From 3b9ff5efaa9fe30b78d5a353e6ec552228978899 Mon Sep 17 00:00:00 2001 From: Rob Kooper Date: Sun, 10 Oct 2021 21:30:21 -0500 Subject: [PATCH] initial release bety helm chart --- .github/workflows/release.yaml | 62 +++++++++ .gitignore | 17 +++ .helmignore | 24 ++++ Chart.lock | 6 + Chart.yaml | 44 +++++++ README.md | 26 ++++ cr.yaml | 2 + ct.yaml | 11 ++ templates/NOTES.txt | 33 +++++ templates/_helpers.tpl | 108 ++++++++++++++++ templates/configmap.yaml | 27 ++++ templates/deployment.yaml | 107 ++++++++++++++++ templates/hooks/add-user.yaml | 58 +++++++++ templates/hooks/load-db.yaml | 64 ++++++++++ templates/ingress.yaml | 53 ++++++++ templates/secrets.yaml | 13 ++ templates/service.yaml | 16 +++ templates/tests/test-connection.yaml | 15 +++ values.yaml | 183 +++++++++++++++++++++++++++ 19 files changed, 869 insertions(+) create mode 100644 .github/workflows/release.yaml create mode 100644 .gitignore create mode 100644 .helmignore create mode 100644 Chart.lock create mode 100644 Chart.yaml create mode 100644 README.md create mode 100644 cr.yaml create mode 100644 ct.yaml create mode 100644 templates/NOTES.txt create mode 100644 templates/_helpers.tpl create mode 100644 templates/configmap.yaml create mode 100644 templates/deployment.yaml create mode 100644 templates/hooks/add-user.yaml create mode 100644 templates/hooks/load-db.yaml create mode 100644 templates/ingress.yaml create mode 100644 templates/secrets.yaml create mode 100644 templates/service.yaml create mode 100644 templates/tests/test-connection.yaml create mode 100644 values.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..bcd6669d --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,62 @@ +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Get dependencies + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add ncsa https://opensource.ncsa.illinois.edu/charts/ + helm dep build + + - name: get release info + id: release_info + run: | + version="$(awk '/^version:/ { print $2} ' Chart.yaml)" + changelog="$(sed -e "1,/^### ${version}/d" -e "/^###/,\$d" -e '/^$/d' README.md)" + changelog="${changelog//'%'/'%25'}" + changelog="${changelog//$'\n'/'%0A'}" + changelog="${changelog//$'\r'/'%0D'}" + echo "::set-output name=version::$version" + echo "::set-output name=changelog::$changelog" + + - name: Publish to NCSA OpenSource + uses: bsord/helm-push@v3 + with: + username: ${{ secrets.HELM_USERNAME }} + password: ${{ secrets.HELM_PASSWORD }} + repository-url: "https://opensource.ncsa.illinois.edu/charts" + chart-folder: "." + force: true + + - name: create release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ steps.release_info.outputs.version }} + release_name: Release ${{ steps.release_info.outputs.version }} + body: ${{ steps.release_info.outputs.changelog }} + + - name: Upload Release Asset + id: upload-release-asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./clowder-${{ steps.release_info.outputs.version }}.tgz + asset_name: clowder-${{ steps.release_info.outputs.version }}.tgz + asset_content_type: application/zip diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..8dd10878 --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +# development +.idea + +# generated helm charts folder +charts + +# helm package +.cr-release-packages +bety-*.tgz + +# custom values +secrets-*.yaml +values-*.yaml +*.values.yaml + +# database dumps +*.sql diff --git a/.helmignore b/.helmignore new file mode 100644 index 00000000..b968e54f --- /dev/null +++ b/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +*.sql +values-*.yaml diff --git a/Chart.lock b/Chart.lock new file mode 100644 index 00000000..a6a3683d --- /dev/null +++ b/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 8.9.9 +digest: sha256:788b9c691c8d3254deb1ee2341c41b4ab6a50f5112b839896daa9aa2d7bf457d +generated: "2021-10-06T23:08:24.431682-05:00" diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 00000000..cc33169f --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,44 @@ +apiVersion: v2 +type: application + +# Information about chart. +name: betydb +icon: https://isda.ncsa.illinois.edu/~kooper/charts/images/betydb.png +home: https://www.betydb.org +description: > + Web-interface to the Biofuel Ecophysiological Traits and Yields Database + (used by PEcAn and TERRA REF) + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.5.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "5.4.1" + +# List of people that maintain this helm chart. +maintainers: + - name: Rob Kooper + email: kooper@illinois.edu + +# location of source code +sources: + - https://github.com/pecanproject/bety + +# Dependencies for chart. Some of the dependencies are only installed if they +# are enabled. +dependencies: +- name: postgresql + version: ~8.9 + repository: https://charts.bitnami.com/bitnami + condition: postgres.enabled + +annotations: + artifacthub.io/links: | + - name: Helm Chart + url: https://github.com/pecanproject/bety-helm + artifacthub.io/changes: | + - initial release of bety helm chart diff --git a/README.md b/README.md new file mode 100644 index 00000000..410c12e9 --- /dev/null +++ b/README.md @@ -0,0 +1,26 @@ +THIS IS A PLACEHOLDER + +## Upgrading BETY + +If the password is generated you will need to save this secret before you upgrade. You can do this using the following commands. **If you do not do this, you will not be able to retrieve the previous secrets**. + +``` +BETY_PASSWORD=$(kubectl get secrets betydb -o json | jq -r '.data.betyPassword' | base64 -d) +BETY_SECRETKEY=$(kubectl get secrets betydb -o json | jq -r '.data.secretKey' | base64 -d) +POSTGRESQL_PASSWORD=$(kubectl get secrets betydb-postgresql -o json | jq -r '.data."postgresql-password"' | base64 -d) +``` + +now you can upgrade and use the secrets retrieved. + +``` +helm upgrade betydb ncsa/betydb \ + --set betyPassword="${BETY_PASSWORD}" \ + --set secretKey="${BETY_SECRETKEY}" \ + --set postgresql.postgresqlPassword="${POSTGRESQL_PASSWORD}" +``` + +## ChangeLog + +### 0.5.0 +- initial release of the BETY helm chart. +- build on bety 5.4.1 diff --git a/cr.yaml b/cr.yaml new file mode 100644 index 00000000..57f15caf --- /dev/null +++ b/cr.yaml @@ -0,0 +1,2 @@ +#sign: true +#key: Chart Releaser Test Key diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 00000000..81371830 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,11 @@ +# See https://github.com/helm/chart-testing#configuration +remote: origin +target-branch: main +chart-dirs: + - . +chart-repos: + - bitnami=https://charts.bitnami.com/bitnami + - ncsa=https://opensource.ncsa.illinois.edu/charts/ +helm-extra-args: --timeout 600s +validate-yaml: true +check-version-increment: true diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 00000000..1df66811 --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,33 @@ +Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "betydb.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "betydb.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "betydb.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + kubectl port-forward service/{{ include "betydb.fullname" . }} 8080:{{ .Values.service.port }} + echo "Visit http://127.0.0.1:8080 to use your application" +{{- end }} + +{{- if .Values.users }} + +Following users have been created: +{{- range $index, $element := .Values.users }} + - {{ .username }} : {{ .fullname }} <{{ .email }}> +{{- end }} +{{- end }} + +To upgrade please make sure to save the passwords for BETY, postgresql and the secret key for BETY. + +BETY_PASSWORD=$(kubectl get secrets betydb -o json | jq -r '.data.betyPassword' | base64 -d) +BETY_SECRETKEY=$(kubectl get secrets betydb -o json | jq -r '.data.secretKey' | base64 -d) +POSTGRESQL_PASSWORD=$(kubectl get secrets betydb-postgresql -o json | jq -r '.data."postgresql-password"' | base64 -d) + diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 00000000..e239785c --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "betydb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "betydb.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "betydb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "betydb.labels" -}} +app.kubernetes.io/name: {{ include "betydb.name" . }} +helm.sh/chart: {{ include "betydb.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +postgresql Host +*/}} +{{- define "betydb.postgresqlHost" -}} +{{- if .Values.postgresql.enabled -}} +{{ .Release.Name }}-postgresql +{{- else -}} +{{ .Values.postgresql.postgresqlHost }} +{{- end -}} +{{- end -}} + +{{/* +postgresql Port +*/}} +{{- define "betydb.postgresqlPort" -}} +{{- if .Values.postgresql.service -}} +{{ .Values.postgresql.service.port }} +{{- else -}} +{{ .Values.postgresql.postgresqlPort | default "5432" }} +{{- end -}} +{{- end -}} + +{{/* +Environment variables for PostgreSQL +*/}} +{{- define "betydb.postgresqlEnv" -}} +- name: PGHOST + value: {{ include "betydb.postgresqlHost" . | quote }} +- name: PGPORT + value: {{ include "betydb.postgresqlPort" . | quote }} +- name: PGUSER + value: {{ .Values.postgresql.postgresqlUsername | default "postgres" | quote }} +- name: PGPASSWORD + valueFrom: + secretKeyRef: +{{- if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password +{{- else }} + name: {{ include "betydb.fullname" . }} + key: postgresqlPassword +{{- end }} +{{- end }} + +{{/* +Environment variables for BetyDB +*/}} +{{- define "betydb.betydbEnv" -}} +- name: BETYUSER + value: {{ .Values.betyUser | quote }} +- name: BETYPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "betydb.fullname" . }} + key: betyPassword +- name: BETYDATABASE + value: {{ .Values.betyDatabase | quote }} +- name: LOCAL_SERVER + value: {{ .Values.localServer | quote }} +- name: REMOTE_SERVERS + value: {{ .Values.remoteServers | quote }} +{{- end }} diff --git a/templates/configmap.yaml b/templates/configmap.yaml new file mode 100644 index 00000000..56a760d5 --- /dev/null +++ b/templates/configmap.yaml @@ -0,0 +1,27 @@ +{{- if .Values.customization }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "betydb.fullname" . }}-application + labels: + {{ include "betydb.labels" . | nindent 4 }} +data: + {{- if .Values.customization.application }} + application.yml: | + {{- .Values.customization.application | nindent 4}} + {{- end }} +--- +{{- if .Values.customization }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "betydb.fullname" . }}-logos + labels: + {{ include "betydb.labels" . | nindent 4 }} +binaryData: + {{- range $key, $val := .Values.customization.logos }} + {{ $key }}: | + {{- $val | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 00000000..0493d75c --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "betydb.fullname" . }} + labels: + {{ include "betydb.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "betydb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "betydb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.customization }} + volumes: + {{- if .Values.customization.application }} + - name: application-config + configMap: + name: {{ include "betydb.fullname" . }}-application + items: + - key: application.yml + path: application.yml + {{- end }} + {{- if .Values.customization.logos }} + - name: logos-volume + configMap: + name: {{ include "betydb.fullname" . }}-logos + {{- end }} + {{- end }} + initContainers: + - name: check-postgresql + image: "{{ $.Values.image.checks }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{ include "betydb.postgresqlEnv" . | nindent 12 }} + {{ include "betydb.betydbEnv" . | nindent 12 }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: bety + containerPort: 8000 + protocol: TCP + env: + - name: UNICORN_WORKER_PROCESSES + value: {{ .Values.workers | quote }} + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: {{ include "betydb.fullname" . }} + key: secretKey + - name: RAILS_RELATIVE_URL_ROOT + value: {{ .Values.ingress.path | default "" | trimSuffix "/" | quote }} + - name: RAILS_LOG_TO_STDOUT + value: "true" + {{ include "betydb.postgresqlEnv" . | nindent 12 }} + {{ include "betydb.betydbEnv" . | nindent 12 }} + {{- if .Values.customization }} + volumeMounts: + {{- if .Values.customization.application }} + - name: application-config + mountPath: /home/bety/config/application.yml + subPath: application.yml + {{- end }} + {{- if .Values.customization.logos }} + - name: logos-volume + mountPath: /home/bety/app/assets/images/custom + {{- end }} + {{- end }} + # startupProbe: + # httpGet: + # path: {{ .Values.ingress.path }} + # port: bety + # failureThreshold: 30 + # periodSeconds: 10 + livenessProbe: + tcpSocket: + port: bety + initialDelaySeconds: 60 + readinessProbe: + httpGet: + path: {{ .Values.ingress.path }} + port: bety + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/hooks/add-user.yaml b/templates/hooks/add-user.yaml new file mode 100644 index 00000000..332442da --- /dev/null +++ b/templates/hooks/add-user.yaml @@ -0,0 +1,58 @@ +{{- if .Values.users }} +{{- $imagetag := printf "%s:%s" .Values.image.repository .Values.image.tag }} +{{- $pgenv := include "betydb.postgresqlEnv" . }} +{{- $betyenv := include "betydb.betydbEnv" . }} +{{- $pullPolicy := .Values.image.pullPolicy }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "betydb.fullname" . }}-add-user + labels: + {{ include "betydb.labels" . | nindent 4 }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": "post-install" + "helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation" + "helm.sh/hook-weight": "10" +spec: + template: + metadata: + name: {{ include "betydb.name" . }}-add-user + labels: + {{ include "betydb.labels" . | nindent 8 }} + spec: + {{- with .Values.hooks.affinity }} + affinity: + {{ toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Never + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + - name: check-postgresql + image: "{{ $.Values.image.checks }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{ include "betydb.postgresqlEnv" . | nindent 12 }} + {{ include "betydb.betydbEnv" . | nindent 12 }} + containers: + {{- range $index, $element := .Values.users }} + - name: bety-add-user-{{ $index }} + image: {{ $imagetag | quote }} + imagePullPolicy: {{ $pullPolicy }} + args: + - user + - {{ .username | quote }} + - {{ .password | quote }} + - {{ .fullname | quote }} + - {{ .email | quote }} + - {{ .data | quote }} + - {{ .page | quote }} + env: + {{ $pgenv | nindent 12 }} + {{ $betyenv | nindent 12 }} + {{- end }} +{{- end }} diff --git a/templates/hooks/load-db.yaml b/templates/hooks/load-db.yaml new file mode 100644 index 00000000..92449e65 --- /dev/null +++ b/templates/hooks/load-db.yaml @@ -0,0 +1,64 @@ +{{- if or .Values.dburl .Values.dbtag }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "betydb.fullname" . }}-load-db + labels: +{{ include "betydb.labels" . | indent 4 }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": "post-install" + "helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation" + "helm.sh/hook-weight": "5" +spec: + template: + metadata: + name: {{ include "betydb.name" . }}-load-db + labels: + {{ include "betydb.labels" . | nindent 8 }} + spec: + {{- with .Values.hooks.affinity }} + affinity: + {{ toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Never + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + - name: check-postgresql + image: "{{ $.Values.image.checks }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{ include "betydb.postgresqlEnv" . | nindent 12 }} + {{ include "betydb.betydbEnv" . | nindent 12 }} + containers: + - name: bety-init + {{- if .Values.dburl }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - -a + - "${PGUSER}" + - -d + - "${BETYDATABASE}" + - -o + - "${BETYUSER}" + - -c + - -m + - ${LOCAL_SERVER} + - -r + - 0 + - -w + - {{ .Values.dburl | quote }} + ./script/load.bety.sh -a "postgres" -d "bety" -p "-h postgres -p 5432" -o bety -c ${INITIALIZE_FLAGS} -m ${LOCAL_SERVER} -r 0 ${INITIALIZE_URL} + {{- else }} + image: "pecan/db:{{ .Values.dbtag }}" + imagePullPolicy: Always + {{- end }} + env: + {{ include "betydb.postgresqlEnv" . | nindent 12 }} + {{ include "betydb.betydbEnv" . | nindent 12 }} +{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 00000000..0b2eacf5 --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,53 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "betydb.fullname" . -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: +{{ include "betydb.labels" . | indent 4 }} + annotations: + {{- if .Values.ingress.tls }} + kubernetes.io/tls-acme: "true" + traefik.ingress.kubernetes.io/router.tls: "true" + {{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + - hosts: + {{- range .Values.ingress.hosts }} + - {{ . | quote }} + {{- end }} + {{- if .Values.ingress.secretName }} + secretName: {{ .Values.ingress.secretName }} + {{- end }} +{{- end }} + rules: +{{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.ingress.path }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }} + port: + name: bety + {{- end }} +{{- else }} + - http: + paths: + - path: {{ $.Values.ingress.path }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }} + port: + name: bety +{{- end }} +{{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml new file mode 100644 index 00000000..82be45b2 --- /dev/null +++ b/templates/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "betydb.fullname" . }} + labels: +{{ include "betydb.labels" . | indent 4 }} +type: Opaque +data: +{{- if and (not .Values.postgresql.enabled) .Values.postgresql.postgresqlPassword }} + postgresqlPassword: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }} +{{- end }} + betyPassword: {{ .Values.betyPassword | b64enc | quote }} + secretKey: {{ .Values.secretKey | b64enc | quote }} diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 00000000..42b8a468 --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "betydb.fullname" . }} + labels: +{{ include "betydb.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: bety + port: {{ .Values.service.port }} + targetPort: bety + protocol: TCP + selector: + app.kubernetes.io/name: {{ include "betydb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml new file mode 100644 index 00000000..32894e01 --- /dev/null +++ b/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "betydb.fullname" . }}-test-connection" + labels: +{{ include "betydb.labels" . | indent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "betydb.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/values.yaml b/values.yaml new file mode 100644 index 00000000..1a50cb45 --- /dev/null +++ b/values.yaml @@ -0,0 +1,183 @@ +image: + repository: pecan/bety + tag: null + checks: "ncsa/checks:1.0.0" + pullPolicy: IfNotPresent + +imagePullSecrets: [] + +## replicaCount is the number of instances for BETYDB. Each instance can also +## have multuiple workers as defined by workers below. +replicaCount: 1 + +## workers is the number of workers for each BETYDB replica. The total number +## of simultanous connections is replicaCount * workers. +workers: 1 + +## localServer is the ID for this intance. To be able to synchronize your data +## with the PEcAn network you will need to request a unique number. This can +## be done at https://forms.gle/m3SnMVh8WVHyL6eH8 +localServer: 99 + +## remoteservers is the list of all remote servers you want to synchronize with. +## This is the list you will receive data from. +remoteServers: "0, 1, 2, 5" + +## betyUser is the user that is used with PostgreSQL. BETYDB and PEcAn will use +## this user to connect to the database and read and write to the database. +betyUser: bety + +## betyPassword the password used when connecting to the database from BETYDB +## and PEcAn. +betyPassword: bety + +## betyDatabase the database that will be created and that BETYDB adn PEcAn +## will connect to and write data. +betyDatabase: bety + +## secretKey the key that will be used to encrypt the passwords. If this is +## changed users will not be able to login with their existing passwords. +secretKey: thisisnotasecret + +## dbtag is the tag of the database to load. Normally will use latest to +## make sure latest tag is loaded, this might not work with an older database. +## set this to "" to not load the database +dbtag: latest + +## dburl is the url where to get the database from. If this is not set use +## the dbdump that is the PEcAn network. The default is not to use this. +dburl: "" + +## addUsers is a hash of users that should be added to the database when it is +## initialized. +# data : 1=Restricted, 2=Internal, 3=External, 4=Public +# page : 1=Admin, 2=Manager, 3=Creator, 4=Viewer + +users: [] + # - username: carya + # password: illinois + # fullname: Demo User + # email: betydb@gmail.com + # data: 1 + # page: 1 + # - username: guestuser + # password: guestuser + # fullname: Guest User + # email: betydb@gmail.com + # data: 4 + # page: 4 + +# customization of BETY: +# - application will be placed in config/application.yml +# - logos will be placed in public/images/custom +customization: {} + # application: | + # organization: + # name: "TERRA Ref" + # url: #{root_path} + # logo_file: "custom/terraref-logo.png" + # logos: + # "terraref-logo.png": + +# ------------------------------------------------------------------------------- + +## All data for BETYDB will be stored in PostgreSQL +postgresql: + ## enabled should the postgresql chart be installed as well. If not make + ## sure that the other values are provied to get access to the database. + enabled: true + + ## it takes some time to start postgresql, wait 5 min before start liveness. + livenessProbe: + initialDelaySeconds: 300 + + ## postgresqlHost host where postgresql is installed. + # postgresqlHost: postgres + + ## postgresqlPort port to connect to postgresql + # postgresqlPort: 5432 + + ## postgresqlUsername is the initial user added to the system. This is freqently the + ## postgres user. This user will have superuser abilities. + # postgresqlUsername: postgres + + ## postgresqlPassword the password for postgresqlUsername, if using auto generated + ## password make sure to save the password as described in the notes. When upgrading + ## you will need to provide this secret otherwise a new secret will be generated but + ## not saved in the database. + postgresqlPassword: supersecret + + # need more space + persistence: + size: 20Gi + +# ------------------------------------------------------------------------------- + +nameOverride: "" +fullnameOverride: "" + +# ------------------------------------------------------------------------------- + +service: + type: ClusterIP + port: 8000 + +# ------------------------------------------------------------------------------- + +## Configure the ingress resource that allows you to access the +## BETY installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Ingress path + path: / + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: [] + # - bety.example.com + + tls: false + # secretName: bety.example.com.tls + + ## Ingress annotations done as key:value pairs + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +## Node selector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +## Tolerations +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +## Affinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + +## Hook Affinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +hooks: + affinity: {}