Helm charts: Copied latest from social registry and organized according to latest PBMS

.editorconfig

@@ -0,0 +1,11 @@
+# Configuration for known file extensions
+[*.{css,js,json,less,md,py,rst,sass,scss,xml,yaml,yml}]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{yml,yaml,rst,md}]
+indent_size = 2

.github/workflows/pre-commit.yml

@@ -0,0 +1,23 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches:
+      - "**"
+    tags-ignore:
+      - '**'
+  workflow_dispatch:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - uses: pre-commit/action@v3.0.0
+        with:
+          extra_args: --all-files --show-diff-on-failure

.github/workflows/push_trigger.yml

@@ -2,6 +2,8 @@ name: Publish OpenG2P Helm charts on
 
 on:
   push:
+    tags-ignore:
+      - '**'
     branches:
       - 1.*
       - develop
@@ -27,7 +29,7 @@ jobs:
       run: |
         touch charts-list.txt
         for changed_file in ${{ steps.files.outputs.all }}; do
-          if [[ ${changed_file} =~ ^[charts] ]]; then
+          if [[ ${changed_file} =~ ^charts ]]; then
             chart_name=$(echo "${changed_file}" | awk -F/ '/^[charts]/{print $2}')
             echo $chart_name >> charts-list.txt;
             echo "Saved $chart_name chart to charts-list.txt"
@@ -49,8 +51,9 @@ jobs:
             echo "chartpath: $chartpath"
             chartname=$(basename "$chartpath")
             echo "Chartname: $chartname"
+            helm dep up charts/$chartpath
             helm package charts/$chartpath
-            is_rancher_chart=$(grep "$RANCHER_CHART_FILTER" charts/${chartpath%*/}/Chart.yaml)
+            is_rancher_chart=$(grep "$RANCHER_CHART_FILTER" charts/${chartpath%*/}/Chart.yaml || true)
             if [ -n "$is_rancher_chart" ]; then
               RANCHER_CHARTS+=("$chartname")
             fi

.pre-commit-config.yaml

@@ -0,0 +1,13 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-case-conflict
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-xml
+      - id: mixed-line-ending
+        args: ["--fix=lf"]

CONTRIBUTING.md

@@ -1,2 +1,2 @@
-Refer to contribution guidelines 
+Refer to contribution guidelines
 [here](https://github.com/OpenG2P/openg2p-documentation/blob/1.0.0/community/contributing-to-openg2p.md).

charts/openg2p-pbms-p2/.gitignore

@@ -0,0 +1,2 @@
+charts/
+Chart.lock

charts/openg2p-pbms-p2/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/openg2p-pbms-p2/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+name: openg2p-pbms-p2
+description: A Helm chart for OpenG2P PBMS - Part 2
+type: application
+version: 0.0.0-develop
+dependencies:
+- name: superset
+  version: 0.12.11
+  repository: https://apache.github.io/superset
+  condition: superset.enabled
+- name: postgresql
+  alias: supersetPostgresql
+  version: 15.x.x
+  repository: oci://registry-1.docker.io/bitnamicharts
+  condition: superset.enabled
+- name: redis
+  alias: supersetRedis
+  version: 19.x.x
+  repository: oci://registry-1.docker.io/bitnamicharts
+  condition: superset.enabled
+- name: esignet
+  version: 1.4.0
+  repository: https://openg2p.github.io/openg2p-helm
+  condition: esignet.enabled
+icon: https://openg2p.github.io/openg2p-helm/openg2p-logo.png
+annotations:
+  catalog.cattle.io/display-name: "OpenG2P PBMS - Part 2"
+  openg2p.org/add-to-rancher: ""

charts/openg2p-pbms-p2/README.md

@@ -0,0 +1,16 @@
+# OpenG2P PBMS Helm Chart - Part 2
+
+As the maximum size of a helm chart cannot be more than 1MiB (each etcd object can only hold maximum of 1MiB unless configured otherwise), the OpenG2P PBMS helm chart has been split into two parts.
+
+This is the second part. This contains the following components:
+
+- Superset
+- eSignet
+
+Skip this helm chart if you dont want to install these components.
+
+## IMPORTANT
+
+Whatever installation name chosen of Part 1, the same will have to be given for part 2 with suffix "-p2".
+
+For example, if you want the installation name to be "pbms", then the name for part 1 will have to be "pbms", and the name for part 2 will have to be "pbms-p2".

charts/openg2p-pbms-p2/app-readme.md

@@ -0,0 +1 @@
+- Refer to deployment guide [here](https://docs.openg2p.org/pbms/deployment).

charts/openg2p-pbms-p2/questions.yaml

@@ -0,0 +1,163 @@
+questions:
+- variable: global.keycloakBaseUrl
+  description: Keycloak Base Url used in all components
+  type: string
+  label: Keycloak Base URL
+
+- variable: superset.enabled
+  description: This installs Superset for reporting
+  type: boolean
+  label: Install Superset?
+
+- variable: esignet.enabled
+  description: This installs eSignet for mocking user authentication
+  type: boolean
+  label: Install eSignet?
+
+- variable: esignet.mock-identity-system.enabled
+  description: This installs Mock Identity System with eSignet
+  type: boolean
+  label: Install Mock Identity System?
+  show_if: "esignet.enabled=true"
+
+# Superset Settings
+- variable: global.supersetHostname
+  description: Hostname for Superset Dashboards
+  type: string
+  label: Superset Hostname
+  group: Superset Settings
+
+- variable: superset.oidcClientId
+  description: OIDC Client ID for Superset login
+  type: string
+  label: OIDC Client ID
+  group: Superset Settings
+  show_if: "superset.enabled=true"
+
+- variable: superset.oidcClientSecret
+  description: OIDC Client Secret for Superset login
+  type: string
+  label: OIDC Client Secret
+  group: Superset Settings
+  show_if: "superset.enabled=true"
+
+- variable: superset.supersetSecretKey
+  description: Secret Key for Superset
+  type: string
+  label: Superset Secret Key
+  group: Superset Settings
+  show_if: "superset.enabled=true"
+
+# eSignet
+- variable: global.esignetHostname
+  description: Hostname under which eSignet should be accessible
+  type: string
+  label: eSignet Hostname
+  group: eSignet Settings
+
+- variable: esignet.springConfig.profile
+  type: string
+  label: Spring Config Profile
+  group: eSignet Settings
+  show_if: "esignet.enabled=true"
+
+- variable: esignet.springConfig.names
+  type: string
+  label: Spring Config Names
+  group: eSignet Settings
+  show_if: "esignet.enabled=true"
+
+- variable: esignet.springConfig.gitRepo.enabled
+  description: Enables download of configs from Git repo.
+  type: boolean
+  label: Spring Config Git Enabled
+  group: eSignet Settings
+  show_if: "esignet.enabled=true"
+  show_subquestion_if: true
+  subquestions:
+  - variable: esignet.springConfig.gitRepo.repoUrl
+    description: |-
+      Repo Url for remote Git repo containing configs.
+      This url should include username password if required.
+    type: string
+    label: Spring Config Git Repo Url
+    group: eSignet Settings
+
+  - variable: esignet.springConfig.gitRepo.branch
+    description: Branch of remote Git repo containing configs.
+    type: string
+    label: Spring Config Git Repo Branch
+    group: eSignet Settings
+
+- variable: esignet.captchaEnabled
+  description: This enables captcha verification wherever applied.
+  type: boolean
+  label: Enabled captcha verification?
+  group: eSignet Settings
+  show_if: "esignet.enabled=true"
+  show_subquestion_if: true
+  subquestions:
+  - variable: esignet.envVars.esignet_captcha_site_key
+    description: Example Google reCAPTCHA site key
+    type: string
+    label: Captcha site key
+    group: eSignet Settings
+
+  - variable: esignet.envVars.esignet_captcha_secret_key
+    description: Example Google reCAPTCHA secret key
+    type: string
+    label: Captcha secret key
+    group: eSignet Settings
+
+- variable: esignet.springConfig.rawConfig
+  description: |-
+    If git-based config is disabled, the complete application.properties can be
+    directly supplied here.
+  type: multiline
+  label: Spring Config application properties.
+  group: eSignet Settings
+  show_if: "esignet.enabled=true&&esignet.springConfig.gitRepo.enabled=false"
+
+# Mock Identity Settings
+- variable: esignet.mock-identity-system.springConfig.profile
+  type: string
+  label: Spring Config Profile
+  group: Mock Identity System Settings
+  show_if: "esignet.enabled=true&&esignet.mock-identity-system.enabled=true"
+
+- variable: esignet.mock-identity-system.springConfig.names
+  type: string
+  label: Spring Config Names
+  group: Mock Identity System Settings
+  show_if: "esignet.enabled=true&&esignet.mock-identity-system.enabled=true"
+
+- variable: esignet.mock-identity-system.springConfig.gitRepo.enabled
+  description: Enables download of configs from Git repo.
+  type: boolean
+  label: Spring Config Git Enabled
+  group: Mock Identity System Settings
+  show_if: "esignet.enabled=true&&esignet.mock-identity-system.enabled=true"
+  show_subquestions_if: true
+  subquestions:
+  - variable: esignet.mock-identity-system.springConfig.gitRepo.repoUrl
+    description: |-
+      Repo Url for remote Git repo containing configs.
+      This url should include username password if required.
+    type: string
+    label: Spring Config Git Repo Url
+    group: Mock Identity System Settings
+
+  - variable: esignet.mock-identity-system.springConfig.gitRepo.branch
+    description: Branch of remote Git repo containing configs.
+    type: string
+    label: Spring Config Git Repo Branch
+    group: Mock Identity System Settings
+
+- variable: esignet.mock-identity-system.springConfig.rawConfig
+  description: |-
+    If git-based config is disabled, the complete application.properties can be
+    directly supplied here.
+  type: yamlfile
+  label: Spring Config application properties.
+  group: Mock Identity System Settings
+  show_if: "esignet.enabled=true&&esignet.mock-identity-system.enabled=true&&esignet.mock-identity-system.springConfig.gitRepo.enabled=false"

charts/openg2p-pbms-p2/templates/superset/gateway.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.superset.enabled  }}
+{{- if .Values.superset.istio.enabled  }}
+{{- if .Values.superset.istio.gateway.enabled  }}
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "common.names.fullname" .Subcharts.superset }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    {{ toYaml .Values.superset.istio.gateway.ingressController | nindent 4 }}
+  servers:
+  {{- if .Values.superset.istio.gateway.httpEnabled }}
+  - port:
+      name: http2
+      number: 8080
+      protocol: HTTP2
+    hosts:
+      - {{ default .Values.global.supersetHostname .Values.superset.istio.gateway.host | quote }}
+    {{- if .Values.superset.istio.gateway.httpTlsRedirect }}
+    tls:
+      httpsRedirect: true
+    {{- end }}
+  {{- end }}
+  {{- if .Values.superset.istio.gateway.httpsEnabled }}
+  - port:
+      name: https
+      number: 8443
+      protocol: HTTPS
+    hosts:
+      - {{ default .Values.global.supersetHostname .Values.superset.istio.gateway.host | quote }}
+    tls:
+      {{ toYaml (omit .Values.superset.istio.gateway.tls "enabled") | nindent 6 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/openg2p-pbms-p2/templates/superset/virtualservice.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.superset.enabled }}
+{{- if .Values.superset.istio.enabled }}
+{{- if .Values.superset.istio.virtualservice.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ include "common.names.fullname" .Subcharts.superset }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - {{ default .Values.global.supersetHostname .Values.superset.istio.virtualservice.host | quote }}
+  gateways:
+  - {{ default (include "common.names.fullname" .Subcharts.superset) .Values.superset.istio.virtualservice.gateway }}
+  http:
+  - headers:
+      request:
+        set:
+          x-forwarded-host: {{ default .Values.global.supersetHostname .Values.superset.istio.virtualservice.host | quote }}
+          x-forwarded-proto: https
+    route:
+    - destination:
+        host: {{ tpl .Values.superset.istio.virtualservice.destination $ }}
+        port:
+          number: {{ tpl .Values.superset.istio.virtualservice.destinationPort $ }}
+{{- end }}
+{{- end }}
+{{- end }}