diff --git a/.helm/Chart.yaml b/.helm/Chart.yaml index cead4a7b..91361231 100644 --- a/.helm/Chart.yaml +++ b/.helm/Chart.yaml @@ -1,19 +1,16 @@ -name: cattr-server -description: A Helm Chart for Cattr Server -version: 0.0.1 apiVersion: v2 +name: cattr-server +description: Cattr is an open-source time-tracking solution for teams +type: application +version: 0.1.0 +appVersion: "latest" keywords: - cattr + - time-tracking + - productivity - management - - time-tracker - - efficiency - laravel - - vue +home: https://cattr.app sources: + - https://github.com/cattr-app/server-application - https://git.amazingcat.net/cattr/core/app -home: https://cattr.app/ -dependencies: - - name: mysql - version: 11.1.9 - repository: https://charts.bitnami.com/bitnami - condition: mysql.asChart,global.mysql.asChart diff --git a/.helm/templates/_helpers.tpl b/.helm/templates/_helpers.tpl new file mode 100644 index 00000000..0e3a0993 --- /dev/null +++ b/.helm/templates/_helpers.tpl @@ -0,0 +1,131 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cattr.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "cattr.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cattr.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels. +*/}} +{{- define "cattr.labels" -}} +helm.sh/chart: {{ include "cattr.chart" . }} +{{ include "cattr.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels. +*/}} +{{- define "cattr.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cattr.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: app +{{- end }} + +{{/* +MySQL fully qualified name. +*/}} +{{- define "cattr.mysql.fullname" -}} +{{- printf "%s-mysql" (include "cattr.fullname" .) }} +{{- end }} + +{{/* +MySQL host. +*/}} +{{- define "cattr.mysql.host" -}} +{{- if .Values.database.host }} +{{- .Values.database.host }} +{{- else }} +{{- include "cattr.mysql.fullname" . }} +{{- end }} +{{- end }} + +{{/* +MySQL labels. +*/}} +{{- define "cattr.mysql.labels" -}} +helm.sh/chart: {{ include "cattr.chart" . }} +{{ include "cattr.mysql.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.mysql.image.tag | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +MySQL selector labels. +*/}} +{{- define "cattr.mysql.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cattr.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: mysql +{{- end }} + +{{/* +Secret name. +*/}} +{{- define "cattr.secretName" -}} +{{- include "cattr.fullname" . }} +{{- end }} + +{{/* +Cattr image. +*/}} +{{- define "cattr.image" -}} +{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) }} +{{- end }} + +{{/* +MySQL image. +*/}} +{{- define "cattr.mysql.image" -}} +{{- printf "%s/%s:%s" .Values.mysql.image.registry .Values.mysql.image.repository .Values.mysql.image.tag }} +{{- end }} + +{{/* +Common annotations. +*/}} +{{- define "cattr.annotations" -}} +{{- with .Values.commonAnnotations }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Render the storageClass for a given persistence block. +*/}} +{{- define "cattr.storageClass" -}} +{{- $storageClass := .persistence.storageClass | default .global.storageClass -}} +{{- if $storageClass }} +storageClassName: {{ $storageClass | quote }} +{{- end }} +{{- end }} diff --git a/.helm/templates/configmap.yaml b/.helm/templates/configmap.yaml index 712df6ed..ffa399f9 100644 --- a/.helm/templates/configmap.yaml +++ b/.helm/templates/configmap.yaml @@ -1,10 +1,21 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-configmap -data: - LOG_CHANNEL: "stderr" - LOG_LEVEL: "debug" - {{- range $key, $val := .Values.app.env }} - "{{ $key }}": "{{ $val }}" + name: {{ include "cattr.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} {{- end }} +data: + APP_ENV: {{ .Values.cattr.appEnv | quote }} + APP_DEBUG: {{ .Values.cattr.appDebug | quote }} + APP_URL: {{ .Values.cattr.appUrl | quote }} + LOG_CHANNEL: {{ .Values.cattr.logChannel | quote }} + DB_CONNECTION: "mysql" + DB_HOST: {{ include "cattr.mysql.host" . | quote }} + DB_PORT: {{ .Values.database.port | quote }} + DB_DATABASE: {{ .Values.database.name | quote }} + S6_CMD_WAIT_FOR_SERVICES_MAXTIME: "300000" diff --git a/.helm/templates/deployment.yaml b/.helm/templates/deployment.yaml index d1b69152..1dc918e5 100644 --- a/.helm/templates/deployment.yaml +++ b/.helm/templates/deployment.yaml @@ -1,99 +1,152 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-web + name: {{ include "cattr.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} spec: - replicas: {{ .Values.app.replicas | default 2 }} - revisionHistoryLimit: {{ .Values.app.revisionHistoryLimit | default 2 }} + replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ .Release.Name }}-web + {{- include "cattr.selectorLabels" . | nindent 6 }} template: metadata: labels: - app.kubernetes.io/name: {{ .Release.Name }}-web + {{- include "cattr.selectorLabels" . | nindent 8 }} spec: + {{- with (concat (.Values.global.imagePullSecrets | default list) (.Values.imagePullSecrets | default list)) }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + {{- if .Values.mysql.enabled }} + - name: wait-for-mysql + image: busybox:1.36 + command: + - sh + - -c + - | + until nc -z {{ include "cattr.mysql.host" . }} {{ .Values.database.port }}; do + echo "Waiting for MySQL..." + sleep 3 + done + echo "MySQL is ready" + {{- end }} + {{- with .Values.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - - name: app - imagePullPolicy: {{.Values.app.image.pullPolicy}} - image: {{- printf " %s/%s:%s" .Values.app.image.registry .Values.app.image.repository .Values.app.image.tag }} + - name: cattr + image: {{ include "cattr.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} ports: - - containerPort: 80 - name: http-web-svc + - name: http + containerPort: 80 protocol: TCP - env: - - name: APP_ENV - value: {{ .Values.app.environment | default "dev" | quote }} - - name: S6_CMD_WAIT_FOR_SERVICES_MAXTIME - value: "180000" - volumeMounts: - - mountPath: /app/storage/app/screenshots - name: app-screenshots - - mountPath: /app/storage/app/attachments - name: app-attachments - - mountPath: /app/bootstrap/cache - name: bootstrap-cache - - mountPath: /tmp - name: app-tmp - - mountPath: /run - name: app-run - - mountPath: /var/lib/nginx/tmp - name: nginx-tmp envFrom: - configMapRef: - name: {{ .Release.Name }}-configmap - - secretRef: - name: {{ .Release.Name }}-secret + name: {{ include "cattr.fullname" . }} + env: + - name: APP_KEY + valueFrom: + secretKeyRef: + name: {{ include "cattr.secretName" . }} + key: APP_KEY + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "cattr.secretName" . }} + key: DB_USERNAME + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "cattr.secretName" . }} + key: DB_PASSWORD + {{- with .Values.cattr.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} startupProbe: - exec: - command: ["php82", "artisan", "octane:status"] - failureThreshold: 60 - periodSeconds: 5 - livenessProbe: httpGet: - path: /actuator/health/liveness - port: http-web-svc - failureThreshold: 3 - periodSeconds: 5 + path: / + port: http + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: - path: /actuator/health/readiness - port: http-web-svc - failureThreshold: 3 - successThreshold: 1 - periodSeconds: 15 + path: / + port: http + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: var-run + mountPath: /var/run + - name: tmp + mountPath: /tmp + - name: cache + mountPath: /app/storage/framework/cache + - name: sessions + mountPath: /app/storage/framework/sessions + {{- if .Values.persistence.screenshots.enabled }} + - name: screenshots + mountPath: /app/storage/app/uploads/screenshots + {{- end }} + {{- if .Values.persistence.attachments.enabled }} + - name: attachments + mountPath: /app/storage/app/uploads/attachments + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars }} + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - - name: bootstrap-cache - emptyDir: {} - - name: app-tmp - emptyDir: {} - - name: storage-framework + - name: var-run emptyDir: {} - - name: app-run + - name: tmp emptyDir: {} - - name: nginx-tmp + - name: cache emptyDir: {} - - name: nginx-run + - name: sessions emptyDir: {} - - name: app-screenshots - {{- if eq .Values.app.persistence.screenshots.enabled "true" }} + {{- if .Values.persistence.screenshots.enabled }} + - name: screenshots persistentVolumeClaim: - {{- if not (empty .Values.app.persistence.screenshots.existingClaim) }} - claimName: {{ .Values.app.persistence.screenshots.existingClaim }} - {{- else }} - claimName: {{ .Release.Name }}-pvc-screenshots - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: app-attachments - {{- if eq .Values.app.persistence.attachments.enabled "true" }} + claimName: {{ .Values.persistence.screenshots.existingClaim | default (printf "%s-screenshots" (include "cattr.fullname" .)) }} + {{- end }} + {{- if .Values.persistence.attachments.enabled }} + - name: attachments persistentVolumeClaim: - {{- if not (empty .Values.app.persistence.attachments.existingClaim) }} - claimName: {{ .Values.app.persistence.attachments.existingClaim }} - {{- else }} - claimName: {{ .Release.Name }}-pvc-attachments - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} \ No newline at end of file + claimName: {{ .Values.persistence.attachments.existingClaim | default (printf "%s-attachments" (include "cattr.fullname" .)) }} + {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/.helm/templates/ingress.yaml b/.helm/templates/ingress.yaml index 83bace02..b77a11e2 100644 --- a/.helm/templates/ingress.yaml +++ b/.helm/templates/ingress.yaml @@ -1,20 +1,31 @@ -{{- if .Values.ingress.enabled -}} +{{- if .Values.ingress.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ .Release.Name }}-ingress + name: {{ include "cattr.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.labels" . | nindent 4 }} + annotations: + {{- include "cattr.annotations" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - ingressClassName: {{.Values.ingress.class}} + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- toYaml .Values.ingress.tls | nindent 4 }} + {{- end }} rules: - - host: - - {{ .Values.ingress.host }} + - host: {{ .Values.ingress.hostname | quote }} http: paths: - - path: / - pathType: Prefix + - path: {{ .Values.ingress.path }} + pathType: {{ .Values.ingress.pathType }} backend: service: - name: {{ .Release.Name }} + name: {{ include "cattr.fullname" . }} port: - number: {{ .Values.app.service.port }} + name: http {{- end }} diff --git a/.helm/templates/mysql-deployment.yaml b/.helm/templates/mysql-deployment.yaml new file mode 100644 index 00000000..80115332 --- /dev/null +++ b/.helm/templates/mysql-deployment.yaml @@ -0,0 +1,104 @@ +{{- if .Values.mysql.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cattr.mysql.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.mysql.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "cattr.mysql.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "cattr.mysql.selectorLabels" . | nindent 8 }} + spec: + {{- with (concat (.Values.global.imagePullSecrets | default list) (.Values.imagePullSecrets | default list)) }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mysql.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: mysql + image: {{ include "cattr.mysql.image" . }} + imagePullPolicy: {{ .Values.mysql.image.pullPolicy }} + ports: + - name: mysql + containerPort: 3306 + protocol: TCP + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "cattr.secretName" . }} + key: MYSQL_ROOT_PASSWORD + - name: MYSQL_DATABASE + value: {{ .Values.database.name | quote }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ include "cattr.secretName" . }} + key: DB_USERNAME + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "cattr.secretName" . }} + key: DB_PASSWORD + args: + - --log-bin-trust-function-creators=1 + volumeMounts: + - name: data + mountPath: /var/lib/mysql + {{- if .Values.mysql.startupProbe.enabled }} + startupProbe: + tcpSocket: + port: mysql + initialDelaySeconds: {{ .Values.mysql.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.mysql.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.mysql.startupProbe.failureThreshold }} + {{- end }} + {{- if .Values.mysql.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mysqladmin + - ping + - -h + - localhost + periodSeconds: {{ .Values.mysql.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.mysql.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.mysql.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - mysqladmin + - ping + - -h + - localhost + periodSeconds: {{ .Values.mysql.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.mysql.livenessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.mysql.resources | nindent 12 }} + volumes: + - name: data + {{- if .Values.mysql.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.mysql.persistence.existingClaim | default (include "cattr.mysql.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} diff --git a/.helm/templates/mysql-pvc.yaml b/.helm/templates/mysql-pvc.yaml new file mode 100644 index 00000000..25d53e3c --- /dev/null +++ b/.helm/templates/mysql-pvc.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.mysql.enabled .Values.mysql.persistence.enabled (not .Values.mysql.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "cattr.mysql.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.mysql.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- toYaml .Values.mysql.persistence.accessModes | nindent 4 }} + {{- include "cattr.storageClass" (dict "persistence" .Values.mysql.persistence "global" .Values.global) | nindent 2 }} + resources: + requests: + storage: {{ .Values.mysql.persistence.size }} +{{- end }} diff --git a/.helm/templates/mysql-service.yaml b/.helm/templates/mysql-service.yaml new file mode 100644 index 00000000..9334c360 --- /dev/null +++ b/.helm/templates/mysql-service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.mysql.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cattr.mysql.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.mysql.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - port: 3306 + targetPort: mysql + protocol: TCP + name: mysql + selector: + {{- include "cattr.mysql.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/.helm/templates/pvc-attachments.yaml b/.helm/templates/pvc-attachments.yaml index 2ca50060..afa96b77 100644 --- a/.helm/templates/pvc-attachments.yaml +++ b/.helm/templates/pvc-attachments.yaml @@ -1,15 +1,20 @@ -{{- if empty .Values.app.persistence.attachments.existingClaim }} +{{- if and .Values.persistence.attachments.enabled (not .Values.persistence.attachments.existingClaim) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: + name: {{ include "cattr.fullname" . }}-attachments + namespace: {{ .Release.Namespace | quote }} labels: - app: cattr-app - name: {{ .Release.Name }}-pvc-attachments + {{- include "cattr.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} spec: - storageClassName: {{ .Values.app.persistence.attachments.storageClass }} accessModes: - - ReadWriteOnce + {{- toYaml .Values.persistence.attachments.accessModes | nindent 4 }} + {{- include "cattr.storageClass" (dict "persistence" .Values.persistence.attachments "global" .Values.global) | nindent 2 }} resources: requests: - storage: {{ .Values.app.persistence.attachments.size }} + storage: {{ .Values.persistence.attachments.size }} {{- end }} diff --git a/.helm/templates/pvc-screenshots.yaml b/.helm/templates/pvc-screenshots.yaml index cc8e0e7e..b5f34527 100644 --- a/.helm/templates/pvc-screenshots.yaml +++ b/.helm/templates/pvc-screenshots.yaml @@ -1,15 +1,20 @@ -{{- if empty .Values.app.persistence.screenshots.existingClaim }} +{{- if and .Values.persistence.screenshots.enabled (not .Values.persistence.screenshots.existingClaim) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: + name: {{ include "cattr.fullname" . }}-screenshots + namespace: {{ .Release.Namespace | quote }} labels: - app: cattr-app - name: {{ .Release.Name }}-pvc-screenshots + {{- include "cattr.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} spec: - storageClassName: {{ .Values.app.persistence.screenshots.storageClass }} accessModes: - - ReadWriteOnce + {{- toYaml .Values.persistence.screenshots.accessModes | nindent 4 }} + {{- include "cattr.storageClass" (dict "persistence" .Values.persistence.screenshots "global" .Values.global) | nindent 2 }} resources: requests: - storage: {{ .Values.app.persistence.screenshots.size }} + storage: {{ .Values.persistence.screenshots.size }} {{- end }} diff --git a/.helm/templates/secret.yaml b/.helm/templates/secret.yaml index 259a719b..926fb0d3 100644 --- a/.helm/templates/secret.yaml +++ b/.helm/templates/secret.yaml @@ -1,15 +1,16 @@ -{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-secret" .Release.Name)) }} - -{{- $appKeyValue := (printf "%s%s" "base64:" (encryptAES (randAlpha 32) "plaintext")) }} -{{- if $secret }} -{{- $appKeyValue = index $secret.data "APP_KEY" }} -{{- end -}} apiVersion: v1 kind: Secret metadata: - name: {{ .Release.Name }}-secret + name: {{ include "cattr.secretName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.labels" . | nindent 4 }} + annotations: + helm.sh/resource-policy: keep + {{- include "cattr.annotations" . | nindent 4 }} type: Opaque -stringData: - DB_USERNAME: {{ .Values.mysql.auth.username | quote }} - DB_PASSWORD: {{ .Values.mysql.auth.password | quote }} - APP_KEY: {{ .Values.app.key | default $appKeyValue | quote }} +data: + APP_KEY: {{ if .Values.cattr.appKey }}{{ printf "base64:%s" .Values.cattr.appKey | b64enc }}{{ else }}{{ printf "base64:%s" (randAlphaNum 32 | b64enc) | b64enc }}{{ end }} + DB_USERNAME: {{ .Values.database.username | b64enc }} + DB_PASSWORD: {{ .Values.database.password | b64enc }} + MYSQL_ROOT_PASSWORD: {{ .Values.database.rootPassword | b64enc }} diff --git a/.helm/templates/service.yaml b/.helm/templates/service.yaml new file mode 100644 index 00000000..c9038008 --- /dev/null +++ b/.helm/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cattr.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.labels" . | nindent 4 }} + {{- with (include "cattr.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "cattr.selectorLabels" . | nindent 4 }} diff --git a/.helm/templates/serviceaccount.yaml b/.helm/templates/serviceaccount.yaml new file mode 100644 index 00000000..69fa54c9 --- /dev/null +++ b/.helm/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name | default (include "cattr.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "cattr.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/.helm/templates/svc.yaml b/.helm/templates/svc.yaml deleted file mode 100644 index 4ec876cb..00000000 --- a/.helm/templates/svc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }} - labels: - app.kubernetes.io/component: {{ .Release.Name }}-web -spec: - type: {{ .Values.app.service.type }} - {{- if and .Values.app.service.clusterIP (eq .Values.app.service.type "ClusterIP") }} - clusterIP: {{ .Values.app.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.app.service.type "LoadBalancer") (not (empty .Values.app.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.app.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-web-svc - port: {{ .Values.app.service.port }} - protocol: TCP - targetPort: http-web-svc - {{- if (and (or (eq .Values.app.service.type "NodePort") (eq .Values.app.service.type "LoadBalancer")) .Values.app.service.nodePort) }} - nodePort: {{ .Values.app.service.nodePort }} - {{- end }} - selector: - app.kubernetes.io/name: {{ .Release.Name }}-web diff --git a/.helm/values.yaml b/.helm/values.yaml index 6a637c7a..4db13084 100644 --- a/.helm/values.yaml +++ b/.helm/values.yaml @@ -1,53 +1,214 @@ +## @section Global parameters +global: + ## @param global.storageClass Global StorageClass for Persistent Volume(s) + storageClass: "" + ## @param global.imagePullSecrets Global Docker registry secret names as an array + imagePullSecrets: [] + +## @section Cattr parameters +image: + ## @param image.registry Cattr image registry + registry: registry.git.amazingcat.net + ## @param image.repository Cattr image repository + repository: cattr/core/app + ## @param image.tag Cattr image tag (immutable tags are recommended) + tag: "" + ## @param image.pullPolicy Cattr image pull policy + pullPolicy: IfNotPresent + +## @param replicaCount Number of Cattr replicas to deploy +replicaCount: 1 + +## @section Cattr application configuration +cattr: + ## @param cattr.appKey Laravel application key (auto-generated if empty) + appKey: "" + ## @param cattr.appUrl Application URL + appUrl: "http://cattr.local" + ## @param cattr.appEnv Application environment + appEnv: production + ## @param cattr.appDebug Enable application debug mode + appDebug: "false" + ## @param cattr.logChannel Log channel (stderr recommended for Kubernetes) + logChannel: stderr + ## @param cattr.extraEnvVars Array of extra environment variables + extraEnvVars: [] + # - name: FOO + # value: bar + +## @section Database parameters +database: + ## @param database.host Database host (auto-resolved to built-in MySQL if empty) + host: "" + ## @param database.port Database port + port: 3306 + ## @param database.name Database name + name: cattr + ## @param database.username Database username + username: cattr + ## @param database.password Database user password + password: cattr + ## @param database.rootPassword Database root password + rootPassword: cattrroot + +## @section Built-in MySQL parameters mysql: - asChart: true - - auth: - database: "cattr" - username: "cattr" - password: "password" - -app: - key: "" - replicas: 1 - revisionHistoryLimit: 2 - environment: "production" - persistence: - screenshots: - enabled: "true" - existingClaim: "" - storageClass: "" - accessModes: - - ReadWriteMany - size: 10Gi - attachments: - enabled: "true" - existingClaim: "" - storageClass: "" - accessModes: - - ReadWriteMany - size: 10Gi - env: - DB_HOST: "db" - DB_DATABASE: "cattr" - DB_USERNAME: "cattr" - DB_PASSWORD: "password" - APP_ADMIN_EMAIL: "admin@cattr.app" - APP_ADMIN_PASSWORD: "password" - APP_ADMIN_NAME: "Admin" - service: - type: ClusterIP - clusterIP: "" - loadBalancerIP: "" - externalTrafficPolicy: Cluster - nodePort: 80 - port: 80 + ## @param mysql.enabled Deploy a MySQL server as part of this chart + enabled: true image: - registry: registry.git.amazingcat.net - repository: cattr/core/app - tag: v4.0.0-RC49 + ## @param mysql.image.registry MySQL image registry + registry: docker.io + ## @param mysql.image.repository MySQL image repository + repository: mysql + ## @param mysql.image.tag MySQL image tag + tag: "8.0" + ## @param mysql.image.pullPolicy MySQL image pull policy pullPolicy: IfNotPresent + ## MySQL primary persistence parameters + persistence: + ## @param mysql.persistence.enabled Enable MySQL persistence using PVC + enabled: true + ## @param mysql.persistence.storageClass PVC Storage Class for MySQL volume + storageClass: "" + ## @param mysql.persistence.accessModes PVC Access Mode for MySQL volume + accessModes: + - ReadWriteOnce + ## @param mysql.persistence.size PVC Storage Request for MySQL volume + size: 10Gi + ## @param mysql.persistence.existingClaim Name of an existing PVC to use + existingClaim: "" + ## MySQL resource requests and limits + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: "1" + memory: 1Gi + ## MySQL container security context + containerSecurityContext: {} + ## MySQL startup probe (generous for first-time init on slow storage) + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 30 + ## MySQL liveness probe + livenessProbe: + enabled: true + periodSeconds: 15 + failureThreshold: 3 + ## MySQL readiness probe + readinessProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 3 + +## @section Cattr deployment parameters +podSecurityContext: {} +containerSecurityContext: {} + +## Cattr resource requests and limits +resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: "1" + memory: 1Gi +## Cattr startup probe (generous for s6-overlay + migrations) +startupProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 30 + +## Cattr liveness probe +livenessProbe: + enabled: true + periodSeconds: 15 + failureThreshold: 3 + +## Cattr readiness probe +readinessProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 3 + +## @param extraVolumes Optionally specify extra list of additional volumes +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts +extraVolumeMounts: [] +## @param initContainers Add additional init containers +initContainers: [] +## @param sidecars Add additional sidecar containers +sidecars: [] + +## @section Persistence parameters +persistence: + screenshots: + ## @param persistence.screenshots.enabled Enable persistence for screenshots + enabled: true + ## @param persistence.screenshots.storageClass PVC Storage Class + storageClass: "" + ## @param persistence.screenshots.accessModes PVC Access Modes + accessModes: + - ReadWriteOnce + ## @param persistence.screenshots.size PVC Storage Request + size: 5Gi + ## @param persistence.screenshots.existingClaim Use an existing PVC + existingClaim: "" + attachments: + ## @param persistence.attachments.enabled Enable persistence for attachments + enabled: true + ## @param persistence.attachments.storageClass PVC Storage Class + storageClass: "" + ## @param persistence.attachments.accessModes PVC Access Modes + accessModes: + - ReadWriteOnce + ## @param persistence.attachments.size PVC Storage Request + size: 5Gi + ## @param persistence.attachments.existingClaim Use an existing PVC + existingClaim: "" + +## @section Traffic Exposure parameters +service: + ## @param service.type Kubernetes Service type + type: ClusterIP + ## @param service.port Cattr service HTTP port + port: 80 + +## Ingress parameters ingress: - enabled: false - host: "" - class: "" + ## @param ingress.enabled Enable ingress record generation + enabled: true + ## @param ingress.className IngressClass that will be used + className: nginx + ## @param ingress.hostname Default host for the ingress record + hostname: cattr.local + ## @param ingress.path Default path for the ingress record + path: / + ## @param ingress.pathType Ingress path type + pathType: Prefix + ## @param ingress.annotations Additional annotations for the Ingress resource + annotations: {} + ## @param ingress.tls Enable TLS configuration + tls: [] + # - secretName: cattr-tls + # hosts: + # - cattr.local + +## @section Service Account parameters +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount + create: false + ## @param serviceAccount.name Name of the ServiceAccount to use + name: "" + ## @param serviceAccount.annotations Annotations for the ServiceAccount + annotations: {} + +## @param commonLabels Labels to add to all deployed objects +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +commonAnnotations: {}