initial working chart

evilgn0me · Apr 3, 2024 · 13f94fb · 13f94fb
1 parent 2eed786
commit 13f94fb
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 40 deletions.
diff --git a/charts/supportpal/Chart.yaml b/charts/supportpal/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
+version: 0.1.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/supportpal/templates/service.yaml b/charts/supportpal/templates/service.yaml
@@ -46,7 +46,7 @@ spec:
 {{- end }}
 {{- end }}
   ports:
-    - port: {{ .Values.service.port }}
+    - port: 8080
       targetPort: http
       protocol: TCP
       name: http

diff --git a/charts/supportpal/templates/statefulset.yaml b/charts/supportpal/templates/statefulset.yaml
@@ -32,7 +32,7 @@ spec:
       initContainers:
         - name: init-container
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          command: ["sh", "-c", "if command -v sudo >/dev/null 2>&1; then sudo rm -f /etc/apt/sources.list.d/*; fi && \
+          command: ["sh", "-c", "if command -v sudo >/dev/null 2>&1; then sudo rm -f /etc/apt/sources.list.d/*; else rm -f /etc/apt/sources.list.d/*; fi && \
                             if command -v sudo >/dev/null 2>&1; then sudo apt-get update && sudo apt-get install -y rsync; else apt-get update && apt-get install -y rsync; fi && \
                             if [ -d /var/www/supportpal/storage/ ]; then \
                               if command -v sudo >/dev/null 2>&1; then \
@@ -90,29 +90,13 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: {{ .Values.service.port }}
+              containerPort: 8080
               protocol: TCP
-          # livenessProbe:
-          #   httpGet:
-          #     path: /
-          #     port: http
-          # readinessProbe:
-          #   httpGet:
-          #     path: /
-          #     port: http
-          # startupProbe:
-          #   httpGet:
-          #     path: /
-          #     port: http
-          #   failureThreshold: 30
-          #   periodSeconds: 10
           env:
-          - name: "HTTPS_ENABLED"
-            value: "0"
-          - name: "DOMAIN_NAME"
-            value: "helpdesk.b2core.org"
-          - name: "TRUSTED_PROXY_IPS"
-            value: "*"
+          {{- range $key, $value := .Values.env }}
+            - name: "{{ $key }}"
+              value: "{{ $value }}"
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:

diff --git a/charts/supportpal/values.yaml b/charts/supportpal/values.yaml
@@ -4,6 +4,8 @@
 
 replicaCount: 1
 
+env: {}
+
 image:
   repository: public.ecr.aws/supportpal/helpdesk-monolithic
   pullPolicy: IfNotPresent
@@ -43,37 +45,41 @@ service:
 
 ingress:
   enabled: true
-  className: "nginx"
+  className: "nginx-public"
   annotations: 
     acme.cert-manager.io/http01-edit-in-place: "true"
     cert-manager.io/cluster-issuer: letsencrypt
     cert-manager.io/issue-temporary-certificate: "true"
-    kubernetes.io/ingress.class: nginx
+    kubernetes.io/ingress.class: nginx-public
     kubernetes.io/tls-acme: "true"
-    nginx.ingress.kubernetes.io/enable-cors: "true"
     nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-buffering: "on"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    nginx.ingress.kubernetes.io/secure-backends: "true"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/configuration-snippet: |
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header X-Forwarded-Host $http_host;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_set_header X-Forwarded-For $remote_addr;
-          proxy_set_header Connection "upgrade";
-          proxy_cache_bypass $http_upgrade;
+          add_header X-Frame-Options SAMEORIGIN always;
+          add_header X-Content-Type-Options nosniff always;
+          add_header X-XSS-Protection "1; mode=block" always;
+          add_header Referrer-Policy strict-origin-when-cross-origin always;
+          set $user_request 0;
+          if ($request_method = GET) {
+              set $user_request "GET";
+          }
+          if ($request_uri ~* "^(.*/)index\.php/?(.*)$") {
+              set $user_request "${user_request}-index.php";
+          }
+          if ($user_request = "GET-index.php") {
+              return 301 $1$2;
+          }
   hosts:
-    - host: helpdesk.b2core.org
+    - host: supportpal.example.com
       paths:
         - path: /
           pathType: ImplementationSpecific
   tls: 
     - secretName: helpdesk-tls
       hosts:
-        - helpdesk.b2core.org
+        - supportpal.example.com
 
 resources: 
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -82,10 +88,10 @@ resources:
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   limits:
     cpu: 2
-    memory: 5128Mi
+    memory: 3148Mi
   requests:
     cpu: 1
-    memory: 4096Mi
+    memory: 2048Mi
 
 nodeSelector: {}