From 932e5c70538b8a2073aefad6b5a4d2016e35af6e Mon Sep 17 00:00:00 2001 From: Simon Ostendorf Date: Mon, 30 Oct 2023 19:54:31 +0100 Subject: [PATCH] feat(charts/strichlistensystem): add chart, feat(charts/portals): add new env vars (#16) * feat(charts/strichlistensystem): add chart * feat(charts/strichlistensystem): add new env vars and seeder * feat(charts/portals): add new env vars, bump chart version * fix(charts): spaces before comments * fix(charts): helm hook policy * fix(charts): env var names * feat(charts/strichlistensystem): add APP_PUBLIC_URL env var --- README.md | 6 ++ charts/portals/Chart.yaml | 4 +- charts/portals/README.md | 10 ++- charts/portals/templates/seed-job.yaml | 2 +- charts/portals/values.yaml | 6 ++ charts/strichlistensystem/Chart.yaml | 11 +++ charts/strichlistensystem/README.md | 58 +++++++++++++ charts/strichlistensystem/templates/NOTES.txt | 13 +++ .../strichlistensystem/templates/_helpers.tpl | 51 +++++++++++ .../templates/deployment.yaml | 59 +++++++++++++ charts/strichlistensystem/templates/hpa.yaml | 20 +++++ .../strichlistensystem/templates/ingress.yaml | 54 ++++++++++++ .../templates/seed-job.yaml | 33 +++++++ .../strichlistensystem/templates/service.yaml | 14 +++ charts/strichlistensystem/values.yaml | 86 +++++++++++++++++++ 15 files changed, 422 insertions(+), 5 deletions(-) create mode 100644 charts/strichlistensystem/Chart.yaml create mode 100644 charts/strichlistensystem/README.md create mode 100644 charts/strichlistensystem/templates/NOTES.txt create mode 100644 charts/strichlistensystem/templates/_helpers.tpl create mode 100644 charts/strichlistensystem/templates/deployment.yaml create mode 100644 charts/strichlistensystem/templates/hpa.yaml create mode 100644 charts/strichlistensystem/templates/ingress.yaml create mode 100644 charts/strichlistensystem/templates/seed-job.yaml create mode 100644 charts/strichlistensystem/templates/service.yaml create mode 100644 charts/strichlistensystem/values.yaml diff --git a/README.md b/README.md index 96027c9..0f5f5aa 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,12 @@ The portals chart is located in the [`charts/portals`](./charts/portals/) folder See more about the chart in the [README](./charts/portals/README.md) of the chart. +### Strichlistensystem + +The strichlistensystem chart is located in the [`charts/strichlistensystem`](./charts/strichlistensystem/) folder. It contains our [tally system](github.com/fsr5-fhaachen/strichlistensystem). + +See more about the chart in the [README](./charts/strichlistensystem/README.md) of the chart. + ## Authors 👤 **Simon Ostendorf** diff --git a/charts/portals/Chart.yaml b/charts/portals/Chart.yaml index 8bda5d4..553b233 100644 --- a/charts/portals/Chart.yaml +++ b/charts/portals/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: portals description: Portals is a group allocation tool for the first week of the Department of Electrical Engineering and Information Technology at the FH Aachen - University of Applied Sciences. type: application -version: 0.0.3 -appVersion: "2.1.0" +version: 0.0.4 +appVersion: "2.3.0" home: github.com/fsr5-fhaachen/portals maintainers: - name: fsr5-fhaachen diff --git a/charts/portals/README.md b/charts/portals/README.md index 9ebddd1..66da9c2 100644 --- a/charts/portals/README.md +++ b/charts/portals/README.md @@ -7,8 +7,8 @@ This chart deploys the Portals application to a Kubernetes cluster. You can install the chart with the following command: ```sh -helm repo add portals https://fsr5-fhaachen.github.io/portals/ -helm upgrade --install portals portals/portals --namespace portals --create-namespace -f values.yaml +helm repo add fsr5-fhaachen https://fsr5-fhaachen.github.io/charts/ +helm upgrade --install portals fsr5-fhaachen/portals --namespace portals --create-namespace -f values.yaml ``` ## Database and Redis @@ -32,6 +32,12 @@ environment: APP_URL: https://portals.fsr5.de TUTOR_PASSWORD: password # insert secret password here ADMIN_PASSWORD: admin # insert secret password here + APP_PUBLIC_API_SECRET: secret # insert secret password here + AWS_ACCESS_KEY_ID: secret # insert aws data here + AWS_SECRET_ACCESS_KEY: secret # insert aws data here + AWS_DEFAULT_REGION: eu-central-1 # insert aws region here + AWS_BUCKET: fsr5-fhaachen-portals # insert bucket name here + AWS_USE_PATH_STYLE_ENDPOINT: false DB_CONNECTION: pgsql DB_HOST: # insert db host here DB_PORT: "5432" diff --git a/charts/portals/templates/seed-job.yaml b/charts/portals/templates/seed-job.yaml index dea787b..fa1f861 100644 --- a/charts/portals/templates/seed-job.yaml +++ b/charts/portals/templates/seed-job.yaml @@ -8,7 +8,7 @@ metadata: annotations: helm.sh/hook: {{ if .Values.migrateJob.onInstall }}pre-install{{ end }}{{ if and .Values.migrateJob.onInstall .Values.migrateJob.onUpgrade }},{{ end }}{{ if .Values.migrateJob.onUpgrade }}pre-upgrade{{ end }} helm.sh/hook-weight: "1" - helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-delete-policy: before-hook-creation spec: template: spec: diff --git a/charts/portals/values.yaml b/charts/portals/values.yaml index 8e57649..50e7d05 100644 --- a/charts/portals/values.yaml +++ b/charts/portals/values.yaml @@ -27,6 +27,12 @@ environment: APP_URL: https://portals.fsr5.de TUTOR_PASSWORD: password # insert secret password here ADMIN_PASSWORD: admin # insert secret password here + PUBLIC_API_SECRET: secret # insert secret password here + AWS_ACCESS_KEY_ID: secret # insert aws data here + AWS_SECRET_ACCESS_KEY: secret # insert aws data here + AWS_DEFAULT_REGION: eu-central-1 # insert aws region here + AWS_BUCKET: fsr5-fhaachen-portals # insert bucket name here + AWS_USE_PATH_STYLE_ENDPOINT: false DB_CONNECTION: pgsql DB_HOST: # insert db host here DB_PORT: "5432" diff --git a/charts/strichlistensystem/Chart.yaml b/charts/strichlistensystem/Chart.yaml new file mode 100644 index 0000000..99d5476 --- /dev/null +++ b/charts/strichlistensystem/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: strichlistensystem +description: Tally system for the first week of the Department of Electrical Engineering and Information Technology at FH Aachen - University of Applied Sciences. +type: application +version: 0.0.1 +appVersion: "2.0.0" +home: github.com/fsr5-fhaachen/strichlistensystem +maintainers: + - name: fsr5-fhaachen + email: fsr-fb5@fh-aachen.de + url: https://fsr5.de/ diff --git a/charts/strichlistensystem/README.md b/charts/strichlistensystem/README.md new file mode 100644 index 0000000..d1c7bff --- /dev/null +++ b/charts/strichlistensystem/README.md @@ -0,0 +1,58 @@ +# Strichlistensystem Helm Chart + +This chart deploys the Strichlistensystem application to a Kubernetes cluster. + +## Install + +You can install the chart with the following command: + +```sh +helm repo add fsr5-fhaachen https://fsr5-fhaachen.github.io/charts/ +helm upgrade --install strichlistensystem fsr5-fhaachen/strichlistensystem --namespace strichlistensystem --create-namespace -f values.yaml +``` + +## Database and Redis + +The chart does not install a database or redis. You have to install them yourself. + +You could use the [postgresql operator](https://cloudnative-pg.io/) and [redis operator](https://ot-container-kit.github.io/redis-operator/) for kubernetes. + +If you want a deployment example, view [our deployment guide](https://github.com/fsr5-fhaachen/portals/blob/main/deploy/README.md) inside the portals repo. (This guide is written for portals but can be adapted for the strichlistensystem because they are both laravel applications installed via helm.) + +## Values + +You can find the default values in the [values.yaml](values.yaml) file. + +You can override the default values but there are some values that need to be changed. The (minimum) required values are: + +```yaml +environment: + APP_NAME: Gerolstein FB5 + APP_KEY: # insert app key here + APP_URL: https://strichlistensystem.fsr5.de + CSV_EXPORT_PW: password # insert secret password here + APP_IS_VPN: false # set to true if app is behind vpn and the general overview should be loaded + APP_PORTALS_URL: https://portals.fsr5.de # insert portals url here + APP_PORTALS_API_SECRET: secret # insert secret password from portals here + APP_PORTALS_IMPORT_PW: 123 # insert secret password here + TELEGRAM_BOT_TOKEN: "" + TELEGRAM_BOT_INFO_CHANNEL_ID: "" + TELEGRAM_BOT_WARNING_CHANNEL_ID: "" + DB_CONNECTION: pgsql + DB_HOST: # insert db host here + DB_PORT: "5432" + DB_DATABASE: postgres + DB_USERNAME: postgres + DB_PASSWORD: # insert db password here + REDIS_HOST: # insert redis host here + REDIS_PASSWORD: # insert redis password here + REDIS_PORT: "6379" +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/issuer: "letsencrypt-prod" + hosts: + - strichlistensystem.fsr5.de + tls: true +``` diff --git a/charts/strichlistensystem/templates/NOTES.txt b/charts/strichlistensystem/templates/NOTES.txt new file mode 100644 index 0000000..26e89ae --- /dev/null +++ b/charts/strichlistensystem/templates/NOTES.txt @@ -0,0 +1,13 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +{{- if .Values.ingress.enabled }} +You can access your site on your configured domain by visiting {{ index .Values.ingress.hosts 0 }}. +{{- else }} +You can access your site by port-forwarding to the service: "kubectl port-forward -n {{ .Release.Namespace }} svc/{{ include "strichlistensystem.fullname" . }} 8000:8000" +{{- end }} + + + +Learn more about our "strichlistensystem" at https://github.com/fsr5-fhaachen/strichlistensystem. diff --git a/charts/strichlistensystem/templates/_helpers.tpl b/charts/strichlistensystem/templates/_helpers.tpl new file mode 100644 index 0000000..2466dd9 --- /dev/null +++ b/charts/strichlistensystem/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "strichlistensystem.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "strichlistensystem.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "strichlistensystem.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "strichlistensystem.labels" -}} +helm.sh/chart: {{ include "strichlistensystem.chart" . }} +{{ include "strichlistensystem.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "strichlistensystem.selectorLabels" -}} +app.kubernetes.io/name: {{ include "strichlistensystem.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/strichlistensystem/templates/deployment.yaml b/charts/strichlistensystem/templates/deployment.yaml new file mode 100644 index 0000000..53b6e2c --- /dev/null +++ b/charts/strichlistensystem/templates/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "strichlistensystem.fullname" . }} + labels: + {{- include "strichlistensystem.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "strichlistensystem.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "strichlistensystem.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + {{- if not .Values.disableLivenessProbe }} + livenessProbe: + httpGet: + path: / + port: http + {{- end }} + {{- if not .Values.disableReadinessProbe }} + readinessProbe: + httpGet: + path: / + port: http + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + {{- range $key, $value := .Values.environment }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/strichlistensystem/templates/hpa.yaml b/charts/strichlistensystem/templates/hpa.yaml new file mode 100644 index 0000000..05c5ca5 --- /dev/null +++ b/charts/strichlistensystem/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.hpa.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "strichlistensystem.fullname" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "strichlistensystem.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.hpa.averageCPUUtilization }} +{{- end }} diff --git a/charts/strichlistensystem/templates/ingress.yaml b/charts/strichlistensystem/templates/ingress.yaml new file mode 100644 index 0000000..0d9a571 --- /dev/null +++ b/charts/strichlistensystem/templates/ingress.yaml @@ -0,0 +1,54 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "strichlistensystem.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "strichlistensystem.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + - hosts: + {{- range .Values.ingress.hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ $fullName }}-ingress-tls + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: 8000 + {{- else }} + serviceName: {{ $fullName }} + servicePort: 8000 + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/strichlistensystem/templates/seed-job.yaml b/charts/strichlistensystem/templates/seed-job.yaml new file mode 100644 index 0000000..865f511 --- /dev/null +++ b/charts/strichlistensystem/templates/seed-job.yaml @@ -0,0 +1,33 @@ +{{- if or .Values.migrateJob.onInstall .Values.migrateJob.onUpgrade -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "strichlistensystem.fullname" . }}-migrate-job + labels: + {{- include "strichlistensystem.labels" . | nindent 4 }} + annotations: + helm.sh/hook: {{ if .Values.migrateJob.onInstall }}pre-install{{ end }}{{ if and .Values.migrateJob.onInstall .Values.migrateJob.onUpgrade }},{{ end }}{{ if .Values.migrateJob.onUpgrade }}pre-upgrade{{ end }} + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: before-hook-creation +spec: + template: + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + {{- range $key, $value := .Values.environment }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.migrateJob.seed }} + command: ["php", "artisan", "migrate:fresh", "--seed", "--no-interaction", "--force", "--seeder=ArticleSeeder"] + {{- else }} + command: ["php", "artisan", "migrate", "--no-interaction", "--force"] + {{- end }} + restartPolicy: Never + backoffLimit: 1 +{{- end }} diff --git a/charts/strichlistensystem/templates/service.yaml b/charts/strichlistensystem/templates/service.yaml new file mode 100644 index 0000000..767eb85 --- /dev/null +++ b/charts/strichlistensystem/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "strichlistensystem.fullname" . }} + labels: + {{- include "strichlistensystem.labels" . | nindent 4 }} +spec: + ports: + - name: http + port: 8000 + targetPort: http + protocol: TCP + selector: + {{- include "strichlistensystem.selectorLabels" . | nindent 4 }} diff --git a/charts/strichlistensystem/values.yaml b/charts/strichlistensystem/values.yaml new file mode 100644 index 0000000..3b681d6 --- /dev/null +++ b/charts/strichlistensystem/values.yaml @@ -0,0 +1,86 @@ +replicaCount: 1 + +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + averageCPUUtilization: 90 + +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} + +image: + repository: ghcr.io/fsr5-fhaachen/strichlistensystem + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +environment: + APP_NAME: Gerolstein FB5 + APP_ENV: production + APP_KEY: # insert app key here + APP_DEBUG: "false" + APP_URL: https://strichlistensystem.fsr5.de + APP_PUBLIC_URL: https://strichlistensystem.fsr5.de + CSV_EXPORT_PW: password # insert secret password here + APP_IS_VPN: false # set to true if app is behind vpn and the general overview should be loaded + APP_PORTALS_URL: http://portals.portals.svc:8000 # insert portals url here + APP_PORTALS_API_SECRET: secret # insert secret password from portals here + APP_PORTALS_IMPORT_PW: 123 # insert secret password here + TELEGRAM_BOT_TOKEN: "" + TELEGRAM_BOT_INFO_CHANNEL_ID: "" + TELEGRAM_BOT_WARNING_CHANNEL_ID: "" + DB_CONNECTION: pgsql + DB_HOST: # insert db host here + DB_PORT: "5432" + DB_DATABASE: postgres + DB_USERNAME: postgres + DB_PASSWORD: # insert db password here + OCTANE_HTTPS: "true" + OCTANE_WORKERS: "1" # only one worker per cpu core should be started, see https://laravel.com/docs/10.x/octane#specifying-the-worker-count + OCTANE_MAX_REQUESTS: "512" # set max "open" requests a octane worker can handle, see https://laravel.com/docs/10.x/octane#specifying-the-max-request-count + WWWGROUP: "1000" + WWWUSER: "1000" + CACHE_DRIVER: redis + SESSION_DRIVER: redis + SESSION_LIFETIME: "120" + REDIS_HOST: # insert redis host here + REDIS_PASSWORD: # insert redis password here + REDIS_PORT: "6379" + +ingress: + enabled: true + className: "nginx" + annotations: {} + # cert-manager.io/cluster-issuer: "letsencrypt-prod" + # nginx.ingress.kubernetes.io/limit-rps: "500" + hosts: + - strichlistensystem.fsr5.de + tls: true + +# default ressources +# should handle about 6 req/s per pod +# scales linear with pod count (15 pods = 90 req/s, 30 pods = 180 req/s, ...) +resources: + limits: + cpu: 150m + memory: 128Mi + requests: + cpu: 150m + memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +migrateJob: + onInstall: false # run on helm install + onUpgrade: false # run on helm upgrade + seed: false # set to true to use migrate:fresh --seed, otherwise only migrate will be executed + +disableReadinessProbe: false # disable pod readiness probe (used for debugging) +disableLivenessProbe: false # disable pod liveness probe (used for debugging)