tls: httpsRedirect: true @@ -34,7 +34,7 @@ spec: number: 8443 protocol: HTTPS hosts: - - {{ default .Values.global.supersetHostname .Values.superset.istio.gateway.host | quote }} + - {{ default .Values.superset.hostname .Values.superset.istio.gateway.host | quote }} tls: {{ toYaml (omit .Values.superset.istio.gateway.tls "enabled") | nindent 6 }} {{- end }} diff --git a/charts/openg2p-pbms-p2/templates/superset/virtualservice.yaml b/charts/openg2p-pbms-p2/templates/superset/virtualservice.yaml index 7ab1c89..86b2d60 100644 --- a/charts/openg2p-pbms-p2/templates/superset/virtualservice.yaml +++ b/charts/openg2p-pbms-p2/templates/superset/virtualservice.yaml @@ -14,14 +14,14 @@ metadata: {{- end }} spec: hosts: - - {{ default .Values.global.supersetHostname .Values.superset.istio.virtualservice.host | quote }} + - {{ default .Values.superset.hostname .Values.superset.istio.virtualservice.host | quote }} gateways: - {{ default (include "common.names.fullname" .Subcharts.superset) .Values.superset.istio.virtualservice.gateway }} http: - headers: request: set: - x-forwarded-host: {{ default .Values.global.supersetHostname .Values.superset.istio.virtualservice.host | quote }} + x-forwarded-host: {{ default .Values.superset.hostname .Values.superset.istio.virtualservice.host | quote }} x-forwarded-proto: https route: - destination: diff --git a/charts/openg2p-pbms-p2/values.yaml b/charts/openg2p-pbms-p2/values.yaml index 39ecc7d..08769f2 100644 --- a/charts/openg2p-pbms-p2/values.yaml +++ b/charts/openg2p-pbms-p2/values.yaml @@ -1,35 +1,12 @@ global: - supersetHostname: superset.openg2p.sandbox.net - esignetHostname: esignet.openg2p.sandbox.net - keycloakBaseUrl: https://keycloak.openg2p.sandbox.net keycloakIssuerUrl: '{{ tpl .Values.global.keycloakBaseUrl $ }}/realms/master' nameOverride: openg2p-pbms -# TODO: Doing this since postgres and redis charts inside superset are old. -supersetPostgresql: - nameOverride: superset-postgresql - auth: - username: superset - password: superset - database: superset - primary: - extendedConfiguration: |- - wal_level = logical - max_wal_senders = 20 - max_replication_slots = 10 -supersetRedis: - nameOverride: superset-redis - architecture: standalone - auth: - enabled: false - master: - persistence: - enabled: false - superset: - enabled: false + enabled: true + hostname: superset-pbms.openg2p.sandbox.net oidcIssuerUrl: '{{ tpl .Values.global.keycloakIssuerUrl $ }}' oidcClientId: openg2p-pbms-superset @@ -136,8 +113,31 @@ superset: mode: SIMPLE credentialName: "" +# TODO: Doing this since postgres and redis charts inside superset are old. +supersetPostgresql: + nameOverride: superset-postgresql + auth: + username: superset + password: superset + database: superset + primary: + extendedConfiguration: |- + wal_level = logical + max_wal_senders = 20 + max_replication_slots = 10 +supersetRedis: + nameOverride: superset-redis + architecture: standalone + auth: + enabled: false + master: + persistence: + enabled: false + esignet: enabled: false + hostname: esignet-pbms.openg2p.sandbox.net + captchaEnabled: false envVars: esignet_captcha_site_key: '' diff --git a/charts/openg2p-pbms/Chart.yaml b/charts/openg2p-pbms/Chart.yaml index 58c9c43..437d86d 100644 --- a/charts/openg2p-pbms/Chart.yaml +++ b/charts/openg2p-pbms/Chart.yaml @@ -21,9 +21,10 @@ dependencies: repository: https://openg2p.github.io/openg2p-helm condition: odk-central.enabled - name: opensearch + alias: loggingOpensearch version: 1.2.0 repository: oci://registry-1.docker.io/bitnamicharts - condition: opensearch.enabled + condition: loggingOpensearch.enabled - name: keymanager version: 12.0.1 repository: https://openg2p.github.io/openg2p-helm diff --git a/charts/openg2p-pbms/questions.yaml b/charts/openg2p-pbms/questions.yaml index 7fab1f3..abc6d03 100644 --- a/charts/openg2p-pbms/questions.yaml +++ b/charts/openg2p-pbms/questions.yaml @@ -1,99 +1,69 @@ questions: -- variable: global.pbmsHostname - description: Hostname to access OpenG2P PBMS +- variable: hostname + description: Hostname to access PBMS type: string label: Hostname + group: General Settings -- variable: global.pbmsSelfServiceHostname +- variable: selfServiceHostname description: Hostname to access OpenG2P PBMS Self Service Portal type: string label: Self Service Portal Hostname + group: General Settings -- variable: global.pbmsServiceProviderHostname +- variable: serviceProviderHostname description: Hostname to access OpenG2P PBMS Service Provider Portal type: string label: Service Provider Portal Hostname + group: General Settings - variable: global.keycloakBaseUrl description: Keycloak Base Url used in all components type: string label: Keycloak Base URL + group: General Settings -- variable: mail.enabled - description: This installs Mail server for relaying SMTP requests to preferred backend. - type: boolean - label: Install Mail SMTP Server? - -- variable: odk-central.enabled - description: This installs ODK Central. - type: boolean - label: Install ODK Central? - -- variable: minio.enabled - description: This installs Minio for document store. - type: boolean - label: Install Minio? - -- variable: opensearch.enabled - description: This installs OpenSearch for logging and reporting - type: boolean - label: Install OpenSearch? - -- variable: keymanager.enabled - description: This installs Keymanager for managing Keys for Encrpytion and Signatures - type: boolean - label: Install Keymanager? - -- variable: reporting.enabled - description: This installs Reporting Framework for that stream DB data to OpenSearch for Dashboards - type: boolean - label: Install Reporting Framework? - -- variable: reporting-init.enabled - description: This initializes Reporting Connectors for PBMS - type: boolean - label: Initialize Reporting Connectors (reporting-init)? - -- variable: loggingFlow.enabled - description: This will allow Fluentd to capture logs into OpenSearch. - type: boolean - label: Fluentd Logs Flow? - -- variable: global.pbmsAuthClientId +- variable: odoo.oidcClientId description: OIDC Client ID for PBMS type: string label: OIDC Client ID + group: General Settings -- variable: global.pbmsAuthClientSecret +- variable: odoo.oidcClientSecret description: OIDC Client Secret for PBMS type: string label: OIDC Client Secret + group: General Settings # Mail Settings -- variable: global.pbmsMailInstallationName - description: |- - Edit this only if you want to reuse existing Mail Server Installation. - Else enable Mail Server Installation from "Questions". - type: reference_service - label: Existing Mail Server Installation Name +- variable: mail.enabled + description: This installs Mail server for relaying SMTP requests to preferred backend. + type: boolean + label: Install Mail SMTP Server? group: Mail Settings - show_if: "mail.enabled=false" # ODK Central Settings -- variable: global.odkHostname +- variable: odk-central.enabled + description: This installs ODK Central. + type: boolean + label: Install ODK Central? + group: ODK Central Settings + +- variable: odk-central.hostname description: Hostname for ODK Central type: string label: ODK Central Hostname group: ODK Central Settings + show_if: "odk-central.enabled=true" -- variable: odk-central.odk-central-backend.envVars.OIDC_CLIENT_ID +- variable: odk-central.backend.envVars.OIDC_CLIENT_ID description: OIDC Client ID for ODK Central login type: string label: OIDC Client ID group: ODK Central Settings show_if: "odk-central.enabled=true" -- variable: odk-central.odk-central-backend.envVars.OIDC_CLIENT_SECRET +- variable: odk-central.backend.envVars.OIDC_CLIENT_SECRET description: OIDC Client Secret for ODK Central login type: string label: OIDC Client Secret @@ -101,7 +71,13 @@ questions: show_if: "odk-central.enabled=true" # Minio Settings -- variable: global.minioHostname +- variable: minio.enabled + description: This installs Minio for document store. + type: boolean + label: Install Minio? + group: Minio Settings + +- variable: minio.hostname description: Hostname for Minio Console type: string label: Minio Console Hostname @@ -122,45 +98,65 @@ questions: group: Minio Settings show_if: "minio.enabled=true" -# OpenSearch Settings -- variable: global.pbmsOpensearchInstallationName +# Logging Settings +- variable: loggingFlow.enabled + description: This will allow Fluentd to capture logs into OpenSearch. + type: boolean + label: Enable logs capture? + group: Logging Settings + +- variable: loggingOpensearch.enabled + description: This installs OpenSearch for logging + type: boolean + label: Install OpenSearch? + group: Logging Settings + # show_if: "loggingFlow.enabled=true" + +- variable: loggingFlow.opensearchInstallationName description: |- Edit this only if you want to reuse existing OpenSearch Installation. - Else enable OpenSearch Installation from "Questions". + Else enable OpenSearch Installation from "General Settings". type: reference_service label: Existing OpenSearch Installation Name - group: OpenSearch Settings - show_if: "opensearch.enabled=false" + group: Logging Settings + show_if: "loggingOpensearch.enabled=false&&loggingFlow.enabled=true" -- variable: global.opensearchHostname +- variable: loggingOpensearch.hostname description: Hostname for OpenSearch Dashboards type: string label: OpenSearch Dashboards Hostname - group: OpenSearch Settings + group: Logging Settings + show_if: "loggingOpensearch.enabled=true&&loggingFlow.enabled=true" -- variable: opensearch.oidcClientId +- variable: loggingOpensearch.oidcClientId description: OIDC Client ID for OpenSearch login type: string label: OIDC Client ID - group: OpenSearch Settings - show_if: "opensearch.enabled=true" + group: Logging Settings + show_if: "loggingOpensearch.enabled=true&&loggingFlow.enabled=true" -- variable: opensearch.oidcClientSecret +- variable: loggingOpensearch.oidcClientSecret description: OIDC Client Secret for OpenSearch login type: string label: OIDC Client Secret - group: OpenSearch Settings - show_if: "opensearch.enabled=true" + group: Logging Settings + show_if: "loggingOpensearch.enabled=true&&loggingFlow.enabled=true" -- variable: opensearch.loggingOutput.enabled +- variable: loggingOpensearch.loggingOutput.enabled description: This will allow Fluentd to send logs into this OpenSearch. type: boolean label: Fluentd Logs Output? - group: OpenSearch Settings - show_if: "opensearch.enabled=true" + group: Logging Settings + show_if: "loggingOpensearch.enabled=true&&loggingFlow.enabled=true" # Keymanager -- variable: global.pbmsKeymanagerInstallationName +- variable: keymanager.enabled + description: This installs Keymanager for managing Keys for Encrpytion and Signatures + type: boolean + label: Install Keymanager? + group: Keymanager Settings + +- variable: odoo.keymanagerInstallationName description: |- Edit this only if you want to reuse existing Keymanager Installation. Else enable Keymanager Installation from "General Settings". @@ -169,11 +165,12 @@ questions: group: Keymanager Settings show_if: "keymanager.enabled=false" -- variable: global.keymanagerHostname +- variable: keymanager.hostname description: Hostname under which Keymanager should be accessible type: string label: Keymanager Hostname group: Keymanager Settings + show_if: "keymanager.enabled=true" - variable: keymanager.springConfig.profile type: string @@ -224,11 +221,23 @@ questions: Do not edit this parameter unless required. type: string label: Allowed Keycloak Client IDs. - group: Keymanager Advanced Settings + group: Keymanager Settings show_if: "keymanager.enabled=true" # Reporting -- variable: global.reportingInstallationName +- variable: reporting.enabled + description: This installs Reporting Framework for that stream DB data to OpenSearch for Dashboards + type: boolean + label: Install Reporting Framework? + group: Reporting Settings + +- variable: reporting-init.enabled + description: This initializes Reporting Connectors for PBMS + type: boolean + label: Initialize Reporting Connectors (reporting-init)? + group: Reporting Settings + +- variable: reporting-init.reportingInstallationName description: |- If reporting is disabled with this installation, and if an installation of reporting already exists, give the name of existing installation here. @@ -237,6 +246,7 @@ questions: group: Reporting Settings show_if: "reporting.enabled=false&&reporting-init.enabled=true" +# Reporting Kafka - variable: reporting.kafka.enabled description: This installs Kafka along with the current reporting type: boolean @@ -251,8 +261,7 @@ questions: group: Reporting Settings show_if: "reporting.enabled=true&&reporting.kafka.enabled=true" -# Reporting Kafka -- variable: global.reportingKafkaHostname +- variable: reporting.kafkaUi.hostname description: Hostname with which Kafka UI should be accessible type: string label: Kafka UI Hostname @@ -273,11 +282,48 @@ questions: group: Reporting Settings show_if: "reporting.enabled=true&&reporting.kafka.enabled=true&&reporting.kafkaUi.enabled=true" +- variable: reporting.opensearch.enabled + description: This installs OpenSearch for reporting + type: boolean + label: Install OpenSearch? + group: Reporting Settings + show_if: "reporting.enabled=true" + +- variable: reporting-init.opensearchInstallationName + description: |- + Edit this only if you want to reuse existing OpenSearch Installation. + Else enable OpenSearch Installation. + type: reference_service + label: Existing OpenSearch Installation Name + group: Reporting Settings + show_if: "reporting.opensearch.enabled=false&&reporting.enabled=true" + +- variable: reporting.opensearch.hostname + description: Hostname for OpenSearch Dashboards + type: string + label: OpenSearch Dashboards Hostname + group: Reporting Settings + show_if: "reporting.opensearch.enabled=true&&reporting.enabled=true" + +- variable: reporting.opensearch.oidcClientId + description: OIDC Client ID for OpenSearch login + type: string + label: OpenSearch OIDC Client ID + group: Reporting Settings + show_if: "reporting.opensearch.enabled=true&&reporting.enabled=true" + +- variable: reporting.opensearch.oidcClientSecret + description: OIDC Client Secret for OpenSearch login + type: string + label: OpenSearch OIDC Client Secret + group: Reporting Settings + show_if: "reporting.opensearch.enabled=true&&reporting.enabled=true" + # Reporting Init - variable: reporting-init.gitConfig.enabled - description: This enables downloading connectors and other configuration from Git. + description: This enables downloading connectors and other Reporting-init configuration from Git. type: boolean - label: Download config from Git? + label: Download reporting-init config from Git? group: Reporting Settings show_if: "reporting-init.enabled=true" diff --git a/charts/openg2p-pbms/templates/gateway.yaml b/charts/openg2p-pbms/templates/gateway.yaml index a63ee89..c81118f 100644 --- a/charts/openg2p-pbms/templates/gateway.yaml +++ b/charts/openg2p-pbms/templates/gateway.yaml @@ -16,7 +16,7 @@ spec: number: 8080 protocol: HTTP2 hosts: - - {{ default .Values.global.pbmsHostname .Values.istio.gateway.host | quote }} + - {{ default .Values.hostname .Values.istio.gateway.host | quote }} {{- if .Values.istio.gateway.httpTlsRedirect }} tls: httpsRedirect: true @@ -28,7 +28,7 @@ spec: number: 8443 protocol: HTTPS hosts: - - {{ default .Values.global.pbmsHostname .Values.istio.gateway.host | quote }} + - {{ default .Values.hostname .Values.istio.gateway.host | quote }} tls: {{ toYaml (omit .Values.istio.gateway.tls "enabled") | nindent 6 }} {{- end }} diff --git a/charts/openg2p-pbms/templates/logging/opensearch/configmap.yaml b/charts/openg2p-pbms/templates/logging/opensearch/configmap.yaml new file mode 100644 index 0000000..71acdf6 --- /dev/null +++ b/charts/openg2p-pbms/templates/logging/opensearch/configmap.yaml @@ -0,0 +1,23 @@ +{{- if .Values.loggingOpensearch.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" .Subcharts.loggingOpensearch }}-custom-config + labels: {{ include "common.labels.standard" (dict "customLabels" .Values.loggingOpensearch.commonLabels "context" $) | nindent 4 }} + {{- if .Values.loggingOpensearch.commonAnnotations }} + annotations: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +data: + {{- if .Values.loggingOpensearch.security.enabled }} + {{- if .Values.loggingOpensearch.security.extraConfig }} + opensearch-security-config.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.security.extraConfig "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.loggingOpensearch.dashboards.enabled }} + {{- if .Values.loggingOpensearch.dashboards.extraConfig }} + opensearch_dashboards.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.dashboards.extraConfig "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openg2p-pbms/templates/logging/opensearch/gateway.yaml b/charts/openg2p-pbms/templates/logging/opensearch/gateway.yaml new file mode 100644 index 0000000..4da8f81 --- /dev/null +++ b/charts/openg2p-pbms/templates/logging/opensearch/gateway.yaml @@ -0,0 +1,38 @@ +{{- if .Values.loggingOpensearch.enabled }} +{{- if .Values.loggingOpensearch.istio.enabled }} +{{- if .Values.loggingOpensearch.istio.gateway.enabled }} +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "common.names.fullname" .Subcharts.loggingOpensearch }} + labels: + {{- include "pbms.labels" . | nindent 4 }} +spec: + selector: + {{ toYaml .Values.loggingOpensearch.istio.gateway.ingressController | nindent 4 }} + servers: + {{- if .Values.loggingOpensearch.istio.gateway.httpEnabled }} + - port: + name: http2 + number: 8080 + protocol: HTTP2 + hosts: + - {{ default .Values.loggingOpensearch.hostname .Values.loggingOpensearch.istio.gateway.host | quote }} + {{- if .Values.loggingOpensearch.istio.gateway.httpTlsRedirect }} + tls: + httpsRedirect: true + {{- end }} + {{- end }} + {{- if .Values.loggingOpensearch.istio.gateway.httpsEnabled }} + - port: + name: https + number: 8443 + protocol: HTTPS + hosts: + - {{ default .Values.loggingOpensearch.hostname .Values.loggingOpensearch.istio.gateway.host | quote }} + tls: + {{ toYaml (omit .Values.loggingOpensearch.istio.gateway.tls "enabled") | nindent 6 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/openg2p-pbms/templates/logging/opensearch/output.yaml b/charts/openg2p-pbms/templates/logging/opensearch/output.yaml new file mode 100644 index 0000000..6e070be --- /dev/null +++ b/charts/openg2p-pbms/templates/logging/opensearch/output.yaml @@ -0,0 +1,22 @@ +{{- if .Values.loggingOpensearch.enabled }} +{{- if .Values.loggingOpensearch.loggingOutput.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Output +metadata: + name: {{ include "common.names.fullname" .Subcharts.loggingOpensearch }} +spec: + {{ .Values.loggingOpensearch.loggingOutput.type }}: + scheme: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.scheme "context" $) }} + host: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.host "context" $) }} + port: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.port "context" $) }} + user: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.user "context" $) }} + password: + valueFrom: + secretKeyRef: + key: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.passwordFrom.secretKeyRef.key "context" $) }} + name: {{ include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.passwordFrom.secretKeyRef.name "context" $) }} + {{- if .Values.loggingOpensearch.loggingOutput.extraConfig }} + {{- include "common.tplvalues.render" (dict "value" .Values.loggingOpensearch.loggingOutput.extraConfig "context" $) | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/openg2p-pbms/templates/logging/opensearch/virtualservice.yaml b/charts/openg2p-pbms/templates/logging/opensearch/virtualservice.yaml new file mode 100644 index 0000000..30ea265 --- /dev/null +++ b/charts/openg2p-pbms/templates/logging/opensearch/virtualservice.yaml @@ -0,0 +1,28 @@ +{{- if .Values.loggingOpensearch.enabled }} +{{- if .Values.loggingOpensearch.istio.enabled }} +{{- if .Values.loggingOpensearch.istio.virtualservice.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ include "common.names.fullname" .Subcharts.loggingOpensearch }} + labels: + {{- include "pbms.labels" . | nindent 4 }} +spec: + hosts: + - {{ default .Values.loggingOpensearch.hostname .Values.loggingOpensearch.istio.virtualservice.host | quote }} + gateways: + - {{ default (include "common.names.fullname" .Subcharts.loggingOpensearch) .Values.loggingOpensearch.istio.virtualservice.gateway }} + http: + - headers: + request: + set: + x-forwarded-host: {{ default .Values.loggingOpensearch.hostname .Values.loggingOpensearch.istio.virtualservice.host | quote }} + x-forwarded-proto: https + route: + - destination: + host: {{ tpl .Values.loggingOpensearch.istio.virtualservice.destination $ }} + port: + number: {{ tpl .Values.loggingOpensearch.istio.virtualservice.destinationPort $ }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/openg2p-pbms/templates/minio/gateway.yaml b/charts/openg2p-pbms/templates/minio/gateway.yaml index e89f77b..0b594dd 100644 --- a/charts/openg2p-pbms/templates/minio/gateway.yaml +++ b/charts/openg2p-pbms/templates/minio/gateway.yaml @@ -4,7 +4,7 @@ apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: - name: {{ .Release.Name }}-minio + name: {{ include "common.names.fullname" .Subcharts.minio }} labels: {{- include "pbms.labels" . | nindent 4 }} spec: @@ -17,7 +17,7 @@ spec: number: 8080 protocol: HTTP2 hosts: - - {{ default .Values.global.minioHostname .Values.minio.istio.gateway.host | quote }} + - {{ default .Values.minio.hostname .Values.minio.istio.gateway.host | quote }} {{- if .Values.minio.istio.gateway.httpTlsRedirect }} tls: httpsRedirect: true @@ -29,7 +29,7 @@ spec: number: 8443 protocol: HTTPS hosts: - - {{ default .Values.global.minioHostname .Values.minio.istio.gateway.host | quote }} + - {{ default .Values.minio.hostname .Values.minio.istio.gateway.host | quote }} tls: {{ toYaml (omit .Values.minio.istio.gateway.tls "enabled") | nindent 6 }} {{- end }} diff --git a/charts/openg2p-pbms/templates/minio/virtualservice.yaml b/charts/openg2p-pbms/templates/minio/virtualservice.yaml index b4f3bda..cd0a9de 100644 --- a/charts/openg2p-pbms/templates/minio/virtualservice.yaml +++ b/charts/openg2p-pbms/templates/minio/virtualservice.yaml @@ -4,19 +4,19 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: {{ .Release.Name }}-minio + name: {{ include "common.names.fullname" .Subcharts.minio }} labels: {{- include "pbms.labels" . | nindent 4 }} spec: hosts: - - {{ default .Values.global.minioHostname .Values.minio.istio.virtualservice.host | quote }} + - {{ default .Values.minio.hostname .Values.minio.istio.virtualservice.host | quote }} gateways: - - {{ default (include "pbms.fullname" .) .Values.minio.istio.virtualservice.gateway }} + - {{ default (include "common.names.fullname" .Subcharts.minio) .Values.minio.istio.virtualservice.gateway }} http: - headers: request: set: - x-forwarded-host: {{ default .Values.global.minioHostname .Values.minio.istio.virtualservice.host | quote }} + x-forwarded-host: {{ default .Values.minio.hostname .Values.minio.istio.virtualservice.host | quote }} x-forwarded-proto: https route: - destination: diff --git a/charts/openg2p-pbms/templates/opensearch/configmap.yaml b/charts/openg2p-pbms/templates/opensearch/configmap.yaml deleted file mode 100644 index a87dad9..0000000 --- a/charts/openg2p-pbms/templates/opensearch/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.opensearch.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" .Subcharts.opensearch }}-custom-config - labels: {{ include "common.labels.standard" (dict "customLabels" .Values.opensearch.commonLabels "context" $) | nindent 4 }} - {{- if .Values.opensearch.commonAnnotations }} - annotations: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.commonAnnotations "context" $) | nindent 4 }} - {{- end }} -data: - {{- if .Values.opensearch.security.enabled }} - {{- if .Values.opensearch.security.extraConfig }} - opensearch-security-config.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.opensearch.security.extraConfig "context" $) | nindent 4 }} - {{- end }} - {{- end }} - {{- if .Values.opensearch.dashboards.enabled }} - {{- if .Values.opensearch.dashboards.extraConfig }} - opensearch_dashboards.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.opensearch.dashboards.extraConfig "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/openg2p-pbms/templates/opensearch/gateway.yaml b/charts/openg2p-pbms/templates/opensearch/gateway.yaml deleted file mode 100644 index 375371c..0000000 --- a/charts/openg2p-pbms/templates/opensearch/gateway.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.opensearch.enabled }} -{{- if .Values.opensearch.istio.enabled }} -{{- if .Values.opensearch.istio.gateway.enabled }} -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: {{ include "common.names.fullname" .Subcharts.opensearch }} - labels: - {{- include "pbms.labels" . | nindent 4 }} -spec: - selector: - {{ toYaml .Values.opensearch.istio.gateway.ingressController | nindent 4 }} - servers: - {{- if .Values.opensearch.istio.gateway.httpEnabled }} - - port: - name: http2 - number: 8080 - protocol: HTTP2 - hosts: - - {{ default .Values.global.opensearchHostname .Values.opensearch.istio.gateway.host | quote }} - {{- if .Values.opensearch.istio.gateway.httpTlsRedirect }} - tls: - httpsRedirect: true - {{- end }} - {{- end }} - {{- if .Values.opensearch.istio.gateway.httpsEnabled }} - - port: - name: https - number: 8443 - protocol: HTTPS - hosts: - - {{ default .Values.global.opensearchHostname .Values.opensearch.istio.gateway.host | quote }} - tls: - {{ toYaml (omit .Values.opensearch.istio.gateway.tls "enabled") | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/openg2p-pbms/templates/opensearch/output.yaml b/charts/openg2p-pbms/templates/opensearch/output.yaml deleted file mode 100644 index edcd675..0000000 --- a/charts/openg2p-pbms/templates/opensearch/output.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.opensearch.enabled }} -{{- if .Values.opensearch.loggingOutput.enabled }} -apiVersion: logging.banzaicloud.io/v1beta1 -kind: Output -metadata: - name: {{ include "common.names.fullname" .Subcharts.opensearch }} -spec: - {{ .Values.opensearch.loggingOutput.type }}: - scheme: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.scheme "context" $) }} - host: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.host "context" $) }} - port: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.port "context" $) }} - user: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.user "context" $) }} - password: - valueFrom: - secretKeyRef: - key: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.passwordFrom.secretKeyRef.key "context" $) }} - name: {{ include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.passwordFrom.secretKeyRef.name "context" $) }} - {{- if .Values.opensearch.loggingOutput.extraConfig }} - {{- include "common.tplvalues.render" (dict "value" .Values.opensearch.loggingOutput.extraConfig "context" $) | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/openg2p-pbms/templates/opensearch/virtualservice.yaml b/charts/openg2p-pbms/templates/opensearch/virtualservice.yaml deleted file mode 100644 index 87bb241..0000000 --- a/charts/openg2p-pbms/templates/opensearch/virtualservice.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.opensearch.enabled }} -{{- if .Values.opensearch.istio.enabled }} -{{- if .Values.opensearch.istio.virtualservice.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ include "common.names.fullname" .Subcharts.opensearch }} - labels: - {{- include "pbms.labels" . | nindent 4 }} -spec: - hosts: - - {{ default .Values.global.opensearchHostname .Values.opensearch.istio.virtualservice.host | quote }} - gateways: - - {{ default (include "pbms.fullname" .) .Values.opensearch.istio.virtualservice.gateway }} - http: - - headers: - request: - set: - x-forwarded-host: {{ default .Values.global.opensearchHostname .Values.opensearch.istio.virtualservice.host | quote }} - x-forwarded-proto: https - route: - - destination: - host: {{ tpl .Values.opensearch.istio.virtualservice.destination $ }} - port: - number: {{ tpl .Values.opensearch.istio.virtualservice.destinationPort $ }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/openg2p-pbms/templates/postgresql/gateway.yaml b/charts/openg2p-pbms/templates/postgresql/gateway.yaml index e1547b4..14f72c7 100644 --- a/charts/openg2p-pbms/templates/postgresql/gateway.yaml +++ b/charts/openg2p-pbms/templates/postgresql/gateway.yaml @@ -17,7 +17,7 @@ spec: name: tcp-postgres protocol: tcp hosts: - - {{ default .Values.global.pbmsHostname .Values.odoo.postgresql.istio.gateway.host | quote }} + - {{ default .Values.hostname .Values.odoo.postgresql.istio.gateway.host | quote }} {{- if .Values.odoo.postgresql.istio.gateway.tls.enabled }} tls: {{ toYaml (omit .Values.odoo.postgresql.istio.gateway.tls "enabled") | nindent 6 }} diff --git a/charts/openg2p-pbms/templates/postgresql/virtualservice.yaml b/charts/openg2p-pbms/templates/postgresql/virtualservice.yaml index 9598c49..2dc0845 100644 --- a/charts/openg2p-pbms/templates/postgresql/virtualservice.yaml +++ b/charts/openg2p-pbms/templates/postgresql/virtualservice.yaml @@ -10,7 +10,7 @@ metadata: {{- include "pbms.labels" . | nindent 4 }} spec: hosts: - - {{ default .Values.global.pbmsHostname .Values.odoo.postgresql.istio.virtualservice.host | quote }} + - {{ default .Values.hostname .Values.odoo.postgresql.istio.virtualservice.host | quote }} gateways: - {{ default (include "postgresql.v1.primary.fullname" .Subcharts.odoo.Subcharts.postgresql) .Values.odoo.postgresql.istio.virtualservice.gateway }} tcp: diff --git a/charts/openg2p-pbms/templates/selfservice-gateway.yaml b/charts/openg2p-pbms/templates/selfservice-gateway.yaml index 3226427..589c56f 100644 --- a/charts/openg2p-pbms/templates/selfservice-gateway.yaml +++ b/charts/openg2p-pbms/templates/selfservice-gateway.yaml @@ -17,7 +17,7 @@ spec: number: 8080 protocol: HTTP2 hosts: - - {{ default .Values.global.selfServiceHostname .Values.selfServiceIngress.istio.gateway.host | quote }} + - {{ default .Values.selfServiceHostname .Values.selfServiceIngress.istio.gateway.host | quote }} {{- if .Values.selfServiceIngress.istio.gateway.httpTlsRedirect }} tls: httpsRedirect: true @@ -29,7 +29,7 @@ spec: number: 8443 protocol: HTTPS hosts: - - {{ default .Values.global.selfServiceHostname .Values.selfServiceIngress.istio.gateway.host | quote }} + - {{ default .Values.selfServiceHostname .Values.selfServiceIngress.istio.gateway.host | quote }} tls: {{ toYaml (omit .Values.selfServiceIngress.istio.gateway.tls "enabled") | nindent 6 }} {{- end }} diff --git a/charts/openg2p-pbms/templates/selfservice-virtualservice.yaml b/charts/openg2p-pbms/templates/selfservice-virtualservice.yaml index 9d3e33a..790661e 100644 --- a/charts/openg2p-pbms/templates/selfservice-virtualservice.yaml +++ b/charts/openg2p-pbms/templates/selfservice-virtualservice.yaml @@ -9,7 +9,7 @@ metadata: {{- include "pbms.labels" . | nindent 4 }} spec: hosts: - - {{ default .Values.global.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} + - {{ default .Values.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} gateways: - {{ default (printf "%s-self-service" (include "pbms.fullname" .)) .Values.selfServiceIngress.istio.virtualservice.gateway }} http: @@ -32,11 +32,11 @@ spec: - uri: prefix: /serviceprovider redirect: - authority: {{ default .Values.global.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} + authority: {{ default .Values.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} - headers: request: set: - x-forwarded-host: {{ default .Values.global.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} + x-forwarded-host: {{ default .Values.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} x-forwarded-proto: https match: - uri: diff --git a/charts/openg2p-pbms/templates/serviceprovider-gateway.yaml b/charts/openg2p-pbms/templates/serviceprovider-gateway.yaml index b14d1a3..1aa16fc 100644 --- a/charts/openg2p-pbms/templates/serviceprovider-gateway.yaml +++ b/charts/openg2p-pbms/templates/serviceprovider-gateway.yaml @@ -17,7 +17,7 @@ spec: number: 8080 protocol: HTTP2 hosts: - - {{ default .Values.global.serviceProviderHostname .Values.serviceProviderIngress.istio.gateway.host | quote }} + - {{ default .Values.serviceProviderHostname .Values.serviceProviderIngress.istio.gateway.host | quote }} {{- if .Values.serviceProviderIngress.istio.gateway.httpTlsRedirect }} tls: httpsRedirect: true @@ -29,7 +29,7 @@ spec: number: 8443 protocol: HTTPS hosts: - - {{ default .Values.global.serviceProviderHostname .Values.serviceProviderIngress.istio.gateway.host | quote }} + - {{ default .Values.serviceProviderHostname .Values.serviceProviderIngress.istio.gateway.host | quote }} tls: {{ toYaml (omit .Values.serviceProviderIngress.istio.gateway.tls "enabled") | nindent 6 }} {{- end }} diff --git a/charts/openg2p-pbms/templates/serviceprovider-virtualservice.yaml b/charts/openg2p-pbms/templates/serviceprovider-virtualservice.yaml index 6695b9c..a49117e 100644 --- a/charts/openg2p-pbms/templates/serviceprovider-virtualservice.yaml +++ b/charts/openg2p-pbms/templates/serviceprovider-virtualservice.yaml @@ -9,7 +9,7 @@ metadata: {{- include "pbms.labels" . | nindent 4 }} spec: hosts: - - {{ default .Values.global.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} + - {{ default .Values.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} gateways: - {{ default (printf "%s-service-provider" (include "pbms.fullname" .)) .Values.serviceProviderIngress.istio.virtualservice.gateway }} http: @@ -32,11 +32,11 @@ spec: - uri: prefix: /selfservice redirect: - authority: {{ default .Values.global.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} + authority: {{ default .Values.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} - headers: request: set: - x-forwarded-host: {{ default .Values.global.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} + x-forwarded-host: {{ default .Values.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} x-forwarded-proto: https match: - uri: diff --git a/charts/openg2p-pbms/templates/virtualservice.yaml b/charts/openg2p-pbms/templates/virtualservice.yaml index b26b23d..845f45e 100644 --- a/charts/openg2p-pbms/templates/virtualservice.yaml +++ b/charts/openg2p-pbms/templates/virtualservice.yaml @@ -8,7 +8,7 @@ metadata: {{- include "pbms.labels" . | nindent 4 }} spec: hosts: - - {{ default .Values.global.pbmsHostname .Values.istio.virtualservice.host | quote }} + - {{ default .Values.hostname .Values.istio.virtualservice.host | quote }} gateways: - {{ default (include "pbms.fullname" .) .Values.istio.virtualservice.gateway }} http: @@ -22,17 +22,17 @@ spec: prefix: /selfservice redirect: uri: /selfservice - authority: {{ default .Values.global.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} + authority: {{ default .Values.selfServiceHostname .Values.selfServiceIngress.istio.virtualservice.host | quote }} - match: - uri: prefix: /serviceprovider redirect: uri: /serviceprovider - authority: {{ default .Values.global.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} + authority: {{ default .Values.serviceProviderHostname .Values.serviceProviderIngress.istio.virtualservice.host | quote }} - headers: request: set: - x-forwarded-host: {{ default .Values.global.pbmsHostname .Values.istio.virtualservice.host | quote }} + x-forwarded-host: {{ default .Values.hostname .Values.istio.virtualservice.host | quote }} x-forwarded-proto: https match: - uri: diff --git a/charts/openg2p-pbms/values.yaml b/charts/openg2p-pbms/values.yaml index b6ce3dc..d23a4ff 100644 --- a/charts/openg2p-pbms/values.yaml +++ b/charts/openg2p-pbms/values.yaml @@ -1,35 +1,25 @@ global: - pbmsHostname: pbms.openg2p.sandbox.net - pbmsSelfServiceHostname: selfservice.openg2p.sandbox.net - pbmsServiceProviderHostname: serviceprovider.openg2p.sandbox.net - odkHostname: odk.openg2p.sandbox.net - opensearchHostname: opensearch.openg2p.sandbox.net - minioHostname: minio.openg2p.sandbox.net - keymanagerHostname: keymanager.openg2p.sandbox.net - esignetHostname: esignet.openg2p.sandbox.net - mailname: openg2p.sandbox.net - sysAdminEmail: admin@openg2p.sandbox.net - reportingKafkaHostname: kafka.openg2p.sandbox.net - - pbmsAuthClientId: 'openg2p-pbms' - pbmsAuthClientSecret: '' - - pbmsMailInstallationName: '{{ .Release.Name }}-mail' - pbmsOpensearchInstallationName: '{{ .Release.Name }}-opensearch' - keycloakBaseUrl: https://keycloak.openg2p.sandbox.net keycloakIssuerUrl: '{{ tpl .Values.global.keycloakBaseUrl $ }}/realms/master' - pbmsKeymanagerInstallationName: '{{ .Release.Name }}-keymanager' - pbmsKeymanagerAuthClientId: '{{ tpl .Values.global.pbmsAuthClientId $ }}' - pbmsKeymanagerAuthClientSecret: '{{ tpl .Values.global.pbmsAuthClientSecret $ }}' + sysAdminEmail: admin@openg2p.sandbox.net - reportingInstallationName: '{{ .Release.Name }}-reporting' - reportingPostgresqlInstallationName: '{{ .Release.Name }}-postgresql' - reportingOpensearchInstallationName: '{{ tpl .Values.global.pbmsOpensearchInstallationName $ }}' +hostname: pbms.openg2p.sandbox.net +selfServiceHostname: selfservice.openg2p.sandbox.net +serviceProviderHostname: serviceprovider.openg2p.sandbox.net odoo: enabled: true + + oidcIssuerUrl: '{{ tpl .Values.global.keycloakIssuerUrl $ }}' + oidcClientId: 'openg2p-pbms' + oidcClientSecret: '' + + mailInstallationName: '{{ .Release.Name }}-mail' + keymanagerInstallationName: '{{ .Release.Name }}-keymanager' + keymanagerAuthClientId: '{{ tpl .Values.oidcClientId $ }}' + keymanagerAuthClientSecret: '{{ tpl .Values.oidcClientSecret $ }}' + image: repository: openg2p/openg2p-odoo-package tag: "17.0-develop" @@ -53,7 +43,7 @@ odoo: max_wal_senders = 20 max_replication_slots = 10 istio: - enabled: false + enabled: true virtualservice: enabled: true host: "*" @@ -87,7 +77,7 @@ odoo: value: web,queue_job # not using bitnami smtpHost and smtpPort variables, because they need user and pass as well. - name: OPENG2P_SMTP_HOST - value: '{{ tpl .Values.global.pbmsMailInstallationName $ }}' + value: '{{ tpl .Values.mailInstallationName $ }}' - name: OPENG2P_SMTP_PORT value: "25" - name: LOG_HANDLER @@ -95,16 +85,17 @@ odoo: - name: LOG_DB value: "False" - name: KEYMANAGER_API_BASE_URL - value: '{{ tpl .Values.global.pbmsKeymanagerInstallationName $ }}' + value: '{{ tpl .Values.keymanagerInstallationName $ }}' - name: KEYMANAGER_AUTH_URL - value: '{{ tpl .Values.global.keycloakIssuerUrl $ }}/protocol/openid-connect/token' + value: '{{ tpl .Values.oidcIssuerUrl $ }}/protocol/openid-connect/token' - name: KEYMANAGER_AUTH_CLIENT_ID - value: '{{ tpl .Values.global.pbmsKeymanagerAuthClientId $ }}' + value: '{{ tpl .Values.keymanagerAuthClientId $ }}' - name: KEYMANAGER_AUTH_CLIENT_SECRET - value: '{{ tpl .Values.global.pbmsKeymanagerAuthClientSecret $ }}' + value: '{{ tpl .Values.keymanagerAuthClientSecret $ }}' keymanager: enabled: true + hostname: keymanager-pbms.openg2p.sandbox.net springConfig: names: application,kernel profile: default @@ -118,20 +109,23 @@ keymanager: mail: enabled: true + mailname: openg2p.sandbox.net odk-central: - enabled: false + enabled: true + hostname: odk-pbms.openg2p.sandbox.net odk-central-mail: - enabled: false - odk-central-backend: + enabled: true + # envVars: + backend: envVars: - EMAIL_HOST: '{{ tpl .Values.global.pbmsMailInstallationName $ }}' OIDC_ISSUER_URL: '{{ tpl .Values.global.keycloakIssuerUrl $ }}' OIDC_CLIENT_ID: openg2p-pbms-odk OIDC_CLIENT_SECRET: "" minio: - enabled: false + enabled: true + hostname: minio-pbms.openg2p.sandbox.net persistence: enabled: true size: 16Gi @@ -164,7 +158,7 @@ minio: enabled: true host: "" gateway: "internal" - destination: '{{ .Release.Name }}-minio' + destination: '{{ include "common.names.fullname" .Subcharts.minio }}' destinationPort: "9001" gateway: enabled: false @@ -178,11 +172,13 @@ minio: mode: SIMPLE credentialName: "" -opensearch: - enabled: false +loggingOpensearch: + enabled: true + nameOverride: logging-opensearch + hostname: opensearch-logging-pbms.openg2p.sandbox.net oidcWellKnownConfigUrl: '{{ tpl .Values.global.keycloakIssuerUrl $ }}/.well-known/openid-configuration' - oidcClientId: openg2p-pbms-opensearch + oidcClientId: openg2p-pbms-logging-opensearch oidcClientSecret: '' master: @@ -250,7 +246,7 @@ opensearch: config: subject_key: preferred_username roles_key: groups - openid_connect_url: '{{ tpl .Values.opensearch.oidcWellKnownConfigUrl $ }}' + openid_connect_url: '{{ tpl .Values.loggingOpensearch.oidcWellKnownConfigUrl $ }}' authentication_backend: type: noop kerberos_auth_domain: @@ -300,10 +296,10 @@ opensearch: - openid multiple_auth_enabled: true openid: - connect_url: '{{ tpl .Values.opensearch.oidcWellKnownConfigUrl $ }}' - client_id: '{{ tpl .Values.opensearch.oidcClientId $ }}' - client_secret: '{{ tpl .Values.opensearch.oidcClientSecret $ }}' - base_redirect_url: 'https://{{ .Values.global.opensearchHostname }}' + connect_url: '{{ tpl .Values.loggingOpensearch.oidcWellKnownConfigUrl $ }}' + client_id: '{{ tpl .Values.loggingOpensearch.oidcClientId $ }}' + client_secret: '{{ tpl .Values.loggingOpensearch.oidcClientSecret $ }}' + base_redirect_url: 'https://{{ .Values.loggingOpensearch.hostname }}' logout_url: "" ui: openid: @@ -320,16 +316,16 @@ opensearch: - kibana_read_only loggingOutput: - enabled: false + enabled: true type: opensearch scheme: https - host: '{{ include "common.names.fullname" .Subcharts.opensearch }}.{{ .Release.Namespace }}' + host: '{{ include "common.names.fullname" .Subcharts.loggingOpensearch }}.{{ .Release.Namespace }}' port: "9200" user: logstash passwordFrom: secretKeyRef: key: logstash-password - name: '{{ include "common.names.fullname" .Subcharts.opensearch }}' + name: '{{ include "common.names.fullname" .Subcharts.loggingOpensearch }}' extraConfig: ssl_verify: false logstash_format: true @@ -343,7 +339,7 @@ opensearch: enabled: true host: "" gateway: "internal" - destination: '{{ include "common.names.fullname" .Subcharts.opensearch }}-dashboards' + destination: '{{ include "common.names.fullname" .Subcharts.loggingOpensearch }}-dashboards' destinationPort: "5601" gateway: enabled: false @@ -358,18 +354,25 @@ opensearch: credentialName: "" reporting: - enabled: false + enabled: true kafka: enabled: true kafkaUi: enabled: true + hostname: kafka-reporting-pbms.openg2p.sandbox.net oidcClientId: 'openg2p-pbms-reporting-kafka' oidcClientSecret: '' opensearch: - enabled: false + enabled: true + hostname: opensearch-reporting-pbms.openg2p.sandbox.net + oidcClientId: 'openg2p-pbms-reporting-opensearch' + oidcClientSecret: '' reporting-init: - enabled: false + enabled: true + reportingInstallationName: '{{ .Release.Name }}-reporting' + opensearchInstallationName: '{{ .Release.Name }}-reporting-opensearch' + postgresqlInstallationName: '{{ .Release.Name }}-postgresql' gitConfig: enabled: true repoUrl: https://github.com/openg2p/openg2p-reporting @@ -379,8 +382,9 @@ reporting-init: DB_NAME: pbmsdb loggingFlow: - enabled: false - outputRef: '{{ tpl .Values.global.pbmsOpensearchInstallationName $ }}' + enabled: true + opensearchInstallationName: '{{ include "common.names.fullname" .Subcharts.loggingOpensearch }}' + outputRef: '{{ tpl .Values.loggingFlow.opensearchInstallationName $ }}' extraLocalOutputRefs: [] globalOutputRefs: [] parser: