From 0dc498162b8d78ebf1c90dab726d72a8338a11ea Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Wed, 9 Oct 2024 02:16:11 -0700 Subject: [PATCH 01/35] Updated README.md --- README.md | 0 charts/forms-flow-admin/README.md | 169 +++++ charts/forms-flow-ai/README.md | 226 ++++++ charts/forms-flow-analytics/README.md | 273 ++++++++ charts/forms-flow-api/README.md | 206 ++++++ charts/forms-flow-bpm/README.md | 240 +++++++ charts/forms-flow-data-analysis/README.md | 185 +++++ charts/forms-flow-documents-api/README.md | 184 +++++ charts/forms-flow-forms/README.md | 198 ++++++ charts/forms-flow-idm/README.md | 804 ++++++++++++++++++++++ charts/forms-flow-web/README.md | 190 +++++ 11 files changed, 2675 insertions(+) create mode 100644 README.md create mode 100644 charts/forms-flow-admin/README.md create mode 100644 charts/forms-flow-ai/README.md create mode 100644 charts/forms-flow-analytics/README.md create mode 100644 charts/forms-flow-api/README.md create mode 100644 charts/forms-flow-bpm/README.md create mode 100644 charts/forms-flow-data-analysis/README.md create mode 100644 charts/forms-flow-documents-api/README.md create mode 100644 charts/forms-flow-forms/README.md create mode 100644 charts/forms-flow-idm/README.md create mode 100644 charts/forms-flow-web/README.md diff --git a/README.md b/README.md new file mode 100644 index 00000000..e69de29b diff --git a/charts/forms-flow-admin/README.md b/charts/forms-flow-admin/README.md new file mode 100644 index 00000000..a365e9e2 --- /dev/null +++ b/charts/forms-flow-admin/README.md @@ -0,0 +1,169 @@ +# Formsflow Admin API + +Formsflow Admin API is a Python REST API to provision tenants in a multi tenanted environment. + + +## Introduction + +This chart bootstraps a forms-flow-admin deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-admin`: + +```console +helm install forms-flow-admin forms-flow-admin +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-admin forms-flow-admin --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use`INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-admin on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-admin charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi +``` + +### Change Forms-flow-admin version + +To modify the Forms-flow-admin version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-ai-admin) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-ai-admin + tag: X.Y.Z +``` + +## Persistence + +The `formsflow-admin` image stores the application logs at the `/opt/app-root/logs` path of the container. + + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `replicaCount` | Number of replicas | `1` | +| `image.registry` | Docker registry for the image | `docker.io` | +| `image.repository` | Repository for the image | `formsflow/forms-flow-ai-admin` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.tag` | Image tag | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets | `forms-flow-ai-auth` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `priorityClassName` | Pod priority | `""` | +| `schedulerName` | Name of the k8s scheduler | `""` | +| `terminationGracePeriodSeconds` | Time given to the pod to terminate gracefully | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `diagnosticMode.command` | Command to override all containers in deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in deployment | `["infinity"]` | +| `hostAliases` | Deployment host aliases | `[]` | +| `serviceAccount.create` | Whether a service account should be created | `true` | +| `serviceAccount.annotations` | Annotations for the service account | `{}` | +| `serviceAccount.name` | Name of the service account | `""` | +| `serviceAccount.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Extra labels for pods | `{}` | +| `podAffinityPreset` | Pod affinity preset | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type | `""` | +| `nodeAffinityPreset.key` | Node label key to match | `""` | +| `nodeAffinityPreset.values` | Node label values to match | `[]` | +| `podSecurityContext.enabled` | Enable security context for pods | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.fsGroup` | Pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enable containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Containers' Security Context runAsGroup | `1001` | +| `containerSecurityContext.runAsNonRoot` | Container's Security Context runAsNonRoot | `false` | +| `command` | Override default container command | `[]` | +| `args` | Override default container args | `[]` | +| `lifecycleHooks` | Lifecycle hooks for containers | `{}` | +| `extraEnvVars` | Extra environment variables for containers | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars| `""` | +| `extraVolumes` | Array to add extra volumes | `{}` | +| `extraVolumeMounts` | Array to add extra mounts | `{}` | +| `existingSecret` | Existing secret containing database credentials | `""` | +| `updateStrategy.type` | Update strategy for installation | `RollingUpdate` | +| `rbac.create` | Whether to create and use RBAC resources | `false` | +| `pdb.create` | If true, create a pod disruption budget | `true` | +| `autoscaling.enabled` | Enable autoscaling for forms-flow-admin | `false` | +| `formsflow.configmap` | Name of the formsflow.ai ConfigMap | `forms-flow-ai` | +| `formsflow.secret` | Name of the formsflow.ai secret | `forms-flow-ai` | +| `formsflow.analytics` | Name of the analytics component | `forms-flow-analytics` | + +## Ingress Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `ingress.enabled` | Enable ingress record generation | `true` | +| `ingress.ingressClassName` | Ingress class used to implement Ingress | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.controller` | Ingress controller type | `default` | +| `ingress.hostname` | Default host for the ingress record | `forms-flow-admin.local` | +| `ingress.path` | Default path for the ingress record | `"/"` | +| `ingress.servicePort` | Backend service port to use | `5000` | +| `ingress.tls` | Enable TLS configuration | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates | `false` | + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Forms-flow-admin service ports | `[{name: http, port: 5000, protocol: TCP}]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `resourcesPreset` | Set container resources according to preset | `small` | +| `resources.limits.cpu` | CPU limit | `500m` | +| `resources.limits.memory` | Memory limit | `1Gi` | +| `resources.requests.cpu` | CPU request | `250m` | +| `resources.requests.memory` | Memory request | `512Mi` | + +## Database Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `postgresql.databasename` | Database name for PostgreSQL | `forms-flow-admin` | +| `postgresql.username` | PostgreSQL username | `postgres` | +| `postgresql.password` | PostgreSQL password | `postgres` | +| `postgresql.host` | PostgreSQL host | `forms-flow-ai-postgresql-ha-pgpool` | +| `ExternalDatabase.ExistingDatabaseNameKey` | Key for the existing database name | `""` | +| `ExternalDatabase.ExistingDatabaseUserNameKey` | Key for the existing database username | `""` | +| `ExternalDatabase.ExistingDatabasePasswordKey` | Key for the existing database password | `""` | +| `ExternalDatabase.ExistingDatabaseHostKey` | Key for the existing database host | `""` | +| `ExternalDatabase.ExistingDatabasePortKey` | Key for the existing database port | `""` | +| `ExternalDatabase.ExistingSecretName` | Name of the existing secret | `""` | + +## Upgrading + +### To v7.0.0 + diff --git a/charts/forms-flow-ai/README.md b/charts/forms-flow-ai/README.md new file mode 100644 index 00000000..8c27e632 --- /dev/null +++ b/charts/forms-flow-ai/README.md @@ -0,0 +1,226 @@ +# Formsflow.ai +The forms-flow-ai chart integrates components such as PostgreSQL, MongoDB, and Redis to manage version control effectively. + +## Introduction + +This chart bootstraps a forms-flow-ai deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-ai`: + +```console +helm install forms-flow-ai forms-flow-ai +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm upgrade --install forms-flow-ai forms-flow-ai --set Domain=DOMAIN_NAME --set postgresql-ha.postgresql.podSecurityContext.enabled=true --set mongodb.podSecurityContext.enabled=true --set forms-flow-auth.imagesecret=IMAGE_SECRET_KEY --set insight_api_key=INSIGHT_API_KEY +``` + +> Note: You need to substitute the placeholders `DOMAIN_NAME`, `IMAGE_SECRET_KEY`, and `INSIGHT_API_KEY` with your specific values. For example, in the case of Formsflow, you might use `DOMAIN_NAME=example.com`, I`MAGE_SECRET_KEY=your_image_secret_key`and `INSIGHT_API_KEY=your_insight_api_key` + +These commands deploy Forms-flow-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +## Parameters + +| Parameter | Description | Default Value | +|-----------------|-----------------------------------------------|---------------| +| `Domain` | Define the domain for the application. | `#` | +| `formsflowdb.postgresql.fullnameOverride`| Custom name for the PostgreSQL service. | `forms-flow-ai-postgresql-ha-pgpool` | +| `formsflowdb.postgresql.enabled` | Enable or disable the PostgreSQL database. | `true` | +| `formsflowdb.postgresql.database` | Name of the database to create or use. | `postgres` | +| `formsflowdb.service.ports.postgresql` | Port for the PostgreSQL service. | `5432` | +| `imageCredentials.registry` | Container registry for the images. | `quay.io` | +| `imageCredentials.username` | Username for the container registry. | `someone` | +| `imageCredentials.password` | Password for the container registry. | `test` | +| `imageCredentials.email` | Email for the container registry. | `someone@host.com` | +| `websocket_encrypt_key` | Key used for WebSocket encryption. | `FormsFlow.AI` | +| `insight_api_key` | API key for insights. | `""` | +| `redis_host` | Hostname for Redis server. | `""` | +| `redis_port` | Port for Redis server. | `""` | +| `EnableRedis` | Enable or disable Redis support. | `false` | +| `EnableChatBot` | Enable or disable chatbot feature. | `false` | +| `redis_pass_code` | Password for Redis. | `""` | +| `draft_enabled` | Enable or disable draft feature. | `true` | +| `export_pdf_enabled` | Enable or disable PDF export feature. | `false` | +| `elastic_server` | Address for the Elastic server. | `forms-flow-elastic:9200` | +| `redis_url` | URL for Redis connection. | `redis://redis-exporter:6379/1` | +| `ipaas.embedded_api_key` | API key for embedded iPaaS. | `""` | +| `ipaas.jwt_private_key` | JWT private key for iPaaS. | `""` | +| `ipaas.embed_base_url` | Base URL for embedded services. | `""` | +| `ipaas.api_base_url` | Base URL for API services. | `""` | +| `configure_logs` | Enable or disable logging configuration. | `true` | + +## Forms Flow Component Parameters + +| Parameter | Description | Default Value | +|-------------------------------------------|-------------------------------------------------------------|------------------------------| +| `formsflowdb.postgresql.fullnameOverride`| Custom name for the PostgreSQL service. | `forms-flow-ai-postgresql-ha-pgpool` | +| `formsflowdb.postgresql.enabled` | Enable or disable the PostgreSQL database. | `true` | +| `formsflowdb.postgresql.database` | Name of the database to create or use. | `postgres` | +| `formsflowdb.service.ports.postgresql` | Port for the PostgreSQL service. | `5432` | +| `forms-flow-forms.admin.email` | Admin email for Forms Flow Forms. | `me@defineme.com` | +| `forms-flow-forms.admin.password` | Admin password for Forms Flow Forms. | `admin` | +| `forms-flow-forms.ingress.hostname` | Hostname for the Forms Flow Forms ingress. | `forms-flow-forms-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-api.ingress.hostname` | Hostname for the Forms Flow API ingress. | `forms-flow-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-admin.ingress.hostname` | Hostname for the Forms Flow Admin ingress. | `forms-flow-admin-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-documents-api.ingress.hostname`| Hostname for the Forms Flow Documents API ingress. | `forms-flow-documents-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-data-analysis.ingress.hostname`| Hostname for the Forms Flow Data Analysis ingress. | `forms-flow-data-analysis-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-analytics.ingress.hostname` | Hostname for the Forms Flow Analytics ingress. | `forms-flow-analytics-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-idm.keycloak.EnableKeycloakClientAuth` | Enable or disable Keycloak client authentication. | `false` | +| `forms-flow-idm.ingress.hostname` | Hostname for the Forms Flow IDM ingress. | `forms-flow-idm-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-idm.realm` | Keycloak realm for the application. | `forms-flow-ai` | +| `forms-flow-idm.context-path` | Context path for Keycloak authentication. | `/auth` | +| `forms-flow-web.EnableMultitenant` | Enable or disable multitenancy for the Forms Flow Web application. | `false` | +| `forms-flow-web.clientid` | Client ID for the Forms Flow Web application. | `forms-flow-web` | +| `forms-flow-web.ingress.hostname` | Hostname for the Forms Flow Web ingress. | `forms-flow-web-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | + +## Database Parameters +### MongoDB + +| Parameter | Description | Default Value | +|--------------------------------------------------|--------------------------------------------------------------|----------------------------------| +| `mongodb.image.tag` | Docker image tag for MongoDB. | `7.0.12-debian-12-r5` | +| `mongodb.image.pullSecrets` | Secrets for pulling the Docker image. | `forms-flow-auth` | +| `mongodb.enabled` | Enable or disable MongoDB deployment. | `true` | +| `mongodb.fullnameOverride` | Custom name for the MongoDB service. | `forms-flow-ai-mongodb` | +| `mongodb.clusterDomain` | Domain for the MongoDB cluster. | `cluster.local` | +| `mongodb.architecture` | Architecture type (replica set or standalone). | `replicaset` | +| `mongodb.useStatefulSet` | Use StatefulSet for MongoDB pods. | `true` | +| `mongodb.auth.enabled` | Enable or disable authentication for MongoDB. | `true` | +| `mongodb.auth.databases` | List of databases to create. | `formsflow` | +| `mongodb.auth.passwords` | List of passwords for the databases. | `changeme` | +| `mongodb.auth.usernames` | List of usernames for the databases. | `mongodb` | +| `mongodb.replicaSetName` | Name of the replica set. | `rs0` | +| `mongodb.replicaSetHostnames` | Enable replica set hostnames. | `true` | +| `mongodb.directoryPerDB` | Use separate directories for each database. | `false` | +| `mongodb.replicaCount` | Number of replicas to create. | `3` | +| `mongodb.podSecurityContext.enabled` | Enable pod security context for MongoDB pods. | `false` | +| `mongodb.podSecurityContext.fsGroup` | File system group ID for the MongoDB pod. | `1001` | +| `mongodb.containerSecurityContext.enabled` | Enable container security context. | `false` | +| `mongodb.containerSecurityContext.runAsUser` | User ID to run MongoDB container as. | `1001` | +| `mongodb.containerSecurityContext.runAsNonRoot` | Ensure MongoDB container runs as a non-root user. | `true` | +| `mongodb.containerPorts.mongodb` | Port for MongoDB service. | `27017` | +| `mongodb.service.nameOverride` | Custom name for the MongoDB service. | `forms-flow-ai-mongodb` | +| `mongodb.service.type` | Type of Kubernetes service (ClusterIP, NodePort, LoadBalancer). | `ClusterIP` | +| `mongodb.service.portName` | Name of the port for the MongoDB service. | `mongodb` | +| `mongodb.service.ports.mongodb` | Port number for MongoDB service. | `27017` | +| `mongodb.persistence.enabled` | Enable or disable persistence for MongoDB. | `true` | +| `mongodb.persistence.accessModes` | Access modes for the persistent volume. | `ReadWriteOnce` | +| `mongodb.persistence.size` | Size of the persistent volume. | `8Gi` | +| `mongodb.persistence.mountPath` | Mount path for the persistent volume. | `/bitnami/mongodb` | +| `mongodb.serviceAccount.create` | Create a service account for MongoDB. | `true` | +| `mongodb.arbiter.enabled` | Enable or disable arbiter for the replica set. | `false` | +| `mongodb.arbiter.podSecurityContext.enabled` | Enable pod security context for arbiter pod. | `false` | +| `mongodb.arbiter.podSecurityContext.fsGroup` | File system group ID for the arbiter pod. | `1001` | +| `mongodb.arbiter.containerSecurityContext.enabled`| Enable container security context for arbiter. | `false` | +| `mongodb.arbiter.containerSecurityContext.runAsUser` | User ID for arbiter container. | `1001` | + +### Postgres + +| Parameter | Description | Default Value | +|-------------------------------------------------|--------------------------------------------------------------|--------------------------------| +| `postgresql-ha.enabled` | Enable or disable PostgreSQL High Availability deployment. | `true` | +| `postgresql.image.registry` | Docker image registry for PostgreSQL. | `docker.io` | +| `postgresql.image.repository` | Docker image repository for PostgreSQL. | `bitnami/postgresql-repmgr` | +| `postgresql.image.tag` | Docker image tag for PostgreSQL. | `16.3.0-debian-12-r20` | +| `postgresql.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `postgresql.image.pullSecrets` | Secrets for pulling the Docker image. | `forms-flow-auth` | +| `postgresql.replicaCount` | Number of PostgreSQL replicas. | `3` | +| `postgresql.containerPorts.postgresql` | Port for PostgreSQL service. | `5432` | +| `postgresql.podSecurityContext.enabled` | Enable pod security context for PostgreSQL pods. | `false` | +| `postgresql.podSecurityContext.fsGroup` | File system group ID for the PostgreSQL pod. | `1001` | +| `postgresql.containerSecurityContext.enabled` | Enable container security context. | `false` | +| `postgresql.containerSecurityContext.runAsUser` | User ID to run PostgreSQL container as. | `1001` | +| `postgresql.containerSecurityContext.runAsNonRoot` | Ensure PostgreSQL container runs as a non-root user. | `true` | +| `postgresql.livenessProbe.enabled` | Enable liveness probe for PostgreSQL. | `false` | +| `postgresql.livenessProbe.initialDelaySeconds` | Initial delay for liveness probe. | `30` | +| `postgresql.livenessProbe.periodSeconds` | Period for liveness probe checks. | `10` | +| `postgresql.username` | Username for PostgreSQL database. | `postgres` | +| `postgresql.password` | Password for PostgreSQL user. | `postgres` | +| `postgresql.database` | Default database to create. | `forms-flow-ai` | +| `postgresql.postgresPassword` | PostgreSQL password. | `changeme` | +| `postgresql.repmgrUsername` | Username for repmgr database. | `repmgr` | +| `postgresql.repmgrPassword` | Password for repmgr user. | `changeme` | +| `postgresql.repmgrDatabase` | Database used by repmgr. | `repmgr` | +| `postgresql.initdbScripts.init_script.sql` | SQL script for initializing databases. | See below | + +### Pgpool + +| Parameter | Description | Default Value | +|--------------------------------------------------|--------------------------------------------------------------|--------------------------------| +| `pgpool.image.registry` | Docker image registry for Pgpool. | `docker.io` | +| `pgpool.image.repository` | Docker image repository for Pgpool. | `bitnami/pgpool` | +| `pgpool.image.tag` | Docker image tag for Pgpool. | `4.5.2-debian-12-r5` | +| `pgpool.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `pgpool.image.pullSecrets` | Secrets for pulling the Docker image. | `forms-flow-auth` | +| `pgpool.replicaCount` | Number of Pgpool replicas. | `1` | +| `pgpool.containerPorts.postgresql` | Port for Pgpool service. | `5432` | +| `pgpool.podSecurityContext.enabled` | Enable pod security context for Pgpool pods. | `false` | +| `pgpool.podSecurityContext.fsGroup` | File system group ID for the Pgpool pod. | `1001` | +| `pgpool.containerSecurityContext.enabled` | Enable container security context. | `false` | +| `pgpool.containerSecurityContext.runAsUser` | User ID to run Pgpool container as. | `1001` | +| `pgpool.containerSecurityContext.runAsNonRoot` | Ensure Pgpool container runs as a non-root user. | `true` | +| `pgpool.livenessProbe.enabled` | Enable liveness probe for Pgpool. | `false` | +| `pgpool.livenessProbe.initialDelaySeconds` | Initial delay for liveness probe. | `30` | +| `pgpool.livenessProbe.periodSeconds` | Period for liveness probe checks. | `10` | +| `pgpool.adminUsername` | Username for Pgpool admin. | `admin` | +| `pgpool.adminPassword` | Password for Pgpool admin. | `changeme` | +| `pgpool.persistence.enabled` | Enable or disable persistence for Pgpool. | `true` | +| `pgpool.persistence.storageClass` | Storage class for persistent volume claims. | `""` | +| `pgpool.persistence.mountPath` | Mount path for persistent storage. | `/bitnami/postgresql` | +| `pgpool.persistence.accessModes` | Access modes for persistent storage. | `ReadWriteOnce` | +| `pgpool.persistence.size` | Size of the persistent volume. | `8Gi` | +| `pgpool.service.type` | Service type for Pgpool. | `ClusterIP` | +| `pgpool.service.ports.postgresql` | Port for Pgpool service. | `5432` | +| `pgpool.service.portName` | Port name for the Pgpool service. | `postgresql` | +| `pgpool.service.nodePorts.postgresql` | Node port for Pgpool service. | `""` | + +### Redis + +| Parameter | Description | Default Value | +|--------------------------------------------------|--------------------------------------------------------------|--------------------------------| +| `redisExporter.replicaCounts` | Number of Redis Exporter replicas. | `1` | +| `redisExporter.service.type` | Service type for Redis Exporter. | `ClusterIP` | +| `redisExporter.service.portNames.redis` | Port name for Redis client. | `client` | +| `redisExporter.service.portNames.redis2` | Port name for Redis gossip. | `gossip` | +| `redisExporter.service.ports.redis` | Port for Redis client. | `6379` | +| `redisExporter.service.ports.redis2` | Port for Redis gossip. | `16379` | +| `redisExporter.service.externalTrafficPolicy` | External traffic policy for the service. | `Cluster` | +| `redisExporter.service.sessionAffinity` | Session affinity for the service. | `None` | +| `redisExporter.service.annotations` | Annotations for the service. | `{}` | +| `redisExporter.podLabels` | Labels for Redis Exporter pods. | `{}` | +| `redisExporter.extraEnvVarsCM` | Additional environment variable config map. | `{}` | +| `redisExporter.extraEnvVars` | Additional environment variables. | `{}` | +| `redisExporter.extraEnvVarsSecret` | Additional secret environment variables. | `{}` | +| `redisExporter.redis.configMap.redis_conf` | Redis configuration settings. | See below for detailed config | +| `redisExporter.image.registry` | Docker image registry for Redis. | `docker.io` | +| `redisExporter.image.repository` | Docker image repository for Redis. | `redis` | +| `redisExporter.image.tag` | Docker image tag for Redis. | `7.2.4-alpine` | +| `redisExporter.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `redisExporter.image.pullSecrets` | Secrets for pulling the Docker image. | `[]` | +| `redisExporter.livenessProbe.enabled` | Enable liveness probe for Redis Exporter. | `true` | +| `redisExporter.livenessProbe.initialDelaySeconds`| Initial delay for liveness probe. | `30` | +| `redisExporter.livenessProbe.periodSeconds` | Period for liveness probe checks. | `5` | +| `redisExporter.readinessProbe.enabled` | Enable readiness probe for Redis Exporter. | `true` | +| `redisExporter.readinessProbe.initialDelaySeconds`| Initial delay for readiness probe. | `10` | +| `redisExporter.readinessProbe.periodSeconds` | Period for readiness probe checks. | `3` | +| `redisExporter.containerPorts.client` | Client port for Redis Exporter. | `6379` | +| `redisExporter.containerPorts.gossip` | Gossip port for Redis Exporter. | `16379` | +| `redisExporter.resources.limits.cpu` | CPU limit for Redis Exporter. | `60m` | +| `redisExporter.resources.limits.memory` | Memory limit for Redis Exporter. | `512Mi` | +| `redisExporter.resources.requests.cpu` | CPU request for Redis Exporter. | `50m` | +| `redisExporter.resources.requests.memory` | Memory request for Redis Exporter. | `256Mi` | +| `redisExporter.persistence.enabled` | Enable or disable persistence for Redis Exporter. | `true` | +| `redisExporter.persistence.storageClass` | Storage class for persistent volume claims. | `""` | +| `redisExporter.persistence.mountPath` | Mount path for persistent storage. | `""` | +| `redisExporter.persistence.accessModes` | Access modes for persistent storage. | `ReadWriteOnce` | +| `redisExporter.persistence.size` | Size of the persistent volume. | `2Gi` | + + diff --git a/charts/forms-flow-analytics/README.md b/charts/forms-flow-analytics/README.md new file mode 100644 index 00000000..0c3c8913 --- /dev/null +++ b/charts/forms-flow-analytics/README.md @@ -0,0 +1,273 @@ +# Formsflow.ai Analytics Engine + +**formsflow.ai** leverages [Redash](https://github.com/getredash/redash) to build interactive +dashboards and gain insights. + +## Introduction + +This chart bootstraps a forms-flow-analytics deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-analytics`: + +```console +helm install forms-flow-analytics forms-flow-analytics +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-analytics forms-flow-analytics --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-analytics on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-analytics charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 200m + memory: 2Gi + requests: + cpu: 180m + memory: 1Gi +``` + + +## Parameters + +| Parameter | Description | Default Value | +|----------------------------------|--------------------------------------------------|------------------------| +| `server.replicaCount` | Number of replicas for the server | `1` | +| `server.image.registry` | Docker registry for the image | `docker.io` | +| `server.image.repository` | Repository for the image | `formsflow/redash` | +| `server.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `server.image.tag` | Tag for the image | `24.04.0` | +| `server.image.pullSecrets` | Secrets for pulling images | `forms-flow-ai-auth` | +| `server.nameOverride` | Override for the name | `""` | +| `server.fullnameOverride` | Override for the full name | `""` | +| `server.commonLabels` | Common labels for all deployed objects | `{}` | +| `server.commonAnnotations` | Common annotations for all deployed objects | `{}` | +| `server.nodeSelector` | Node selector for scheduling | `{}` | +| `server.tolerations` | Tolerations for the pod | `[]` | +| `server.affinity` | Affinity rules for the pod | `{}` | +| `server.priorityClassName` | Priority class name for the pod | `""` | +| `server.schedulerName` | Scheduler name for the pod | `""` | +| `server.terminationGracePeriodSeconds` | Grace period for pod termination | `""` | +| `server.topologySpreadConstraints` | Constraints for topology spread | `[]` | +| `server.diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `server.diagnosticMode.command` | Command for diagnostic mode | `["sleep"]` | +| `server.diagnosticMode.args` | Arguments for diagnostic command | `["infinity"]` | +| `server.hostAliases` | Host aliases for the pod | `[]` | +| `server.serviceAccount.create` | Create a service account | `true` | +| `server.serviceAccount.annotations` | Annotations for the service account | `{}` | +| `server.serviceAccount.name` | Name for the service account | `""` | +| `server.serviceAccount.automountServiceAccountToken` | Automount service account token | `false` | +| `server.podAnnotations` | Annotations for the pod | `{}` | +| `server.podLabels` | Extra labels for the pod | `{}` | +| `server.podAffinityPreset` | Pod affinity preset | `""` | +| `server.podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | +| `server.podSecurityContext.enabled` | Enable pod security context | `false` | +| `server.podSecurityContext.fsGroupChangePolicy` | File system group change policy | `Always` | +| `server.podSecurityContext.fsGroup` | File system group ID | `1001` | +| `server.containerSecurityContext.enabled` | Enable container security context | `false` | +| `server.containerSecurityContext.runAsUser` | Run as user ID | `1001` | +| `server.containerSecurityContext.runAsGroup` | Run as group ID | `1001` | +| `server.containerSecurityContext.runAsNonRoot` | Run as non-root user | `false` | +| `server.containerSecurityContext.privileged` | Privileged mode | `false` | +| `server.containerSecurityContext.readOnlyRootFilesystem` | Read-only root filesystem | `false` | +| `server.containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `server.containerSecurityContext.capabilities.drop` | Capabilities to drop | `["ALL"]` | +| `server.containerSecurityContext.seccompProfile.type` | Seccomp profile type | `RuntimeDefault` | +| `server.command` | Command to run in the container | `[]` | +| `server.args` | Arguments for the command | `["server"]` | +| `server.lifecycleHooks.postStart` | Post-start lifecycle hooks | `{"exec": {"command": ["/bin/sh", "-c", "python -v ./manage.py database create_tables"]}}` | +| `server.livenessProbe.enabled` | Enable liveness probe | `true` | +| `server.livenessProbe.initialDelaySeconds` | Initial delay for liveness probe | `90` | +| `server.livenessProbe.timeoutSeconds` | Timeout for liveness probe | `1` | +| `server.livenessProbe.periodSeconds` | Period for liveness probe | `10` | +| `server.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | +| `server.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `10` | +| `server.readinessProbe.enabled` | Enable readiness probe | `false` | +| `server.readinessProbe.initialDelaySeconds` | Initial delay for readiness probe | `10` | +| `server.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `server.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `server.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `server.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | +| `server.automountServiceAccountToken` | Automount service account token | `true` | +| `server.extraEnvVars` | Extra environment variables | `[]` | +| `server.extraEnvVarsCM` | Name of existing ConfigMap for extra env vars | `""` | +| `server.extraEnvVarsSecret` | Name of existing Secret for extra env vars | `""` | +| `server.extraVolumes` | Extra volumes for the pod | `[]` | +| `server.extraVolumeMounts` | Extra volume mounts for the pod | `[]` | +| `server.existingSecret` | Existing secret for database credentials | `""` | +| `server.updateStrategy.type` | Update strategy type | `RollingUpdate` | +| `server.updateStrategy.rollingUpdate.maxSurge` | Max surge during update | `25%` | +| `server.updateStrategy.rollingUpdate.maxUnavailable` | Max unavailable during update | `25%` | +| `server.rbac.create` | Create RBAC resources | `false` | +| `server.rbac.rules` | RBAC rules for the application | `[]` | +| `server.pdb.create` | Create pod disruption budget | `true` | +| `server.pdb.minAvailable` | Minimum available pods for disruption budget | `""` | +| `server.pdb.maxUnavailable` | Maximum unavailable pods for disruption budget | `""` | +| `server.resourcesPreset` | Resource preset for the server | `small` | +| `server.resources.limits.cpu` | CPU limit for the server | `1500m` | +| `server.resources.limits.memory` | Memory limit for the server | `2Gi` | +| `server.resources.requests.cpu` | CPU request for the server | `1000m` | +| `server.resources.requests.memory`| Memory request for the server | `1Gi` | +| `server.customStartupProbe` | Custom startup probe configuration | `{}` | +| `server.customLivenessProbe` | Custom liveness probe configuration | `{}` | +| `server.customReadinessProbe` | Custom readiness probe configuration | `{}` | +| `server.containerPorts.http` | HTTP port for the server | `5000` | +| `server.sidecars` | Sidecar containers for the server | `[]` | +| `server.configuration` | Custom configuration for the server | `[]` | +| `server.autoscaling.enabled` | Enable autoscaling | `false` | +| `server.autoscaling.minReplicas` | Minimum replicas for autoscaling | `1` | +| `server.autoscaling.maxReplicas` | Maximum replicas for autoscaling | `11` | +| `server.autoscaling.targetCPU` | Target CPU utilization for autoscaling | `""` | +| `server.autoscaling.targetMemory`| Target memory utilization for autoscaling | `""` | +| `server.autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Stabilization window for scale up | `120` | +| `server.autoscaling.behavior.scaleUp.selectPolicy` | Select policy for scale up | `Max` | +| `server.autoscaling.behavior.scaleUp.policies` | Scale up policies | `[]` | +| `server.autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Stabilization window for scale down | `300` | +| `server.autoscaling.behavior.scaleDown.selectPolicy` | Select policy for scale down | `Max` | +| `server.autoscaling.behavior.scaleDown.policies` | Policies for scale down | `[{type: Pods, value: 1, periodSeconds: 300}]` | +| `server.autoscaling.behavior.scaleDown.policies[0].type` | Type of resource for scaling down | `Pods` | +| `server.autoscaling.behavior.scaleDown.policies[0].value` | Number of resources to scale down | `1` | +| `server.autoscaling.behavior.scaleDown.policies[0].periodSeconds` | Period for applying the scale down policy | `300` | +| `workers.adhoc.env.QUEUES` | Queues for ad-hoc workers | `queries` | +| `workers.adhoc.env.WORKERS_COUNT` | Number of ad-hoc workers | `2` | +| `workers.scheduled.env.QUEUES` | Queues for scheduled workers | `scheduled_queries,schemas` | +| `workers.scheduled.env.WORKERS_COUNT` | Number of scheduled workers | `1` | +| `workers.generic.env.QUEUES` | Queues for generic workers | `periodic,emails,default` | +| `workers.generic.env.WORKERS_COUNT` | Number of generic workers | `1` | +| `worker.replicaCount` | Number of replicas for the worker | `1` | +| `worker.image.registry` | Docker registry for the worker image | `docker.io` | +| `worker.image.repository` | Repository for the worker image | `formsflow/redash` | +| `worker.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `worker.image.tag` | Tag for the worker image | `24.04.0` | +| `worker.image.pullSecrets` | Secrets for pulling the image | `forms-flow-ai-auth` | +| `worker.nameOverride` | Override for the worker name | `""` | +| `worker.fullnameOverride` | Full override for the worker name | `""` | +| `worker.commonLabels` | Common labels for the worker | `{}` | +| `worker.commonAnnotations` | Common annotations for the worker | `{}` | +| `worker.podAnnotations` | Annotations for the worker pod | `{}` | +| `worker.podLabels` | Extra labels for the worker pod | `{}` | +| `worker.podSecurityContext.fsGroup` | File system group for the worker | `1001` | +| `worker.containerSecurityContext.runAsUser` | User ID to run the container | `1001` | +| `worker.containerSecurityContext.runAsGroup` | Group ID to run the container | `1001` | +| `worker.resources.limits.cpu` | CPU limit for the worker | `200m` | +| `worker.resources.limits.memory` | Memory limit for the worker | `2Gi` | +| `worker.resources.requests.cpu` | CPU request for the worker | `180m` | +| `worker.resources.requests.memory` | Memory request for the worker | `1Gi` | +| `worker.containerPorts.http` | HTTP port for the worker | `5000` | +| `scheduler.replicaCount` | Number of replicas for the scheduler | `1` | +| `scheduler.image.registry` | Docker registry for the scheduler image | `docker.io` | +| `scheduler.image.repository` | Repository for the scheduler image | `formsflow/redash` | +| `scheduler.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `scheduler.image.tag` | Tag for the scheduler image | `24.04.0` | +| `scheduler.image.pullSecrets` | Secrets for pulling the image | `forms-flow-ai-auth` | +| `scheduler.nameOverride` | Override for the scheduler name | `""` | +| `scheduler.fullnameOverride` | Full override for the scheduler name | `""` | +| `scheduler.commonLabels` | Common labels for the scheduler | `{}` | +| `scheduler.commonAnnotations` | Common annotations for the scheduler | `{}` | +| `scheduler.podAnnotations` | Annotations for the scheduler pod | `{}` | +| `scheduler.podLabels` | Extra labels for the scheduler pod | `{}` | +| `scheduler.podAffinityPreset` | Pod affinity preset for the scheduler | `""` | +| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset for the scheduler | `soft` | +| `scheduler.nodeSelector` | Node labels for pod assignment | `{}` | +| `scheduler.tolerations` | Tolerations for pod assignment | `[]` | +| `scheduler.affinity` | Affinity rules for pod assignment | `{}` | +| `scheduler.priorityClassName` | Pod priority class name | `""` | +| `scheduler.schedulerName` | Custom scheduler name for the scheduler | `""` | +| `scheduler.terminationGracePeriodSeconds` | Grace period for termination | `""` | +| `scheduler.topologySpreadConstraints` | Topology spread constraints for pod assignment | `[]` | +| `scheduler.diagnosticMode.enabled` | Enable diagnostic mode for the scheduler | `false` | +| `scheduler.hostAliases` | Host aliases for the scheduler | `[]` | +| `scheduler.podSecurityContext.enabled` | Enable pod security context | `false` | +| `scheduler.containerSecurityContext.enabled` | Enable container security context | `false` | +| `scheduler.updateStrategy.type` | Update strategy for the scheduler | `Recreate` | +| `scheduler.rbac.create` | Create RBAC resources for the scheduler | `false` | +| `scheduler.pdb.create` | Create Pod Disruption Budget for the scheduler | `true` | +| `scheduler.resourcesPreset` | Resources preset for the scheduler | `small` | +| `scheduler.customStartupProbe` | Custom startup probe for the scheduler | `{}` | +| `scheduler.customLivenessProbe` | Custom liveness probe for the scheduler | `{}` | +| `scheduler.customReadinessProbe` | Custom readiness probe for the scheduler | `{}` | +| `scheduler.autoscaling.enabled` | Enable autoscaling for the scheduler | `false` | +| `scheduler.autoscaling.minReplicas` | Minimum replicas for autoscaling | `1` | +| `scheduler.autoscaling.maxReplicas` | Maximum replicas for autoscaling | `11` | +| `scheduler.autoscaling.targetCPU` | Target CPU utilization for autoscaling | `""` | +| `scheduler.autoscaling.targetMemory` | Target memory utilization for autoscaling | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Time in seconds to consider past recommendations when scaling up | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Priority of policies that the autoscaler will apply when scaling up | `Max` | +| `autoscaling.behavior.scaleUp.policies` | Policies for scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Time in seconds to consider past recommendations when scaling down | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Priority of policies that the autoscaler will apply when scaling down | `Max` | +| `autoscaling.behavior.scaleDown.policies` | Policies for scaling down | `- type: Pods, value: 1, periodSeconds: 300` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------------------------|-------------------------------------------------------|------------------------------| +| `ingress.enabled` | Enable ingress record generation | `true` | +| `ingress.ingressClassName` | IngressClass to implement the Ingress | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version | `""` | +| `ingress.controller` | The ingress controller type | `default` | +| `ingress.hostname` | Default host for the ingress record | `forms-flow-analytics.local` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.servicePort` | Backend service port to use | `5000` | +| `ingress.annotations` | Additional annotations for the Ingress resource | `{}` | +| `ingress.labels` | Additional labels for the Ingress resource | `{}` | +| `ingress.tls` | Enable TLS configuration for the defined hostname | `true` | +| `ingress.selfSigned` | Create a TLS secret with self-signed certificates | `false` | +| `ingress.extraHosts` | Additional hostname(s) to be covered | `[]` | +| `ingress.extraPaths` | Additional paths to be added to the ingress | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostnames | `[]` | +| `ingress.secrets` | Add custom certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules for the ingress record | `[]` | + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------------------------------|--------------------------------------------------------|--------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Service ports (evaluated as a template) | | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Allowed addresses for LoadBalancer service | `[]` | +| `service.externalTrafficPolicy` | External traffic policy to preserve client source IP | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for the service | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service | `None` | +| `service.sessionAffinityConfig` | Additional settings for sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service | `{}` | + +## Redash and Database Parameters + +| Parameter | Description | Default Value | +|------------------------------------------------------------|--------------------------------------------------------|------------------------------------| +| `redash.multiorg` | Multi-organization setting for Redash | `"false"` | +| `redash.database.password` | Admin password for Redash database | `postgres` | +| `redash.database.url` | Redash database URL | `postgresql://postgres:postgres@forms-flow-analytics-postgresql:5432/postgres` | +| `database.username` | Username for the database | `postgres` | +| `database.password` | Password for the database | `postgres` | +| `database.servicename` | Service name for the database | `forms-flow-ai-postgresql-ha-pgpool` | +| `database.port` | Port for the database | `5432` | +| `database.dbName` | Database name for forms-flow-analytics | `forms-flow-analytics` | +| `ExternalDatabase.ExistingDatabaseNameKey` | Existing database name key | `""` | +| `ExternalDatabase.ExistingDatabaseUserNameKey` | Existing database username key | `""` | +| `ExternalDatabase.ExistingDatabasePasswordKey` | Existing database password key | `""` | +| `ExternalDatabase.ExistingDatabaseHostKey` | Existing database host key | `""` | +| `ExternalDatabase.ExistingDatabasePortKey` | Existing database port key | `""` | +| `ExternalDatabase.ExistingSecretName` | Name of the existing secret | `""` | +| `ExternalDatabase.ExistingConfigmapName` | Name of the existing config map | `""` | + diff --git a/charts/forms-flow-api/README.md b/charts/forms-flow-api/README.md new file mode 100644 index 00000000..d86bdcdf --- /dev/null +++ b/charts/forms-flow-api/README.md @@ -0,0 +1,206 @@ +# Formsflow.ai API + +formsflow.ai has built this adaptive tier for correlating form management, BPM and analytics together. + +The goal of the REST API is to provide access to all relevant interfaces of the system. + + +## Introduction + +This chart bootstraps a forms-flow-api deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-api`: + +```console +helm install forms-flow-api forms-flow-api +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm install forms-flow-api forms-flow-api --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-api charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 300m + memory: 1Gi + requests: + cpu: 200m + memory: 512Mi +``` + +### Change Forms-flow-api version + +To modify the Forms-flow-api version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-webapi) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-webapi + tag: X.Y.Z +``` + +## Persistence + +The `forms-flow-api` image stores the application logs at the `/forms-flow-api/app/logs` path of the container. + +## Parameters + +| Parameter | Description | Default Value | +|-------------------------------------------------------|-----------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment | `1` | +| `image.registry` | Docker registry for the image | `docker.io` | +| `image.repository` | Repository for the image | `formsflow/forms-flow-webapi` | +| `image.pullSecrets` | Secrets for pulling images from private registries | `[]` | +| `nameOverride` | Override name for the deployment | `""` | +| `fullnameOverride` | Override full name for the deployment | `""` | +| `commonLabels` | Common labels for all resources | `{}` | +| `commonAnnotations` | Common annotations for all resources | `{}` | +| `nodeSelector` | Node selector for pod scheduling | `{}` | +| `tolerations` | Tolerations for scheduling | `[]` | +| `affinity` | Affinity rules for pod scheduling | `{}` | +| `priorityClassName` | Priority class for scheduling | `""` | +| `schedulerName` | Scheduler to use for the deployment | `""` | +| `terminationGracePeriodSeconds` | Grace period for termination | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across zones | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `diagnosticMode.command` | Command to run in diagnostic mode | `["sleep"]` | +| `diagnosticMode.args` | Arguments for the command in diagnostic mode | `["infinity"]` | +| `hostAliases` | Host aliases for the pods | `[]` | +| `serviceAccount.create` | Create a service account | `true` | +| `serviceAccount.annotations` | Annotations for the service account | `{}` | +| `serviceAccount.name` | Name of the service account | `""` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token | `false` | +| `podAnnotations` | Annotations for the pods | `{}` | +| `podLabels` | Labels for the pods | `{}` | +| `podAffinityPreset` | Preset for pod affinity | `""` | +| `podAntiAffinityPreset` | Preset for pod anti-affinity | `soft` | +| `nodeAffinityPreset.type` | Type for node affinity | `""` | +| `nodeAffinityPreset.key` | Key for node affinity | `""` | +| `nodeAffinityPreset.values` | Values for node affinity | `[]` | +| `podSecurityContext.enabled` | Enable pod security context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Policy for changing the fsGroup | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pods | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pods | `[]` | +| `podSecurityContext.fsGroup` | fsGroup for the pods | `1001` | +| `containerSecurityContext.enabled` | Enable container security context | `true` | +| `containerSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` | +| `containerSecurityContext.runAsUser` | User ID for running the container | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID for running the container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Run the container as a non-root user | `false` | +| `containerSecurityContext.privileged` | Enable privileged mode for the container | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set root filesystem as read-only | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type | `RuntimeDefault` | +| `command` | Command for the container | `[]` | +| `args` | Arguments for the command | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container | `{}` | +| `automountServiceAccountToken` | Automount service account token | `true` | +| `extraEnvVars` | Extra environment variables | `[]` | +| `extraEnvVarsCM` | ConfigMap for extra environment variables | `""` | +| `extraVolumes` | Extra volumes for the pods | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the pods | `{}` | +| `existingSecret` | Name of an existing secret | `""` | +| `updateStrategy.type` | Update strategy type for the deployment | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum surge for the rolling update | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable for the rolling update | `25%` | +| `pdb.create` | Create a pod disruption budget for pods | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable autoscaling for forms-flow-api | `false` | +| `autoscaling.minReplicas` | Minimum number of forms-flow-api replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of forms-flow-api replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Seconds for which past recommendations are considered while scaling up | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Priority of policies applied when scaling up | `Max` | +| `autoscaling.behavior.scaleUp.policies` | HPA scaling policies when scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Seconds for which past recommendations are considered while scaling down | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Priority of policies applied when scaling down | `Max` | +| `autoscaling.behavior.scaleDown.policies` | HPA scaling policies when scaling down | `[ { type: Pods, value: 1, periodSeconds: 300 } ]` | +| `formsflow.configmap` | Name of formsflow.ai configmap | `forms-flow-ai` | +| `formsflow.secret` | Name of formsflow.ai secret | `forms-flow-ai` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|---------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress for the service | `true` | +| `ingress.ingressClassName` | Ingress class to be used for the ingress | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress (automatically detected if not set) | `""` | +| `ingress.controller` | Ingress controller type. Options: `default`, `gce` | `default` | +| `ingress.hostname` | Default host for the ingress record | `forms-flow-api.local` | +| `ingress.path` | Default path for the ingress record | `"/"` | +| `ingress.servicePort` | Backend service port to use (default is http) | `5000` | +| `ingress.annotations` | Additional annotations for the Ingress resource | `{}` | +| `ingress.labels` | Additional labels for the Ingress resource | `{}` | +| `ingress.tls` | Enable TLS configuration for the ingress hostname | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates | `false` | +| `ingress.extraHosts` | Additional hostname(s) for the ingress | `[]` | +| `ingress.extraPaths` | Additional arbitrary paths to add under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostnames | `[]` | +| `ingress.secrets` | Custom certificates as secrets (key and certificate must start with appropriate headers) | `[]` | +| `ingress.extraRules` | Additional rules for the ingress | `[]` | + + +## Resource Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Set container resources according to a common preset (none, nano, micro, small, medium, large) | `small` | +| `resources.limits.cpu` | Maximum CPU limit for the container | `300m` | +| `resources.limits.memory` | Maximum memory limit for the container | `1Gi` | +| `resources.requests.cpu` | Minimum CPU request for the container | `200m` | +| `resources.requests.memory` | Minimum memory request for the container | `512Mi` | +| `customStartupProbe` | Custom startup probe for the component | `{}` | +| `customLivenessProbe` | Custom liveness probe for the component | `{}` | +| `customReadinessProbe` | Custom readiness probe for the component | `{}` | + + +## Service Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Ports for the forms-flow-api service | `[ { name: http, port: 5000, targetPort: http, protocol: TCP } ]` | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Allowed addresses when service is LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | External traffic policy to preserve client source IP | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for the forms-flow-api service | `{}` | +| `service.sessionAffinity` | Session Affinity for the service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service | `{}` | +| `configuration` | Additional configuration options | `[]` | +| `containerPorts.http` | HTTP port for the container | `5000` | + + +## Database Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `database.username` | Database username | `postgres` | +| `database.password` | Database password | `postgres` | +| `database.dbName` | Name of the database | `forms-flow-api` | +| `database.host` | Host for the database | `forms-flow-ai-postgresql-ha-pgpool` | +| `database.port` | Port for the database | `5432` | + diff --git a/charts/forms-flow-bpm/README.md b/charts/forms-flow-bpm/README.md new file mode 100644 index 00000000..e3e9c984 --- /dev/null +++ b/charts/forms-flow-bpm/README.md @@ -0,0 +1,240 @@ +# Formsflow Workflow Engine + +Formsflow.ai leverages Camunda for workflow and decision automation. + +To know more about Camunda, visit https://camunda.com/. + + +## Introduction + +This chart bootstraps a forms-flow-bpm deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-bpm`: + +```console +helm install forms-flow-bpm forms-flow-bpm +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-bpm forms-flow-bpm --set ingress.ingressClassName=INGRESS_CLASS --set camunda.websocket.securityOrigin=FORMS_FLOW_WEB_URL --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `FORMS_FLOW_WEB_URL` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-bpm on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-bpm charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 600m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi +``` + +### Change Forms-flow-bpm version + +To modify the Forms-flow-bpm version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-bpm) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-bpm + tag: X.Y.Z +``` +## Persistence + +The `forms-flow-bpm` image stores the application logs at the `/logs` path of the container. + +The `forms-flow-bpm` image supports mounting a mail configuration file at the `/app/mail-config.properties` path of the container. This can be done using a ConfigMap and mounting it as a volume. + +## Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment | `1` | +| `existingSecret` | Existing secret containing password, username, dbname | `""` | +| `image.registry` | Container image registry | `docker.io` | +| `image.repository` | Container image repository | `formsflow/forms-flow-bpm` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.tag` | Image tag | `v7.0.0-alpha` | +| `image.pullSecrets` | Pull secrets for the image | `forms-flow-ai-auth` | +| `nameOverride` | Override for common names | `""` | +| `fullnameOverride` | Full override for common names | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `dnsPolicy` | DNS Policy for pod | `ClusterFirst` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Node affinity rules | `{}` | +| `priorityClassName` | Priority class for the pod | `""` | +| `schedulerName` | Name of the scheduler | `default-scheduler` | +| `terminationGracePeriodSeconds` | Grace period for pod termination | `30` | +| `topologySpreadConstraints` | Constraints for pod topology spread | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `diagnosticMode.command` | Command to override all containers | `["sleep"]` | +| `diagnosticMode.args` | Arguments to override all containers | `["infinity"]` | +| `hostAliases` | Deployment host aliases | `[]` | +| `serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | +| `serviceAccount.name` | Name of the service account to use (if not set and create is true, a name is generated) | `""` | +| `serviceAccount.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `podManagementPolicy` | Policy for managing pods | `OrderedReady` | +| `podAnnotations` | Annotations for the pod | `{}` | +| `podLabels` | Labels for the pod | `{}` | +| `podSecurityContext.enabled` | Enable pod security context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | File system group change policy | `Always` | +| `podSecurityContext.fsGroup` | File system group for the pod | `1001` | +| `containerSecurityContext.enabled` | Enable container security context | `true` | +| `containerSecurityContext.runAsUser` | User ID for running the container | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID for running the container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Run as non-root user | `false` | +| `containerSecurityContext.privileged` | Privileged mode for the container | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Read-only root filesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop for the container | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type | `RuntimeDefault` | +| `command` | Override default container command (useful for custom images) | `[]` | +| `args` | Override default container args (useful for custom images) | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the forms-flow-bpm container(s) | `{}` | +| `updateStrategy.type` | Update strategy type | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum surge during updates | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable during updates | `25%` | +| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `extraEnvVars` | Additional environment variables for the container | See below | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraVolumes` | Additional volumes for the pod | `{}` | +| `extraVolumeMounts` | Additional volume mounts for the pod | `{}` | +| `existingSecret` | Existing secret containing password, username, dbname | `""` | +| `rbac.create` | Create RBAC resources | `false` | +| `rbac.rules` | Custom RBAC rules | `[]` | +| `pdb.create` | Create Pod Disruption Budget | `true` | +| `pdb.minAvailable` | Minimum available pods | `""` | +| `pdb.maxUnavailable` | Maximum unavailable pods | `""` | +| `livenessProbe.enabled` | Enable liveness probe | `true` | +| `livenessProbe.failureThreshold` | Liveness probe failure threshold | `5` | +| `livenessProbe.initialDelaySeconds` | Initial delay before liveness probe | `120` | +| `livenessProbe.periodSeconds` | How often to perform the liveness probe | `60` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful | `1` | +| `livenessProbe.timeoutSeconds` | Timeout for the liveness probe | `3` | +| `readinessProbe.enabled` | Enable readiness probe | `true` | +| `readinessProbe.failureThreshold` | Readiness probe failure threshold | `5` | +| `readinessProbe.initialDelaySeconds` | Initial delay before readiness probe | `120` | +| `readinessProbe.periodSeconds` | How often to perform the readiness probe | `60` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe | `1` | +| `readinessProbe.timeoutSeconds` | Timeout for the readiness probe | `3` | +| `autoscaling.enabled` | Enable autoscaling | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling | `11` | +| `autoscaling.targetCPU` | Target CPU utilization for autoscaling | `""` | +| `autoscaling.targetMemory` | Target memory utilization for autoscaling | `""` | +| `autoscaling.behavior.scaleUp` | Configuration for scale-up behavior | See values below | +| `autoscaling.behavior.scaleDown` | Configuration for scale-down behavior | See values below | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Time window to stabilize scale-up events | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Policy for selecting scale-up behavior | `Max` | +| `autoscaling.behavior.scaleUp.policies` | Policies for scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Time window to stabilize scale-down events | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Policy for selecting scale-down behavior | `Max` | +| `autoscaling.behavior.scaleDown.policies` | Policies for scaling down | `[{ "type": "Pods", "value": 1, "periodSeconds": 300 }]` | +| `camunda.analytics.database` | Camunda analytics database name | `forms-flow-analytics` | +| `camunda.auth.enabled` | Enable authentication for Camunda | `true` | +| `camunda.database.name` | Name of the Camunda database | `forms-flow-bpm` | +| `camunda.database.port` | Port for the Camunda database | `5432` | +| `camunda.historyLevel` | History level setting for Camunda | `auto` | +| `camunda.securityOrigin` | Allowed security origin for the application | `'*'` | +| `camunda.logLevel` | Logging level for Camunda | `INFO` | +| `mail.protocol` | The protocol used for mail configuration. | `smtp` | +| `mail.from` | The sender's email address. | `` | +| `mail.password` | Password for the email account. | `` | +| `mail.user` | Username for the email account. | `` | +| `mail.alias` | Alias used for sending emails. | `DoNotReply` | +| `mail.folder` | Default folder for incoming emails. | `INBOX` | +| `mail.smtp.auth` | Specifies if SMTP authentication is required. | `true` | +| `mail.smtp.port` | Port number for SMTP server connection. | `5432` | +| `mail.smtp.server` | SMTP server address. | `` | +| `mail.smtp.socketFactory.port` | Port for the SSL socket factory. | `465` | +| `mail.smtp.socketFactory.class` | Class used for the SSL socket factory. | `javax.net.ssl.SSLSocketFactory` | +| `mail.smtp.ssl.enable` | Specifies if SSL is enabled for the SMTP connection. | `false` | +| `mail.store.protocol` | Protocol used for mail storage. | `imaps` | +| `mail.imaps.host` | Hostname of the IMAP server. | `imap.gmail.com` | +| `mail.imaps.port` | Port number for the IMAP server connection. | `993` | +| `mail.imaps.timeout` | Timeout duration for the IMAP connection in milliseconds. | `1000` | +| `mail.attachment.download` | Specifies if attachments should be downloaded. | `true` | +| `mail.attachment.path` | Path where attachments will be saved. | `attachments` | +| `formsflow.configmap` | Name of the FormsFlow configuration map. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret. | `forms-flow-ai` | +| `waitFor` | Service and port to wait for before starting. | `${CAMUNDA_DATABASE_SERVICE_NAME}:${CAMUNDA_DATABASE_PORT}` | + +## Vault Parameters + +| Name | Value | +|---------------|--------------------------------------| +| `VAULT_ENABLED` | `"false"` | +| `VAULT_URL` | `"http://{your-ip-address}:8200"` | +| `VAULT_TOKEN` | `""` | +| `VAULT_PATH` | `""` | +| `VAULT_SECRET` | `""` | + + +## Ingress Parameters + +## Ingress + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for forms-flow-bpm | `true` | +| `ingress.ingressClassName` | Ingress class name to use | `""` | +| `ingress.path` | Ingress path | `"/camunda"` | +| `ingress.servicePort` | Service port for ingress | `8080` | +| `ingress.tls` | Enable TLS for ingress | `true` | +| `ingress.selfSigned` | Use self-signed certificates for TLS | `false` | +| `ingress.extraHosts` | Additional hosts for the ingress | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress | `[]` | +| `ingress.extraTls` | Additional TLS configurations | `[]` | +| `ingress.secrets` | Secrets for TLS configuration | `[]` | +| `ingress.extraRules` | Additional rules for ingress | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Resource preset (e.g., small, medium, large) | `"small"` | +| `resources.limits.cpu` | CPU limit | `600m` | +| `resources.limits.memory` | Memory limit | `1Gi` | +| `resources.requests.cpu` | CPU request | `500m` | +| `resources.requests.memory` | Memory request | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Array of ports for the service | `[{"name": "http", "port": 8080, "targetPort": "http", "protocol": "TCP"}]` | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Allowed addresses for LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | External traffic policy to preserve client source IP | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for the service | `{}` | +| `service.sessionAffinity` | Session affinity for the service (None or ClientIP) | `None` | +| `service.sessionAffinityConfig` | Additional settings for session affinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service | `{}` | + +## Sidecars and Configuration + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `sidecars` | Additional sidecar containers for the pod | `[]` | +| `configuration` | Custom configuration for the application | `""` | +| `existingConfigmap` | Existing ConfigMap to use | `""` | diff --git a/charts/forms-flow-data-analysis/README.md b/charts/forms-flow-data-analysis/README.md new file mode 100644 index 00000000..d289566a --- /dev/null +++ b/charts/forms-flow-data-analysis/README.md @@ -0,0 +1,185 @@ +# Formsflow.ai Sentiment Analysis Component + +Sentiment Analysisis used to understand the sentiments of the customer for products, movies, and other such things, whether they feel positive, negative, or neutral about it. BERT is a very good pre-trained language model which helps machines learn excellent representations of text with respect to context in many natural language tasks. + + +## Introduction + +This chart bootstraps a forms-flow-data-analysis-api deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-data-analysis-api`: + +```console +helm install forms-flow-data-analysis-api forms-flow-data-analysis-api +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm install forms-flow-data-analysis forms-flow-data-analysis --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-data-analysis-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-data-analysis-api charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi +``` + +### Change Forms-flow-data-analysis-api version + +To modify the Forms-flow-data-analysis-api version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-data-analysis-api) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-data-analysis-api + tag: X.Y.Z +``` + +## Persistence + +The `forms-flow-data-analysis` image stores the application logs at the `/forms-flow-data-analysis/app/logs` path of the container. + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment. | `1` | +| `image.registry` | Docker registry for the image. | `docker.io` | +| `image.repository` | Repository for the image. | `formsflow/forms-flow-data-analysis-api` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.tag` | Tag of the image to use. | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets. | `forms-flow-ai-auth` | +| `nameOverride` | Override the name of the deployment. | `""` | +| `fullnameOverride` | Override the full name of the deployment. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for pod scheduling. | `{}` | +| `tolerations` | Tolerations for scheduling pods. | `[]` | +| `affinity` | Affinity rules for pod scheduling. | `{}` | +| `priorityClassName` | Priority class name for scheduling. | `""` | +| `schedulerName` | Name of the scheduler to use for scheduling pods. | `""` | +| `terminationGracePeriodSeconds` | Grace period for pod termination. | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across nodes. | `[]` | +| `diagnosticMode.enabled` | Enables diagnostic mode for the deployment. | `false` | +| `diagnosticMode.command` | Command to run for diagnostic mode. | `["sleep"]` | +| `diagnosticMode.args` | Arguments for the diagnostic command. | `["infinity"]` | +| `hostAliases` | Host aliases for the pods. | `[]` | +| `serviceAccount.create` | Specifies whether a service account should be created. | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | Name of the service account to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Specifies if the service account token should be automatically mounted. | `false` | +| `podAnnotations` | Annotations to apply to the pods. | `{}` | +| `podLabels` | Labels to apply to the pods. | `{}` | +| `podAffinityPreset` | Pod affinity preset to use. | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset to use. | `soft` | +| `nodeAffinityPreset` | Node affinity preset to use. | `{}` | +| `podSecurityContext.enabled` | Specifies if the pod security context is enabled. | `true` | +| `podSecurityContext.fsGroup` | FS group for the pods. | `1001` | +| `containerSecurityContext.enabled` | Specifies if the container security context is enabled. | `true` | +| `containerSecurityContext.runAsUser` | User ID to run the container. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Specifies if the container should run as a non-root user. | `false` | +| `containerSecurityContext.privileged` | Specifies if the container should run in privileged mode. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Specifies if the root filesystem should be read-only. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Specifies if privilege escalation is allowed. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type to use. | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images). | `[]` | +| `args` | Override default container args (useful when using custom images). | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container(s). | `{}` | +| `automountServiceAccountToken` | Specifies if the service account token should be automatically mounted. | `true` | +| `extraEnvVars` | Additional environment variables to pass to the containers. | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables. | `""` | +| `extraVolumes` | Additional volumes to mount to the pods. | `{}` | +| `extraVolumeMounts` | Additional volume mounts for the containers. | `{}` | +| `existingSecret` | Existing secret containing password, username, and dbname. | `""` | +| `updateStrategy.type` | Update strategy for deployment. | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created above the desired number during an update. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during an update. | `25%` | +| `pdb.create` | Specifies whether a PodDisruptionBudget should be created. | `true` | +| `pdb.minAvailable` | Minimum number of pods that must be available. | `""` | +| `pdb.maxUnavailable` | Maximum number of pods that can be unavailable. | `""` | +| `customStartupProbe` | Custom startup probe for the container. | `{}` | +| `customLivenessProbe` | Custom liveness probe for the container. | `{}` | +| `customReadinessProbe` | Custom readiness probe for the container. | `{}` | +| `autoscaling.enabled` | Enable autoscaling for the deployment. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp` | Autoscaling behavior for scale up operations. | `{ stabilizationWindowSeconds: 120, selectPolicy: "Max", policies: [] }` | +| `autoscaling.behavior.scaleDown` | Autoscaling behavior for scale down operations. | `{ stabilizationWindowSeconds: 300, selectPolicy: "Max", policies: [{type: "Pods", value: 1, periodSeconds: 300}] }` | +| `openApiKey` | OpenAI API key for authentication. | `""` | +| `chatbotModelId` | Model ID for the chatbot used in the application. | `gpt-3.5-turbo` | +| `formsflow.configmap` | Name of the FormsFlow configuration map. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret. | `forms-flow-ai` | + +## Ingress Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for forms-flow-data-analysis. | `true` | +| `ingress.ingressClassName` | Name of the ingress class to use. | `""` | +| `ingress.pathType` | Type of path matching for the ingress. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress. | `forms-flow-data-analysis.local` | +| `ingress.path` | Path for the ingress. | `/` | +| `ingress.servicePort` | Service port for the ingress. | `5000` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress. | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates generated by Helm. | `false` | +| `ingress.extraHosts` | Additional hostnames for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | TLS secrets for the ingress. | `[]` | +| `ingress.extraRules` | Additional rules for the ingress. | `[]` | + + +## Resource Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Preset resource allocation for the deployment. | `small` | +| `resources.limits.cpu` | CPU limit for the pods. | `500m` | +| `resources.limits.memory` | Memory limit for the pods. | `1Gi` | +| `resources.requests.cpu` | CPU request for the pods. | `250m` | +| `resources.requests.memory` | Memory request for the pods. | `512Mi` | + + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Service type for the application. | `ClusterIP` | +| `service.ports` | Ports configuration for the service. | `[{name: "http", port: 5000, targetPort: "http", protocol: "TCP"}]` | +| `service.loadBalancerIP` | Load balancer IP for the service. | `""` | +| `service.loadBalancerSourceRanges` | Source ranges for load balancer. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Cluster IP for the service. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity for the service. | `None` | +| `service.sessionAffinityConfig` | Configuration for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + + diff --git a/charts/forms-flow-documents-api/README.md b/charts/forms-flow-documents-api/README.md new file mode 100644 index 00000000..43051ab7 --- /dev/null +++ b/charts/forms-flow-documents-api/README.md @@ -0,0 +1,184 @@ +# Formsflow Documents API + +The goal of the document API is to generate pdf with form submission data.. + +## Introduction + +This chart bootstraps a forms-flow-documents-api deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-documents-api`: + +```console +helm upgrade --install forms-flow-documents-api forms-flow-documents-api +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm upgrade --install forms-flow-documents-api forms-flow-documents-api --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-documents-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-documents-api charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 300m + memory: 1Gi + requests: + cpu: 200m + memory: 512Mi +``` + +### Change Forms-flow-documents-api version + +To modify the Forms-flow-documents-api version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-documents-api) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-documents-api + tag: X.Y.Z +``` +## Persistence + +The `forms-flow-documents-api` image stores the application logs at the `/forms-flow-documents/app/logs` path of the container. + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment. | `1` | +| `image.registry` | Container image registry. | `docker.io` | +| `image.repository` | Repository for the container image. | `formsflow/forms-flow-documents-api` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.tag` | Tag for the container image. | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets. | `["forms-flow-ai-auth"]` | +| `nameOverride` | Override for the name of the deployment. | `""` | +| `fullnameOverride` | Override for the full name of the deployment. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for scheduling pods. | `{}` | +| `tolerations` | Tolerations for scheduling pods. | `[]` | +| `affinity` | Affinity rules for scheduling pods. | `{}` | +| `priorityClassName` | Name of the priority class for the pods. | `""` | +| `schedulerName` | Name of the scheduler to use for the pods. | `""` | +| `terminationGracePeriodSeconds` | Grace period for pod termination. | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across topology domains. | `[]` | +| `diagnosticMode.enabled` | Enable or disable diagnostic mode. | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment. | `["sleep"]` | +| `diagnosticMode.args` | Arguments to override all containers in the deployment. | `["infinity"]` | +| `serviceAccount.create` | Specifies whether a service account should be created. | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | The name of the service account to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Whether to automount the service account token. | `false` | +| `podAnnotations` | Annotations to add to the pod. | `{}` | +| `podLabels` | Labels to add to the pod. | `{}` | +| `podAffinityPreset` | Preset for pod affinity rules. | `""` | +| `podAntiAffinityPreset` | Preset for pod anti-affinity rules. | `soft` | +| `nodeAffinityPreset.type` | Type of node affinity preset. | `""` | +| `nodeAffinityPreset.key` | Key for node affinity preset. | `""` | +| `nodeAffinityPreset.values` | Values for node affinity preset. | `[]` | +| `podSecurityContext.enabled` | Enable pod security context. | `true` | +| `podSecurityContext.fsGroupChangePolicy`| Policy for changing the fsGroup. | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pod. | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pod. | `[]` | +| `podSecurityContext.fsGroup` | fsGroup for the pod. | `1001` | +| `containerSecurityContext.enabled` | Enable container security context. | `true` | +| `containerSecurityContext.seLinuxOptions` | SELinux options for the container. | `{}` | +| `containerSecurityContext.runAsUser` | User ID to run the container as. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container as. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Whether to run the container as a non-root user. | `false` | +| `containerSecurityContext.privileged` | Whether to run the container in privileged mode. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Whether to use a read-only root filesystem. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Whether to allow privilege escalation. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type for the container. | `RuntimeDefault` | +| `command` | Override default container command (useful for custom images). | `[]` | +| `args` | Override default container args (useful for custom images). | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container to automate configuration before or after startup. | `{}` | +| `automountServiceAccountToken` | Whether to automount the service account token. | `true` | +| `extraEnvVars` | Additional environment variables for the container. | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars. | `""` | +| `extraVolumes` | Extra volumes for the container. | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the container. | `{}` | +| `auth.existingSecret` | Existing secret containing password, username, and db name. | `""` | +| `auth.annotations` | Annotations for the auth section. | `{}` | +| `updateStrategy.type` | Type of update strategy for the deployment. | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge`| Maximum surge during updates. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable pods during updates. | `25%` | +| `pdb.create` | Specifies whether a PodDisruptionBudget should be created. | `true` | +| `pdb.minAvailable` | Minimum number of pods that must be available. | `""` | +| `pdb.maxUnavailable` | Maximum number of pods that can be unavailable. | `""` | +| `customStartupProbe` | Custom startup probe for the container. | `{}` | +| `customLivenessProbe` | Custom liveness probe for the container. | `{}` | +| `customReadinessProbe` | Custom readiness probe for the container. | `{}` | +| `autoscaling.enabled` | Enable autoscaling for the deployment. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp` | Autoscaling behavior for scale up operations. | `{ stabilizationWindowSeconds: 120, selectPolicy: "Max", policies: [] }` | +| `autoscaling.behavior.scaleDown` | Autoscaling behavior for scale down operations. | `{ stabilizationWindowSeconds: 300, selectPolicy: "Max", policies: [{type: "Pods", value: 1, periodSeconds: 300}] }` | +| `formsflow.configmap` | Name of the FormsFlow configuration map. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret. | `forms-flow-ai` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for the application. | `true` | +| `ingress.ingressClassName` | Name of the ingress class to use. | `""` | +| `ingress.pathType` | Type of path matching for the ingress. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress. | `forms-flow-documents-api.local` | +| `ingress.path` | Path for the ingress. | `/` | +| `ingress.servicePort` | Service port for the ingress. | `5006` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress. | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates generated by Helm. | `false` | +| `ingress.extraHosts` | Additional hostnames for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | TLS secrets for the ingress. | `[]` | +| `ingress.extraRules` | Additional rules for the ingress. | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Preset resource allocation for the deployment. | `small` | +| `resources.limits.cpu` | CPU limit for the pods. | `200m` | +| `resources.limits.memory` | Memory limit for the pods. | `1Gi` | +| `resources.requests.cpu` | CPU request for the pods. | `100m` | +| `resources.requests.memory` | Memory request for the pods. | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Service type for the application. | `ClusterIP` | +| `service.ports` | Ports configuration for the service. | `[{name: "http", port: 5006, targetPort: "http", protocol: "TCP"}]` | +| `service.loadBalancerIP` | Load balancer IP for the service. | `""` | +| `service.loadBalancerSourceRanges` | Source ranges for load balancer. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Cluster IP for the service. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity for the service. | `None` | +| `service.sessionAffinityConfig` | Configuration for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + diff --git a/charts/forms-flow-forms/README.md b/charts/forms-flow-forms/README.md new file mode 100644 index 00000000..b8cef14a --- /dev/null +++ b/charts/forms-flow-forms/README.md @@ -0,0 +1,198 @@ +# Form Management Platform + +formsflow.ai leverages form.io to build "serverless" data management applications using a simple drag-and-drop form builder interface. + +To know more about form.io, go to https://form.io. + +## Introduction + +This chart bootstraps a forms-flow-forms deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-forms`: + +```console +helm install forms-flow-forms forms-flow-forms +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-forms forms-flow-forms --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-forms on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-forms charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi +``` + +### Change Forms-flow-forms version + +To modify the Forms-flow-forms version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-forms) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-forms + tag: X.Y.Z +``` +## Persistence + +The `forms-flow-forms` image stores the application logs at the `/app/logs` path of the container. + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment. | `1` | +| `image.registry` | Docker registry for the application image. | `docker.io` | +| `image.repository` | Repository for the application image. | `formsflow/forms-flow-forms` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.tag` | Tag of the application image. | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets. | `["forms-flow-ai-auth"]` | +| `nameOverride` | Override for the application name. | `""` | +| `fullnameOverride` | Override for the full application name. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for pod scheduling. | `{}` | +| `tolerations` | Tolerations for pod scheduling. | `[]` | +| `affinity` | Affinity settings for pod scheduling. | `{}` | +| `priorityClassName` | Priority class name for the pods. | `""` | +| `schedulerName` | Custom scheduler name for the deployment. | `""` | +| `terminationGracePeriodSeconds` | Termination grace period for pods. | `""` | +| `topologySpreadConstraints` | Constraints to spread pods across topology domains. | `[]` | +| `diagnosticMode.enabled` | Enable or disable diagnostic mode for the deployment. | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment. | `["sleep"]` | +| `diagnosticMode.args` | Arguments to override all containers in the deployment. | `["infinity"]` | +| `podSecurityContext.enabled` | Enable or disable pod security context. | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Policy for changing the filesystem group. | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pod. | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pod. | `[]` | +| `podSecurityContext.fsGroup` | Filesystem group for the pod. | `1001` | +| `containerSecurityContext.enabled` | Enable or disable container security context. | `true` | +| `containerSecurityContext.seLinuxOptions`| SELinux options for the container. | `{}` | +| `containerSecurityContext.runAsUser` | User ID to run the container. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Ensure the container does not run as root. | `false` | +| `containerSecurityContext.privileged` | Enable privileged mode for the container. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Enable read-only root filesystem for the container. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation for the container. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type for the container. | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images). | `[]` | +| `args` | Override default container args (useful when using custom images). | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container(s) to automate configuration before or after startup. | `{}` | +| `automountServiceAccountToken` | Specify whether the service account token should be automatically mounted. | `true` | +| `extraEnvVars` | Extra environment variables for the container. | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars. | `""` | +| `extraVolumes` | Extra volumes to attach to the pod. | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the containers. | `{}` | +| `auth.existingSecret` | Existing secret containing password, username, and database name. | `""` | +| `auth.annotations` | Annotations for the auth settings. | `{}` | +| `updateStrategy.type` | Update strategy for the deployment. | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created above the desired number of pods. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during the update. | `25%` | +| `rbac.create` | Create RBAC roles and bindings for the application. | `false` | +| `rbac.rules` | RBAC rules to apply for the application. | `[]` | +| `pdb.create` | Create a Pod Disruption Budget for the application. | `true` | +| `pdb.minAvailable` | Minimum number of pods that must be available during a disruption. | `""` | +| `pdb.maxUnavailable` | Maximum number of pods that can be unavailable during a disruption. | `""` | +| `livenessProbe.enabled` | Enable liveness probe for the application. | `true` | +| `livenessProbe.failureThreshold` | Number of failures before the pod is considered unhealthy. | `5` | +| `livenessProbe.initialDelaySeconds` | Initial delay before starting liveness checks. | `120` | +| `livenessProbe.periodSeconds` | Frequency of liveness checks. | `60` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful. | `1` | +| `livenessProbe.timeoutSeconds` | Timeout for liveness checks. | `3` | +| `readinessProbe.enabled` | Enable readiness probe for the application. | `true` | +| `readinessProbe.failureThreshold` | Number of failures before the pod is considered not ready. | `5` | +| `readinessProbe.initialDelaySeconds` | Initial delay before starting readiness checks. | `120` | +| `readinessProbe.periodSeconds` | Frequency of readiness checks. | `60` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful. | `1` | +| `readinessProbe.timeoutSeconds` | Timeout for readiness checks. | `3` | +| `customStartupProbe` | Custom startup probe for the application. | `{}` | +| `customLivenessProbe` | Custom liveness probe for the application. | `{}` | +| `customReadinessProbe` | Custom readiness probe for the application. | `{}` | +| `ExternalAuth.ExistingMailAuthKey` | Existing key for mail authentication. | `""` | +| `ExternalAuth.ExistingPwdAuthKey` | Existing key for password authentication. | `""` | +| `ExternalAuth.ExistingSecretName` | Name of the existing secret for external authentication. | `""` | +| `formsflow.configmap` | Name of the Formsflow configmap for integration environment variables. | `forms-flow-ai` | +| `formsflow.secret` | Name of the Formsflow secret for integration environment variables. | `forms-flow-ai` | +| `autoscaling.enabled` | Enable autoscaling for the application. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for the application. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for the application. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization percentage for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Stabilization window for scaling up. | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Select policy for scaling up. | `Max` | +| `autoscaling.behavior.scaleUp.policies` | HPA scaling policies when scaling up. | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Stabilization window for scaling down. | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Select policy for scaling down. | `Max` | +| `autoscaling.behavior.scaleDown.policies` | HPA scaling policies when scaling down. | `[{type: "Pods", value: 1, periodSeconds: 300}]` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for the application. | `true` | +| `ingress.ingressClassName` | Ingress class name to use for the ingress resource. | `""` | +| `ingress.pathType` | Path type for the ingress resource. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress resource. | `forms-flow-forms.local` | +| `ingress.path` | Path for the ingress resource. | `/` | +| `ingress.servicePort` | Service port for the ingress resource. | `3001` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress resource. | `true` | +| `ingress.selfSigned` | Create a self-signed TLS certificate for the ingress. | `false` | +| `ingress.extraHosts` | Additional hostnames for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | TLS secrets for the ingress. | `[]` | +| `ingress.extraRules` | Extra rules for the ingress resource. | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Preset for resource requests and limits. | `small` | +| `resources.limits.cpu` | Maximum CPU limit for the pod. | `200m` | +| `resources.limits.memory` | Maximum memory limit for the pod. | `1Gi` | +| `resources.requests.cpu` | Requested CPU for the pod. | `100m` | +| `resources.requests.memory` | Requested memory for the pod. | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Kubernetes service type (e.g., `ClusterIP`, `NodePort`, `LoadBalancer`). | `ClusterIP` | +| `service.ports` | Array of service ports for the application. | `[{name: "http", port: 3001, targetPort: "http", protocol: "TCP"}]` | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer`. | `""` | +| `service.loadBalancerSourceRanges` | Allowed source ranges for LoadBalancer service. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Static clusterIP or `None` for headless services. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity for the service. | `None` | +| `service.sessionAffinityConfig` | Additional settings for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + + + diff --git a/charts/forms-flow-idm/README.md b/charts/forms-flow-idm/README.md new file mode 100644 index 00000000..66e09994 --- /dev/null +++ b/charts/forms-flow-idm/README.md @@ -0,0 +1,804 @@ + + +# Forms-flow-idm + +The **formsflow.ai** framework could be hooked up with any OpenID Connect compliant Identity Management Server. To date, we have only tested [Keycloak](https://github.com/keycloak/keycloak). + +## Introduction + +This chart bootstraps a forms-flow-idm deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## TL;DR + +```console +helm upgrade --install forms-flow-idm forms-flow-idm +``` + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm upgrade --install forms-flow-idm forms-flow-idm +``` + +> Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm upgrade --install forms-flow-idm forms-flow-idm --set keycloak.ingress.hostname=KEYCLOAK_URL --set postgresql-ha.postgresql.podSecurityContext.enabled=true --set keycloak.ingress.ingressClassName=INGRESS_CLASS +``` + +These commands deploy a Keycloak application on the Kubernetes cluster in the default configuration. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Resource requests and limits + +Forms-flow-idm charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling vs Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Use an external database + +Sometimes, you may want to have Keycloak connect to an external PostgreSQL database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. Here is an example: + +```text +postgresql.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=5432 +``` + +> NOTE: Only PostgreSQL database server is supported as external database + +It is not supported but possible to run Keycloak with an external MSSQL database with the following settings: + +```yaml +externalDatabase: + host: "mssql.example.com" + port: 1433 + user: keycloak + database: keycloak + existingSecret: passwords +extraEnvVars: + - name: KC_DB # override values from the conf file + value: 'mssql' + - name: KC_DB_URL + value: 'jdbc:sqlserver://mssql.example.com:1433;databaseName=keycloak;' +``` + +### Importing and exporting a realm + +#### Importing a realm + +You can import a realm by setting the `KEYCLOAK_EXTRA_ARGS` to contain the `--import-realm` argument. + +This will import all `*.json` under `/opt/bitnami/keycloak/data/import` files as a realm into keycloak as per the +official documentation [here](https://www.keycloak.org/server/importExport#_importing_a_realm_from_a_directory). You +can supply the files by mounting a volume e.g. with docker compose as follows: + +```yaml +keycloak: + image: bitnami/keycloak:latest + volumes: + - /local/path/to/realms/folder:/opt/bitnami/keycloak/data/import +``` + +#### Exporting a realm + +You can export a realm through the GUI but it will not export users even the option is set, this is a known keycloak +[bug](https://github.com/keycloak/keycloak/issues/23970). + +By using the `kc.sh` script you can export a realm with users. Be sure to mount the export folder to a local folder: + +```yaml +keycloak: + image: bitnami/keycloak:latest + volumes: + - /local/path/to/export/folder:/export +``` + +Then open a terminal in the running keycloak container and run: + +```bash +kc.sh export --dir /export/ --users realm_file +```` + +This will export the all the realms with users to the `/export` folder. + +### Configure Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### Configure admin Ingress + +In addition to the Ingress resource described above, this chart also provides the ability to define an Ingress for the admin area of Keycloak, for example the `master` realm. + +For this scenario, you can use the Keycloak Config CLI integration with the following values, where `keycloak-admin.example.com` is to be replaced by the actual hostname: + +```yaml +adminIngress: + enabled: true + hostname: keycloak-admin.example.com +keycloakConfigCli: + enabled: true + configuration: + master.json: | + { + "realm" : "master", + "attributes": { + "frontendUrl": "https://keycloak-admin.example.com" + } + } +``` + +### Configure TLS Secrets for use with Ingress + +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`. + +### Use with ingress offloading SSL + +If your ingress controller has the SSL Termination, you should set `proxy` to `edge`. + +### Manage secrets and passwords + +This chart provides several ways to manage passwords: + +- Values passed to the chart: In this scenario, a new secret including all the passwords will be created during the chart installation. When upgrading, it is necessary to provide the secrets to the chart as shown below. Replace the KEYCLOAK_ADMIN_PASSWORD, POSTGRESQL_PASSWORD and POSTGRESQL_PVC placeholders with the correct passwords and PVC name. + +```console +helm upgrade keycloak bitnami/keycloak \ + --set auth.adminPassword=KEYCLOAK_ADMIN_PASSWORD \ + --set postgresql.postgresqlPassword=POSTGRESQL_PASSWORD \ + --set postgresql.persistence.existingClaim=POSTGRESQL_PVC +``` + +- An existing secret with all the passwords via the `existingSecret` parameter. + +### Add extra environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: KEYCLOAK_LOG_LEVEL + value: DEBUG +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Initialize a fresh instance + +The [Bitnami Keycloak](https://github.com/bitnami/containers/tree/main/bitnami/keycloak) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to this option, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed extensions is `.sh`. + +### Deploy extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `enableServiceLinks` | If set to false, disable Kubernetes service links in the pod spec | `true` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `dnsPolicy` | DNS Policy for pod | `""` | +| `dnsConfig` | DNS Configuration pod | `{}` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the the statefulset | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the the statefulset | `["infinity"]` | + +### Keycloak parameters + +| Name | Description | Value | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------- | +| `image.registry` | Keycloak image registry | `REGISTRY_NAME` | +| `image.repository` | Keycloak image repository | `REPOSITORY_NAME/keycloak` | +| `image.digest` | Keycloak image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Keycloak image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `auth.adminUser` | Keycloak administrator user | `user` | +| `auth.adminPassword` | Keycloak administrator password for the new user | `""` | +| `auth.existingSecret` | Existing secret containing Keycloak admin password | `""` | +| `auth.passwordSecretKey` | Key where the Keycloak admin password is being stored inside the existing secret. | `""` | +| `auth.annotations` | Additional custom annotations for Keycloak auth secret object | `{}` | +| `customCaExistingSecret` | Name of the secret containing the Keycloak custom CA certificates. The secret will be mounted as a directory and configured using KC_TRUSTSTORE_PATHS. | `""` | +| `tls.enabled` | Enable TLS encryption. Required for HTTPs traffic. | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `tls.existingSecret` | Existing secret containing the TLS certificates per Keycloak replica | `""` | +| `tls.usePem` | Use PEM certificates as input instead of PKS12/JKS stores | `false` | +| `tls.truststoreFilename` | Truststore filename inside the existing secret | `keycloak.truststore.jks` | +| `tls.keystoreFilename` | Keystore filename inside the existing secret | `keycloak.keystore.jks` | +| `tls.keystorePassword` | Password to access the keystore when it's password-protected | `""` | +| `tls.truststorePassword` | Password to access the truststore when it's password-protected | `""` | +| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords. | `""` | +| `spi.existingSecret` | Existing secret containing the Keycloak truststore for SPI connection over HTTPS/TLS | `""` | +| `spi.truststorePassword` | Password to access the truststore when it's password-protected | `""` | +| `spi.truststoreFilename` | Truststore filename inside the existing secret | `keycloak-spi.truststore.jks` | +| `spi.passwordsSecret` | Secret containing the SPI Truststore passwords. | `""` | +| `spi.hostnameVerificationPolicy` | Verify the hostname of the server's certificate. Allowed values: "ANY", "WILDCARD", "STRICT". | `""` | +| `adminRealm` | Name of the admin realm | `master` | +| `production` | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. | `false` | +| `proxyHeaders` | Set Keycloak proxy headers | `""` | +| `proxy` | reverse Proxy mode edge, reencrypt, passthrough or none | `""` | +| `httpRelativePath` | Set the path relative to '/' for serving resources. Useful if you are migrating from older version which were using '/auth/' | `/` | +| `configuration` | Keycloak Configuration. Auto-generated based on other parameters when not specified | `""` | +| `existingConfigmap` | Name of existing ConfigMap with Keycloak configuration | `""` | +| `extraStartupArgs` | Extra default startup args | `""` | +| `enableDefaultInitContainers` | Deploy default init containers | `true` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Extra environment variables to be set on Keycloak container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + +### Keycloak statefulset parameters + +| Name | Description | Value | +| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of Keycloak replicas to deploy | `1` | +| `revisionHistoryLimitCount` | Number of controller revisions to keep | `10` | +| `containerPorts.http` | Keycloak HTTP container port | `8080` | +| `containerPorts.https` | Keycloak HTTPS container port | `8443` | +| `extraContainerPorts` | Optionally specify extra list of additional port-mappings for Keycloak container | `[]` | +| `statefulsetAnnotations` | Optionally add extra annotations on the statefulset resource | `{}` | +| `podSecurityContext.enabled` | Enabled Keycloak pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Keycloak pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe on Keycloak containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `300` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `1` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on Keycloak containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on Keycloak containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom Liveness probes for Keycloak | `{}` | +| `customReadinessProbe` | Custom Rediness probes Keycloak | `{}` | +| `customStartupProbe` | Custom Startup probes for Keycloak | `{}` | +| `lifecycleHooks` | LifecycleHooks to set additional configuration at startup | `{}` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `podLabels` | Extra labels for Keycloak pods | `{}` | +| `podAnnotations` | Annotations for Keycloak pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `podManagementPolicy` | Pod management policy for the Keycloak statefulset | `Parallel` | +| `priorityClassName` | Keycloak pods' Priority Class Name | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `terminationGracePeriodSeconds` | Seconds Keycloak pod needs to terminate gracefully | `""` | +| `updateStrategy.type` | Keycloak statefulset strategy type | `RollingUpdate` | +| `updateStrategy.rollingUpdate` | Keycloak statefulset rolling update configuration parameters | `{}` | +| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `extraVolumes` | Optionally specify extra list of additional volumes for Keycloak pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Keycloak container(s) | `[]` | +| `initContainers` | Add additional init containers to the Keycloak pods | `[]` | +| `sidecars` | Add additional sidecar containers to the Keycloak pods | `[]` | + +### Exposure parameters + +| Name | Description | Value | +| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.http.enabled` | Enable http port on service | `true` | +| `service.ports.http` | Keycloak service HTTP port | `80` | +| `service.ports.https` | Keycloak service HTTPS port | `443` | +| `service.nodePorts` | Specify the nodePort values for the LoadBalancer and NodePort service types. | `{}` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | Keycloak service clusterIP IP | `""` | +| `service.loadBalancerIP` | loadBalancerIP for the SuiteCRM Service (optional, cloud specific) | `""` | +| `service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.annotations` | Additional custom annotations for Keycloak service | `{}` | +| `service.extraPorts` | Extra port to expose on Keycloak service | `[]` | +| `service.extraHeadlessPorts` | Extra ports to expose on Keycloak headless service | `[]` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `service.headless.extraPorts` | Extra ports to expose on Keycloak headless service | `[]` | +| `ingress.enabled` | Enable ingress record generation for Keycloak | `false` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.controller` | The ingress controller type. Currently supports `default` and `gce` | `default` | +| `ingress.hostname` | Default host for the ingress record (evaluated as template) | `keycloak.local` | +| `ingress.hostnameStrict` | Disables dynamically resolving the hostname from request headers. | `false` | +| `ingress.path` | Default path for the ingress record (evaluated as template) | `""` | +| `ingress.servicePort` | Backend service port to use | `http` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.labels` | Additional labels for the Ingress resource. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `adminIngress.enabled` | Enable admin ingress record generation for Keycloak | `false` | +| `adminIngress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `adminIngress.pathType` | Ingress path type | `ImplementationSpecific` | +| `adminIngress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `adminIngress.controller` | The ingress controller type. Currently supports `default` and `gce` | `default` | +| `adminIngress.hostname` | Default host for the admin ingress record (evaluated as template) | `keycloak.local` | +| `adminIngress.path` | Default path for the admin ingress record (evaluated as template) | `""` | +| `adminIngress.servicePort` | Backend service port to use | `http` | +| `adminIngress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `adminIngress.labels` | Additional labels for the Ingress resource. | `{}` | +| `adminIngress.tls` | Enable TLS configuration for the host defined at `adminIngress.hostname` parameter | `false` | +| `adminIngress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `adminIngress.extraHosts` | An array with additional hostname(s) to be covered with the admin ingress record | `[]` | +| `adminIngress.extraPaths` | Any additional arbitrary paths that may need to be added to the admin ingress under the main host. | `[]` | +| `adminIngress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `adminIngress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `adminIngress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### RBAC parameter + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount for Keycloak pods | `true` | +| `serviceAccount.name` | Name of the created ServiceAccount | `""` | +| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `serviceAccount.extraLabels` | Additional labels for the ServiceAccount | `{}` | +| `rbac.create` | Whether to create and use RBAC resources or not | `false` | +| `rbac.rules` | Custom RBAC rules | `[]` | + +### Other parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------- | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable autoscaling for Keycloak | `false` | +| `autoscaling.minReplicas` | Minimum number of Keycloak replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of Keycloak replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | The number of seconds for which past recommendations should be considered while scaling up | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | The priority of policies that the autoscaler will apply when scaling up | `Max` | +| `autoscaling.behavior.scaleUp.policies` | HPA scaling policies when scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | The number of seconds for which past recommendations should be considered while scaling down | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | The priority of policies that the autoscaler will apply when scaling down | `Max` | +| `autoscaling.behavior.scaleDown.policies` | HPA scaling policies when scaling down | `[]` | + +### Metrics parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | ------- | +| `metrics.enabled` | Enable exposing Keycloak statistics | `false` | +| `metrics.service.ports.http` | Metrics service HTTP port | `8080` | +| `metrics.service.annotations` | Annotations for enabling prometheus to access the metrics endpoints | `{}` | +| `metrics.service.extraPorts` | Add additional ports to the keycloak metrics service (i.e. admin port 9000) | `[]` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.port` | Metrics service HTTP port | `http` | +| `metrics.serviceMonitor.endpoints` | The endpoint configuration of the ServiceMonitor. Path is mandatory. Interval, timeout and labellings can be overwritten. | `[]` | +| `metrics.serviceMonitor.path` | Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead | `""` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Create PrometheusRule Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.prometheusRule.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.groups` | Groups, containing the alert rules. | `[]` | + +### keycloak-config-cli parameters + +| Name | Description | Value | +| --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | +| `keycloakConfigCli.enabled` | Whether to enable keycloak-config-cli job | `false` | +| `keycloakConfigCli.image.registry` | keycloak-config-cli container image registry | `REGISTRY_NAME` | +| `keycloakConfigCli.image.repository` | keycloak-config-cli container image repository | `REPOSITORY_NAME/keycloak-config-cli` | +| `keycloakConfigCli.image.digest` | keycloak-config-cli container image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `keycloakConfigCli.image.pullPolicy` | keycloak-config-cli container image pull policy | `IfNotPresent` | +| `keycloakConfigCli.image.pullSecrets` | keycloak-config-cli container image pull secrets | `[]` | +| `keycloakConfigCli.annotations` | Annotations for keycloak-config-cli job | `{}` | +| `keycloakConfigCli.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `keycloakConfigCli.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `keycloakConfigCli.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `keycloakConfigCli.hostAliases` | Job pod host aliases | `[]` | +| `keycloakConfigCli.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if keycloakConfigCli.resources is set (keycloakConfigCli.resources is recommended for production). | `small` | +| `keycloakConfigCli.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `keycloakConfigCli.containerSecurityContext.enabled` | Enabled keycloak-config-cli Security Context | `true` | +| `keycloakConfigCli.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `keycloakConfigCli.containerSecurityContext.runAsUser` | Set keycloak-config-cli Security Context runAsUser | `1001` | +| `keycloakConfigCli.containerSecurityContext.runAsGroup` | Set keycloak-config-cli Security Context runAsGroup | `1001` | +| `keycloakConfigCli.containerSecurityContext.runAsNonRoot` | Set keycloak-config-cli Security Context runAsNonRoot | `true` | +| `keycloakConfigCli.containerSecurityContext.privileged` | Set keycloak-config-cli Security Context privileged | `false` | +| `keycloakConfigCli.containerSecurityContext.readOnlyRootFilesystem` | Set keycloak-config-cli Security Context readOnlyRootFilesystem | `true` | +| `keycloakConfigCli.containerSecurityContext.allowPrivilegeEscalation` | Set keycloak-config-cli Security Context allowPrivilegeEscalation | `false` | +| `keycloakConfigCli.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `keycloakConfigCli.containerSecurityContext.seccompProfile.type` | Set keycloak-config-cli Security Context seccomp profile | `RuntimeDefault` | +| `keycloakConfigCli.podSecurityContext.enabled` | Enabled keycloak-config-cli pods' Security Context | `true` | +| `keycloakConfigCli.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `keycloakConfigCli.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `keycloakConfigCli.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `keycloakConfigCli.podSecurityContext.fsGroup` | Set keycloak-config-cli pod's Security Context fsGroup | `1001` | +| `keycloakConfigCli.backoffLimit` | Number of retries before considering a Job as failed | `1` | +| `keycloakConfigCli.podLabels` | Pod extra labels | `{}` | +| `keycloakConfigCli.podAnnotations` | Annotations for job pod | `{}` | +| `keycloakConfigCli.extraEnvVars` | Additional environment variables to set | `[]` | +| `keycloakConfigCli.nodeSelector` | Node labels for pod assignment | `{}` | +| `keycloakConfigCli.podTolerations` | Tolerations for job pod assignment | `[]` | +| `keycloakConfigCli.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `keycloakConfigCli.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `keycloakConfigCli.extraVolumes` | Extra volumes to add to the job | `[]` | +| `keycloakConfigCli.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | +| `keycloakConfigCli.initContainers` | Add additional init containers to the Keycloak config cli pod | `[]` | +| `keycloakConfigCli.sidecars` | Add additional sidecar containers to the Keycloak config cli pod | `[]` | +| `keycloakConfigCli.configuration` | keycloak-config-cli realms configuration | `{}` | +| `keycloakConfigCli.existingConfigmap` | ConfigMap with keycloak-config-cli configuration | `""` | +| `keycloakConfigCli.cleanupAfterFinished.enabled` | Enables Cleanup for Finished Jobs | `false` | +| `keycloakConfigCli.cleanupAfterFinished.seconds` | Sets the value of ttlSecondsAfterFinished | `600` | + +### Database parameters + +| Name | Description | Value | +| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------ | +| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | +| `postgresql.auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""` | +| `postgresql.auth.username` | Name for a custom user to create | `bn_keycloak` | +| `postgresql.auth.password` | Password for the custom user to create | `""` | +| `postgresql.auth.database` | Name for a custom database to create | `bitnami_keycloak` | +| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | +| `postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` | +| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `externalDatabase.host` | Database host | `""` | +| `externalDatabase.port` | Database port number | `5432` | +| `externalDatabase.user` | Non-root username for Keycloak | `bn_keycloak` | +| `externalDatabase.password` | Password for the non-root username for Keycloak | `""` | +| `externalDatabase.database` | Keycloak database name | `bitnami_keycloak` | +| `externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `""` | +| `externalDatabase.existingSecretHostKey` | Name of an existing secret key containing the database host name | `""` | +| `externalDatabase.existingSecretPortKey` | Name of an existing secret key containing the database port | `""` | +| `externalDatabase.existingSecretUserKey` | Name of an existing secret key containing the database user | `""` | +| `externalDatabase.existingSecretDatabaseKey` | Name of an existing secret key containing the database name | `""` | +| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `""` | +| `externalDatabase.annotations` | Additional custom annotations for external database secret object | `{}` | + +### Keycloak Cache parameters + +| Name | Description | Value | +| ----------------- | -------------------------------------------------------------------------- | ------------ | +| `cache.enabled` | Switch to enable or disable the keycloak distributed cache for kubernetes. | `true` | +| `cache.stackName` | Set infinispan cache stack to use | `kubernetes` | +| `cache.stackFile` | Set infinispan cache stack filename to use | `""` | + +### Keycloak Logging parameters + +| Name | Description | Value | +| ---------------- | ------------------------------------------------------------------------------ | --------- | +| `logging.output` | Alternates between the default log output format or json format | `default` | +| `logging.level` | Allowed values as documented: FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL, OFF | `INFO` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release --set auth.adminPassword=secretpassword oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the Keycloak administrator password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/keycloak/values.yaml) + +Keycloak realms, users and clients can be created from the Keycloak administration panel. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 21.0.0 + +This major release updates the keycloak branch to its newest major, 24.x.x. Follow the [upstream documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-24-0-0) for upgrade instructions. + +### To 20.0.0 + +This major bump changes the following security defaults: + +- `runAsGroup` is changed from `0` to `1001` +- `readOnlyRootFilesystem` is set to `true` +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +### To 19.0.0 + +This major release bumps the PostgreSQL chart version to [14.x.x](https://github.com/bitnami/charts/pull/22750); no major issues are expected during the upgrade. + +### To 17.0.0 + +This major updates the PostgreSQL subchart to its newest major, 13.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1300) you can find more information about the changes introduced in that version. + +### To 15.0.0 + +This major updates the default serviceType from `LoadBalancer` to `ClusterIP` to avoid inadvertently exposing Keycloak directly to the internet without an Ingress. + +### To 12.0.0 + +This major updates the PostgreSQL subchart to its newest major, 12.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1200) you can find more information about the changes introduced in that version. + +### To 10.0.0 + +This major release updates Keycloak to its major version `19`. Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-19-0-0) for a complete list of changes and further information. + +### To 9.0.0 + +This major release updates Keycloak to its major version `18`. Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-18-0-0) for a complete list of changes and further information. + +### To 8.0.0 + +This major release updates Keycloak to its major version `17`. Among other features, this new version has deprecated WildFly in favor of Quarkus, which introduces breaking changes like: + +- Removal of `/auth` from the default context path. +- Changes in the configuration and deployment of custom providers. +- Significant changes in configuring Keycloak. + +Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-17-0-0) and [Migrating to Quarkus distribution document](https://www.keycloak.org/migration/migrating-to-quarkus) for a complete list of changes and further information. + +### To 7.0.0 + +This major release updates the PostgreSQL subchart to its newest major *11.x.x*, which contain several changes in the supported values (check the [upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1100) to obtain more information). + +#### Upgrading Instructions + +To upgrade to *7.0.0* from *6.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *keycloak* and the release namespace *default*): + +1. Obtain the credentials and the names of the PVCs used to hold the data on your current release: + +```console +export KEYCLOAK_PASSWORD=$(kubectl get secret --namespace default keycloak -o jsonpath="{.data.admin-password}" | base64 --decode) +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default keycloak-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=keycloak,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option *--cascade=false*) and secret: + +```console +kubectl delete statefulsets.apps --cascade=false keycloak-postgresql +kubectl delete secret keycloak-postgresql --namespace default +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +CURRENT_PG_VERSION=$(kubectl exec keycloak-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION') +helm upgrade keycloak bitnami/keycloak \ + --set auth.adminPassword=$KEYCLOAK_PASSWORD \ + --set postgresql.image.tag=$CURRENT_PG_VERSION \ + --set postgresql.auth.password=$POSTGRESQL_PASSWORD \ + --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC +``` + +1. Delete the existing PostgreSQL pods and the new statefulset will create a new one: + +```console +kubectl delete pod keycloak-postgresql-0 +``` + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running *helm dependency update*, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore. +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3. + +#### Useful links + +- [Bitnami Tutorial](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-resolve-helm2-helm3-post-migration-issues-index.html) +- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration) +- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3) + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/forms-flow-web/README.md b/charts/forms-flow-web/README.md new file mode 100644 index 00000000..fd04ad69 --- /dev/null +++ b/charts/forms-flow-web/README.md @@ -0,0 +1,190 @@ +# Formsflow.ai Web Application + +formsflow.ai delivers progressive web application with React version 17.0.2 and create-react-app. Also currently uses form.io version 3.2.0. + +## Introduction + +This chart bootstraps a forms-flow-web deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-web`: + +```console +helm install forms-flow-web forms-flow-web +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm install forms-flow-web forms-flow-web --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `DOMAIN_NAME=example.com` and `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-web on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-web charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi +``` + +### Change Forms-flow-web version + +To modify the Forms-flow-web version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-web) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-web + tag: X.Y.Z +``` + +## Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas to run for the application. | `1` | +| `image.registry` | Docker registry for the application image. | `docker.io` | +| `image.repository` | Repository name for the application image. | `formsflow/forms-flow-web` | +| `image.pullPolicy` | Image pull policy for the application. | `IfNotPresent` | +| `image.tag` | Tag of the image to use for the application. | `v7.0.0-alpha` | +| `image.pullSecrets` | Secrets to use for pulling the application image. | `["forms-flow-ai-auth"]` | +| `nameOverride` | Override for the name of the application. | `""` | +| `fullnameOverride` | Override for the full name of the application. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for scheduling pods. | `{}` | +| `tolerations` | Tolerations for scheduling pods. | `[]` | +| `affinity` | Affinity rules for scheduling pods. | `{}` | +| `priorityClassName` | Name of the priority class for the application pods. | `""` | +| `schedulerName` | Name of the scheduler to use for scheduling pods. | `""` | +| `terminationGracePeriodSeconds` | Grace period for pod termination. | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across nodes. | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode for the application. | `false` | +| `diagnosticMode.command` | Command to run in diagnostic mode. | `["sleep"]` | +| `diagnosticMode.args` | Arguments for the diagnostic mode command. | `["infinity"]` | +| `hostAliases` | Host aliases for the application pods. | `[]` | +| `serviceAccount.create` | Create a service account for the application. | `true` | +| `serviceAccount.annotations` | Annotations for the service account. | `{}` | +| `serviceAccount.name` | Name of the service account to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Automount the service account token. | `false` | +| `podAnnotations` | Annotations for the application pods. | `{}` | +| `podLabels` | Labels for the application pods. | `{}` | +| `podAffinityPreset` | Pod affinity preset for the application. | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset for the application. | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type for the application. | `""` | +| `nodeAffinityPreset.key` | Key for node affinity preset. | `""` | +| `nodeAffinityPreset.values` | Values for node affinity preset. | `[]` | +| `podSecurityContext.enabled` | Enable pod security context. | `false` | +| `podSecurityContext.fsGroupChangePolicy`| Policy for changing filesystem group. | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pod. | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pod. | `[]` | +| `podSecurityContext.fsGroup` | Filesystem group for the pod. | `1001` | +| `containerSecurityContext.enabled` | Enable container security context. | `false` | +| `containerSecurityContext.seLinuxOptions` | SELinux options for the container. | `{}` | +| `containerSecurityContext.runAsUser` | User ID to run the container as. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container as. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Run the container as a non-root user. | `false` | +| `containerSecurityContext.privileged` | Allow the container to run in privileged mode. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Mount the root filesystem as read-only. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type for the container. | `RuntimeDefault` | +| `command` | Command to run in the container. | `[]` | +| `args` | Arguments to pass to the command. | `[]` | +| `lifecycleHooks.postStart` | Lifecycle hooks for the pod, such as post-start actions. | `{exec: {command: ["/bin/sh", "-c", "envsubst < /tmp/{{.Chart.Name}}-config.template/config.js > {{.Values.config_path}}/config.js;"]}}` | +| `automountServiceAccountToken` | Automount the service account token in the pod. | `true` | +| `extraEnvVars` | Extra environment variables to add to the container. | `[]` | +| `extraEnvVarsCM` | ConfigMap for extra environment variables. | `""` | +| `extraVolumes` | Extra volumes to add to the pod. | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the pod. | `{}` | +| `existingSecret` | Existing secret containing username, password, and database name. | `""` | +| `updateStrategy.type` | Update strategy for the deployment (e.g., `RollingUpdate`). | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created above the desired number of pods during an update. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during an update. | `25%` | +| `pdb.create` | Create a Pod Disruption Budget for the application. | `true` | +| `pdb.minAvailable` | Minimum number of available pods during disruptions. | `""` | +| `pdb.maxUnavailable` | Maximum number of unavailable pods during disruptions. | `""` | +| `customStartupProbe` | Custom startup probe configuration for the application. | `{}` | +| `customLivenessProbe` | Custom liveness probe configuration for the application. | `{}` | +| `customReadinessProbe` | Custom readiness probe configuration for the application. | `{}` | +| `formsflow.configmap` | Name of the FormsFlow configmap for integration environment variables. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret for integration environment variables. | `forms-flow-ai` | +| `analytics.configmap` | Name of the FormsFlow analytics configmap for integration. | `forms-flow-analytics` | +| `analytics.secret` | Name of the FormsFlow analytics secret for integration. | `forms-flow-analytics` | +| `web.base_custom_url` | Base URL for the web application. | `""` | +| `web.custom_theme_url` | Custom theme URL for the web application. | `""` | +| `config_path` | Path for configuration files. | `/usr/share/nginx/html/config/` | +| `webclient` | Name of the web client application. | `"{{.Chart.Name}}"` | +| `webname` | Name of the web application. | `formsflow` | +| `UserAccesPermissions` | User access permissions for the application. | `""` | +| `autoscaling.enabled` | Enable or disable autoscaling for the application. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization percentage for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp` | Scaling behavior when scaling up. | `{ stabilizationWindowSeconds: 120, selectPolicy: Max, policies: [] }` | +| `autoscaling.behavior.scaleDown` | Scaling behavior when scaling down. | `{ stabilizationWindowSeconds: 300, selectPolicy: Max, policies: [{ type: Pods, value: 1, periodSeconds: 300 }] }` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable or disable ingress for the application. | `true` | +| `ingress.ingressClassName` | Class name for the ingress resource. | `""` | +| `ingress.pathType` | Type of path matching for the ingress. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version of the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress resource. | `forms-flow-web.local` | +| `ingress.path` | Path for the ingress resource. | `/` | +| `ingress.servicePort` | Service port to route traffic to. | `8080` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress. | `true` | +| `ingress.selfSigned` | Whether to use self-signed certificates. | `false` | +| `ingress.extraHosts` | Additional hosts for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | Secrets for TLS configuration. | `[]` | +| `ingress.extraRules` | Additional rules for the ingress. | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Resource preset for the application. | `small` | +| `resources.limits.cpu` | Maximum CPU resource limit for the application. | `200m` | +| `resources.limits.memory` | Maximum memory resource limit for the application. | `1Gi` | +| `resources.requests.cpu` | Minimum CPU resource request for the application. | `100m` | +| `resources.requests.memory` | Minimum memory resource request for the application. | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Type of the service (e.g., `ClusterIP`, `NodePort`, `LoadBalancer`). | `ClusterIP` | +| `service.ports` | Ports for the service. | `[{ name: http, port: 8080, targetPort: http, protocol: TCP }]` | +| `service.loadBalancerIP` | LoadBalancer IP for the service (if applicable). | `""` | +| `service.loadBalancerSourceRanges` | Allowed IP ranges for LoadBalancer source. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Static ClusterIP for the service. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity settings for the service (e.g., `None` or `ClientIP`). | `None` | +| `service.sessionAffinityConfig` | Additional settings for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + From 8e4c85c2caf13869b092b1f78fa75ae6235fa886 Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Thu, 24 Oct 2024 03:48:35 -0700 Subject: [PATCH 02/35] Updated the README file --- README.md | 47 +++++++++++++++++++++++++++++ charts/forms-flow-admin/README.md | 5 ---- charts/forms-flow-ai/README.md | 50 +++++++++++++++++++++++++++---- charts/forms-flow-bpm/README.md | 19 ++++++++++++ 4 files changed, 111 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index e69de29b..c895e139 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,47 @@ +
+
+ + +[**formsflow.ai**](https://formsflow.ai/) is a Free, Open-Source, Low Code Development Platform for rapidly building powerful business applications. [**formsflow.ai**](https://formsflow.ai/) combines leading Open-Source applications including [form.io](https://form.io) forms, Camunda’s workflow engine, Keycloak’s security, and Redash’s data analytics into a seamless, integrated platform. + + +## Before you begin + +### Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +### Setup a Kubernetes Cluster + +The quickest way to set up a Kubernetes cluster to install [formsflow.ai](https://formsflow.ai/) Charts is by following the "[formsflow.ai](https://formsflow.ai/) Get Started" guides for the different services: + +- [Get Started with Formsflow Charts using the Amazon Elastic Container Service for Kubernetes (EKS)](https://aot-technologies.github.io/forms-flow-installation-eks/docs/intro/) + +### Install Helm + +Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. + +To install Helm, refer to the [Helm install guide](https://github.com/helm/helm#install) and ensure that the `helm` binary is in the `PATH` of your shell. + +### Using Helm + +Once you have installed the Helm client, you can deploy a Bitnami Helm Chart into a Kubernetes cluster. + +Please refer to the [Quick Start guide](https://helm.sh/docs/intro/quickstart/) if you wish to get running in just a few commands, otherwise, the [Using Helm Guide](https://helm.sh/docs/intro/using_helm/) provides detailed instructions on how to use the Helm client to manage packages on your Kubernetes cluster. + +## License + +Copyright 2020 AppsOnTime-Technologies 2020 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/forms-flow-admin/README.md b/charts/forms-flow-admin/README.md index a365e9e2..148f3ffe 100644 --- a/charts/forms-flow-admin/README.md +++ b/charts/forms-flow-admin/README.md @@ -162,8 +162,3 @@ The `formsflow-admin` image stores the application logs at the `/opt/app-root/lo | `ExternalDatabase.ExistingDatabaseHostKey` | Key for the existing database host | `""` | | `ExternalDatabase.ExistingDatabasePortKey` | Key for the existing database port | `""` | | `ExternalDatabase.ExistingSecretName` | Name of the existing secret | `""` | - -## Upgrading - -### To v7.0.0 - diff --git a/charts/forms-flow-ai/README.md b/charts/forms-flow-ai/README.md index 8c27e632..1dc92623 100644 --- a/charts/forms-flow-ai/README.md +++ b/charts/forms-flow-ai/README.md @@ -18,15 +18,57 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console -helm upgrade --install forms-flow-ai forms-flow-ai --set Domain=DOMAIN_NAME --set postgresql-ha.postgresql.podSecurityContext.enabled=true --set mongodb.podSecurityContext.enabled=true --set forms-flow-auth.imagesecret=IMAGE_SECRET_KEY --set insight_api_key=INSIGHT_API_KEY +helm upgrade --install forms-flow-ai forms-flow-ai --set Domain=DOMAIN_NAME --set postgresql-ha.postgresql.podSecurityContext.enabled=true --set mongodb.podSecurityContext.enabled=true --set insight_api_key=INSIGHT_API_KEY ``` -> Note: You need to substitute the placeholders `DOMAIN_NAME`, `IMAGE_SECRET_KEY`, and `INSIGHT_API_KEY` with your specific values. For example, in the case of Formsflow, you might use `DOMAIN_NAME=example.com`, I`MAGE_SECRET_KEY=your_image_secret_key`and `INSIGHT_API_KEY=your_insight_api_key` +> Note: You need to substitute the placeholders `DOMAIN_NAME`, and `INSIGHT_API_KEY` with your specific values. For example, in the case of Formsflow, you might use `DOMAIN_NAME=example.com` and `INSIGHT_API_KEY=your_insight_api_key` These commands deploy Forms-flow-api on the Kubernetes cluster > **Tip**: List all releases using `helm list` +### Use an external database + +Sometimes, you may want to have connect to an external PostgreSQL and MongoDB database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, + +For PostgreSQL database, + set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `formsflowdb.postgresql.fullnameOverride` parameters. Here is an example: + +```text +postgresql-ha.enabled=false +formsflowdb.postgresql.fullnameOverride=myexternalhost +``` +```yaml +postgresql-ha: + enabled: false +formsflowdb: + postgresql: + fullnameOverride: myexternalhost + +``` + +For MongoDB, +```text +mongodb.enabled=false +mongodb.service.nameOverride=mongodburl +mongodb.auth.databases=database +mongodb.auth.usernames=myuser +mongodb.auth.passwords=mypassword +``` +```yaml +mongodb: + enabled: false + auth: + databases: + - formsflow + passwords: + - changeme + usernames: + - mongodb + service: + nameOverride: "mongodb_url" +``` + ## Parameters | Parameter | Description | Default Value | @@ -122,7 +164,7 @@ These commands deploy Forms-flow-api on the Kubernetes cluster | `mongodb.arbiter.containerSecurityContext.enabled`| Enable container security context for arbiter. | `false` | | `mongodb.arbiter.containerSecurityContext.runAsUser` | User ID for arbiter container. | `1001` | -### Postgres +### PostgreSQL | Parameter | Description | Default Value | |-------------------------------------------------|--------------------------------------------------------------|--------------------------------| @@ -222,5 +264,3 @@ These commands deploy Forms-flow-api on the Kubernetes cluster | `redisExporter.persistence.mountPath` | Mount path for persistent storage. | `""` | | `redisExporter.persistence.accessModes` | Access modes for persistent storage. | `ReadWriteOnce` | | `redisExporter.persistence.size` | Size of the persistent volume. | `2Gi` | - - diff --git a/charts/forms-flow-bpm/README.md b/charts/forms-flow-bpm/README.md index e3e9c984..33df63ef 100644 --- a/charts/forms-flow-bpm/README.md +++ b/charts/forms-flow-bpm/README.md @@ -60,6 +60,25 @@ The `forms-flow-bpm` image stores the application logs at the `/logs` path of th The `forms-flow-bpm` image supports mounting a mail configuration file at the `/app/mail-config.properties` path of the container. This can be done using a ConfigMap and mounting it as a volume. + +### Add extra environment variables for Vault configuration + +These environment variables are used to configure a Vault for storing external secrets. You can use the extraEnvVars property for this purpose. + +```yaml +extraEnvVars: + - name: VAULT_ENABLED + value: "false" + - name: VAULT_URL + value: "http://{your-ip-address}:8200" + - name: VAULT_TOKEN + value: "" + - name: VAULT_PATH + value: "" + - name: VAULT_SECRET + value: "" +``` + ## Parameters | Parameter | Description | Default Value | From 986ee363cdf995a1424b0052f38469eea4b7510d Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Tue, 29 Oct 2024 04:21:04 -0700 Subject: [PATCH 03/35] Update pr-notification.yaml --- .github/workflows/pr-notification.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-notification.yaml b/.github/workflows/pr-notification.yaml index afe3428f..dc9b1053 100644 --- a/.github/workflows/pr-notification.yaml +++ b/.github/workflows/pr-notification.yaml @@ -26,9 +26,12 @@ jobs: echo "status=🟢 Open" >> $GITHUB_ENV fi - - name: Confirm PR_NOTIFICATION Secret is Set + - name: Set PR_NOTIFICATION for Debugging + run: echo "PR_NOTIFICATION=${{ secrets.PR_NOTIFICATION }}" >> $GITHUB_ENV + + - name: Check if PR_NOTIFICATION Secret is Set run: | - if [[ -z "${{ secrets.PR_NOTIFICATION }}" ]]; then + if [[ -z "${PR_NOTIFICATION}" ]]; then echo "PR_NOTIFICATION secret is not set." else echo "PR_NOTIFICATION secret is set." From f76380a4feffd78f1608cc551163a6f29fde419e Mon Sep 17 00:00:00 2001 From: Sinto Sajeev <115780473+sinto-aot@users.noreply.github.com> Date: Wed, 30 Oct 2024 04:26:47 -0700 Subject: [PATCH 04/35] Update pr-notification.yaml --- .github/workflows/pr-notification.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-notification.yaml b/.github/workflows/pr-notification.yaml index dc9b1053..95a81f08 100644 --- a/.github/workflows/pr-notification.yaml +++ b/.github/workflows/pr-notification.yaml @@ -10,7 +10,7 @@ on: jobs: notify: runs-on: ubuntu-latest - if: github.repository == 'AOT-Technologies/forms-flow-ai-charts' + # if: github.repository == 'AOT-Technologies/forms-flow-ai-charts' steps: - name: Determine PR Status @@ -84,4 +84,4 @@ jobs: ] } ] - } \ No newline at end of file + } From 73d777c9cbfb2307a114272c5ab47591c4e31149 Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 5 Nov 2024 03:32:16 -0800 Subject: [PATCH 05/35] updated env and configmap --- charts/forms-flow-ai/templates/configmap.yaml | 8 +++++- charts/forms-flow-ai/values.yaml | 27 ++++++++++++++----- .../forms-flow-api/templates/deployment.yaml | 2 +- .../forms-flow-bpm/templates/deployment.yaml | 10 +++---- .../templates/deployment.yaml | 4 +-- .../forms-flow-web/templates/deployment.yaml | 2 +- 6 files changed, 37 insertions(+), 16 deletions(-) diff --git a/charts/forms-flow-ai/templates/configmap.yaml b/charts/forms-flow-ai/templates/configmap.yaml index b141bb48..1d36f754 100644 --- a/charts/forms-flow-ai/templates/configmap.yaml +++ b/charts/forms-flow-ai/templates/configmap.yaml @@ -13,6 +13,7 @@ data: DATABASE_PORT: {{ ternary .Values.formsflowdb.service.ports.postgresql "" .Values.formsflowdb.postgresql.enabled | quote }} DATABASE_SERVICE_NAME: {{ ternary (tpl .Values.formsflowdb.postgresql.fullnameOverride .) "" .Values.formsflowdb.postgresql.enabled | quote }} BPM_API_URL: https://{{tpl (index .Values "forms-flow-bpm" "ingress" "hostname") .}}/camunda + BPM_API_SERVICE_URL: {{tpl (index .Values "forms-flow-bpm" "service" "name") .}}:{{tpl (index .Values "forms-flow-bpm" "service" "port") .}}/camunda KEYCLOAK_JWT_OIDC_ALGORITHMS: "RS256" KEYCLOAK_JWT_OIDC_CACHING_ENABLED: "True" KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT: "300" @@ -23,8 +24,10 @@ data: KEYCLOAK_URL: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }} KEYCLOAK_URL_REALM: {{ index .Values "forms-flow-idm" "realm" }} FORMIO_URL: https://{{tpl (index .Values "forms-flow-forms" "ingress" "hostname") .}} + FORMIO_SERVICE_URL: {{tpl (index .Values "forms-flow-forms" "service" "name") .}}:{{tpl (index .Values "forms-flow-forms" "service" "port") .}} FORMIO_DOMAIN: https://{{tpl (index .Values "forms-flow-forms" "ingress" "hostname") .}} WEB_API_URL: https://{{tpl (index .Values "forms-flow-api" "ingress" "hostname") .}} + WEB_API_SERVICE_URL: {{tpl (index .Values "forms-flow-api" "service" "name") .}}:{{tpl (index .Values "forms-flow-api" "service" "port") .}} {{- if .Values.mongodb.enabled }} NODE_CONFIG: '{"mongo":"mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}"}' MONGODB_URI: {{ ternary (tpl "mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}" .) "" .Values.mongodb.enabled | quote }} @@ -34,16 +37,19 @@ data: {{- end }} FORMSFLOW_WEB_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}} FORMSFLOW_ADMIN_URL: https://{{tpl (index .Values "forms-flow-admin" "ingress" "hostname") .}}/api/v1 + FORMSFLOW_ADMIN_SERVICE_URL: {{tpl (index .Values "forms-flow-admin" "service" "name") .}}:{{tpl (index .Values "forms-flow-admin" "service" "port") .}}/api/v1 FORMSFLOW_ADMIN_BASE: https://{{tpl (index .Values "forms-flow-admin" "ingress" "hostname") .}}/api MODEL_ID: "Seethal/sentiment_analysis_generic_dataset" INSIGHT_API_URL: https://{{tpl (index .Values "forms-flow-analytics" "ingress" "hostname") .}} KEYCLOAK_ENABLE_CLIENT_AUTH: "{{ index .Values "forms-flow-idm" "keycloak" "EnableKeycloakClientAuth" }}" MULTI_TENANCY_ENABLED: "{{index .Values "forms-flow-web" "EnableMultitenant" }}" - DATA_ANALYSIS_URL: https://{{tpl (index .Values "forms-flow-data-analysis" "ingress" "hostname") .}} + DATA_ANALYSIS_URL: https://{{tpl (index .Values "forms-flow-data-analysis" "ingress" "hostname") .}} + DATA_ANALYSIS_SERVICE_URL: {{tpl (index .Values "forms-flow-data-analysis" "service" "name") .}}:{{tpl (index .Values "forms-flow-data-analysis" "service" "port") .}} NODE_ENV: "production" CUSTOM_SUBMISSION_URL: "" CUSTOM_SUBMISSION_ENABLED: "false" FORMSFLOW_DOC_API_URL: https://{{tpl (index .Values "forms-flow-documents-api" "ingress" "hostname") .}} + FORMSFLOW_DOC_API_SERVICE_URL: {{tpl (index .Values "forms-flow-documents-api" "service" "name") .}}:{{tpl (index .Values "forms-flow-documents-api" "service" "port") .}} DRAFT_ENABLED: "{{.Values.draft_enabled}}" DRAFT_POLLING_RATE: "15000" EXPORT_PDF_ENABLED: "{{.Values.export_pdf_enabled}}" diff --git a/charts/forms-flow-ai/values.yaml b/charts/forms-flow-ai/values.yaml index 983199ed..63c4dfd5 100644 --- a/charts/forms-flow-ai/values.yaml +++ b/charts/forms-flow-ai/values.yaml @@ -13,28 +13,43 @@ forms-flow-bpm: clientid: "forms-flow-bpm" clientsecret: "e4bdbd25-1467-4f7f-b993-bc4b1944c943" ingress: - hostname: forms-flow-bpm-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + hostname: forms-flow-bpm-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + service: + name: forms-flow-bpm + port: "8080" forms-flow-forms: admin: email: "me@defineme.com" password: "admin" ingress: hostname: forms-flow-forms-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + service: + name: forms-flow-forms + port: "3001" forms-flow-api: ingress: - hostname: forms-flow-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + hostname: forms-flow-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + service: + name: forms-flow-api + port: "5000" forms-flow-admin: ingress: - hostname: forms-flow-admin-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + hostname: forms-flow-admin-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + service: + name: forms-flow-admin + port: "5000" forms-flow-documents-api: ingress: - hostname: forms-flow-documents-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + hostname: forms-flow-documents-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} forms-flow-data-analysis: ingress: - hostname: forms-flow-data-analysis-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + hostname: forms-flow-data-analysis-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + service: + name: forms-flow-data-analysis + port: "5000" forms-flow-analytics: ingress: - hostname: forms-flow-analytics-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + hostname: forms-flow-analytics-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} forms-flow-idm: keycloak: EnableKeycloakClientAuth: false diff --git a/charts/forms-flow-api/templates/deployment.yaml b/charts/forms-flow-api/templates/deployment.yaml index 8dab7738..31a23ef2 100644 --- a/charts/forms-flow-api/templates/deployment.yaml +++ b/charts/forms-flow-api/templates/deployment.yaml @@ -87,7 +87,7 @@ spec: - name: BPM_API_URL valueFrom: configMapKeyRef: - key: BPM_API_URL + key: BPM_API_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: BPM_CLIENT_ID valueFrom: diff --git a/charts/forms-flow-bpm/templates/deployment.yaml b/charts/forms-flow-bpm/templates/deployment.yaml index 09f69c08..3b5961ef 100644 --- a/charts/forms-flow-bpm/templates/deployment.yaml +++ b/charts/forms-flow-bpm/templates/deployment.yaml @@ -211,17 +211,17 @@ spec: - name: CAMUNDA_FORMBUILDER_PIPELINE_BPM_URL valueFrom: configMapKeyRef: - key: BPM_API_URL + key: BPM_API_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMSFLOW_API_URL valueFrom: configMapKeyRef: - key: WEB_API_URL + key: WEB_API_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_URL valueFrom: configMapKeyRef: - key: FORMIO_URL + key: FORMIO_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_ROOT_EMAIL valueFrom: @@ -241,7 +241,7 @@ spec: - name: DATA_ANALYSIS_URL valueFrom: configMapKeyRef: - key: DATA_ANALYSIS_URL + key: DATA_ANALYSIS_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: KEYCLOAK_ENABLE_CLIENT_AUTH valueFrom: @@ -261,7 +261,7 @@ spec: - name: FORMSFLOW_ADMIN_URL valueFrom: configMapKeyRef: - key: FORMSFLOW_ADMIN_URL + key: FORMSFLOW_ADMIN_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: CUSTOM_SUBMISSION_URL valueFrom: diff --git a/charts/forms-flow-documents-api/templates/deployment.yaml b/charts/forms-flow-documents-api/templates/deployment.yaml index e331a4e0..a5d1baca 100644 --- a/charts/forms-flow-documents-api/templates/deployment.yaml +++ b/charts/forms-flow-documents-api/templates/deployment.yaml @@ -113,7 +113,7 @@ spec: - name: FORMIO_URL valueFrom: configMapKeyRef: - key: FORMIO_URL + key: FORMIO_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_ROOT_EMAIL valueFrom: @@ -148,7 +148,7 @@ spec: - name: FORMSFLOW_DOC_API_URL valueFrom: configMapKeyRef: - key: FORMSFLOW_DOC_API_URL + key: FORMSFLOW_DOC_API_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: CONFIGURE_LOGS valueFrom: diff --git a/charts/forms-flow-web/templates/deployment.yaml b/charts/forms-flow-web/templates/deployment.yaml index 999e905f..a3224878 100644 --- a/charts/forms-flow-web/templates/deployment.yaml +++ b/charts/forms-flow-web/templates/deployment.yaml @@ -112,7 +112,7 @@ spec: - name: REACT_APP_BPM_URL valueFrom: configMapKeyRef: - key: BPM_API_URL + key: BPM_API_SERVICE_URL name: "{{ .Values.formsflow.configmap }}" - name: REACT_APP_KEYCLOAK_CLIENT valueFrom: From 4301b625d7b23b3b4e86ca8583aac6357788201d Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 5 Nov 2024 03:39:53 -0800 Subject: [PATCH 06/35] added service port --- charts/forms-flow-ai/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/forms-flow-ai/values.yaml b/charts/forms-flow-ai/values.yaml index 63c4dfd5..90597a23 100644 --- a/charts/forms-flow-ai/values.yaml +++ b/charts/forms-flow-ai/values.yaml @@ -41,6 +41,9 @@ forms-flow-admin: forms-flow-documents-api: ingress: hostname: forms-flow-documents-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} + service: + name: forms-flow-documents-api + port: "5006" forms-flow-data-analysis: ingress: hostname: forms-flow-data-analysis-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} From c24d11820aa7d028152cc928a814051e8448181e Mon Sep 17 00:00:00 2001 From: Sumesh Kariyil Date: Tue, 5 Nov 2024 14:40:57 -0800 Subject: [PATCH 07/35] Document service url to BPM --- charts/forms-flow-bpm/templates/deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/forms-flow-bpm/templates/deployment.yaml b/charts/forms-flow-bpm/templates/deployment.yaml index 09f69c08..194a0cb5 100644 --- a/charts/forms-flow-bpm/templates/deployment.yaml +++ b/charts/forms-flow-bpm/templates/deployment.yaml @@ -298,6 +298,11 @@ spec: configMapKeyRef: key: KEYCLOAK_URL_HTTP_RELATIVE_PATH name: "{{ .Values.formsflow.configmap }}" + - name: FORMSFLOW_DOC_API_URL + valueFrom: + configMapKeyRef: + key: FORMSFLOW_DOC_API_URL + name: "{{ .Values.formsflow.configmap }}" {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} {{- end }} From eeac284f3e09f2fdad16524ec26ddede39a81c86 Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Thu, 7 Nov 2024 05:27:30 -0800 Subject: [PATCH 08/35] Updated ENV variables and database configurations in Forms-flow-analytics --- .../templates/_helpers.tpl | 19 ++++++++++++++++++- .../templates/secrets.yaml | 1 + charts/forms-flow-analytics/values.yaml | 9 +++++---- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/charts/forms-flow-analytics/templates/_helpers.tpl b/charts/forms-flow-analytics/templates/_helpers.tpl index ad619a91..ca9020fd 100644 --- a/charts/forms-flow-analytics/templates/_helpers.tpl +++ b/charts/forms-flow-analytics/templates/_helpers.tpl @@ -50,7 +50,11 @@ Create a default fully qualified scheduler name. Create a default fully qualified postgresql name. */}} {{- define "redash.postgresql.fullname" -}} -{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} +{{- if .Values.postgresql.enabled -}} + {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s" .Values.postgresql.fullnameOverride -}} +{{- end -}} {{- end -}} {{/* @@ -84,6 +88,19 @@ Shared environment block used across each component. {{- else }} value: {{ default "" .Values.externalPostgreSQL | quote }} {{- end }} +- name: REDASH_DATABASE_USER + value: {{ .Values.postgresql.auth.username | quote }} +- name: REDASH_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }} + key: redashDatabasePassword +- name: REDASH_DATABASE_HOSTNAME + value: {{ include "redash.postgresql.fullname" . }} +- name: REDASH_DATABASE_PORT + value: {{ .Values.postgresql.primary.service.ports.postgresql | quote }} +- name: REDASH_DATABASE_NAME + value: {{ .Values.postgresql.auth.database | quote }} {{- end }} {{- else -}} - name: REDASH_DATABASE_USER diff --git a/charts/forms-flow-analytics/templates/secrets.yaml b/charts/forms-flow-analytics/templates/secrets.yaml index b1da2064..f7c3d14a 100644 --- a/charts/forms-flow-analytics/templates/secrets.yaml +++ b/charts/forms-flow-analytics/templates/secrets.yaml @@ -15,5 +15,6 @@ data: {{- $null := required "A value for one of the following variables is required: redash.cookieSecret (secure random value), redash.existingSecret (secret name)" (or .Values.redash.cookieSecret .Values.redash.existingSecret) }} cookieSecret: {{ default "" .Values.redash.cookieSecret | b64enc | quote }} mailPassword: {{ default "" .Values.redash.mailPassword | b64enc | quote }} + redashDatabasePassword: {{ default "" .Values.postgresql.auth.password | b64enc | quote }} ## End primary Redash configuration {{- end -}} diff --git a/charts/forms-flow-analytics/values.yaml b/charts/forms-flow-analytics/values.yaml index b15027ba..d6ee7cd5 100644 --- a/charts/forms-flow-analytics/values.yaml +++ b/charts/forms-flow-analytics/values.yaml @@ -569,7 +569,7 @@ migrations: priorityClassName: # externalPostgreSQL -- External PostgreSQL configuration. To use an external PostgreSQL instead of the automatically deployed postgresql chart: set postgresql.enabled to false then uncomment and configure the externalPostgreSQL connection URL (e.g. postgresql://user:pass@host:5432/database) -externalPostgreSQL: postgresql://postgres:postgres@forms-flow-ai-postgresql-ha-pgpool/forms-flow-analytics +externalPostgreSQL: # externalPostgreSQLSecret -- Read external PostgreSQL configuration from a secret. This should point at a secret file with a single key which specifies the connection string. externalPostgreSQLSecret: {} @@ -583,6 +583,7 @@ externalPostgreSQLSecret: postgresql: # postgresql.enabled -- Whether to deploy a PostgreSQL server to satisfy the applications database requirements. To use an external PostgreSQL set this to false and configure the externalPostgreSQL parameter. enabled: false + fullnameOverride: "forms-flow-ai-postgresql-ha-pgpool" primary: service: ports: @@ -592,11 +593,11 @@ postgresql: auth: # postgresql.auth.username -- PostgreSQL username for redash user (when postgresql chart enabled) - username: redash + username: postgres # postgresql.auth.password -- REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) - password: + password: postgres # postgresql.auth.database -- PostgreSQL database name (when postgresql chart enabled) - database: redash + database: forms-flow-analytics # externalRedis -- External Redis configuration. To use an external Redis instead of the automatically deployed redis chart: set redis.enabled to false then uncomment and configure the externalRedis connection URL (e.g. redis://user:pass@host:6379/database). externalRedis: redis://redis-exporter:6379/0 From be755417368bf221de24c6ae2fcfe2049d7aa1ff Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Sun, 10 Nov 2024 22:42:30 -0800 Subject: [PATCH 09/35] Update pr-notification.yaml --- .github/workflows/pr-notification.yaml | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/.github/workflows/pr-notification.yaml b/.github/workflows/pr-notification.yaml index 95a81f08..26484def 100644 --- a/.github/workflows/pr-notification.yaml +++ b/.github/workflows/pr-notification.yaml @@ -1,7 +1,7 @@ name: PR Notification to Google Chat on: - pull_request: + pull_request_target: types: [opened, synchronize, closed] branches: - master @@ -10,7 +10,7 @@ on: jobs: notify: runs-on: ubuntu-latest - # if: github.repository == 'AOT-Technologies/forms-flow-ai-charts' + if: github.event.pull_request.base.repo.full_name == 'AOT-Technologies/forms-flow-ai-charts' || github.event.pull_request.head.repo.full_name == 'AOT-Technologies/forms-flow-ai-charts' steps: - name: Determine PR Status @@ -26,17 +26,6 @@ jobs: echo "status=🟢 Open" >> $GITHUB_ENV fi - - name: Set PR_NOTIFICATION for Debugging - run: echo "PR_NOTIFICATION=${{ secrets.PR_NOTIFICATION }}" >> $GITHUB_ENV - - - name: Check if PR_NOTIFICATION Secret is Set - run: | - if [[ -z "${PR_NOTIFICATION}" ]]; then - echo "PR_NOTIFICATION secret is not set." - else - echo "PR_NOTIFICATION secret is set." - fi - - name: Send notification to Google Chat uses: fjogeleit/http-request-action@v1.16.0 with: @@ -49,8 +38,7 @@ jobs: { "header": { "title": "Open source: Pull Request Opened by ${{ github.event.pull_request.user.login }}", - "subtitle": "Pull Request #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}", - "imageUrl": "${{ github.event.pull_request.user.avatar_url }}" + "subtitle": "Pull Request #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}" }, "sections": [ { @@ -84,4 +72,4 @@ jobs: ] } ] - } + } \ No newline at end of file From 7f4f45762be6a02d00af49d350d97f0db49c282f Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 26 Nov 2024 23:49:53 -0800 Subject: [PATCH 10/35] updated components with nginx conf --- .../templates/deployment.yaml | 363 +++++++++--------- .../forms-flow-admin/templates/ingress.yaml | 6 +- .../templates/proxy-config.yaml | 29 ++ charts/forms-flow-admin/values.yaml | 16 +- charts/forms-flow-ai/templates/configmap.yaml | 26 +- charts/forms-flow-ai/values.yaml | 40 +- .../templates/_helpers.tpl | 7 + .../templates/ingress.yaml | 3 +- .../templates/proxy-config.yaml | 33 ++ .../templates/service.yaml | 4 + charts/forms-flow-analytics/values.yaml | 33 +- .../forms-flow-api/templates/deployment.yaml | 10 +- charts/forms-flow-api/templates/ingress.yaml | 6 +- .../templates/proxy-config.yaml | 31 ++ charts/forms-flow-api/values.yaml | 18 +- .../forms-flow-bpm/templates/deployment.yaml | 10 +- .../templates/configmap.yaml | 2 +- .../templates/deployment.yaml | 263 ++++++------- .../templates/ingress.yaml | 6 +- .../templates/proxy-config.yaml | 36 ++ charts/forms-flow-data-analysis/values.yaml | 19 +- .../templates/deployment.yaml | 10 +- .../templates/ingress.yaml | 6 +- .../templates/proxy-config.yaml | 31 ++ charts/forms-flow-documents-api/values.yaml | 19 +- .../templates/deployment.yaml | 251 ++++++------ .../forms-flow-forms/templates/ingress.yaml | 6 +- .../templates/proxy-config.yaml | 29 ++ charts/forms-flow-forms/values.yaml | 16 +- charts/forms-flow-idm/values.yaml | 2 +- .../forms-flow-web/templates/deployment.yaml | 2 +- 31 files changed, 811 insertions(+), 522 deletions(-) create mode 100644 charts/forms-flow-admin/templates/proxy-config.yaml create mode 100644 charts/forms-flow-analytics/templates/proxy-config.yaml create mode 100644 charts/forms-flow-api/templates/proxy-config.yaml create mode 100644 charts/forms-flow-data-analysis/templates/proxy-config.yaml create mode 100644 charts/forms-flow-documents-api/templates/proxy-config.yaml create mode 100644 charts/forms-flow-forms/templates/proxy-config.yaml diff --git a/charts/forms-flow-admin/templates/deployment.yaml b/charts/forms-flow-admin/templates/deployment.yaml index 38d645bc..853ced47 100644 --- a/charts/forms-flow-admin/templates/deployment.yaml +++ b/charts/forms-flow-admin/templates/deployment.yaml @@ -64,192 +64,195 @@ spec: securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} containers: - - name: forms-flow-admin - image: {{ include "forms-flow-admin.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - {{- $secretName := .Values.ExternalDatabase.ExistingSecretName | default .Chart.Name }} - {{- $configmapName := .Values.ExternalDatabase.ExistingConfigmapName | default .Chart.Name }} - {{- with .Values.ExternalDatabase }} - - name: DATABASE_NAME - valueFrom: - secretKeyRef: - key: {{ .ExistingDatabaseNameKey | default "DATABASE_NAME" }} - name: "{{ $secretName }}" - - name: DATABASE_USERNAME - valueFrom: - secretKeyRef: - key: {{ .ExistingDatabaseUserNameKey | default "DATABASE_USERNAME" }} - name: "{{ $secretName }}" - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - key: {{ .ExistingDatabasePasswordKey | default "DATABASE_PASSWORD" }} - name: "{{ $secretName }}" - - name: DATABASE_PORT - valueFrom: - configMapKeyRef: - key: {{ .ExistingDatabasePortKey | default "DATABASE_PORT" }} - name: "{{ $configmapName }}" - - name: DATABASE_HOST - valueFrom: - secretKeyRef: - key: {{ .ExistingDatabaseHostKey | default "DATABASE_HOST" }} - name: "{{ $secretName }}" - {{- end }} - - name: JWT_OIDC_ALGORITHMS - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_ALGORITHMS - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_AUDIENCE - valueFrom: - secretKeyRef: - key: ADMIN_WEB_CLIENTID - name: "{{ .Values.formsflow.secret }}" - - name: JWT_OIDC_CACHING_ENABLED - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_CACHING_ENABLED - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_ISSUER - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_ISSUER - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_JWKS_CACHE_TIMEOUT - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_JWKS_URI - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_JWKS_URI - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_WELL_KNOWN_CONFIG - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_CONFIG - name: "{{ .Values.formsflow.configmap }}" - - name: KEYCLOAK_URL - valueFrom: - configMapKeyRef: - key: KEYCLOAK_URL - name: "{{ .Values.formsflow.configmap }}" - - name: FORMSFLOW_WEB_URL - valueFrom: - configMapKeyRef: - key: FORMSFLOW_WEB_URL - name: "{{ .Values.formsflow.configmap }}" - - name: KEYCLOAK_URL_REALM - valueFrom: - configMapKeyRef: - key: KEYCLOAK_URL_REALM - name: "{{ .Values.formsflow.configmap }}" - - name: INSIGHT_API_URL - valueFrom: - configMapKeyRef: - key: INSIGHT_API_URL - name: "{{ .Values.formsflow.configmap }}" - - name: INSIGHT_API_KEY - valueFrom: - secretKeyRef: - key: INSIGHT_API_KEY - name: "{{ .Values.formsflow.secret }}" - - name: BPM_API_URL - valueFrom: - configMapKeyRef: - key: BPM_API_URL - name: "{{ .Values.formsflow.configmap }}" - - name: KEYCLOAK_ADMIN_CLIENT - valueFrom: - secretKeyRef: - key: KEYCLOAK_CLIENTID - name: "{{ .Values.formsflow.secret }}" - - name: KEYCLOAK_ADMIN_SECRET - valueFrom: - secretKeyRef: - key: KEYCLOAK_CLIENTSECRET - name: "{{ .Values.formsflow.secret }}" - - name: FORMIO_ROOT_EMAIL - valueFrom: - secretKeyRef: - key: FORMIO_ROOT_EMAIL - name: "{{ .Values.formsflow.secret }}" - - name: FORMIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: FORMIO_ROOT_PASSWORD - name: "{{ .Values.formsflow.secret }}" - - name: FORMIO_URL - valueFrom: - configMapKeyRef: - key: FORMIO_URL - name: "{{ .Values.formsflow.configmap }}" - - name: FORMIO_JWT_SECRET - valueFrom: - secretKeyRef: - key: FORMIO_JWT_SECRET - name: "{{ .Values.formsflow.secret }}" - - name: BPM_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: KEYCLOAK_CLIENTSECRET - name: "{{ .Values.formsflow.secret }}" - - name: FORMSFLOW_ADMIN_API_CORS_ORIGINS - value: '*' - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + - name: forms-flow-admin + image: {{ include "forms-flow-admin.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - stdin: true - tty: true - volumeMounts: - - name: admin-logs - mountPath: /opt/app-root/logs - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + {{- $secretName := .Values.ExternalDatabase.ExistingSecretName | default .Chart.Name }} + {{- $configmapName := .Values.ExternalDatabase.ExistingConfigmapName | default .Chart.Name }} + {{- with .Values.ExternalDatabase }} + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: {{ .ExistingDatabaseNameKey | default "DATABASE_NAME" }} + name: "{{ $secretName }}" + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + key: {{ .ExistingDatabaseUserNameKey | default "DATABASE_USERNAME" }} + name: "{{ $secretName }}" + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .ExistingDatabasePasswordKey | default "DATABASE_PASSWORD" }} + name: "{{ $secretName }}" + - name: DATABASE_PORT + valueFrom: + configMapKeyRef: + key: {{ .ExistingDatabasePortKey | default "DATABASE_PORT" }} + name: "{{ $configmapName }}" + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: {{ .ExistingDatabaseHostKey | default "DATABASE_HOST" }} + name: "{{ $secretName }}" + {{- end }} + - name: JWT_OIDC_ALGORITHMS + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_ALGORITHMS + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_AUDIENCE + valueFrom: + secretKeyRef: + key: ADMIN_WEB_CLIENTID + name: "{{ .Values.formsflow.secret }}" + - name: JWT_OIDC_CACHING_ENABLED + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_CACHING_ENABLED + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_ISSUER + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_ISSUER + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_JWKS_CACHE_TIMEOUT + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_JWKS_URI + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_JWKS_URI + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_WELL_KNOWN_CONFIG + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_CONFIG + name: "{{ .Values.formsflow.configmap }}" + - name: KEYCLOAK_URL + valueFrom: + configMapKeyRef: + key: KEYCLOAK_URL + name: "{{ .Values.formsflow.configmap }}" + - name: FORMSFLOW_WEB_URL + valueFrom: + configMapKeyRef: + key: FORMSFLOW_WEB_URL + name: "{{ .Values.formsflow.configmap }}" + - name: KEYCLOAK_URL_REALM + valueFrom: + configMapKeyRef: + key: KEYCLOAK_URL_REALM + name: "{{ .Values.formsflow.configmap }}" + - name: INSIGHT_API_URL + valueFrom: + configMapKeyRef: + key: INSIGHT_API_URL + name: "{{ .Values.formsflow.configmap }}" + - name: INSIGHT_API_KEY + valueFrom: + secretKeyRef: + key: INSIGHT_API_KEY + name: "{{ .Values.formsflow.secret }}" + - name: BPM_API_URL + valueFrom: + configMapKeyRef: + key: BPM_API_URL + name: "{{ .Values.formsflow.configmap }}" + - name: KEYCLOAK_ADMIN_CLIENT + valueFrom: + secretKeyRef: + key: KEYCLOAK_CLIENTID + name: "{{ .Values.formsflow.secret }}" + - name: KEYCLOAK_ADMIN_SECRET + valueFrom: + secretKeyRef: + key: KEYCLOAK_CLIENTSECRET + name: "{{ .Values.formsflow.secret }}" + - name: FORMIO_ROOT_EMAIL + valueFrom: + secretKeyRef: + key: FORMIO_ROOT_EMAIL + name: "{{ .Values.formsflow.secret }}" + - name: FORMIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: FORMIO_ROOT_PASSWORD + name: "{{ .Values.formsflow.secret }}" + - name: FORMIO_URL + valueFrom: + configMapKeyRef: + key: FORMIO_URL + name: "{{ .Values.formsflow.configmap }}" + - name: FORMIO_JWT_SECRET + valueFrom: + secretKeyRef: + key: FORMIO_JWT_SECRET + name: "{{ .Values.formsflow.secret }}" + - name: BPM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: KEYCLOAK_CLIENTSECRET + name: "{{ .Values.formsflow.secret }}" + - name: FORMSFLOW_ADMIN_API_CORS_ORIGINS + value: '*' + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + stdin: true + tty: true + volumeMounts: + - name: admin-logs + mountPath: /opt/app-root/logs + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} volumes: - name: admin-logs emptyDir: {} + - name: nginx-config-volume + configMap: + name: forms-flow-admin-nginx-config {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/forms-flow-admin/templates/ingress.yaml b/charts/forms-flow-admin/templates/ingress.yaml index e42f5ac0..ac8d42f9 100644 --- a/charts/forms-flow-admin/templates/ingress.yaml +++ b/charts/forms-flow-admin/templates/ingress.yaml @@ -27,7 +27,11 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + backend: + service: + name: {{ include "common.names.fullname" . }} + port: + number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-admin/templates/proxy-config.yaml b/charts/forms-flow-admin/templates/proxy-config.yaml new file mode 100644 index 00000000..9cbf6222 --- /dev/null +++ b/charts/forms-flow-admin/templates/proxy-config.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-nginx-config + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: forms-flow-api + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + nginx.conf: | + events { worker_connections 1024; } + http { + server { + listen 80; + location /admin { + rewrite ^/admin/(.*)$ /$1 break; + proxy_set_header Host $http_host; + proxy_set_header Authorization $http_authorization; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Content-Type application/json; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + } + } + } + pid /tmp/nginx.pid; \ No newline at end of file diff --git a/charts/forms-flow-admin/values.yaml b/charts/forms-flow-admin/values.yaml index 4833a6ec..856ad649 100644 --- a/charts/forms-flow-admin/values.yaml +++ b/charts/forms-flow-admin/values.yaml @@ -249,7 +249,7 @@ ingress: hostname: forms-flow-admin.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/" + path: "/admin" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## @@ -418,6 +418,10 @@ service: port: 5000 targetPort: http protocol: TCP + - name: nginx + port: 80 + targetPort: 80 + protocol: TCP ## - name: system ## port: 1764 ## @@ -482,7 +486,15 @@ containerPorts: ## - mountPath: /usr/share/filebeat/filebeat.yml ## subPath: filebeat.yml ## name: admin-filebeat -sidecars: [] +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf configuration: [] diff --git a/charts/forms-flow-ai/templates/configmap.yaml b/charts/forms-flow-ai/templates/configmap.yaml index 1d36f754..c9a39712 100644 --- a/charts/forms-flow-ai/templates/configmap.yaml +++ b/charts/forms-flow-ai/templates/configmap.yaml @@ -12,8 +12,7 @@ data: DATABASE_NAME: {{ ternary (tpl .Values.formsflowdb.postgresql.database .) "" .Values.formsflowdb.postgresql.enabled | quote }} DATABASE_PORT: {{ ternary .Values.formsflowdb.service.ports.postgresql "" .Values.formsflowdb.postgresql.enabled | quote }} DATABASE_SERVICE_NAME: {{ ternary (tpl .Values.formsflowdb.postgresql.fullnameOverride .) "" .Values.formsflowdb.postgresql.enabled | quote }} - BPM_API_URL: https://{{tpl (index .Values "forms-flow-bpm" "ingress" "hostname") .}}/camunda - BPM_API_SERVICE_URL: {{tpl (index .Values "forms-flow-bpm" "service" "name") .}}:{{tpl (index .Values "forms-flow-bpm" "service" "port") .}}/camunda + BPM_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/camunda KEYCLOAK_JWT_OIDC_ALGORITHMS: "RS256" KEYCLOAK_JWT_OIDC_CACHING_ENABLED: "True" KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT: "300" @@ -23,11 +22,9 @@ data: KEYCLOAK_TOKEN_URL: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }}/auth/realms/{{ index .Values "forms-flow-idm" "realm" }}/protocol/openid-connect/token KEYCLOAK_URL: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }} KEYCLOAK_URL_REALM: {{ index .Values "forms-flow-idm" "realm" }} - FORMIO_URL: https://{{tpl (index .Values "forms-flow-forms" "ingress" "hostname") .}} - FORMIO_SERVICE_URL: {{tpl (index .Values "forms-flow-forms" "service" "name") .}}:{{tpl (index .Values "forms-flow-forms" "service" "port") .}} - FORMIO_DOMAIN: https://{{tpl (index .Values "forms-flow-forms" "ingress" "hostname") .}} - WEB_API_URL: https://{{tpl (index .Values "forms-flow-api" "ingress" "hostname") .}} - WEB_API_SERVICE_URL: {{tpl (index .Values "forms-flow-api" "service" "name") .}}:{{tpl (index .Values "forms-flow-api" "service" "port") .}} + FORMIO_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/formio + FORMIO_DOMAIN: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/formio + WEB_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/api {{- if .Values.mongodb.enabled }} NODE_CONFIG: '{"mongo":"mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}"}' MONGODB_URI: {{ ternary (tpl "mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}" .) "" .Values.mongodb.enabled | quote }} @@ -36,20 +33,17 @@ data: NODE_CONFIG: '{"mongo":"mongodb+srv://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}/{{ .Values.mongodb.auth.databases | first }}"}' {{- end }} FORMSFLOW_WEB_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}} - FORMSFLOW_ADMIN_URL: https://{{tpl (index .Values "forms-flow-admin" "ingress" "hostname") .}}/api/v1 - FORMSFLOW_ADMIN_SERVICE_URL: {{tpl (index .Values "forms-flow-admin" "service" "name") .}}:{{tpl (index .Values "forms-flow-admin" "service" "port") .}}/api/v1 - FORMSFLOW_ADMIN_BASE: https://{{tpl (index .Values "forms-flow-admin" "ingress" "hostname") .}}/api + FORMSFLOW_ADMIN_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/admin/api/v1 + FORMSFLOW_ADMIN_BASE: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/admin/api MODEL_ID: "Seethal/sentiment_analysis_generic_dataset" - INSIGHT_API_URL: https://{{tpl (index .Values "forms-flow-analytics" "ingress" "hostname") .}} + INSIGHT_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/redash KEYCLOAK_ENABLE_CLIENT_AUTH: "{{ index .Values "forms-flow-idm" "keycloak" "EnableKeycloakClientAuth" }}" MULTI_TENANCY_ENABLED: "{{index .Values "forms-flow-web" "EnableMultitenant" }}" - DATA_ANALYSIS_URL: https://{{tpl (index .Values "forms-flow-data-analysis" "ingress" "hostname") .}} - DATA_ANALYSIS_SERVICE_URL: {{tpl (index .Values "forms-flow-data-analysis" "service" "name") .}}:{{tpl (index .Values "forms-flow-data-analysis" "service" "port") .}} + DATA_ANALYSIS_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/analysis NODE_ENV: "production" CUSTOM_SUBMISSION_URL: "" CUSTOM_SUBMISSION_ENABLED: "false" - FORMSFLOW_DOC_API_URL: https://{{tpl (index .Values "forms-flow-documents-api" "ingress" "hostname") .}} - FORMSFLOW_DOC_API_SERVICE_URL: {{tpl (index .Values "forms-flow-documents-api" "service" "name") .}}:{{tpl (index .Values "forms-flow-documents-api" "service" "port") .}} + FORMSFLOW_DOC_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/docapi DRAFT_ENABLED: "{{.Values.draft_enabled}}" DRAFT_POLLING_RATE: "15000" EXPORT_PDF_ENABLED: "{{.Values.export_pdf_enabled}}" @@ -58,7 +52,7 @@ data: REDIS_ENABLED: "{{.Values.EnableRedis}}" CHROME_DRIVER_PATH: "/usr/local/bin/chromedriver" ENABLE_CHATBOT: "{{.Values.EnableChatBot}}" - CHATBOT_URL: "https://{{tpl (index .Values "forms-flow-data-analysis" "ingress" "hostname") .}}/conversations" + CHATBOT_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/analysis/conversations ENABLE_LOW_CODE_DESIGNER: "false" ELASTIC_SERVER: "{{.Values.elastic_server}}" REDIS_URL: "{{.Values.redis_url}}" diff --git a/charts/forms-flow-ai/values.yaml b/charts/forms-flow-ai/values.yaml index 90597a23..edb6ae74 100644 --- a/charts/forms-flow-ai/values.yaml +++ b/charts/forms-flow-ai/values.yaml @@ -12,47 +12,13 @@ formsflowdb: forms-flow-bpm: clientid: "forms-flow-bpm" clientsecret: "e4bdbd25-1467-4f7f-b993-bc4b1944c943" - ingress: - hostname: forms-flow-bpm-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} - service: - name: forms-flow-bpm - port: "8080" forms-flow-forms: admin: email: "me@defineme.com" password: "admin" - ingress: - hostname: forms-flow-forms-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} service: name: forms-flow-forms port: "3001" -forms-flow-api: - ingress: - hostname: forms-flow-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} - service: - name: forms-flow-api - port: "5000" -forms-flow-admin: - ingress: - hostname: forms-flow-admin-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} - service: - name: forms-flow-admin - port: "5000" -forms-flow-documents-api: - ingress: - hostname: forms-flow-documents-api-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} - service: - name: forms-flow-documents-api - port: "5006" -forms-flow-data-analysis: - ingress: - hostname: forms-flow-data-analysis-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} - service: - name: forms-flow-data-analysis - port: "5000" -forms-flow-analytics: - ingress: - hostname: forms-flow-analytics-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}} forms-flow-idm: keycloak: EnableKeycloakClientAuth: false @@ -206,7 +172,7 @@ mongodb: persistence: enabled: true - storageClass: "" + storageClass: "gp2" accessModes: - ReadWriteOnce size: 8Gi @@ -567,7 +533,7 @@ postgresql-ha: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## - storageClass: "" + storageClass: "gp2" ## @param persistence.mountPath The path the volume will be mounted at, useful when using different PostgreSQL images. ## mountPath: /bitnami/postgresql @@ -780,7 +746,7 @@ redisExporter: ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - storageClass: "" + storageClass: "gp2" ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} diff --git a/charts/forms-flow-analytics/templates/_helpers.tpl b/charts/forms-flow-analytics/templates/_helpers.tpl index ad619a91..06130a7b 100644 --- a/charts/forms-flow-analytics/templates/_helpers.tpl +++ b/charts/forms-flow-analytics/templates/_helpers.tpl @@ -6,6 +6,13 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "redash.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/forms-flow-analytics/templates/ingress.yaml b/charts/forms-flow-analytics/templates/ingress.yaml index 91a2dd92..c433b7c0 100644 --- a/charts/forms-flow-analytics/templates/ingress.yaml +++ b/charts/forms-flow-analytics/templates/ingress.yaml @@ -1,7 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "redash.fullname" . -}} {{- $ingressPathType := .Values.ingress.pathType -}} -{{- $svcPort := .Values.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -38,7 +37,7 @@ spec: service: name: {{ $fullName }} port: - number: {{ $svcPort }} + number: 80 {{- end }} {{- end }} {{- end }} diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml new file mode 100644 index 00000000..d4b623fa --- /dev/null +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "redash.fullname" . }}-nginx-config + labels: + {{- include "redash.labels" . | nindent 4 }} +data: + nginx.conf: | + events { worker_connections 1024; } + http { + server { + listen 80; + location /redash/ { + sub_filter ="/" ="/redash/"; + sub_filter ="/static/ ="/redash/static/; + sub_filter ="/static/images/redash_icon_small.png ="/redash/static/images/redash_icon_small.png; + sub_filter url(/static/fonts) url(/redash/static/fonts); + sub_filter_once off; + sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_set_header SCRIPT_NAME /redash; + + proxy_pass http://localhost:{{.Values.server.httpPort}}; + } + + } + } + pid /tmp/nginx.pid; \ No newline at end of file diff --git a/charts/forms-flow-analytics/templates/service.yaml b/charts/forms-flow-analytics/templates/service.yaml index db01ba72..19887ed4 100644 --- a/charts/forms-flow-analytics/templates/service.yaml +++ b/charts/forms-flow-analytics/templates/service.yaml @@ -18,6 +18,10 @@ spec: targetPort: {{ .Values.server.httpPort }} protocol: TCP name: http + - port: {{ .Values.service.sidecar.port }} + targetPort: {{ .Values.service.sidecar.httpPort }} + protocol: TCP + name: nginx {{- if .Values.service.loadBalancerIP }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} diff --git a/charts/forms-flow-analytics/values.yaml b/charts/forms-flow-analytics/values.yaml index b15027ba..bdb98e7d 100644 --- a/charts/forms-flow-analytics/values.yaml +++ b/charts/forms-flow-analytics/values.yaml @@ -349,13 +349,26 @@ server: podLabels: {} # server.volumes -- Volumes for server pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) - volumes: [] + volumes: + - name: nginx-config-volume + configMap: + name: forms-flow-analytics-nginx-config # server.volumeMounts -- VolumeMounts for server pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) volumeMounts: [] # priorityClassName -- Priority class name for server pod assignment [ref](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) priorityClassName: + + extraContainers: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf service: # service.annotations -- Annotations to add to the service @@ -368,13 +381,15 @@ service: externalTrafficPolicy: "" # service.port -- Service external port port: 5000 - + + sidecar: + port: 80 + httpPort: 80 ingress: # ingress.enabled -- Enable ingress controller resource enabled: true # ingress.annotations -- Ingress annotations configuration annotations: {} - # ingress.ingressClassName -- Sets the ingress controller class name to use. ingressClassName: "" @@ -384,7 +399,8 @@ ingress: paths: [] #ingress.pathType -- How ingress paths should be treated. pathType: Prefix - + + port: 80 # ingress.tls -- Ingress TLS configuration tls: [] # - secretName: forms-flow-analytics-test.aot-technologies.com-tls @@ -569,7 +585,7 @@ migrations: priorityClassName: # externalPostgreSQL -- External PostgreSQL configuration. To use an external PostgreSQL instead of the automatically deployed postgresql chart: set postgresql.enabled to false then uncomment and configure the externalPostgreSQL connection URL (e.g. postgresql://user:pass@host:5432/database) -externalPostgreSQL: postgresql://postgres:postgres@forms-flow-ai-postgresql-ha-pgpool/forms-flow-analytics +externalPostgreSQL: # externalPostgreSQLSecret -- Read external PostgreSQL configuration from a secret. This should point at a secret file with a single key which specifies the connection string. externalPostgreSQLSecret: {} @@ -583,6 +599,7 @@ externalPostgreSQLSecret: postgresql: # postgresql.enabled -- Whether to deploy a PostgreSQL server to satisfy the applications database requirements. To use an external PostgreSQL set this to false and configure the externalPostgreSQL parameter. enabled: false + fullnameOverride: "forms-flow-ai-postgresql-ha-pgpool" primary: service: ports: @@ -592,11 +609,11 @@ postgresql: auth: # postgresql.auth.username -- PostgreSQL username for redash user (when postgresql chart enabled) - username: redash + username: postgres # postgresql.auth.password -- REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) - password: + password: postgres # postgresql.auth.database -- PostgreSQL database name (when postgresql chart enabled) - database: redash + database: forms-flow-analytics # externalRedis -- External Redis configuration. To use an external Redis instead of the automatically deployed redis chart: set redis.enabled to false then uncomment and configure the externalRedis connection URL (e.g. redis://user:pass@host:6379/database). externalRedis: redis://redis-exporter:6379/0 diff --git a/charts/forms-flow-api/templates/deployment.yaml b/charts/forms-flow-api/templates/deployment.yaml index 31a23ef2..5a91425c 100644 --- a/charts/forms-flow-api/templates/deployment.yaml +++ b/charts/forms-flow-api/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: {{- if .Values.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} - containers: + containers: - name: forms-flow-api image: {{ include "forms-flow-api.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} @@ -87,7 +87,7 @@ spec: - name: BPM_API_URL valueFrom: configMapKeyRef: - key: BPM_API_SERVICE_URL + key: BPM_API_URL name: "{{ .Values.formsflow.configmap }}" - name: BPM_CLIENT_ID valueFrom: @@ -289,9 +289,15 @@ spec: {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} volumes: - name: api-logs emptyDir: {} + - name: nginx-config-volume + configMap: + name: forms-flow-api-nginx-config {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/forms-flow-api/templates/ingress.yaml b/charts/forms-flow-api/templates/ingress.yaml index 7d7c2d32..026e7a7b 100644 --- a/charts/forms-flow-api/templates/ingress.yaml +++ b/charts/forms-flow-api/templates/ingress.yaml @@ -27,7 +27,11 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + backend: + service: + name: {{ include "common.names.fullname" . }} + port: + number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-api/templates/proxy-config.yaml b/charts/forms-flow-api/templates/proxy-config.yaml new file mode 100644 index 00000000..b2813da9 --- /dev/null +++ b/charts/forms-flow-api/templates/proxy-config.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-nginx-config + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: forms-flow-api + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + nginx.conf: | + events { worker_connections 1024; } + http { + server { + listen 80; + location /api { + sub_filter ="/api/swaggerui/ ="/api/swaggerui/; + sub_filter_once off; + sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header SCRIPT_NAME /api; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + } + } + } + pid /tmp/nginx.pid; \ No newline at end of file diff --git a/charts/forms-flow-api/values.yaml b/charts/forms-flow-api/values.yaml index c6cfc501..49533acc 100644 --- a/charts/forms-flow-api/values.yaml +++ b/charts/forms-flow-api/values.yaml @@ -195,6 +195,16 @@ extraVolumes: {} ## readOnly: true ## extraVolumeMounts: {} +## sidecars configuration +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf ## @param auth.existingSecret Existing secret containing password,username,dbname and ## @@ -229,7 +239,7 @@ ingress: ingressClassName: "" ## @param ingress.pathType Ingress path type ## - pathType: ImplementationSpecific + pathType: Prefix ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" @@ -243,7 +253,7 @@ ingress: hostname: forms-flow-api.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/" + path: "/api" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## @@ -391,6 +401,10 @@ service: - name: http port: 5000 targetPort: http + protocol: TCP + - name: nginx + port: 80 + targetPort: 80 protocol: TCP ## - name: system ## port: 1764 diff --git a/charts/forms-flow-bpm/templates/deployment.yaml b/charts/forms-flow-bpm/templates/deployment.yaml index 3b5961ef..09f69c08 100644 --- a/charts/forms-flow-bpm/templates/deployment.yaml +++ b/charts/forms-flow-bpm/templates/deployment.yaml @@ -211,17 +211,17 @@ spec: - name: CAMUNDA_FORMBUILDER_PIPELINE_BPM_URL valueFrom: configMapKeyRef: - key: BPM_API_SERVICE_URL + key: BPM_API_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMSFLOW_API_URL valueFrom: configMapKeyRef: - key: WEB_API_SERVICE_URL + key: WEB_API_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_URL valueFrom: configMapKeyRef: - key: FORMIO_SERVICE_URL + key: FORMIO_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_ROOT_EMAIL valueFrom: @@ -241,7 +241,7 @@ spec: - name: DATA_ANALYSIS_URL valueFrom: configMapKeyRef: - key: DATA_ANALYSIS_SERVICE_URL + key: DATA_ANALYSIS_URL name: "{{ .Values.formsflow.configmap }}" - name: KEYCLOAK_ENABLE_CLIENT_AUTH valueFrom: @@ -261,7 +261,7 @@ spec: - name: FORMSFLOW_ADMIN_URL valueFrom: configMapKeyRef: - key: FORMSFLOW_ADMIN_SERVICE_URL + key: FORMSFLOW_ADMIN_URL name: "{{ .Values.formsflow.configmap }}" - name: CUSTOM_SUBMISSION_URL valueFrom: diff --git a/charts/forms-flow-data-analysis/templates/configmap.yaml b/charts/forms-flow-data-analysis/templates/configmap.yaml index d36d4992..c761390b 100644 --- a/charts/forms-flow-data-analysis/templates/configmap.yaml +++ b/charts/forms-flow-data-analysis/templates/configmap.yaml @@ -4,7 +4,7 @@ metadata: name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: forms-flow-admin + app.kubernetes.io/component: forms-flow-data-analysis {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/charts/forms-flow-data-analysis/templates/deployment.yaml b/charts/forms-flow-data-analysis/templates/deployment.yaml index 33c1dc07..215b7833 100644 --- a/charts/forms-flow-data-analysis/templates/deployment.yaml +++ b/charts/forms-flow-data-analysis/templates/deployment.yaml @@ -61,141 +61,146 @@ spec: securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} containers: - - name: forms-flow-data-analysis - image: {{ include "forms-flow-data-analysis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: OPENAI_API_KEY - valueFrom: - configMapKeyRef: - key: OPENAI_API_KEY - name: "{{ .Chart.Name }}" - - name: CHAT_BOT_MODEL_ID - valueFrom: - configMapKeyRef: - key: CHAT_BOT_MODEL_ID - name: "{{ .Chart.Name }}" - - name: KEYCLOAK_URL - valueFrom: - configMapKeyRef: - key: KEYCLOAK_URL - name: "{{ .Values.formsflow.configmap }}" - - name: KEYCLOAK_URL_REALM - valueFrom: - configMapKeyRef: - key: KEYCLOAK_URL_REALM - name: "{{ .Values.formsflow.configmap }}" - - name: KEYCLOAK_WEB_CLIENT_ID - valueFrom: - configMapKeyRef: - key: KEYCLOAK_WEB_CLIENT_ID - name: "{{ .Chart.Name }}" - - name: DATA_ANALYSIS_API_BASE_URL - valueFrom: - configMapKeyRef: - key: DATA_ANALYSIS_URL - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_ALGORITHMS - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_ALGORITHMS - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_AUDIENCE - valueFrom: - secretKeyRef: - key: ADMIN_WEB_CLIENTID - name: "{{ .Values.formsflow.secret }}" - - name: JWT_OIDC_CACHING_ENABLED - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_CACHING_ENABLED - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_ISSUER - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_ISSUER - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_JWKS_CACHE_TIMEOUT - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_JWKS_URI - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_JWKS_URI - name: "{{ .Values.formsflow.configmap }}" - - name: JWT_OIDC_WELL_KNOWN_CONFIG - valueFrom: - configMapKeyRef: - key: KEYCLOAK_JWT_OIDC_CONFIG - name: "{{ .Values.formsflow.configmap }}" - - name: DATABASE_SUPPORT - valueFrom: - configMapKeyRef: - key: DATABASE_SUPPORT - name: "{{ .Chart.Name }}" - - name: MODEL_ID - valueFrom: - configMapKeyRef: - key: MODEL_ID - name: "{{ .Values.formsflow.configmap }}" - - name: KEYCLOAK_URL_HTTP_RELATIVE_PATH - valueFrom: - configMapKeyRef: - key: KEYCLOAK_URL_HTTP_RELATIVE_PATH - name: "{{ .Values.formsflow.configmap }}" - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + - name: forms-flow-data-analysis + image: {{ include "forms-flow-data-analysis.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - stdin: true - tty: true - volumeMounts: - - name: data-analysis-logs - mountPath: /forms-flow-data-analysis/app/logs - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: OPENAI_API_KEY + valueFrom: + configMapKeyRef: + key: OPENAI_API_KEY + name: "{{ .Chart.Name }}" + - name: CHAT_BOT_MODEL_ID + valueFrom: + configMapKeyRef: + key: CHAT_BOT_MODEL_ID + name: "{{ .Chart.Name }}" + - name: KEYCLOAK_URL + valueFrom: + configMapKeyRef: + key: KEYCLOAK_URL + name: "{{ .Values.formsflow.configmap }}" + - name: KEYCLOAK_URL_REALM + valueFrom: + configMapKeyRef: + key: KEYCLOAK_URL_REALM + name: "{{ .Values.formsflow.configmap }}" + - name: KEYCLOAK_WEB_CLIENT_ID + valueFrom: + configMapKeyRef: + key: KEYCLOAK_WEB_CLIENT_ID + name: "{{ .Chart.Name }}" + - name: DATA_ANALYSIS_API_BASE_URL + valueFrom: + configMapKeyRef: + key: DATA_ANALYSIS_URL + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_ALGORITHMS + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_ALGORITHMS + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_AUDIENCE + valueFrom: + secretKeyRef: + key: ADMIN_WEB_CLIENTID + name: "{{ .Values.formsflow.secret }}" + - name: JWT_OIDC_CACHING_ENABLED + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_CACHING_ENABLED + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_ISSUER + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_ISSUER + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_JWKS_CACHE_TIMEOUT + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_JWKS_URI + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_JWKS_URI + name: "{{ .Values.formsflow.configmap }}" + - name: JWT_OIDC_WELL_KNOWN_CONFIG + valueFrom: + configMapKeyRef: + key: KEYCLOAK_JWT_OIDC_CONFIG + name: "{{ .Values.formsflow.configmap }}" + - name: DATABASE_SUPPORT + valueFrom: + configMapKeyRef: + key: DATABASE_SUPPORT + name: "{{ .Chart.Name }}" + - name: MODEL_ID + valueFrom: + configMapKeyRef: + key: MODEL_ID + name: "{{ .Values.formsflow.configmap }}" + - name: KEYCLOAK_URL_HTTP_RELATIVE_PATH + valueFrom: + configMapKeyRef: + key: KEYCLOAK_URL_HTTP_RELATIVE_PATH + name: "{{ .Values.formsflow.configmap }}" + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + stdin: true + tty: true + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data-analysis-logs + mountPath: /forms-flow-data-analysis/app/logs + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} volumes: - name: data-analysis-logs emptyDir: {} + - name: nginx-config-volume + configMap: + name: forms-flow-data-analysis-nginx-config {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/forms-flow-data-analysis/templates/ingress.yaml b/charts/forms-flow-data-analysis/templates/ingress.yaml index d3a04af1..1a2a2b63 100644 --- a/charts/forms-flow-data-analysis/templates/ingress.yaml +++ b/charts/forms-flow-data-analysis/templates/ingress.yaml @@ -27,7 +27,11 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + backend: + service: + name: {{ include "common.names.fullname" . }} + port: + number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-data-analysis/templates/proxy-config.yaml b/charts/forms-flow-data-analysis/templates/proxy-config.yaml new file mode 100644 index 00000000..9677add7 --- /dev/null +++ b/charts/forms-flow-data-analysis/templates/proxy-config.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-nginx-config + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: forms-flow-api + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + nginx.conf: | + events { worker_connections 1024; } + http { + server { + listen 80; + location /analysis { + rewrite ^/analysis/(.*)$ /$1 break; + sub_filter '="/' '="/analysis/'; + sub_filter '="/swaggerui/' '="/analysis/swaggerui/'; + sub_filter_once off; + sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header SCRIPT_NAME /analysis; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + } + location /analysis/swagger.json { + proxy_set_header Host $http_host; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}/swagger.json; + } + } + } + pid /tmp/nginx.pid; \ No newline at end of file diff --git a/charts/forms-flow-data-analysis/values.yaml b/charts/forms-flow-data-analysis/values.yaml index 5a08b2d6..05ba8c10 100644 --- a/charts/forms-flow-data-analysis/values.yaml +++ b/charts/forms-flow-data-analysis/values.yaml @@ -4,7 +4,7 @@ image: repository: formsflow/forms-flow-data-analysis-api pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v7.0.0-alpha" + tag: "v7.0.0-alpha-trim" ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: @@ -196,6 +196,17 @@ extraVolumes: {} ## extraVolumeMounts: {} +## sidecars configuration +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + ## @param auth.existingSecret Existing secret containing password,username,dbname and ## existingSecret: "" @@ -243,7 +254,7 @@ ingress: hostname: forms-flow-data-analysis.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/" + path: "/analysis" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## @@ -392,6 +403,10 @@ service: port: 5000 targetPort: http protocol: TCP + - name: nginx + port: 80 + targetPort: 80 + protocol: TCP ## - name: system ## port: 1764 ## diff --git a/charts/forms-flow-documents-api/templates/deployment.yaml b/charts/forms-flow-documents-api/templates/deployment.yaml index a5d1baca..0d780185 100644 --- a/charts/forms-flow-documents-api/templates/deployment.yaml +++ b/charts/forms-flow-documents-api/templates/deployment.yaml @@ -113,7 +113,7 @@ spec: - name: FORMIO_URL valueFrom: configMapKeyRef: - key: FORMIO_SERVICE_URL + key: FORMIO_URL name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_ROOT_EMAIL valueFrom: @@ -148,7 +148,7 @@ spec: - name: FORMSFLOW_DOC_API_URL valueFrom: configMapKeyRef: - key: FORMSFLOW_DOC_API_SERVICE_URL + key: FORMSFLOW_DOC_API_URL name: "{{ .Values.formsflow.configmap }}" - name: CONFIGURE_LOGS valueFrom: @@ -194,9 +194,15 @@ spec: {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} volumes: - name: documents-logs emptyDir: {} + - name: nginx-config-volume + configMap: + name: forms-flow-documents-api-nginx-config {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/forms-flow-documents-api/templates/ingress.yaml b/charts/forms-flow-documents-api/templates/ingress.yaml index b2cf8a46..13c33ae5 100644 --- a/charts/forms-flow-documents-api/templates/ingress.yaml +++ b/charts/forms-flow-documents-api/templates/ingress.yaml @@ -27,7 +27,11 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + backend: + service: + name: {{ include "common.names.fullname" . }} + port: + number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-documents-api/templates/proxy-config.yaml b/charts/forms-flow-documents-api/templates/proxy-config.yaml new file mode 100644 index 00000000..7b828a02 --- /dev/null +++ b/charts/forms-flow-documents-api/templates/proxy-config.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-nginx-config + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: forms-flow-documents-api + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + nginx.conf: | + events { worker_connections 1024; } + http { + server { + listen 80; + location /docapi { + sub_filter ="/docapi/swaggerui/ ="/docapi/swaggerui/; + sub_filter_once off; + sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header SCRIPT_NAME /docapi; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + } + } + } + pid /tmp/nginx.pid; \ No newline at end of file diff --git a/charts/forms-flow-documents-api/values.yaml b/charts/forms-flow-documents-api/values.yaml index 95efbf31..58a29ceb 100644 --- a/charts/forms-flow-documents-api/values.yaml +++ b/charts/forms-flow-documents-api/values.yaml @@ -196,6 +196,19 @@ extraVolumes: {} ## extraVolumeMounts: {} + + +## sidecars configuration +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + ## @param auth.existingSecret Existing secret containing password,username,dbname and ## auth: @@ -246,7 +259,7 @@ ingress: hostname: forms-flow-documents-api.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/" + path: "/docapi" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## @@ -395,6 +408,10 @@ service: port: 5006 targetPort: http protocol: TCP + - name: nginx + port: 80 + targetPort: 80 + protocol: TCP ## - name: system ## port: 1764 ## diff --git a/charts/forms-flow-forms/templates/deployment.yaml b/charts/forms-flow-forms/templates/deployment.yaml index 2c79c780..82c55ea3 100644 --- a/charts/forms-flow-forms/templates/deployment.yaml +++ b/charts/forms-flow-forms/templates/deployment.yaml @@ -61,137 +61,140 @@ spec: securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} containers: - - name: forms-flow-forms - image: {{ include "forms-flow-forms.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: NODE_CONFIG - valueFrom: - configMapKeyRef: - key: NODE_CONFIG - name: "{{ .Values.formsflow.configmap }}" - {{- if .Values.ExternalAuth.ExistingMailAuthKey }} - - name: ROOT_EMAIL - valueFrom: - secretKeyRef: - key: {{ .Values.ExternalAuth.ExistingMailAuthKey }} - name: "{{ .Values.ExternalAuth.ExistingSecretName }}" - {{- end }} - {{- if not .Values.ExternalAuth.ExistingMailAuthKey }} - - name: ROOT_EMAIL - valueFrom: - secretKeyRef: - key: FORMIO_ROOT_EMAIL - name: "{{ .Values.formsflow.secret }}" - {{- end }} - {{- if .Values.ExternalAuth.ExistingPwdAuthKey }} - - name: ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: {{ .Values.ExternalAuth.ExistingPwdAuthKey }} - name: "{{ .Values.ExternalAuth.ExistingSecretName }}" - {{- end }} - {{- if not .Values.ExternalAuth.ExistingPwdAuthKey }} - - name: ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: FORMIO_ROOT_PASSWORD - name: "{{ .Values.formsflow.secret }}" - {{- end }} - - name: FORMIO_JWT_SECRET - valueFrom: - secretKeyRef: - key: FORMIO_JWT_SECRET - name: "{{ .Values.formsflow.secret }}" - - name: FORMIO_DOMAIN - valueFrom: - configMapKeyRef: - key: FORMIO_DOMAIN - name: "{{ .Values.formsflow.configmap }}" - - name: MULTI_TENANCY_ENABLED - valueFrom: - configMapKeyRef: - key: MULTI_TENANCY_ENABLED - name: "{{ .Values.formsflow.configmap }}" - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - tcpSocket: - port: 3001 - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - tcpSocket: - port: 3001 - {{- end }} - {{- end }} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - tty: true - stdin: true - volumeMounts: - - name: forms-logs - mountPath: /app/logs - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} + - name: forms-flow-forms + image: {{ include "forms-flow-forms.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: NODE_CONFIG + valueFrom: + configMapKeyRef: + key: NODE_CONFIG + name: "{{ .Values.formsflow.configmap }}" + {{- if .Values.ExternalAuth.ExistingMailAuthKey }} + - name: ROOT_EMAIL + valueFrom: + secretKeyRef: + key: {{ .Values.ExternalAuth.ExistingMailAuthKey }} + name: "{{ .Values.ExternalAuth.ExistingSecretName }}" + {{- end }} + {{- if not .Values.ExternalAuth.ExistingMailAuthKey }} + - name: ROOT_EMAIL + valueFrom: + secretKeyRef: + key: FORMIO_ROOT_EMAIL + name: "{{ .Values.formsflow.secret }}" + {{- end }} + {{- if .Values.ExternalAuth.ExistingPwdAuthKey }} + - name: ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.ExternalAuth.ExistingPwdAuthKey }} + name: "{{ .Values.ExternalAuth.ExistingSecretName }}" + {{- end }} + {{- if not .Values.ExternalAuth.ExistingPwdAuthKey }} + - name: ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: FORMIO_ROOT_PASSWORD + name: "{{ .Values.formsflow.secret }}" + {{- end }} + - name: FORMIO_JWT_SECRET + valueFrom: + secretKeyRef: + key: FORMIO_JWT_SECRET + name: "{{ .Values.formsflow.secret }}" + - name: FORMIO_DOMAIN + valueFrom: + configMapKeyRef: + key: FORMIO_DOMAIN + name: "{{ .Values.formsflow.configmap }}" + - name: MULTI_TENANCY_ENABLED + valueFrom: + configMapKeyRef: + key: MULTI_TENANCY_ENABLED + name: "{{ .Values.formsflow.configmap }}" + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + tcpSocket: + port: 3001 + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + tcpSocket: + port: 3001 + {{- end }} {{- end }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + tty: true + stdin: true + volumeMounts: + - name: forms-logs + mountPath: /app/logs + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - name: forms-logs emptyDir: {} + - name: nginx-config-volume + configMap: + name: forms-flow-forms-nginx-config {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/charts/forms-flow-forms/templates/ingress.yaml b/charts/forms-flow-forms/templates/ingress.yaml index 8dbe45c9..2cf0b1a5 100644 --- a/charts/forms-flow-forms/templates/ingress.yaml +++ b/charts/forms-flow-forms/templates/ingress.yaml @@ -27,7 +27,11 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + backend: + service: + name: {{ include "common.names.fullname" . }} + port: + number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-forms/templates/proxy-config.yaml b/charts/forms-flow-forms/templates/proxy-config.yaml new file mode 100644 index 00000000..9758cf6b --- /dev/null +++ b/charts/forms-flow-forms/templates/proxy-config.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-nginx-config + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: forms-flow-forms + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + nginx.conf: | + events { worker_connections 1024; } + http { + server { + listen 80; + location /formio/ { + rewrite ^/formio/(.*)$ /$1 break; + proxy_set_header Host $http_host; + proxy_set_header Authorization $http_authorization; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Content-Type application/json; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + } + } + } + pid /tmp/nginx.pid; \ No newline at end of file diff --git a/charts/forms-flow-forms/values.yaml b/charts/forms-flow-forms/values.yaml index 9faedff1..b3ddc1cf 100644 --- a/charts/forms-flow-forms/values.yaml +++ b/charts/forms-flow-forms/values.yaml @@ -248,7 +248,7 @@ ingress: hostname: forms-flow-forms.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/" + path: "/formio/(.*)" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## @@ -446,6 +446,10 @@ service: port: 3001 targetPort: http protocol: TCP + - name: nginx + port: 80 + targetPort: 80 + protocol: TCP ## - name: system ## port: 1764 ## @@ -510,7 +514,15 @@ containerPorts: ## - mountPath: /usr/share/filebeat/filebeat.yml ## subPath: filebeat.yml ## name: admin-filebeat -sidecars: [] +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf configuration: [] diff --git a/charts/forms-flow-idm/values.yaml b/charts/forms-flow-idm/values.yaml index db5922a5..0edd2965 100644 --- a/charts/forms-flow-idm/values.yaml +++ b/charts/forms-flow-idm/values.yaml @@ -527,7 +527,7 @@ postgresql-ha: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## - storageClass: "" + storageClass: "gp2" ## @param persistence.mountPath The path the volume will be mounted at, useful when using different PostgreSQL images. ## mountPath: /bitnami/postgresql diff --git a/charts/forms-flow-web/templates/deployment.yaml b/charts/forms-flow-web/templates/deployment.yaml index a3224878..999e905f 100644 --- a/charts/forms-flow-web/templates/deployment.yaml +++ b/charts/forms-flow-web/templates/deployment.yaml @@ -112,7 +112,7 @@ spec: - name: REACT_APP_BPM_URL valueFrom: configMapKeyRef: - key: BPM_API_SERVICE_URL + key: BPM_API_URL name: "{{ .Values.formsflow.configmap }}" - name: REACT_APP_KEYCLOAK_CLIENT valueFrom: From 69db018c7077b910f0d0352cd80db97b83078f3a Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 27 Nov 2024 01:19:12 -0800 Subject: [PATCH 11/35] updated storage class --- charts/forms-flow-ai/values.yaml | 6 +++--- charts/forms-flow-idm/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/forms-flow-ai/values.yaml b/charts/forms-flow-ai/values.yaml index edb6ae74..894678e3 100644 --- a/charts/forms-flow-ai/values.yaml +++ b/charts/forms-flow-ai/values.yaml @@ -172,7 +172,7 @@ mongodb: persistence: enabled: true - storageClass: "gp2" + storageClass: "" accessModes: - ReadWriteOnce size: 8Gi @@ -533,7 +533,7 @@ postgresql-ha: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## - storageClass: "gp2" + storageClass: "" ## @param persistence.mountPath The path the volume will be mounted at, useful when using different PostgreSQL images. ## mountPath: /bitnami/postgresql @@ -746,7 +746,7 @@ redisExporter: ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - storageClass: "gp2" + storageClass: "" ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} diff --git a/charts/forms-flow-idm/values.yaml b/charts/forms-flow-idm/values.yaml index 0edd2965..db5922a5 100644 --- a/charts/forms-flow-idm/values.yaml +++ b/charts/forms-flow-idm/values.yaml @@ -527,7 +527,7 @@ postgresql-ha: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## - storageClass: "gp2" + storageClass: "" ## @param persistence.mountPath The path the volume will be mounted at, useful when using different PostgreSQL images. ## mountPath: /bitnami/postgresql From e908742b09eb0546f3bed5e52f4da7802f4b5659 Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 27 Nov 2024 01:40:36 -0800 Subject: [PATCH 12/35] updated redash helpers file --- .../templates/_helpers.tpl | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/charts/forms-flow-analytics/templates/_helpers.tpl b/charts/forms-flow-analytics/templates/_helpers.tpl index 06130a7b..da017892 100644 --- a/charts/forms-flow-analytics/templates/_helpers.tpl +++ b/charts/forms-flow-analytics/templates/_helpers.tpl @@ -6,13 +6,6 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "redash.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{/* Create chart name and version as used by the chart label. */}} @@ -57,7 +50,11 @@ Create a default fully qualified scheduler name. Create a default fully qualified postgresql name. */}} {{- define "redash.postgresql.fullname" -}} -{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} +{{- if .Values.postgresql.enabled -}} + {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s" .Values.postgresql.fullnameOverride -}} +{{- end -}} {{- end -}} {{/* @@ -91,6 +88,19 @@ Shared environment block used across each component. {{- else }} value: {{ default "" .Values.externalPostgreSQL | quote }} {{- end }} +- name: REDASH_DATABASE_USER + value: {{ .Values.postgresql.auth.username | quote }} +- name: REDASH_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }} + key: redashDatabasePassword +- name: REDASH_DATABASE_HOSTNAME + value: {{ include "redash.postgresql.fullname" . }} +- name: REDASH_DATABASE_PORT + value: {{ .Values.postgresql.primary.service.ports.postgresql | quote }} +- name: REDASH_DATABASE_NAME + value: {{ .Values.postgresql.auth.database | quote }} {{- end }} {{- else -}} - name: REDASH_DATABASE_USER @@ -555,4 +565,4 @@ Create the name of the service account to use {{- end -}} # This ensures a random value is provided for postgresql.auth.password: -required "A secure random value for .postgresql.auth.password is required" .Values.postgresql.auth.password +required "A secure random value for .postgresql.auth.password is required" .Values.postgresql.auth.password \ No newline at end of file From 9c9b3a6238d6571b91093884bcc2c7d39bceb625 Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 27 Nov 2024 01:47:11 -0800 Subject: [PATCH 13/35] updated analytics secret --- charts/forms-flow-analytics/templates/secrets.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/forms-flow-analytics/templates/secrets.yaml b/charts/forms-flow-analytics/templates/secrets.yaml index b1da2064..f7c3d14a 100644 --- a/charts/forms-flow-analytics/templates/secrets.yaml +++ b/charts/forms-flow-analytics/templates/secrets.yaml @@ -15,5 +15,6 @@ data: {{- $null := required "A value for one of the following variables is required: redash.cookieSecret (secure random value), redash.existingSecret (secret name)" (or .Values.redash.cookieSecret .Values.redash.existingSecret) }} cookieSecret: {{ default "" .Values.redash.cookieSecret | b64enc | quote }} mailPassword: {{ default "" .Values.redash.mailPassword | b64enc | quote }} + redashDatabasePassword: {{ default "" .Values.postgresql.auth.password | b64enc | quote }} ## End primary Redash configuration {{- end -}} From 6bf2834e84eba5cf018945bf7fafe42fb05eb28d Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 27 Nov 2024 02:20:18 -0800 Subject: [PATCH 14/35] path updated for formsflow forms --- charts/forms-flow-forms/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/forms-flow-forms/values.yaml b/charts/forms-flow-forms/values.yaml index b3ddc1cf..0ae1eee6 100644 --- a/charts/forms-flow-forms/values.yaml +++ b/charts/forms-flow-forms/values.yaml @@ -248,7 +248,7 @@ ingress: hostname: forms-flow-forms.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/formio/(.*)" + path: "/formio" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## From 10b229ae445b52bd95e50d5b4c65f7a261814c69 Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 27 Nov 2024 21:28:04 -0800 Subject: [PATCH 15/35] updated admin nginx conf --- .../templates/proxy-config.yaml | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/forms-flow-admin/templates/proxy-config.yaml b/charts/forms-flow-admin/templates/proxy-config.yaml index 9cbf6222..11fed6c2 100644 --- a/charts/forms-flow-admin/templates/proxy-config.yaml +++ b/charts/forms-flow-admin/templates/proxy-config.yaml @@ -15,14 +15,18 @@ data: server { listen 80; location /admin { - rewrite ^/admin/(.*)$ /$1 break; - proxy_set_header Host $http_host; - proxy_set_header Authorization $http_authorization; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Content-Type application/json; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + sub_filter ="/ ="/admin/; + sub_filter ="/api/v1/swagger.json ="/admin/api/v1/swagger.json; + sub_filter_once off; + sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; + rewrite ^/admin/(.*)$ /$1 break; + proxy_set_header Host $http_host; + proxy_set_header Authorization $http_authorization; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Content-Type application/json; + proxy_pass http://localhost:{{.Values.ingress.servicePort}}; } } } From a7d1d0cb5d77d160fa30f7a16f4edf803071b5c8 Mon Sep 17 00:00:00 2001 From: amal Date: Sun, 1 Dec 2024 23:17:49 -0800 Subject: [PATCH 16/35] updated configuration in analytics --- charts/forms-flow-analytics/templates/proxy-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index d4b623fa..bcf3f0db 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -17,7 +17,7 @@ data: sub_filter url(/static/fonts) url(/redash/static/fonts); sub_filter_once off; sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; - + sub_filter "http://" "https://"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 777742154546850d4a3867e5b61e2f3e805eb02f Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Mon, 2 Dec 2024 03:33:40 -0800 Subject: [PATCH 17/35] Updated README file --- README.md | 20 +++++++++- charts/forms-flow-analytics/README.md | 54 ++++++++++++++++++++++----- 2 files changed, 63 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c895e139..fb175ba2 100644 --- a/README.md +++ b/README.md @@ -44,4 +44,22 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. + +## Chart Versions + +The versions of Helm charts available in this repository are as follows: + +| Formsflow Version | Chart Name | Chart Version | +|---------------------------|---------------------------|---------------------------| +| 7.0.0 | forms-flow-ai | v8.0.0 | +| 6.0.2 | forms-flow-ai | v7.1.2 | +| 6.0.1 | forms-flow-ai | v7.1.1 | +| 6.0.0 | forms-flow-ai | v6.0.0 | +| 5.3.1 | forms-flow-ai | v5.3.1 | +| 5.3.0 | forms-flow-ai | v5.3.0 | +| 5.2.2 | forms-flow-ai | v5.2.2 | +| 5.2.1 | forms-flow-ai | v5.2.1 | +| 5.2.0 | forms-flow-ai | v5.2.0 | +| 5.1.1 | forms-flow-ai | v5.1.1 | +| 5.1.0 | forms-flow-ai | v5.1.0 | \ No newline at end of file diff --git a/charts/forms-flow-analytics/README.md b/charts/forms-flow-analytics/README.md index 0c3c8913..491f7e08 100644 --- a/charts/forms-flow-analytics/README.md +++ b/charts/forms-flow-analytics/README.md @@ -1,4 +1,4 @@ -# Formsflow.ai Analytics Engine +# Formsflow.ai Analytics **formsflow.ai** leverages [Redash](https://github.com/getredash/redash) to build interactive dashboards and gain insights. @@ -19,10 +19,10 @@ helm install forms-flow-analytics forms-flow-analytics Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -helm install forms-flow-analytics forms-flow-analytics --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +helm upgrade --install forms-flow-analytics forms-flow-analytics --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hosts[0].host=HOSTNAME --set ingress.tls[0].secretName="SECRETNAME" --set ingress.tls[0].hosts[0]="HOSTNAME" --set ingress.hosts[0].paths[0]="/" -n NAMESPACE ``` -> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` and `SECRETNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` These commands deploy Forms-flow-analytics on the Kubernetes cluster @@ -32,16 +32,50 @@ These commands deploy Forms-flow-analytics on the Kubernetes cluster Forms-flow-analytics charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. +## Server + ```yaml -resources: - limits: - cpu: 200m - memory: 2Gi - requests: - cpu: 180m - memory: 1Gi + resources: + limits: + cpu: 1500m + memory: 2Gi + requests: + cpu: 900m + memory: 1Gi ``` +## Worker +```yaml + resources: + limits: + cpu: 300m + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi +``` +## Scheduler + +```yaml + resources: + limits: + cpu: 300m + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi +``` +## Migrations + +```yaml + resources: + limits: + cpu: 300m + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi +``` ## Parameters From 09e908191b5371c977f6c9f469565e8a6664d212 Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 3 Dec 2024 10:15:12 -0800 Subject: [PATCH 18/35] updated proxy config for analytics --- charts/forms-flow-analytics/templates/proxy-config.yaml | 3 +-- charts/forms-flow-analytics/values.yaml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index bcf3f0db..e06526c6 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -17,12 +17,11 @@ data: sub_filter url(/static/fonts) url(/redash/static/fonts); sub_filter_once off; sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; - sub_filter "http://" "https://"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - + sub_filter "http:///{{.Values.ingress.subFilterHost}}/" "https://{{.Values.ingress.subFilterHost}}/"; proxy_set_header SCRIPT_NAME /redash; proxy_pass http://localhost:{{.Values.server.httpPort}}; diff --git a/charts/forms-flow-analytics/values.yaml b/charts/forms-flow-analytics/values.yaml index bdb98e7d..fa9ca7b6 100644 --- a/charts/forms-flow-analytics/values.yaml +++ b/charts/forms-flow-analytics/values.yaml @@ -406,7 +406,7 @@ ingress: # - secretName: forms-flow-analytics-test.aot-technologies.com-tls # hosts: # - forms-flow-analytics-test.aot-technologies.com - + subFilterHost: chart-example.local ## Configuration for Redash workers workers: adhoc: From 2e547ca5abe43449dac53a886efafaab7de9785d Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 3 Dec 2024 23:34:56 -0800 Subject: [PATCH 19/35] updated postgresql version and mongodb --- charts/forms-flow-ai/Chart.yaml | 8 ++++---- charts/forms-flow-ai/values.yaml | 23 ++++++++++++++++++----- charts/forms-flow-idm/Chart.yaml | 4 ++-- charts/forms-flow-idm/values.yaml | 8 ++++---- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/charts/forms-flow-ai/Chart.yaml b/charts/forms-flow-ai/Chart.yaml index 8c15244a..2e7eff7e 100644 --- a/charts/forms-flow-ai/Chart.yaml +++ b/charts/forms-flow-ai/Chart.yaml @@ -3,14 +3,14 @@ name: forms-flow-ai dependencies: - name: postgresql-ha condition: postgresql-ha.enabled - repository: https://charts.bitnami.com/bitnami - version: 14.2.16 + repository: oci://registry-1.docker.io/bitnamicharts + version: 15.x.x - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.x.x - name: mongodb condition: mongodb.enabled - repository: https://charts.bitnami.com/bitnami - version: 15.6.20 + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.x.x version: v8.0.0 icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" diff --git a/charts/forms-flow-ai/values.yaml b/charts/forms-flow-ai/values.yaml index 894678e3..428c9c19 100644 --- a/charts/forms-flow-ai/values.yaml +++ b/charts/forms-flow-ai/values.yaml @@ -49,7 +49,7 @@ imageCredentials: ## mongodb: image: - tag: 7.0.12-debian-12-r5 #4.2.21-debian-10-r8 + tag: 8.0.3-debian-12-r0 #4.2.21-debian-10-r8 pullSecrets: - forms-flow-auth enabled: true @@ -136,7 +136,11 @@ mongodb: ## podSecurityContext: enabled: false + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 + ## MongoDB(®) containers' Security Context (main and metrics container). ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled containers' Security Context @@ -152,8 +156,17 @@ mongodb: ## containerSecurityContext: enabled: false + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 1001 runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## @param containerPorts.mongodb MongoDB(®) container port ## containerPorts: @@ -233,7 +246,7 @@ postgresql-ha: image: registry: docker.io repository: bitnami/postgresql-repmgr - tag: 16.3.0-debian-12-r20 + tag: 17.2.0-debian-12-r3 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## @@ -289,7 +302,7 @@ postgresql-ha: ## containerSecurityContext: enabled: false - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true @@ -412,7 +425,7 @@ postgresql-ha: image: registry: docker.io repository: bitnami/pgpool - tag: 4.5.2-debian-12-r5 + tag: 4.5.5-debian-12-r0 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -465,7 +478,7 @@ postgresql-ha: ## containerSecurityContext: enabled: false - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true diff --git a/charts/forms-flow-idm/Chart.yaml b/charts/forms-flow-idm/Chart.yaml index 354368b2..9290e5bf 100644 --- a/charts/forms-flow-idm/Chart.yaml +++ b/charts/forms-flow-idm/Chart.yaml @@ -7,8 +7,8 @@ dependencies: repository: "https://charts.bitnami.com/bitnami" - name: postgresql-ha condition: postgresql-ha.enabled - repository: https://charts.bitnami.com/bitnami - version: 14.2.16 + repository: oci://registry-1.docker.io/bitnamicharts + version: 15.x.x - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.x.x diff --git a/charts/forms-flow-idm/values.yaml b/charts/forms-flow-idm/values.yaml index db5922a5..a3120724 100644 --- a/charts/forms-flow-idm/values.yaml +++ b/charts/forms-flow-idm/values.yaml @@ -245,7 +245,7 @@ postgresql-ha: image: registry: docker.io repository: bitnami/postgresql-repmgr - tag: 16.3.0-debian-12-r20 + tag: 17.2.0-debian-12-r3 ## @param postgresql.replicaCount Number of replicas to deploy. Use an odd number. Having 3 replicas is the minimum to get quorum when promoting a new primary. ## replicaCount: 3 @@ -288,7 +288,7 @@ postgresql-ha: ## containerSecurityContext: enabled: false - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true @@ -415,7 +415,7 @@ postgresql-ha: image: registry: docker.io repository: bitnami/pgpool - tag: 4.5.2-debian-12-r5 + tag: 4.5.5-debian-12-r0 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -458,8 +458,8 @@ postgresql-ha: ## readOnlyRootFilesystem: false ## containerSecurityContext: + seLinuxOptions: {} enabled: false - seLinuxOptions: null runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true From 00b6322af159092c5b6f2b824178c60283508209 Mon Sep 17 00:00:00 2001 From: Sinto Sajeev Date: Tue, 3 Dec 2024 23:51:46 -0800 Subject: [PATCH 20/35] Updated README for single domain --- README.md | 65 ++ charts/forms-flow-admin/README.md | 192 ++++++ charts/forms-flow-ai/README.md | 260 +++++++ charts/forms-flow-analytics/README.md | 334 +++++++++ charts/forms-flow-api/README.md | 233 +++++++ charts/forms-flow-bpm/README.md | 286 ++++++++ charts/forms-flow-data-analysis/README.md | 212 ++++++ charts/forms-flow-documents-api/README.md | 211 ++++++ charts/forms-flow-forms/README.md | 225 ++++++ charts/forms-flow-idm/README.md | 804 ++++++++++++++++++++++ charts/forms-flow-web/README.md | 190 +++++ 11 files changed, 3012 insertions(+) create mode 100644 README.md create mode 100644 charts/forms-flow-admin/README.md create mode 100644 charts/forms-flow-ai/README.md create mode 100644 charts/forms-flow-analytics/README.md create mode 100644 charts/forms-flow-api/README.md create mode 100644 charts/forms-flow-bpm/README.md create mode 100644 charts/forms-flow-data-analysis/README.md create mode 100644 charts/forms-flow-documents-api/README.md create mode 100644 charts/forms-flow-forms/README.md create mode 100644 charts/forms-flow-idm/README.md create mode 100644 charts/forms-flow-web/README.md diff --git a/README.md b/README.md new file mode 100644 index 00000000..fb175ba2 --- /dev/null +++ b/README.md @@ -0,0 +1,65 @@ +
+
+ + +[**formsflow.ai**](https://formsflow.ai/) is a Free, Open-Source, Low Code Development Platform for rapidly building powerful business applications. [**formsflow.ai**](https://formsflow.ai/) combines leading Open-Source applications including [form.io](https://form.io) forms, Camunda’s workflow engine, Keycloak’s security, and Redash’s data analytics into a seamless, integrated platform. + + +## Before you begin + +### Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +### Setup a Kubernetes Cluster + +The quickest way to set up a Kubernetes cluster to install [formsflow.ai](https://formsflow.ai/) Charts is by following the "[formsflow.ai](https://formsflow.ai/) Get Started" guides for the different services: + +- [Get Started with Formsflow Charts using the Amazon Elastic Container Service for Kubernetes (EKS)](https://aot-technologies.github.io/forms-flow-installation-eks/docs/intro/) + +### Install Helm + +Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. + +To install Helm, refer to the [Helm install guide](https://github.com/helm/helm#install) and ensure that the `helm` binary is in the `PATH` of your shell. + +### Using Helm + +Once you have installed the Helm client, you can deploy a Bitnami Helm Chart into a Kubernetes cluster. + +Please refer to the [Quick Start guide](https://helm.sh/docs/intro/quickstart/) if you wish to get running in just a few commands, otherwise, the [Using Helm Guide](https://helm.sh/docs/intro/using_helm/) provides detailed instructions on how to use the Helm client to manage packages on your Kubernetes cluster. + +## License + +Copyright 2020 AppsOnTime-Technologies 2020 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +## Chart Versions + +The versions of Helm charts available in this repository are as follows: + +| Formsflow Version | Chart Name | Chart Version | +|---------------------------|---------------------------|---------------------------| +| 7.0.0 | forms-flow-ai | v8.0.0 | +| 6.0.2 | forms-flow-ai | v7.1.2 | +| 6.0.1 | forms-flow-ai | v7.1.1 | +| 6.0.0 | forms-flow-ai | v6.0.0 | +| 5.3.1 | forms-flow-ai | v5.3.1 | +| 5.3.0 | forms-flow-ai | v5.3.0 | +| 5.2.2 | forms-flow-ai | v5.2.2 | +| 5.2.1 | forms-flow-ai | v5.2.1 | +| 5.2.0 | forms-flow-ai | v5.2.0 | +| 5.1.1 | forms-flow-ai | v5.1.1 | +| 5.1.0 | forms-flow-ai | v5.1.0 | \ No newline at end of file diff --git a/charts/forms-flow-admin/README.md b/charts/forms-flow-admin/README.md new file mode 100644 index 00000000..4eda8698 --- /dev/null +++ b/charts/forms-flow-admin/README.md @@ -0,0 +1,192 @@ +# Formsflow Admin API + +Formsflow Admin API is a Python REST API to provision tenants in a multi tenanted environment. + + +## Introduction + +This chart bootstraps a forms-flow-admin deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-admin`: + +```console +helm install forms-flow-admin forms-flow-admin +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-admin forms-flow-admin --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use`INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-admin on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-admin charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi +``` + +### Change Forms-flow-admin version + +To modify the Forms-flow-admin version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-ai-admin) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-ai-admin + tag: X.Y.Z +``` + +## Persistence + +The `formsflow-admin` image stores the application logs at the `/opt/app-root/logs` path of the container. + + +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-admin` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## API Path Update +The `Forms-flow-admin` can now be accessed at the `/admin` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///admin +``` + + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `replicaCount` | Number of replicas | `1` | +| `image.registry` | Docker registry for the image | `docker.io` | +| `image.repository` | Repository for the image | `formsflow/forms-flow-ai-admin` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.tag` | Image tag | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets | `forms-flow-ai-auth` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `priorityClassName` | Pod priority | `""` | +| `schedulerName` | Name of the k8s scheduler | `""` | +| `terminationGracePeriodSeconds` | Time given to the pod to terminate gracefully | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `diagnosticMode.command` | Command to override all containers in deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in deployment | `["infinity"]` | +| `hostAliases` | Deployment host aliases | `[]` | +| `serviceAccount.create` | Whether a service account should be created | `true` | +| `serviceAccount.annotations` | Annotations for the service account | `{}` | +| `serviceAccount.name` | Name of the service account | `""` | +| `serviceAccount.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Extra labels for pods | `{}` | +| `podAffinityPreset` | Pod affinity preset | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type | `""` | +| `nodeAffinityPreset.key` | Node label key to match | `""` | +| `nodeAffinityPreset.values` | Node label values to match | `[]` | +| `podSecurityContext.enabled` | Enable security context for pods | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.fsGroup` | Pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enable containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Containers' Security Context runAsGroup | `1001` | +| `containerSecurityContext.runAsNonRoot` | Container's Security Context runAsNonRoot | `false` | +| `command` | Override default container command | `[]` | +| `args` | Override default container args | `[]` | +| `lifecycleHooks` | Lifecycle hooks for containers | `{}` | +| `extraEnvVars` | Extra environment variables for containers | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars| `""` | +| `extraVolumes` | Array to add extra volumes | `{}` | +| `extraVolumeMounts` | Array to add extra mounts | `{}` | +| `existingSecret` | Existing secret containing database credentials | `""` | +| `updateStrategy.type` | Update strategy for installation | `RollingUpdate` | +| `rbac.create` | Whether to create and use RBAC resources | `false` | +| `pdb.create` | If true, create a pod disruption budget | `true` | +| `autoscaling.enabled` | Enable autoscaling for forms-flow-admin | `false` | +| `formsflow.configmap` | Name of the formsflow.ai ConfigMap | `forms-flow-ai` | +| `formsflow.secret` | Name of the formsflow.ai secret | `forms-flow-ai` | +| `formsflow.analytics` | Name of the analytics component | `forms-flow-analytics` | + +## Ingress Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `ingress.enabled` | Enable ingress record generation | `true` | +| `ingress.ingressClassName` | Ingress class used to implement Ingress | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.controller` | Ingress controller type | `default` | +| `ingress.hostname` | Default host for the ingress record | `forms-flow-admin.local` | +| `ingress.path` | Default path for the ingress record | `"/admin"` | +| `ingress.servicePort` | Backend service port to use | `5000` | +| `ingress.tls` | Enable TLS configuration | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates | `false` | + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Forms-flow-admin service ports | `[{name: http, port: 5000, protocol: TCP}]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `resourcesPreset` | Set container resources according to preset | `small` | +| `resources.limits.cpu` | CPU limit | `500m` | +| `resources.limits.memory` | Memory limit | `1Gi` | +| `resources.requests.cpu` | CPU request | `250m` | +| `resources.requests.memory` | Memory request | `512Mi` | + +## Database Parameters + +| Parameter | Description | Default Value | +|------------------------------------|-----------------------------------------------------|------------------------------------| +| `postgresql.databasename` | Database name for PostgreSQL | `forms-flow-admin` | +| `postgresql.username` | PostgreSQL username | `postgres` | +| `postgresql.password` | PostgreSQL password | `postgres` | +| `postgresql.host` | PostgreSQL host | `forms-flow-ai-postgresql-ha-pgpool` | +| `ExternalDatabase.ExistingDatabaseNameKey` | Key for the existing database name | `""` | +| `ExternalDatabase.ExistingDatabaseUserNameKey` | Key for the existing database username | `""` | +| `ExternalDatabase.ExistingDatabasePasswordKey` | Key for the existing database password | `""` | +| `ExternalDatabase.ExistingDatabaseHostKey` | Key for the existing database host | `""` | +| `ExternalDatabase.ExistingDatabasePortKey` | Key for the existing database port | `""` | +| `ExternalDatabase.ExistingSecretName` | Name of the existing secret | `""` | diff --git a/charts/forms-flow-ai/README.md b/charts/forms-flow-ai/README.md new file mode 100644 index 00000000..9da40024 --- /dev/null +++ b/charts/forms-flow-ai/README.md @@ -0,0 +1,260 @@ +# Formsflow.ai +The forms-flow-ai chart integrates components such as PostgreSQL, MongoDB, and Redis to manage version control effectively. + +## Introduction + +This chart bootstraps a forms-flow-ai deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-ai`: + +```console +helm install forms-flow-ai forms-flow-ai +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm upgrade --install forms-flow-ai forms-flow-ai --set Domain=DOMAIN_NAME --set postgresql-ha.postgresql.podSecurityContext.enabled=true --set mongodb.podSecurityContext.enabled=true --set insight_api_key=INSIGHT_API_KEY +``` + +> Note: You need to substitute the placeholders `DOMAIN_NAME`, and `INSIGHT_API_KEY` with your specific values. For example, in the case of Formsflow, you might use `DOMAIN_NAME=example.com` and `INSIGHT_API_KEY=your_insight_api_key` + +These commands deploy Forms-flow-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Use an external database + +Sometimes, you may want to have connect to an external PostgreSQL and MongoDB database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, + +For PostgreSQL database, + set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `formsflowdb.postgresql.fullnameOverride` parameters. Here is an example: + +```text +postgresql-ha.enabled=false +formsflowdb.postgresql.fullnameOverride=myexternalhost +``` +```yaml +postgresql-ha: + enabled: false +formsflowdb: + postgresql: + fullnameOverride: myexternalhost + +``` + +For MongoDB, +```text +mongodb.enabled=false +mongodb.service.nameOverride=mongodburl +mongodb.auth.databases=database +mongodb.auth.usernames=myuser +mongodb.auth.passwords=mypassword +``` +```yaml +mongodb: + enabled: false + auth: + databases: + - formsflow + passwords: + - changeme + usernames: + - mongodb + service: + nameOverride: "mongodb_url" +``` + +## Parameters + +| Parameter | Description | Default Value | +|-----------------|-----------------------------------------------|---------------| +| `Domain` | Define the domain for the application. | `#` | +| `formsflowdb.postgresql.fullnameOverride`| Custom name for the PostgreSQL service. | `forms-flow-ai-postgresql-ha-pgpool` | +| `formsflowdb.postgresql.enabled` | Enable or disable the PostgreSQL database. | `true` | +| `formsflowdb.postgresql.database` | Name of the database to create or use. | `postgres` | +| `formsflowdb.service.ports.postgresql` | Port for the PostgreSQL service. | `5432` | +| `imageCredentials.registry` | Container registry for the images. | `quay.io` | +| `imageCredentials.username` | Username for the container registry. | `someone` | +| `imageCredentials.password` | Password for the container registry. | `test` | +| `imageCredentials.email` | Email for the container registry. | `someone@host.com` | +| `websocket_encrypt_key` | Key used for WebSocket encryption. | `FormsFlow.AI` | +| `insight_api_key` | API key for insights. | `""` | +| `redis_host` | Hostname for Redis server. | `""` | +| `redis_port` | Port for Redis server. | `""` | +| `EnableRedis` | Enable or disable Redis support. | `false` | +| `EnableChatBot` | Enable or disable chatbot feature. | `false` | +| `redis_pass_code` | Password for Redis. | `""` | +| `draft_enabled` | Enable or disable draft feature. | `true` | +| `export_pdf_enabled` | Enable or disable PDF export feature. | `false` | +| `elastic_server` | Address for the Elastic server. | `forms-flow-elastic:9200` | +| `redis_url` | URL for Redis connection. | `redis://redis-exporter:6379/1` | +| `ipaas.embedded_api_key` | API key for embedded iPaaS. | `""` | +| `ipaas.jwt_private_key` | JWT private key for iPaaS. | `""` | +| `ipaas.embed_base_url` | Base URL for embedded services. | `""` | +| `ipaas.api_base_url` | Base URL for API services. | `""` | +| `configure_logs` | Enable or disable logging configuration. | `true` | + +## Forms Flow Component Parameters + +| Parameter | Description | Default Value | +|-------------------------------------------|-------------------------------------------------------------|------------------------------| +| `formsflowdb.postgresql.fullnameOverride`| Custom name for the PostgreSQL service. | `forms-flow-ai-postgresql-ha-pgpool` | +| `formsflowdb.postgresql.enabled` | Enable or disable the PostgreSQL database. | `true` | +| `formsflowdb.postgresql.database` | Name of the database to create or use. | `postgres` | +| `formsflowdb.service.ports.postgresql` | Port for the PostgreSQL service. | `5432` | +| `forms-flow-forms.admin.email` | Admin email for Forms Flow Forms. | `me@defineme.com` | +| `forms-flow-forms.admin.password` | Admin password for Forms Flow Forms. | `admin` | +| `forms-flow-idm.keycloak.EnableKeycloakClientAuth` | Enable or disable Keycloak client authentication. | `false` | +| `forms-flow-idm.keycloak.ingress.hostname` | Hostname for the Forms Flow IDM ingress. | `forms-flow-idm-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | +| `forms-flow-idm.realm` | Keycloak realm for the application. | `forms-flow-ai` | +| `forms-flow-idm.context-path` | Context path for Keycloak authentication. | `/auth` | +| `forms-flow-web.EnableMultitenant` | Enable or disable multitenancy for the Forms Flow Web application. | `false` | +| `forms-flow-web.clientid` | Client ID for the Forms Flow Web application. | `forms-flow-web` | +| `forms-flow-web.ingress.hostname` | Hostname for the Forms Flow Web ingress. | `forms-flow-web-{{.Release.Namespace}}.{{tpl (.Values.Domain) .}}` | + +## Database Parameters +### MongoDB + +| Parameter | Description | Default Value | +|--------------------------------------------------|--------------------------------------------------------------|----------------------------------| +| `mongodb.image.tag` | Docker image tag for MongoDB. | `7.0.12-debian-12-r5` | +| `mongodb.image.pullSecrets` | Secrets for pulling the Docker image. | `forms-flow-auth` | +| `mongodb.enabled` | Enable or disable MongoDB deployment. | `true` | +| `mongodb.fullnameOverride` | Custom name for the MongoDB service. | `forms-flow-ai-mongodb` | +| `mongodb.clusterDomain` | Domain for the MongoDB cluster. | `cluster.local` | +| `mongodb.architecture` | Architecture type (replica set or standalone). | `replicaset` | +| `mongodb.useStatefulSet` | Use StatefulSet for MongoDB pods. | `true` | +| `mongodb.auth.enabled` | Enable or disable authentication for MongoDB. | `true` | +| `mongodb.auth.databases` | List of databases to create. | `formsflow` | +| `mongodb.auth.passwords` | List of passwords for the databases. | `changeme` | +| `mongodb.auth.usernames` | List of usernames for the databases. | `mongodb` | +| `mongodb.replicaSetName` | Name of the replica set. | `rs0` | +| `mongodb.replicaSetHostnames` | Enable replica set hostnames. | `true` | +| `mongodb.directoryPerDB` | Use separate directories for each database. | `false` | +| `mongodb.replicaCount` | Number of replicas to create. | `3` | +| `mongodb.podSecurityContext.enabled` | Enable pod security context for MongoDB pods. | `false` | +| `mongodb.podSecurityContext.fsGroup` | File system group ID for the MongoDB pod. | `1001` | +| `mongodb.containerSecurityContext.enabled` | Enable container security context. | `false` | +| `mongodb.containerSecurityContext.runAsUser` | User ID to run MongoDB container as. | `1001` | +| `mongodb.containerSecurityContext.runAsNonRoot` | Ensure MongoDB container runs as a non-root user. | `true` | +| `mongodb.containerPorts.mongodb` | Port for MongoDB service. | `27017` | +| `mongodb.service.nameOverride` | Custom name for the MongoDB service. | `forms-flow-ai-mongodb` | +| `mongodb.service.type` | Type of Kubernetes service (ClusterIP, NodePort, LoadBalancer). | `ClusterIP` | +| `mongodb.service.portName` | Name of the port for the MongoDB service. | `mongodb` | +| `mongodb.service.ports.mongodb` | Port number for MongoDB service. | `27017` | +| `mongodb.persistence.enabled` | Enable or disable persistence for MongoDB. | `true` | +| `mongodb.persistence.accessModes` | Access modes for the persistent volume. | `ReadWriteOnce` | +| `mongodb.persistence.size` | Size of the persistent volume. | `8Gi` | +| `mongodb.persistence.mountPath` | Mount path for the persistent volume. | `/bitnami/mongodb` | +| `mongodb.serviceAccount.create` | Create a service account for MongoDB. | `true` | +| `mongodb.arbiter.enabled` | Enable or disable arbiter for the replica set. | `false` | +| `mongodb.arbiter.podSecurityContext.enabled` | Enable pod security context for arbiter pod. | `false` | +| `mongodb.arbiter.podSecurityContext.fsGroup` | File system group ID for the arbiter pod. | `1001` | +| `mongodb.arbiter.containerSecurityContext.enabled`| Enable container security context for arbiter. | `false` | +| `mongodb.arbiter.containerSecurityContext.runAsUser` | User ID for arbiter container. | `1001` | + +### PostgreSQL + +| Parameter | Description | Default Value | +|-------------------------------------------------|--------------------------------------------------------------|--------------------------------| +| `postgresql-ha.enabled` | Enable or disable PostgreSQL High Availability deployment. | `true` | +| `postgresql.image.registry` | Docker image registry for PostgreSQL. | `docker.io` | +| `postgresql.image.repository` | Docker image repository for PostgreSQL. | `bitnami/postgresql-repmgr` | +| `postgresql.image.tag` | Docker image tag for PostgreSQL. | `16.3.0-debian-12-r20` | +| `postgresql.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `postgresql.image.pullSecrets` | Secrets for pulling the Docker image. | `forms-flow-auth` | +| `postgresql.replicaCount` | Number of PostgreSQL replicas. | `3` | +| `postgresql.containerPorts.postgresql` | Port for PostgreSQL service. | `5432` | +| `postgresql.podSecurityContext.enabled` | Enable pod security context for PostgreSQL pods. | `false` | +| `postgresql.podSecurityContext.fsGroup` | File system group ID for the PostgreSQL pod. | `1001` | +| `postgresql.containerSecurityContext.enabled` | Enable container security context. | `false` | +| `postgresql.containerSecurityContext.runAsUser` | User ID to run PostgreSQL container as. | `1001` | +| `postgresql.containerSecurityContext.runAsNonRoot` | Ensure PostgreSQL container runs as a non-root user. | `true` | +| `postgresql.livenessProbe.enabled` | Enable liveness probe for PostgreSQL. | `false` | +| `postgresql.livenessProbe.initialDelaySeconds` | Initial delay for liveness probe. | `30` | +| `postgresql.livenessProbe.periodSeconds` | Period for liveness probe checks. | `10` | +| `postgresql.username` | Username for PostgreSQL database. | `postgres` | +| `postgresql.password` | Password for PostgreSQL user. | `postgres` | +| `postgresql.database` | Default database to create. | `forms-flow-ai` | +| `postgresql.postgresPassword` | PostgreSQL password. | `changeme` | +| `postgresql.repmgrUsername` | Username for repmgr database. | `repmgr` | +| `postgresql.repmgrPassword` | Password for repmgr user. | `changeme` | +| `postgresql.repmgrDatabase` | Database used by repmgr. | `repmgr` | +| `postgresql.initdbScripts.init_script.sql` | SQL script for initializing databases. | See below | + +### Pgpool + +| Parameter | Description | Default Value | +|--------------------------------------------------|--------------------------------------------------------------|--------------------------------| +| `pgpool.image.registry` | Docker image registry for Pgpool. | `docker.io` | +| `pgpool.image.repository` | Docker image repository for Pgpool. | `bitnami/pgpool` | +| `pgpool.image.tag` | Docker image tag for Pgpool. | `4.5.2-debian-12-r5` | +| `pgpool.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `pgpool.image.pullSecrets` | Secrets for pulling the Docker image. | `forms-flow-auth` | +| `pgpool.replicaCount` | Number of Pgpool replicas. | `1` | +| `pgpool.containerPorts.postgresql` | Port for Pgpool service. | `5432` | +| `pgpool.podSecurityContext.enabled` | Enable pod security context for Pgpool pods. | `false` | +| `pgpool.podSecurityContext.fsGroup` | File system group ID for the Pgpool pod. | `1001` | +| `pgpool.containerSecurityContext.enabled` | Enable container security context. | `false` | +| `pgpool.containerSecurityContext.runAsUser` | User ID to run Pgpool container as. | `1001` | +| `pgpool.containerSecurityContext.runAsNonRoot` | Ensure Pgpool container runs as a non-root user. | `true` | +| `pgpool.livenessProbe.enabled` | Enable liveness probe for Pgpool. | `false` | +| `pgpool.livenessProbe.initialDelaySeconds` | Initial delay for liveness probe. | `30` | +| `pgpool.livenessProbe.periodSeconds` | Period for liveness probe checks. | `10` | +| `pgpool.adminUsername` | Username for Pgpool admin. | `admin` | +| `pgpool.adminPassword` | Password for Pgpool admin. | `changeme` | +| `pgpool.persistence.enabled` | Enable or disable persistence for Pgpool. | `true` | +| `pgpool.persistence.storageClass` | Storage class for persistent volume claims. | `""` | +| `pgpool.persistence.mountPath` | Mount path for persistent storage. | `/bitnami/postgresql` | +| `pgpool.persistence.accessModes` | Access modes for persistent storage. | `ReadWriteOnce` | +| `pgpool.persistence.size` | Size of the persistent volume. | `8Gi` | +| `pgpool.service.type` | Service type for Pgpool. | `ClusterIP` | +| `pgpool.service.ports.postgresql` | Port for Pgpool service. | `5432` | +| `pgpool.service.portName` | Port name for the Pgpool service. | `postgresql` | +| `pgpool.service.nodePorts.postgresql` | Node port for Pgpool service. | `""` | + +### Redis + +| Parameter | Description | Default Value | +|--------------------------------------------------|--------------------------------------------------------------|--------------------------------| +| `redisExporter.replicaCounts` | Number of Redis Exporter replicas. | `1` | +| `redisExporter.service.type` | Service type for Redis Exporter. | `ClusterIP` | +| `redisExporter.service.portNames.redis` | Port name for Redis client. | `client` | +| `redisExporter.service.portNames.redis2` | Port name for Redis gossip. | `gossip` | +| `redisExporter.service.ports.redis` | Port for Redis client. | `6379` | +| `redisExporter.service.ports.redis2` | Port for Redis gossip. | `16379` | +| `redisExporter.service.externalTrafficPolicy` | External traffic policy for the service. | `Cluster` | +| `redisExporter.service.sessionAffinity` | Session affinity for the service. | `None` | +| `redisExporter.service.annotations` | Annotations for the service. | `{}` | +| `redisExporter.podLabels` | Labels for Redis Exporter pods. | `{}` | +| `redisExporter.extraEnvVarsCM` | Additional environment variable config map. | `{}` | +| `redisExporter.extraEnvVars` | Additional environment variables. | `{}` | +| `redisExporter.extraEnvVarsSecret` | Additional secret environment variables. | `{}` | +| `redisExporter.redis.configMap.redis_conf` | Redis configuration settings. | See below for detailed config | +| `redisExporter.image.registry` | Docker image registry for Redis. | `docker.io` | +| `redisExporter.image.repository` | Docker image repository for Redis. | `redis` | +| `redisExporter.image.tag` | Docker image tag for Redis. | `7.2.4-alpine` | +| `redisExporter.image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `redisExporter.image.pullSecrets` | Secrets for pulling the Docker image. | `[]` | +| `redisExporter.livenessProbe.enabled` | Enable liveness probe for Redis Exporter. | `true` | +| `redisExporter.livenessProbe.initialDelaySeconds`| Initial delay for liveness probe. | `30` | +| `redisExporter.livenessProbe.periodSeconds` | Period for liveness probe checks. | `5` | +| `redisExporter.readinessProbe.enabled` | Enable readiness probe for Redis Exporter. | `true` | +| `redisExporter.readinessProbe.initialDelaySeconds`| Initial delay for readiness probe. | `10` | +| `redisExporter.readinessProbe.periodSeconds` | Period for readiness probe checks. | `3` | +| `redisExporter.containerPorts.client` | Client port for Redis Exporter. | `6379` | +| `redisExporter.containerPorts.gossip` | Gossip port for Redis Exporter. | `16379` | +| `redisExporter.resources.limits.cpu` | CPU limit for Redis Exporter. | `60m` | +| `redisExporter.resources.limits.memory` | Memory limit for Redis Exporter. | `512Mi` | +| `redisExporter.resources.requests.cpu` | CPU request for Redis Exporter. | `50m` | +| `redisExporter.resources.requests.memory` | Memory request for Redis Exporter. | `256Mi` | +| `redisExporter.persistence.enabled` | Enable or disable persistence for Redis Exporter. | `true` | +| `redisExporter.persistence.storageClass` | Storage class for persistent volume claims. | `""` | +| `redisExporter.persistence.mountPath` | Mount path for persistent storage. | `""` | +| `redisExporter.persistence.accessModes` | Access modes for persistent storage. | `ReadWriteOnce` | +| `redisExporter.persistence.size` | Size of the persistent volume. | `2Gi` | diff --git a/charts/forms-flow-analytics/README.md b/charts/forms-flow-analytics/README.md new file mode 100644 index 00000000..caedff2e --- /dev/null +++ b/charts/forms-flow-analytics/README.md @@ -0,0 +1,334 @@ +# Formsflow.ai Analytics + +**formsflow.ai** leverages [Redash](https://github.com/getredash/redash) to build interactive +dashboards and gain insights. + +## Introduction + +This chart bootstraps a forms-flow-analytics deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-analytics`: + +```console +helm install forms-flow-analytics forms-flow-analytics +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm upgrade --install forms-flow-analytics forms-flow-analytics --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hosts[0].host=HOSTNAME --set ingress.tls[0].secretName="SECRETNAME" --set ingress.tls[0].hosts[0]="HOSTNAME" --set ingress.hosts[0].paths[0]="/" -n NAMESPACE +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` and `SECRETNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-analytics on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-analytics charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +## Server + +```yaml + resources: + limits: + cpu: 1500m + memory: 2Gi + requests: + cpu: 900m + memory: 1Gi +``` +## Worker + +```yaml + resources: + limits: + cpu: 300m + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi +``` +## Scheduler + +```yaml + resources: + limits: + cpu: 300m + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi +``` +## Migrations + +```yaml + resources: + limits: + cpu: 300m + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi +``` +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-analytics` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## Path Update +The `Forms-flow-analytics` can now be accessed at the `/redash` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///redash +``` + +## Parameters + +| Parameter | Description | Default Value | +|----------------------------------|--------------------------------------------------|------------------------| +| `server.replicaCount` | Number of replicas for the server | `1` | +| `server.image.registry` | Docker registry for the image | `docker.io` | +| `server.image.repository` | Repository for the image | `formsflow/redash` | +| `server.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `server.image.tag` | Tag for the image | `24.04.0` | +| `server.image.pullSecrets` | Secrets for pulling images | `forms-flow-ai-auth` | +| `server.nameOverride` | Override for the name | `""` | +| `server.fullnameOverride` | Override for the full name | `""` | +| `server.commonLabels` | Common labels for all deployed objects | `{}` | +| `server.commonAnnotations` | Common annotations for all deployed objects | `{}` | +| `server.nodeSelector` | Node selector for scheduling | `{}` | +| `server.tolerations` | Tolerations for the pod | `[]` | +| `server.affinity` | Affinity rules for the pod | `{}` | +| `server.priorityClassName` | Priority class name for the pod | `""` | +| `server.schedulerName` | Scheduler name for the pod | `""` | +| `server.terminationGracePeriodSeconds` | Grace period for pod termination | `""` | +| `server.topologySpreadConstraints` | Constraints for topology spread | `[]` | +| `server.diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `server.diagnosticMode.command` | Command for diagnostic mode | `["sleep"]` | +| `server.diagnosticMode.args` | Arguments for diagnostic command | `["infinity"]` | +| `server.hostAliases` | Host aliases for the pod | `[]` | +| `server.serviceAccount.create` | Create a service account | `true` | +| `server.serviceAccount.annotations` | Annotations for the service account | `{}` | +| `server.serviceAccount.name` | Name for the service account | `""` | +| `server.serviceAccount.automountServiceAccountToken` | Automount service account token | `false` | +| `server.podAnnotations` | Annotations for the pod | `{}` | +| `server.podLabels` | Extra labels for the pod | `{}` | +| `server.podAffinityPreset` | Pod affinity preset | `""` | +| `server.podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | +| `server.podSecurityContext.enabled` | Enable pod security context | `false` | +| `server.podSecurityContext.fsGroupChangePolicy` | File system group change policy | `Always` | +| `server.podSecurityContext.fsGroup` | File system group ID | `1001` | +| `server.containerSecurityContext.enabled` | Enable container security context | `false` | +| `server.containerSecurityContext.runAsUser` | Run as user ID | `1001` | +| `server.containerSecurityContext.runAsGroup` | Run as group ID | `1001` | +| `server.containerSecurityContext.runAsNonRoot` | Run as non-root user | `false` | +| `server.containerSecurityContext.privileged` | Privileged mode | `false` | +| `server.containerSecurityContext.readOnlyRootFilesystem` | Read-only root filesystem | `false` | +| `server.containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `server.containerSecurityContext.capabilities.drop` | Capabilities to drop | `["ALL"]` | +| `server.containerSecurityContext.seccompProfile.type` | Seccomp profile type | `RuntimeDefault` | +| `server.command` | Command to run in the container | `[]` | +| `server.args` | Arguments for the command | `["server"]` | +| `server.lifecycleHooks.postStart` | Post-start lifecycle hooks | `{"exec": {"command": ["/bin/sh", "-c", "python -v ./manage.py database create_tables"]}}` | +| `server.livenessProbe.enabled` | Enable liveness probe | `true` | +| `server.livenessProbe.initialDelaySeconds` | Initial delay for liveness probe | `90` | +| `server.livenessProbe.timeoutSeconds` | Timeout for liveness probe | `1` | +| `server.livenessProbe.periodSeconds` | Period for liveness probe | `10` | +| `server.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | +| `server.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `10` | +| `server.readinessProbe.enabled` | Enable readiness probe | `false` | +| `server.readinessProbe.initialDelaySeconds` | Initial delay for readiness probe | `10` | +| `server.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `server.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `server.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `server.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | +| `server.automountServiceAccountToken` | Automount service account token | `true` | +| `server.extraEnvVars` | Extra environment variables | `[]` | +| `server.extraEnvVarsCM` | Name of existing ConfigMap for extra env vars | `""` | +| `server.extraEnvVarsSecret` | Name of existing Secret for extra env vars | `""` | +| `server.extraVolumes` | Extra volumes for the pod | `[]` | +| `server.extraVolumeMounts` | Extra volume mounts for the pod | `[]` | +| `server.existingSecret` | Existing secret for database credentials | `""` | +| `server.updateStrategy.type` | Update strategy type | `RollingUpdate` | +| `server.updateStrategy.rollingUpdate.maxSurge` | Max surge during update | `25%` | +| `server.updateStrategy.rollingUpdate.maxUnavailable` | Max unavailable during update | `25%` | +| `server.rbac.create` | Create RBAC resources | `false` | +| `server.rbac.rules` | RBAC rules for the application | `[]` | +| `server.pdb.create` | Create pod disruption budget | `true` | +| `server.pdb.minAvailable` | Minimum available pods for disruption budget | `""` | +| `server.pdb.maxUnavailable` | Maximum unavailable pods for disruption budget | `""` | +| `server.resourcesPreset` | Resource preset for the server | `small` | +| `server.resources.limits.cpu` | CPU limit for the server | `1500m` | +| `server.resources.limits.memory` | Memory limit for the server | `2Gi` | +| `server.resources.requests.cpu` | CPU request for the server | `1000m` | +| `server.resources.requests.memory`| Memory request for the server | `1Gi` | +| `server.customStartupProbe` | Custom startup probe configuration | `{}` | +| `server.customLivenessProbe` | Custom liveness probe configuration | `{}` | +| `server.customReadinessProbe` | Custom readiness probe configuration | `{}` | +| `server.containerPorts.http` | HTTP port for the server | `5000` | +| `server.sidecars` | Sidecar containers for the server | `[]` | +| `server.configuration` | Custom configuration for the server | `[]` | +| `server.autoscaling.enabled` | Enable autoscaling | `false` | +| `server.autoscaling.minReplicas` | Minimum replicas for autoscaling | `1` | +| `server.autoscaling.maxReplicas` | Maximum replicas for autoscaling | `11` | +| `server.autoscaling.targetCPU` | Target CPU utilization for autoscaling | `""` | +| `server.autoscaling.targetMemory`| Target memory utilization for autoscaling | `""` | +| `server.autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Stabilization window for scale up | `120` | +| `server.autoscaling.behavior.scaleUp.selectPolicy` | Select policy for scale up | `Max` | +| `server.autoscaling.behavior.scaleUp.policies` | Scale up policies | `[]` | +| `server.autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Stabilization window for scale down | `300` | +| `server.autoscaling.behavior.scaleDown.selectPolicy` | Select policy for scale down | `Max` | +| `server.autoscaling.behavior.scaleDown.policies` | Policies for scale down | `[{type: Pods, value: 1, periodSeconds: 300}]` | +| `server.autoscaling.behavior.scaleDown.policies[0].type` | Type of resource for scaling down | `Pods` | +| `server.autoscaling.behavior.scaleDown.policies[0].value` | Number of resources to scale down | `1` | +| `server.autoscaling.behavior.scaleDown.policies[0].periodSeconds` | Period for applying the scale down policy | `300` | +| `workers.adhoc.env.QUEUES` | Queues for ad-hoc workers | `queries` | +| `workers.adhoc.env.WORKERS_COUNT` | Number of ad-hoc workers | `2` | +| `workers.scheduled.env.QUEUES` | Queues for scheduled workers | `scheduled_queries,schemas` | +| `workers.scheduled.env.WORKERS_COUNT` | Number of scheduled workers | `1` | +| `workers.generic.env.QUEUES` | Queues for generic workers | `periodic,emails,default` | +| `workers.generic.env.WORKERS_COUNT` | Number of generic workers | `1` | +| `worker.replicaCount` | Number of replicas for the worker | `1` | +| `worker.image.registry` | Docker registry for the worker image | `docker.io` | +| `worker.image.repository` | Repository for the worker image | `formsflow/redash` | +| `worker.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `worker.image.tag` | Tag for the worker image | `24.04.0` | +| `worker.image.pullSecrets` | Secrets for pulling the image | `forms-flow-ai-auth` | +| `worker.nameOverride` | Override for the worker name | `""` | +| `worker.fullnameOverride` | Full override for the worker name | `""` | +| `worker.commonLabels` | Common labels for the worker | `{}` | +| `worker.commonAnnotations` | Common annotations for the worker | `{}` | +| `worker.podAnnotations` | Annotations for the worker pod | `{}` | +| `worker.podLabels` | Extra labels for the worker pod | `{}` | +| `worker.podSecurityContext.fsGroup` | File system group for the worker | `1001` | +| `worker.containerSecurityContext.runAsUser` | User ID to run the container | `1001` | +| `worker.containerSecurityContext.runAsGroup` | Group ID to run the container | `1001` | +| `worker.resources.limits.cpu` | CPU limit for the worker | `200m` | +| `worker.resources.limits.memory` | Memory limit for the worker | `2Gi` | +| `worker.resources.requests.cpu` | CPU request for the worker | `180m` | +| `worker.resources.requests.memory` | Memory request for the worker | `1Gi` | +| `worker.containerPorts.http` | HTTP port for the worker | `5000` | +| `scheduler.replicaCount` | Number of replicas for the scheduler | `1` | +| `scheduler.image.registry` | Docker registry for the scheduler image | `docker.io` | +| `scheduler.image.repository` | Repository for the scheduler image | `formsflow/redash` | +| `scheduler.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `scheduler.image.tag` | Tag for the scheduler image | `24.04.0` | +| `scheduler.image.pullSecrets` | Secrets for pulling the image | `forms-flow-ai-auth` | +| `scheduler.nameOverride` | Override for the scheduler name | `""` | +| `scheduler.fullnameOverride` | Full override for the scheduler name | `""` | +| `scheduler.commonLabels` | Common labels for the scheduler | `{}` | +| `scheduler.commonAnnotations` | Common annotations for the scheduler | `{}` | +| `scheduler.podAnnotations` | Annotations for the scheduler pod | `{}` | +| `scheduler.podLabels` | Extra labels for the scheduler pod | `{}` | +| `scheduler.podAffinityPreset` | Pod affinity preset for the scheduler | `""` | +| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset for the scheduler | `soft` | +| `scheduler.nodeSelector` | Node labels for pod assignment | `{}` | +| `scheduler.tolerations` | Tolerations for pod assignment | `[]` | +| `scheduler.affinity` | Affinity rules for pod assignment | `{}` | +| `scheduler.priorityClassName` | Pod priority class name | `""` | +| `scheduler.schedulerName` | Custom scheduler name for the scheduler | `""` | +| `scheduler.terminationGracePeriodSeconds` | Grace period for termination | `""` | +| `scheduler.topologySpreadConstraints` | Topology spread constraints for pod assignment | `[]` | +| `scheduler.diagnosticMode.enabled` | Enable diagnostic mode for the scheduler | `false` | +| `scheduler.hostAliases` | Host aliases for the scheduler | `[]` | +| `scheduler.podSecurityContext.enabled` | Enable pod security context | `false` | +| `scheduler.containerSecurityContext.enabled` | Enable container security context | `false` | +| `scheduler.updateStrategy.type` | Update strategy for the scheduler | `Recreate` | +| `scheduler.rbac.create` | Create RBAC resources for the scheduler | `false` | +| `scheduler.pdb.create` | Create Pod Disruption Budget for the scheduler | `true` | +| `scheduler.resourcesPreset` | Resources preset for the scheduler | `small` | +| `scheduler.customStartupProbe` | Custom startup probe for the scheduler | `{}` | +| `scheduler.customLivenessProbe` | Custom liveness probe for the scheduler | `{}` | +| `scheduler.customReadinessProbe` | Custom readiness probe for the scheduler | `{}` | +| `scheduler.autoscaling.enabled` | Enable autoscaling for the scheduler | `false` | +| `scheduler.autoscaling.minReplicas` | Minimum replicas for autoscaling | `1` | +| `scheduler.autoscaling.maxReplicas` | Maximum replicas for autoscaling | `11` | +| `scheduler.autoscaling.targetCPU` | Target CPU utilization for autoscaling | `""` | +| `scheduler.autoscaling.targetMemory` | Target memory utilization for autoscaling | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Time in seconds to consider past recommendations when scaling up | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Priority of policies that the autoscaler will apply when scaling up | `Max` | +| `autoscaling.behavior.scaleUp.policies` | Policies for scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Time in seconds to consider past recommendations when scaling down | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Priority of policies that the autoscaler will apply when scaling down | `Max` | +| `autoscaling.behavior.scaleDown.policies` | Policies for scaling down | `- type: Pods, value: 1, periodSeconds: 300` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------------------------|-------------------------------------------------------|------------------------------| +| `ingress.enabled` | Enable ingress record generation | `true` | +| `ingress.ingressClassName` | IngressClass to implement the Ingress | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version | `""` | +| `ingress.controller` | The ingress controller type | `default` | +| `ingress.hostname` | Default host for the ingress record | `forms-flow-analytics.local` | +| `ingress.path` | Default path for the ingress record | `/redash` | +| `ingress.servicePort` | Backend service port to use | `5000` | +| `ingress.annotations` | Additional annotations for the Ingress resource | `{}` | +| `ingress.labels` | Additional labels for the Ingress resource | `{}` | +| `ingress.tls` | Enable TLS configuration for the defined hostname | `true` | +| `ingress.selfSigned` | Create a TLS secret with self-signed certificates | `false` | +| `ingress.extraHosts` | Additional hostname(s) to be covered | `[]` | +| `ingress.extraPaths` | Additional paths to be added to the ingress | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostnames | `[]` | +| `ingress.secrets` | Add custom certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules for the ingress record | `[]` | +| `ingress.subFilterHost` | Sub-filter host for analytics application; also used as ingress hostname | `chart-example.local` | + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------------------------------|--------------------------------------------------------|--------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Service ports (evaluated as a template) | | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Allowed addresses for LoadBalancer service | `[]` | +| `service.externalTrafficPolicy` | External traffic policy to preserve client source IP | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for the service | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service | `None` | +| `service.sessionAffinityConfig` | Additional settings for sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service | `{}` | + +## Redash and Database Parameters + +| Parameter | Description | Default Value | +|------------------------------------------------------------|--------------------------------------------------------|------------------------------------| +| `redash.multiorg` | Multi-organization setting for Redash | `"false"` | +| `redash.database.password` | Admin password for Redash database | `postgres` | +| `redash.database.url` | Redash database URL | `postgresql://postgres:postgres@forms-flow-analytics-postgresql:5432/postgres` | +| `database.username` | Username for the database | `postgres` | +| `database.password` | Password for the database | `postgres` | +| `database.servicename` | Service name for the database | `forms-flow-ai-postgresql-ha-pgpool` | +| `database.port` | Port for the database | `5432` | +| `database.dbName` | Database name for forms-flow-analytics | `forms-flow-analytics` | +| `ExternalDatabase.ExistingDatabaseNameKey` | Existing database name key | `""` | +| `ExternalDatabase.ExistingDatabaseUserNameKey` | Existing database username key | `""` | +| `ExternalDatabase.ExistingDatabasePasswordKey` | Existing database password key | `""` | +| `ExternalDatabase.ExistingDatabaseHostKey` | Existing database host key | `""` | +| `ExternalDatabase.ExistingDatabasePortKey` | Existing database port key | `""` | +| `ExternalDatabase.ExistingSecretName` | Name of the existing secret | `""` | +| `ExternalDatabase.ExistingConfigmapName` | Name of the existing config map | `""` | + diff --git a/charts/forms-flow-api/README.md b/charts/forms-flow-api/README.md new file mode 100644 index 00000000..2e5df7b2 --- /dev/null +++ b/charts/forms-flow-api/README.md @@ -0,0 +1,233 @@ +# Formsflow.ai API + +formsflow.ai has built this adaptive tier for correlating form management, BPM and analytics together. + +The goal of the REST API is to provide access to all relevant interfaces of the system. + + +## Introduction + +This chart bootstraps a forms-flow-api deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-api`: + +```console +helm install forms-flow-api forms-flow-api +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm install forms-flow-api forms-flow-api --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-api charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 300m + memory: 1Gi + requests: + cpu: 200m + memory: 512Mi +``` + +### Change Forms-flow-api version + +To modify the Forms-flow-api version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-webapi) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-webapi + tag: X.Y.Z +``` + +## Persistence + +The `forms-flow-api` image stores the application logs at the `/forms-flow-api/app/logs` path of the container. + +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-api` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## API Path Update +The `Forms-flow-api` can now be accessed at the `/api` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///api +``` + +## Parameters + +| Parameter | Description | Default Value | +|-------------------------------------------------------|-----------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment | `1` | +| `image.registry` | Docker registry for the image | `docker.io` | +| `image.repository` | Repository for the image | `formsflow/forms-flow-webapi` | +| `image.pullSecrets` | Secrets for pulling images from private registries | `[]` | +| `nameOverride` | Override name for the deployment | `""` | +| `fullnameOverride` | Override full name for the deployment | `""` | +| `commonLabels` | Common labels for all resources | `{}` | +| `commonAnnotations` | Common annotations for all resources | `{}` | +| `nodeSelector` | Node selector for pod scheduling | `{}` | +| `tolerations` | Tolerations for scheduling | `[]` | +| `affinity` | Affinity rules for pod scheduling | `{}` | +| `priorityClassName` | Priority class for scheduling | `""` | +| `schedulerName` | Scheduler to use for the deployment | `""` | +| `terminationGracePeriodSeconds` | Grace period for termination | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across zones | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `diagnosticMode.command` | Command to run in diagnostic mode | `["sleep"]` | +| `diagnosticMode.args` | Arguments for the command in diagnostic mode | `["infinity"]` | +| `hostAliases` | Host aliases for the pods | `[]` | +| `serviceAccount.create` | Create a service account | `true` | +| `serviceAccount.annotations` | Annotations for the service account | `{}` | +| `serviceAccount.name` | Name of the service account | `""` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token | `false` | +| `podAnnotations` | Annotations for the pods | `{}` | +| `podLabels` | Labels for the pods | `{}` | +| `podAffinityPreset` | Preset for pod affinity | `""` | +| `podAntiAffinityPreset` | Preset for pod anti-affinity | `soft` | +| `nodeAffinityPreset.type` | Type for node affinity | `""` | +| `nodeAffinityPreset.key` | Key for node affinity | `""` | +| `nodeAffinityPreset.values` | Values for node affinity | `[]` | +| `podSecurityContext.enabled` | Enable pod security context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Policy for changing the fsGroup | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pods | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pods | `[]` | +| `podSecurityContext.fsGroup` | fsGroup for the pods | `1001` | +| `containerSecurityContext.enabled` | Enable container security context | `true` | +| `containerSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` | +| `containerSecurityContext.runAsUser` | User ID for running the container | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID for running the container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Run the container as a non-root user | `false` | +| `containerSecurityContext.privileged` | Enable privileged mode for the container | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set root filesystem as read-only | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type | `RuntimeDefault` | +| `command` | Command for the container | `[]` | +| `args` | Arguments for the command | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container | `{}` | +| `automountServiceAccountToken` | Automount service account token | `true` | +| `extraEnvVars` | Extra environment variables | `[]` | +| `extraEnvVarsCM` | ConfigMap for extra environment variables | `""` | +| `extraVolumes` | Extra volumes for the pods | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the pods | `{}` | +| `existingSecret` | Name of an existing secret | `""` | +| `updateStrategy.type` | Update strategy type for the deployment | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum surge for the rolling update | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable for the rolling update | `25%` | +| `pdb.create` | Create a pod disruption budget for pods | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable autoscaling for forms-flow-api | `false` | +| `autoscaling.minReplicas` | Minimum number of forms-flow-api replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of forms-flow-api replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Seconds for which past recommendations are considered while scaling up | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Priority of policies applied when scaling up | `Max` | +| `autoscaling.behavior.scaleUp.policies` | HPA scaling policies when scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Seconds for which past recommendations are considered while scaling down | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Priority of policies applied when scaling down | `Max` | +| `autoscaling.behavior.scaleDown.policies` | HPA scaling policies when scaling down | `[ { type: Pods, value: 1, periodSeconds: 300 } ]` | +| `formsflow.configmap` | Name of formsflow.ai configmap | `forms-flow-ai` | +| `formsflow.secret` | Name of formsflow.ai secret | `forms-flow-ai` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|---------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress for the service | `true` | +| `ingress.ingressClassName` | Ingress class to be used for the ingress | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress (automatically detected if not set) | `""` | +| `ingress.controller` | Ingress controller type. Options: `default`, `gce` | `default` | +| `ingress.hostname` | Default host for the ingress record | `forms-flow-api.local` | +| `ingress.path` | Default path for the ingress record | `"/api"` | +| `ingress.servicePort` | Backend service port to use (default is http) | `5000` | +| `ingress.annotations` | Additional annotations for the Ingress resource | `{}` | +| `ingress.labels` | Additional labels for the Ingress resource | `{}` | +| `ingress.tls` | Enable TLS configuration for the ingress hostname | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates | `false` | +| `ingress.extraHosts` | Additional hostname(s) for the ingress | `[]` | +| `ingress.extraPaths` | Additional arbitrary paths to add under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostnames | `[]` | +| `ingress.secrets` | Custom certificates as secrets (key and certificate must start with appropriate headers) | `[]` | +| `ingress.extraRules` | Additional rules for the ingress | `[]` | + + +## Resource Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Set container resources according to a common preset (none, nano, micro, small, medium, large) | `small` | +| `resources.limits.cpu` | Maximum CPU limit for the container | `300m` | +| `resources.limits.memory` | Maximum memory limit for the container | `1Gi` | +| `resources.requests.cpu` | Minimum CPU request for the container | `200m` | +| `resources.requests.memory` | Minimum memory request for the container | `512Mi` | +| `customStartupProbe` | Custom startup probe for the component | `{}` | +| `customLivenessProbe` | Custom liveness probe for the component | `{}` | +| `customReadinessProbe` | Custom readiness probe for the component | `{}` | + + +## Service Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Ports for the forms-flow-api service | `[ { name: http, port: 5000, targetPort: http, protocol: TCP } ]` | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Allowed addresses when service is LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | External traffic policy to preserve client source IP | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for the forms-flow-api service | `{}` | +| `service.sessionAffinity` | Session Affinity for the service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service | `{}` | +| `configuration` | Additional configuration options | `[]` | +| `containerPorts.http` | HTTP port for the container | `5000` | + + +## Database Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `database.username` | Database username | `postgres` | +| `database.password` | Database password | `postgres` | +| `database.dbName` | Name of the database | `forms-flow-api` | +| `database.host` | Host for the database | `forms-flow-ai-postgresql-ha-pgpool` | +| `database.port` | Port for the database | `5432` | + diff --git a/charts/forms-flow-bpm/README.md b/charts/forms-flow-bpm/README.md new file mode 100644 index 00000000..d5360039 --- /dev/null +++ b/charts/forms-flow-bpm/README.md @@ -0,0 +1,286 @@ +# Formsflow Workflow Engine + +Formsflow.ai leverages Camunda for workflow and decision automation. + +To know more about Camunda, visit https://camunda.com/. + + +## Introduction + +This chart bootstraps a forms-flow-bpm deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-bpm`: + +```console +helm install forms-flow-bpm forms-flow-bpm +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-bpm forms-flow-bpm --set ingress.ingressClassName=INGRESS_CLASS --set camunda.websocket.securityOrigin=FORMS_FLOW_WEB_URL --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `FORMS_FLOW_WEB_URL` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-bpm on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-bpm charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 600m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi +``` + +### Change Forms-flow-bpm version + +To modify the Forms-flow-bpm version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-bpm) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-bpm + tag: X.Y.Z +``` +## Persistence + +The `forms-flow-bpm` image stores the application logs at the `/logs` path of the container. + +The `forms-flow-bpm` image supports mounting a mail configuration file at the `/app/mail-config.properties` path of the container. This can be done using a ConfigMap and mounting it as a volume. + + +### Add extra environment variables for Vault configuration + +These environment variables are used to configure a Vault for storing external secrets. You can use the extraEnvVars property for this purpose. + +```yaml +extraEnvVars: + - name: VAULT_ENABLED + value: "false" + - name: VAULT_URL + value: "http://{your-ip-address}:8200" + - name: VAULT_TOKEN + value: "" + - name: VAULT_PATH + value: "" + - name: VAULT_SECRET + value: "" +``` + +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-bpm` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## Path Update +The `Forms-flow-bpm` can now be accessed at the `/camunda` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///camunda +``` + +## Parameters + +| Parameter | Description | Default Value | +|----------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment | `1` | +| `existingSecret` | Existing secret containing password, username, dbname | `""` | +| `image.registry` | Container image registry | `docker.io` | +| `image.repository` | Container image repository | `formsflow/forms-flow-bpm` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.tag` | Image tag | `v7.0.0-alpha` | +| `image.pullSecrets` | Pull secrets for the image | `forms-flow-ai-auth` | +| `nameOverride` | Override for common names | `""` | +| `fullnameOverride` | Full override for common names | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `dnsPolicy` | DNS Policy for pod | `ClusterFirst` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Node affinity rules | `{}` | +| `priorityClassName` | Priority class for the pod | `""` | +| `schedulerName` | Name of the scheduler | `default-scheduler` | +| `terminationGracePeriodSeconds` | Grace period for pod termination | `30` | +| `topologySpreadConstraints` | Constraints for pod topology spread | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode | `false` | +| `diagnosticMode.command` | Command to override all containers | `["sleep"]` | +| `diagnosticMode.args` | Arguments to override all containers | `["infinity"]` | +| `hostAliases` | Deployment host aliases | `[]` | +| `serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | +| `serviceAccount.name` | Name of the service account to use (if not set and create is true, a name is generated) | `""` | +| `serviceAccount.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `podManagementPolicy` | Policy for managing pods | `OrderedReady` | +| `podAnnotations` | Annotations for the pod | `{}` | +| `podLabels` | Labels for the pod | `{}` | +| `podSecurityContext.enabled` | Enable pod security context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | File system group change policy | `Always` | +| `podSecurityContext.fsGroup` | File system group for the pod | `1001` | +| `containerSecurityContext.enabled` | Enable container security context | `true` | +| `containerSecurityContext.runAsUser` | User ID for running the container | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID for running the container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Run as non-root user | `false` | +| `containerSecurityContext.privileged` | Privileged mode for the container | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Read-only root filesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop for the container | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type | `RuntimeDefault` | +| `command` | Override default container command (useful for custom images) | `[]` | +| `args` | Override default container args (useful for custom images) | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the forms-flow-bpm container(s) | `{}` | +| `updateStrategy.type` | Update strategy type | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum surge during updates | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable during updates | `25%` | +| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `extraEnvVars` | Additional environment variables for the container | See below | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraVolumes` | Additional volumes for the pod | `{}` | +| `extraVolumeMounts` | Additional volume mounts for the pod | `{}` | +| `existingSecret` | Existing secret containing password, username, dbname | `""` | +| `rbac.create` | Create RBAC resources | `false` | +| `rbac.rules` | Custom RBAC rules | `[]` | +| `pdb.create` | Create Pod Disruption Budget | `true` | +| `pdb.minAvailable` | Minimum available pods | `""` | +| `pdb.maxUnavailable` | Maximum unavailable pods | `""` | +| `livenessProbe.enabled` | Enable liveness probe | `true` | +| `livenessProbe.failureThreshold` | Liveness probe failure threshold | `5` | +| `livenessProbe.initialDelaySeconds` | Initial delay before liveness probe | `120` | +| `livenessProbe.periodSeconds` | How often to perform the liveness probe | `60` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful | `1` | +| `livenessProbe.timeoutSeconds` | Timeout for the liveness probe | `3` | +| `readinessProbe.enabled` | Enable readiness probe | `true` | +| `readinessProbe.failureThreshold` | Readiness probe failure threshold | `5` | +| `readinessProbe.initialDelaySeconds` | Initial delay before readiness probe | `120` | +| `readinessProbe.periodSeconds` | How often to perform the readiness probe | `60` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe | `1` | +| `readinessProbe.timeoutSeconds` | Timeout for the readiness probe | `3` | +| `autoscaling.enabled` | Enable autoscaling | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling | `11` | +| `autoscaling.targetCPU` | Target CPU utilization for autoscaling | `""` | +| `autoscaling.targetMemory` | Target memory utilization for autoscaling | `""` | +| `autoscaling.behavior.scaleUp` | Configuration for scale-up behavior | See values below | +| `autoscaling.behavior.scaleDown` | Configuration for scale-down behavior | See values below | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Time window to stabilize scale-up events | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Policy for selecting scale-up behavior | `Max` | +| `autoscaling.behavior.scaleUp.policies` | Policies for scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Time window to stabilize scale-down events | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Policy for selecting scale-down behavior | `Max` | +| `autoscaling.behavior.scaleDown.policies` | Policies for scaling down | `[{ "type": "Pods", "value": 1, "periodSeconds": 300 }]` | +| `camunda.analytics.database` | Camunda analytics database name | `forms-flow-analytics` | +| `camunda.auth.enabled` | Enable authentication for Camunda | `true` | +| `camunda.database.name` | Name of the Camunda database | `forms-flow-bpm` | +| `camunda.database.port` | Port for the Camunda database | `5432` | +| `camunda.historyLevel` | History level setting for Camunda | `auto` | +| `camunda.securityOrigin` | Allowed security origin for the application | `'*'` | +| `camunda.logLevel` | Logging level for Camunda | `INFO` | +| `mail.protocol` | The protocol used for mail configuration. | `smtp` | +| `mail.from` | The sender's email address. | `` | +| `mail.password` | Password for the email account. | `` | +| `mail.user` | Username for the email account. | `` | +| `mail.alias` | Alias used for sending emails. | `DoNotReply` | +| `mail.folder` | Default folder for incoming emails. | `INBOX` | +| `mail.smtp.auth` | Specifies if SMTP authentication is required. | `true` | +| `mail.smtp.port` | Port number for SMTP server connection. | `5432` | +| `mail.smtp.server` | SMTP server address. | `` | +| `mail.smtp.socketFactory.port` | Port for the SSL socket factory. | `465` | +| `mail.smtp.socketFactory.class` | Class used for the SSL socket factory. | `javax.net.ssl.SSLSocketFactory` | +| `mail.smtp.ssl.enable` | Specifies if SSL is enabled for the SMTP connection. | `false` | +| `mail.store.protocol` | Protocol used for mail storage. | `imaps` | +| `mail.imaps.host` | Hostname of the IMAP server. | `imap.gmail.com` | +| `mail.imaps.port` | Port number for the IMAP server connection. | `993` | +| `mail.imaps.timeout` | Timeout duration for the IMAP connection in milliseconds. | `1000` | +| `mail.attachment.download` | Specifies if attachments should be downloaded. | `true` | +| `mail.attachment.path` | Path where attachments will be saved. | `attachments` | +| `formsflow.configmap` | Name of the FormsFlow configuration map. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret. | `forms-flow-ai` | +| `waitFor` | Service and port to wait for before starting. | `${CAMUNDA_DATABASE_SERVICE_NAME}:${CAMUNDA_DATABASE_PORT}` | + +## Vault Parameters + +| Name | Value | +|---------------|--------------------------------------| +| `VAULT_ENABLED` | `"false"` | +| `VAULT_URL` | `"http://{your-ip-address}:8200"` | +| `VAULT_TOKEN` | `""` | +| `VAULT_PATH` | `""` | +| `VAULT_SECRET` | `""` | + + +## Ingress Parameters + +## Ingress + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for forms-flow-bpm | `true` | +| `ingress.ingressClassName` | Ingress class name to use | `""` | +| `ingress.path` | Ingress path | `"/camunda"` | +| `ingress.servicePort` | Service port for ingress | `8080` | +| `ingress.tls` | Enable TLS for ingress | `true` | +| `ingress.selfSigned` | Use self-signed certificates for TLS | `false` | +| `ingress.extraHosts` | Additional hosts for the ingress | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress | `[]` | +| `ingress.extraTls` | Additional TLS configurations | `[]` | +| `ingress.secrets` | Secrets for TLS configuration | `[]` | +| `ingress.extraRules` | Additional rules for ingress | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Resource preset (e.g., small, medium, large) | `"small"` | +| `resources.limits.cpu` | CPU limit | `600m` | +| `resources.limits.memory` | Memory limit | `1Gi` | +| `resources.requests.cpu` | CPU request | `500m` | +| `resources.requests.memory` | Memory request | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Array of ports for the service | `[{"name": "http", "port": 8080, "targetPort": "http", "protocol": "TCP"}]` | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Allowed addresses for LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | External traffic policy to preserve client source IP | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for the service | `{}` | +| `service.sessionAffinity` | Session affinity for the service (None or ClientIP) | `None` | +| `service.sessionAffinityConfig` | Additional settings for session affinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service | `{}` | + +## Sidecars and Configuration + +| Parameter | Description | Default Value | +|--------------------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| +| `sidecars` | Additional sidecar containers for the pod | `[]` | +| `configuration` | Custom configuration for the application | `""` | +| `existingConfigmap` | Existing ConfigMap to use | `""` | diff --git a/charts/forms-flow-data-analysis/README.md b/charts/forms-flow-data-analysis/README.md new file mode 100644 index 00000000..8732345b --- /dev/null +++ b/charts/forms-flow-data-analysis/README.md @@ -0,0 +1,212 @@ +# Formsflow.ai Sentiment Analysis Component + +Sentiment Analysisis used to understand the sentiments of the customer for products, movies, and other such things, whether they feel positive, negative, or neutral about it. BERT is a very good pre-trained language model which helps machines learn excellent representations of text with respect to context in many natural language tasks. + + +## Introduction + +This chart bootstraps a forms-flow-data-analysis-api deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-data-analysis-api`: + +```console +helm install forms-flow-data-analysis-api forms-flow-data-analysis-api +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm install forms-flow-data-analysis forms-flow-data-analysis --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-data-analysis-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-data-analysis-api charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi +``` + +### Change Forms-flow-data-analysis-api version + +To modify the Forms-flow-data-analysis-api version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-data-analysis-api) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-data-analysis-api + tag: X.Y.Z +``` + +## Persistence + +The `forms-flow-data-analysis` image stores the application logs at the `/forms-flow-data-analysis/app/logs` path of the container. + +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-data-analysis` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## Path Update +The `Forms-flow-data-analysis` can now be accessed at the `/analysis` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///analysis +``` + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment. | `1` | +| `image.registry` | Docker registry for the image. | `docker.io` | +| `image.repository` | Repository for the image. | `formsflow/forms-flow-data-analysis-api` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.tag` | Tag of the image to use. | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets. | `forms-flow-ai-auth` | +| `nameOverride` | Override the name of the deployment. | `""` | +| `fullnameOverride` | Override the full name of the deployment. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for pod scheduling. | `{}` | +| `tolerations` | Tolerations for scheduling pods. | `[]` | +| `affinity` | Affinity rules for pod scheduling. | `{}` | +| `priorityClassName` | Priority class name for scheduling. | `""` | +| `schedulerName` | Name of the scheduler to use for scheduling pods. | `""` | +| `terminationGracePeriodSeconds` | Grace period for pod termination. | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across nodes. | `[]` | +| `diagnosticMode.enabled` | Enables diagnostic mode for the deployment. | `false` | +| `diagnosticMode.command` | Command to run for diagnostic mode. | `["sleep"]` | +| `diagnosticMode.args` | Arguments for the diagnostic command. | `["infinity"]` | +| `hostAliases` | Host aliases for the pods. | `[]` | +| `serviceAccount.create` | Specifies whether a service account should be created. | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | Name of the service account to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Specifies if the service account token should be automatically mounted. | `false` | +| `podAnnotations` | Annotations to apply to the pods. | `{}` | +| `podLabels` | Labels to apply to the pods. | `{}` | +| `podAffinityPreset` | Pod affinity preset to use. | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset to use. | `soft` | +| `nodeAffinityPreset` | Node affinity preset to use. | `{}` | +| `podSecurityContext.enabled` | Specifies if the pod security context is enabled. | `true` | +| `podSecurityContext.fsGroup` | FS group for the pods. | `1001` | +| `containerSecurityContext.enabled` | Specifies if the container security context is enabled. | `true` | +| `containerSecurityContext.runAsUser` | User ID to run the container. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Specifies if the container should run as a non-root user. | `false` | +| `containerSecurityContext.privileged` | Specifies if the container should run in privileged mode. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Specifies if the root filesystem should be read-only. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Specifies if privilege escalation is allowed. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type to use. | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images). | `[]` | +| `args` | Override default container args (useful when using custom images). | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container(s). | `{}` | +| `automountServiceAccountToken` | Specifies if the service account token should be automatically mounted. | `true` | +| `extraEnvVars` | Additional environment variables to pass to the containers. | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables. | `""` | +| `extraVolumes` | Additional volumes to mount to the pods. | `{}` | +| `extraVolumeMounts` | Additional volume mounts for the containers. | `{}` | +| `existingSecret` | Existing secret containing password, username, and dbname. | `""` | +| `updateStrategy.type` | Update strategy for deployment. | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created above the desired number during an update. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during an update. | `25%` | +| `pdb.create` | Specifies whether a PodDisruptionBudget should be created. | `true` | +| `pdb.minAvailable` | Minimum number of pods that must be available. | `""` | +| `pdb.maxUnavailable` | Maximum number of pods that can be unavailable. | `""` | +| `customStartupProbe` | Custom startup probe for the container. | `{}` | +| `customLivenessProbe` | Custom liveness probe for the container. | `{}` | +| `customReadinessProbe` | Custom readiness probe for the container. | `{}` | +| `autoscaling.enabled` | Enable autoscaling for the deployment. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp` | Autoscaling behavior for scale up operations. | `{ stabilizationWindowSeconds: 120, selectPolicy: "Max", policies: [] }` | +| `autoscaling.behavior.scaleDown` | Autoscaling behavior for scale down operations. | `{ stabilizationWindowSeconds: 300, selectPolicy: "Max", policies: [{type: "Pods", value: 1, periodSeconds: 300}] }` | +| `openApiKey` | OpenAI API key for authentication. | `""` | +| `chatbotModelId` | Model ID for the chatbot used in the application. | `gpt-3.5-turbo` | +| `formsflow.configmap` | Name of the FormsFlow configuration map. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret. | `forms-flow-ai` | + +## Ingress Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for forms-flow-data-analysis. | `true` | +| `ingress.ingressClassName` | Name of the ingress class to use. | `""` | +| `ingress.pathType` | Type of path matching for the ingress. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress. | `forms-flow-data-analysis.local` | +| `ingress.path` | Path for the ingress. | `/analysis` | +| `ingress.servicePort` | Service port for the ingress. | `5000` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress. | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates generated by Helm. | `false` | +| `ingress.extraHosts` | Additional hostnames for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | TLS secrets for the ingress. | `[]` | +| `ingress.extraRules` | Additional rules for the ingress. | `[]` | + + +## Resource Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Preset resource allocation for the deployment. | `small` | +| `resources.limits.cpu` | CPU limit for the pods. | `500m` | +| `resources.limits.memory` | Memory limit for the pods. | `1Gi` | +| `resources.requests.cpu` | CPU request for the pods. | `250m` | +| `resources.requests.memory` | Memory request for the pods. | `512Mi` | + + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Service type for the application. | `ClusterIP` | +| `service.ports` | Ports configuration for the service. | `[{name: "http", port: 5000, targetPort: "http", protocol: "TCP"}]` | +| `service.loadBalancerIP` | Load balancer IP for the service. | `""` | +| `service.loadBalancerSourceRanges` | Source ranges for load balancer. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Cluster IP for the service. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity for the service. | `None` | +| `service.sessionAffinityConfig` | Configuration for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + + diff --git a/charts/forms-flow-documents-api/README.md b/charts/forms-flow-documents-api/README.md new file mode 100644 index 00000000..f814bfd6 --- /dev/null +++ b/charts/forms-flow-documents-api/README.md @@ -0,0 +1,211 @@ +# Formsflow Documents API + +The goal of the document API is to generate pdf with form submission data.. + +## Introduction + +This chart bootstraps a forms-flow-documents-api deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-documents-api`: + +```console +helm upgrade --install forms-flow-documents-api forms-flow-documents-api +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm upgrade --install forms-flow-documents-api forms-flow-documents-api --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS` and `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-documents-api on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-documents-api charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 300m + memory: 1Gi + requests: + cpu: 200m + memory: 512Mi +``` + +### Change Forms-flow-documents-api version + +To modify the Forms-flow-documents-api version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-documents-api) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-documents-api + tag: X.Y.Z +``` +## Persistence + +The `forms-flow-documents-api` image stores the application logs at the `/forms-flow-documents/app/logs` path of the container. + +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-documents-api` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## Path Update +The `Forms-flow-documents-api` can now be accessed at the `/docapi` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///docapi +``` + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment. | `1` | +| `image.registry` | Container image registry. | `docker.io` | +| `image.repository` | Repository for the container image. | `formsflow/forms-flow-documents-api` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.tag` | Tag for the container image. | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets. | `["forms-flow-ai-auth"]` | +| `nameOverride` | Override for the name of the deployment. | `""` | +| `fullnameOverride` | Override for the full name of the deployment. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for scheduling pods. | `{}` | +| `tolerations` | Tolerations for scheduling pods. | `[]` | +| `affinity` | Affinity rules for scheduling pods. | `{}` | +| `priorityClassName` | Name of the priority class for the pods. | `""` | +| `schedulerName` | Name of the scheduler to use for the pods. | `""` | +| `terminationGracePeriodSeconds` | Grace period for pod termination. | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across topology domains. | `[]` | +| `diagnosticMode.enabled` | Enable or disable diagnostic mode. | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment. | `["sleep"]` | +| `diagnosticMode.args` | Arguments to override all containers in the deployment. | `["infinity"]` | +| `serviceAccount.create` | Specifies whether a service account should be created. | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | The name of the service account to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Whether to automount the service account token. | `false` | +| `podAnnotations` | Annotations to add to the pod. | `{}` | +| `podLabels` | Labels to add to the pod. | `{}` | +| `podAffinityPreset` | Preset for pod affinity rules. | `""` | +| `podAntiAffinityPreset` | Preset for pod anti-affinity rules. | `soft` | +| `nodeAffinityPreset.type` | Type of node affinity preset. | `""` | +| `nodeAffinityPreset.key` | Key for node affinity preset. | `""` | +| `nodeAffinityPreset.values` | Values for node affinity preset. | `[]` | +| `podSecurityContext.enabled` | Enable pod security context. | `true` | +| `podSecurityContext.fsGroupChangePolicy`| Policy for changing the fsGroup. | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pod. | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pod. | `[]` | +| `podSecurityContext.fsGroup` | fsGroup for the pod. | `1001` | +| `containerSecurityContext.enabled` | Enable container security context. | `true` | +| `containerSecurityContext.seLinuxOptions` | SELinux options for the container. | `{}` | +| `containerSecurityContext.runAsUser` | User ID to run the container as. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container as. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Whether to run the container as a non-root user. | `false` | +| `containerSecurityContext.privileged` | Whether to run the container in privileged mode. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Whether to use a read-only root filesystem. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Whether to allow privilege escalation. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type for the container. | `RuntimeDefault` | +| `command` | Override default container command (useful for custom images). | `[]` | +| `args` | Override default container args (useful for custom images). | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container to automate configuration before or after startup. | `{}` | +| `automountServiceAccountToken` | Whether to automount the service account token. | `true` | +| `extraEnvVars` | Additional environment variables for the container. | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars. | `""` | +| `extraVolumes` | Extra volumes for the container. | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the container. | `{}` | +| `auth.existingSecret` | Existing secret containing password, username, and db name. | `""` | +| `auth.annotations` | Annotations for the auth section. | `{}` | +| `updateStrategy.type` | Type of update strategy for the deployment. | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge`| Maximum surge during updates. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable pods during updates. | `25%` | +| `pdb.create` | Specifies whether a PodDisruptionBudget should be created. | `true` | +| `pdb.minAvailable` | Minimum number of pods that must be available. | `""` | +| `pdb.maxUnavailable` | Maximum number of pods that can be unavailable. | `""` | +| `customStartupProbe` | Custom startup probe for the container. | `{}` | +| `customLivenessProbe` | Custom liveness probe for the container. | `{}` | +| `customReadinessProbe` | Custom readiness probe for the container. | `{}` | +| `autoscaling.enabled` | Enable autoscaling for the deployment. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp` | Autoscaling behavior for scale up operations. | `{ stabilizationWindowSeconds: 120, selectPolicy: "Max", policies: [] }` | +| `autoscaling.behavior.scaleDown` | Autoscaling behavior for scale down operations. | `{ stabilizationWindowSeconds: 300, selectPolicy: "Max", policies: [{type: "Pods", value: 1, periodSeconds: 300}] }` | +| `formsflow.configmap` | Name of the FormsFlow configuration map. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret. | `forms-flow-ai` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for the application. | `true` | +| `ingress.ingressClassName` | Name of the ingress class to use. | `""` | +| `ingress.pathType` | Type of path matching for the ingress. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress. | `forms-flow-documents-api.local` | +| `ingress.path` | Path for the ingress. | `/docapi` | +| `ingress.servicePort` | Service port for the ingress. | `5006` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress. | `true` | +| `ingress.selfSigned` | Create a TLS secret using self-signed certificates generated by Helm. | `false` | +| `ingress.extraHosts` | Additional hostnames for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | TLS secrets for the ingress. | `[]` | +| `ingress.extraRules` | Additional rules for the ingress. | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Preset resource allocation for the deployment. | `small` | +| `resources.limits.cpu` | CPU limit for the pods. | `200m` | +| `resources.limits.memory` | Memory limit for the pods. | `1Gi` | +| `resources.requests.cpu` | CPU request for the pods. | `100m` | +| `resources.requests.memory` | Memory request for the pods. | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Service type for the application. | `ClusterIP` | +| `service.ports` | Ports configuration for the service. | `[{name: "http", port: 5006, targetPort: "http", protocol: "TCP"}]` | +| `service.loadBalancerIP` | Load balancer IP for the service. | `""` | +| `service.loadBalancerSourceRanges` | Source ranges for load balancer. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Cluster IP for the service. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity for the service. | `None` | +| `service.sessionAffinityConfig` | Configuration for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + diff --git a/charts/forms-flow-forms/README.md b/charts/forms-flow-forms/README.md new file mode 100644 index 00000000..f85ae6f9 --- /dev/null +++ b/charts/forms-flow-forms/README.md @@ -0,0 +1,225 @@ +# Form Management Platform + +formsflow.ai leverages form.io to build "serverless" data management applications using a simple drag-and-drop form builder interface. + +To know more about form.io, go to https://form.io. + +## Introduction + +This chart bootstraps a forms-flow-forms deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-forms`: + +```console +helm install forms-flow-forms forms-flow-forms +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install forms-flow-forms forms-flow-forms --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-forms on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-forms charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi +``` + +### Change Forms-flow-forms version + +To modify the Forms-flow-forms version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-forms) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-forms + tag: X.Y.Z +``` +## Persistence + +The `forms-flow-forms` image stores the application logs at the `/app/logs` path of the container. + +## Sidecar Configuration + +To add a sidecar to your `Forms-flow-forms` deployment, you can use the following configuration. In this case, the sidecar container is an Nginx container used for configuration management. + +### Example Sidecar Configuration + +```yaml +sidecars: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf +``` + +## Path Update +The `Forms-flow-forms` can now be accessed at the `/formio` route. Ensure that all configurations and requests reference this updated path. + +For example: + +``` +https:///formio +``` + +## Parameters + +| Parameter | Description | Default Value | +|------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas for the deployment. | `1` | +| `image.registry` | Docker registry for the application image. | `docker.io` | +| `image.repository` | Repository for the application image. | `formsflow/forms-flow-forms` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.tag` | Tag of the application image. | `v7.0.0-alpha` | +| `image.pullSecrets` | Array of image pull secrets. | `["forms-flow-ai-auth"]` | +| `nameOverride` | Override for the application name. | `""` | +| `fullnameOverride` | Override for the full application name. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for pod scheduling. | `{}` | +| `tolerations` | Tolerations for pod scheduling. | `[]` | +| `affinity` | Affinity settings for pod scheduling. | `{}` | +| `priorityClassName` | Priority class name for the pods. | `""` | +| `schedulerName` | Custom scheduler name for the deployment. | `""` | +| `terminationGracePeriodSeconds` | Termination grace period for pods. | `""` | +| `topologySpreadConstraints` | Constraints to spread pods across topology domains. | `[]` | +| `diagnosticMode.enabled` | Enable or disable diagnostic mode for the deployment. | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment. | `["sleep"]` | +| `diagnosticMode.args` | Arguments to override all containers in the deployment. | `["infinity"]` | +| `podSecurityContext.enabled` | Enable or disable pod security context. | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Policy for changing the filesystem group. | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pod. | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pod. | `[]` | +| `podSecurityContext.fsGroup` | Filesystem group for the pod. | `1001` | +| `containerSecurityContext.enabled` | Enable or disable container security context. | `true` | +| `containerSecurityContext.seLinuxOptions`| SELinux options for the container. | `{}` | +| `containerSecurityContext.runAsUser` | User ID to run the container. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Ensure the container does not run as root. | `false` | +| `containerSecurityContext.privileged` | Enable privileged mode for the container. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Enable read-only root filesystem for the container. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation for the container. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type for the container. | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images). | `[]` | +| `args` | Override default container args (useful when using custom images). | `[]` | +| `lifecycleHooks` | Lifecycle hooks for the container(s) to automate configuration before or after startup. | `{}` | +| `automountServiceAccountToken` | Specify whether the service account token should be automatically mounted. | `true` | +| `extraEnvVars` | Extra environment variables for the container. | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars. | `""` | +| `extraVolumes` | Extra volumes to attach to the pod. | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the containers. | `{}` | +| `auth.existingSecret` | Existing secret containing password, username, and database name. | `""` | +| `auth.annotations` | Annotations for the auth settings. | `{}` | +| `updateStrategy.type` | Update strategy for the deployment. | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created above the desired number of pods. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during the update. | `25%` | +| `rbac.create` | Create RBAC roles and bindings for the application. | `false` | +| `rbac.rules` | RBAC rules to apply for the application. | `[]` | +| `pdb.create` | Create a Pod Disruption Budget for the application. | `true` | +| `pdb.minAvailable` | Minimum number of pods that must be available during a disruption. | `""` | +| `pdb.maxUnavailable` | Maximum number of pods that can be unavailable during a disruption. | `""` | +| `livenessProbe.enabled` | Enable liveness probe for the application. | `true` | +| `livenessProbe.failureThreshold` | Number of failures before the pod is considered unhealthy. | `5` | +| `livenessProbe.initialDelaySeconds` | Initial delay before starting liveness checks. | `120` | +| `livenessProbe.periodSeconds` | Frequency of liveness checks. | `60` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful. | `1` | +| `livenessProbe.timeoutSeconds` | Timeout for liveness checks. | `3` | +| `readinessProbe.enabled` | Enable readiness probe for the application. | `true` | +| `readinessProbe.failureThreshold` | Number of failures before the pod is considered not ready. | `5` | +| `readinessProbe.initialDelaySeconds` | Initial delay before starting readiness checks. | `120` | +| `readinessProbe.periodSeconds` | Frequency of readiness checks. | `60` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful. | `1` | +| `readinessProbe.timeoutSeconds` | Timeout for readiness checks. | `3` | +| `customStartupProbe` | Custom startup probe for the application. | `{}` | +| `customLivenessProbe` | Custom liveness probe for the application. | `{}` | +| `customReadinessProbe` | Custom readiness probe for the application. | `{}` | +| `ExternalAuth.ExistingMailAuthKey` | Existing key for mail authentication. | `""` | +| `ExternalAuth.ExistingPwdAuthKey` | Existing key for password authentication. | `""` | +| `ExternalAuth.ExistingSecretName` | Name of the existing secret for external authentication. | `""` | +| `formsflow.configmap` | Name of the Formsflow configmap for integration environment variables. | `forms-flow-ai` | +| `formsflow.secret` | Name of the Formsflow secret for integration environment variables. | `forms-flow-ai` | +| `autoscaling.enabled` | Enable autoscaling for the application. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for the application. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for the application. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization percentage for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | Stabilization window for scaling up. | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | Select policy for scaling up. | `Max` | +| `autoscaling.behavior.scaleUp.policies` | HPA scaling policies when scaling up. | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | Stabilization window for scaling down. | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | Select policy for scaling down. | `Max` | +| `autoscaling.behavior.scaleDown.policies` | HPA scaling policies when scaling down. | `[{type: "Pods", value: 1, periodSeconds: 300}]` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable ingress record generation for the application. | `true` | +| `ingress.ingressClassName` | Ingress class name to use for the ingress resource. | `""` | +| `ingress.pathType` | Path type for the ingress resource. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version for the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress resource. | `forms-flow-forms.local` | +| `ingress.path` | Path for the ingress resource. | `/formio` | +| `ingress.servicePort` | Service port for the ingress resource. | `3001` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress resource. | `true` | +| `ingress.selfSigned` | Create a self-signed TLS certificate for the ingress. | `false` | +| `ingress.extraHosts` | Additional hostnames for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | TLS secrets for the ingress. | `[]` | +| `ingress.extraRules` | Extra rules for the ingress resource. | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Preset for resource requests and limits. | `small` | +| `resources.limits.cpu` | Maximum CPU limit for the pod. | `200m` | +| `resources.limits.memory` | Maximum memory limit for the pod. | `1Gi` | +| `resources.requests.cpu` | Requested CPU for the pod. | `100m` | +| `resources.requests.memory` | Requested memory for the pod. | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Kubernetes service type (e.g., `ClusterIP`, `NodePort`, `LoadBalancer`). | `ClusterIP` | +| `service.ports` | Array of service ports for the application. | `[{name: "http", port: 3001, targetPort: "http", protocol: "TCP"}]` | +| `service.loadBalancerIP` | LoadBalancer IP if service type is `LoadBalancer`. | `""` | +| `service.loadBalancerSourceRanges` | Allowed source ranges for LoadBalancer service. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Static clusterIP or `None` for headless services. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity for the service. | `None` | +| `service.sessionAffinityConfig` | Additional settings for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + + + diff --git a/charts/forms-flow-idm/README.md b/charts/forms-flow-idm/README.md new file mode 100644 index 00000000..66e09994 --- /dev/null +++ b/charts/forms-flow-idm/README.md @@ -0,0 +1,804 @@ + + +# Forms-flow-idm + +The **formsflow.ai** framework could be hooked up with any OpenID Connect compliant Identity Management Server. To date, we have only tested [Keycloak](https://github.com/keycloak/keycloak). + +## Introduction + +This chart bootstraps a forms-flow-idm deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## TL;DR + +```console +helm upgrade --install forms-flow-idm forms-flow-idm +``` + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm upgrade --install forms-flow-idm forms-flow-idm +``` + +> Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm upgrade --install forms-flow-idm forms-flow-idm --set keycloak.ingress.hostname=KEYCLOAK_URL --set postgresql-ha.postgresql.podSecurityContext.enabled=true --set keycloak.ingress.ingressClassName=INGRESS_CLASS +``` + +These commands deploy a Keycloak application on the Kubernetes cluster in the default configuration. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Resource requests and limits + +Forms-flow-idm charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling vs Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Use an external database + +Sometimes, you may want to have Keycloak connect to an external PostgreSQL database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. Here is an example: + +```text +postgresql.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=5432 +``` + +> NOTE: Only PostgreSQL database server is supported as external database + +It is not supported but possible to run Keycloak with an external MSSQL database with the following settings: + +```yaml +externalDatabase: + host: "mssql.example.com" + port: 1433 + user: keycloak + database: keycloak + existingSecret: passwords +extraEnvVars: + - name: KC_DB # override values from the conf file + value: 'mssql' + - name: KC_DB_URL + value: 'jdbc:sqlserver://mssql.example.com:1433;databaseName=keycloak;' +``` + +### Importing and exporting a realm + +#### Importing a realm + +You can import a realm by setting the `KEYCLOAK_EXTRA_ARGS` to contain the `--import-realm` argument. + +This will import all `*.json` under `/opt/bitnami/keycloak/data/import` files as a realm into keycloak as per the +official documentation [here](https://www.keycloak.org/server/importExport#_importing_a_realm_from_a_directory). You +can supply the files by mounting a volume e.g. with docker compose as follows: + +```yaml +keycloak: + image: bitnami/keycloak:latest + volumes: + - /local/path/to/realms/folder:/opt/bitnami/keycloak/data/import +``` + +#### Exporting a realm + +You can export a realm through the GUI but it will not export users even the option is set, this is a known keycloak +[bug](https://github.com/keycloak/keycloak/issues/23970). + +By using the `kc.sh` script you can export a realm with users. Be sure to mount the export folder to a local folder: + +```yaml +keycloak: + image: bitnami/keycloak:latest + volumes: + - /local/path/to/export/folder:/export +``` + +Then open a terminal in the running keycloak container and run: + +```bash +kc.sh export --dir /export/ --users realm_file +```` + +This will export the all the realms with users to the `/export` folder. + +### Configure Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### Configure admin Ingress + +In addition to the Ingress resource described above, this chart also provides the ability to define an Ingress for the admin area of Keycloak, for example the `master` realm. + +For this scenario, you can use the Keycloak Config CLI integration with the following values, where `keycloak-admin.example.com` is to be replaced by the actual hostname: + +```yaml +adminIngress: + enabled: true + hostname: keycloak-admin.example.com +keycloakConfigCli: + enabled: true + configuration: + master.json: | + { + "realm" : "master", + "attributes": { + "frontendUrl": "https://keycloak-admin.example.com" + } + } +``` + +### Configure TLS Secrets for use with Ingress + +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`. + +### Use with ingress offloading SSL + +If your ingress controller has the SSL Termination, you should set `proxy` to `edge`. + +### Manage secrets and passwords + +This chart provides several ways to manage passwords: + +- Values passed to the chart: In this scenario, a new secret including all the passwords will be created during the chart installation. When upgrading, it is necessary to provide the secrets to the chart as shown below. Replace the KEYCLOAK_ADMIN_PASSWORD, POSTGRESQL_PASSWORD and POSTGRESQL_PVC placeholders with the correct passwords and PVC name. + +```console +helm upgrade keycloak bitnami/keycloak \ + --set auth.adminPassword=KEYCLOAK_ADMIN_PASSWORD \ + --set postgresql.postgresqlPassword=POSTGRESQL_PASSWORD \ + --set postgresql.persistence.existingClaim=POSTGRESQL_PVC +``` + +- An existing secret with all the passwords via the `existingSecret` parameter. + +### Add extra environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: KEYCLOAK_LOG_LEVEL + value: DEBUG +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Initialize a fresh instance + +The [Bitnami Keycloak](https://github.com/bitnami/containers/tree/main/bitnami/keycloak) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to this option, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed extensions is `.sh`. + +### Deploy extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `enableServiceLinks` | If set to false, disable Kubernetes service links in the pod spec | `true` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `dnsPolicy` | DNS Policy for pod | `""` | +| `dnsConfig` | DNS Configuration pod | `{}` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the the statefulset | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the the statefulset | `["infinity"]` | + +### Keycloak parameters + +| Name | Description | Value | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------- | +| `image.registry` | Keycloak image registry | `REGISTRY_NAME` | +| `image.repository` | Keycloak image repository | `REPOSITORY_NAME/keycloak` | +| `image.digest` | Keycloak image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Keycloak image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `auth.adminUser` | Keycloak administrator user | `user` | +| `auth.adminPassword` | Keycloak administrator password for the new user | `""` | +| `auth.existingSecret` | Existing secret containing Keycloak admin password | `""` | +| `auth.passwordSecretKey` | Key where the Keycloak admin password is being stored inside the existing secret. | `""` | +| `auth.annotations` | Additional custom annotations for Keycloak auth secret object | `{}` | +| `customCaExistingSecret` | Name of the secret containing the Keycloak custom CA certificates. The secret will be mounted as a directory and configured using KC_TRUSTSTORE_PATHS. | `""` | +| `tls.enabled` | Enable TLS encryption. Required for HTTPs traffic. | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `tls.existingSecret` | Existing secret containing the TLS certificates per Keycloak replica | `""` | +| `tls.usePem` | Use PEM certificates as input instead of PKS12/JKS stores | `false` | +| `tls.truststoreFilename` | Truststore filename inside the existing secret | `keycloak.truststore.jks` | +| `tls.keystoreFilename` | Keystore filename inside the existing secret | `keycloak.keystore.jks` | +| `tls.keystorePassword` | Password to access the keystore when it's password-protected | `""` | +| `tls.truststorePassword` | Password to access the truststore when it's password-protected | `""` | +| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords. | `""` | +| `spi.existingSecret` | Existing secret containing the Keycloak truststore for SPI connection over HTTPS/TLS | `""` | +| `spi.truststorePassword` | Password to access the truststore when it's password-protected | `""` | +| `spi.truststoreFilename` | Truststore filename inside the existing secret | `keycloak-spi.truststore.jks` | +| `spi.passwordsSecret` | Secret containing the SPI Truststore passwords. | `""` | +| `spi.hostnameVerificationPolicy` | Verify the hostname of the server's certificate. Allowed values: "ANY", "WILDCARD", "STRICT". | `""` | +| `adminRealm` | Name of the admin realm | `master` | +| `production` | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. | `false` | +| `proxyHeaders` | Set Keycloak proxy headers | `""` | +| `proxy` | reverse Proxy mode edge, reencrypt, passthrough or none | `""` | +| `httpRelativePath` | Set the path relative to '/' for serving resources. Useful if you are migrating from older version which were using '/auth/' | `/` | +| `configuration` | Keycloak Configuration. Auto-generated based on other parameters when not specified | `""` | +| `existingConfigmap` | Name of existing ConfigMap with Keycloak configuration | `""` | +| `extraStartupArgs` | Extra default startup args | `""` | +| `enableDefaultInitContainers` | Deploy default init containers | `true` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Extra environment variables to be set on Keycloak container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + +### Keycloak statefulset parameters + +| Name | Description | Value | +| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of Keycloak replicas to deploy | `1` | +| `revisionHistoryLimitCount` | Number of controller revisions to keep | `10` | +| `containerPorts.http` | Keycloak HTTP container port | `8080` | +| `containerPorts.https` | Keycloak HTTPS container port | `8443` | +| `extraContainerPorts` | Optionally specify extra list of additional port-mappings for Keycloak container | `[]` | +| `statefulsetAnnotations` | Optionally add extra annotations on the statefulset resource | `{}` | +| `podSecurityContext.enabled` | Enabled Keycloak pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Keycloak pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe on Keycloak containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `300` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `1` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on Keycloak containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on Keycloak containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom Liveness probes for Keycloak | `{}` | +| `customReadinessProbe` | Custom Rediness probes Keycloak | `{}` | +| `customStartupProbe` | Custom Startup probes for Keycloak | `{}` | +| `lifecycleHooks` | LifecycleHooks to set additional configuration at startup | `{}` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `podLabels` | Extra labels for Keycloak pods | `{}` | +| `podAnnotations` | Annotations for Keycloak pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `podManagementPolicy` | Pod management policy for the Keycloak statefulset | `Parallel` | +| `priorityClassName` | Keycloak pods' Priority Class Name | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `terminationGracePeriodSeconds` | Seconds Keycloak pod needs to terminate gracefully | `""` | +| `updateStrategy.type` | Keycloak statefulset strategy type | `RollingUpdate` | +| `updateStrategy.rollingUpdate` | Keycloak statefulset rolling update configuration parameters | `{}` | +| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `extraVolumes` | Optionally specify extra list of additional volumes for Keycloak pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Keycloak container(s) | `[]` | +| `initContainers` | Add additional init containers to the Keycloak pods | `[]` | +| `sidecars` | Add additional sidecar containers to the Keycloak pods | `[]` | + +### Exposure parameters + +| Name | Description | Value | +| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.http.enabled` | Enable http port on service | `true` | +| `service.ports.http` | Keycloak service HTTP port | `80` | +| `service.ports.https` | Keycloak service HTTPS port | `443` | +| `service.nodePorts` | Specify the nodePort values for the LoadBalancer and NodePort service types. | `{}` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | Keycloak service clusterIP IP | `""` | +| `service.loadBalancerIP` | loadBalancerIP for the SuiteCRM Service (optional, cloud specific) | `""` | +| `service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.annotations` | Additional custom annotations for Keycloak service | `{}` | +| `service.extraPorts` | Extra port to expose on Keycloak service | `[]` | +| `service.extraHeadlessPorts` | Extra ports to expose on Keycloak headless service | `[]` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `service.headless.extraPorts` | Extra ports to expose on Keycloak headless service | `[]` | +| `ingress.enabled` | Enable ingress record generation for Keycloak | `false` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.controller` | The ingress controller type. Currently supports `default` and `gce` | `default` | +| `ingress.hostname` | Default host for the ingress record (evaluated as template) | `keycloak.local` | +| `ingress.hostnameStrict` | Disables dynamically resolving the hostname from request headers. | `false` | +| `ingress.path` | Default path for the ingress record (evaluated as template) | `""` | +| `ingress.servicePort` | Backend service port to use | `http` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.labels` | Additional labels for the Ingress resource. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `adminIngress.enabled` | Enable admin ingress record generation for Keycloak | `false` | +| `adminIngress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `adminIngress.pathType` | Ingress path type | `ImplementationSpecific` | +| `adminIngress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `adminIngress.controller` | The ingress controller type. Currently supports `default` and `gce` | `default` | +| `adminIngress.hostname` | Default host for the admin ingress record (evaluated as template) | `keycloak.local` | +| `adminIngress.path` | Default path for the admin ingress record (evaluated as template) | `""` | +| `adminIngress.servicePort` | Backend service port to use | `http` | +| `adminIngress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `adminIngress.labels` | Additional labels for the Ingress resource. | `{}` | +| `adminIngress.tls` | Enable TLS configuration for the host defined at `adminIngress.hostname` parameter | `false` | +| `adminIngress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `adminIngress.extraHosts` | An array with additional hostname(s) to be covered with the admin ingress record | `[]` | +| `adminIngress.extraPaths` | Any additional arbitrary paths that may need to be added to the admin ingress under the main host. | `[]` | +| `adminIngress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `adminIngress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `adminIngress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### RBAC parameter + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount for Keycloak pods | `true` | +| `serviceAccount.name` | Name of the created ServiceAccount | `""` | +| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `serviceAccount.extraLabels` | Additional labels for the ServiceAccount | `{}` | +| `rbac.create` | Whether to create and use RBAC resources or not | `false` | +| `rbac.rules` | Custom RBAC rules | `[]` | + +### Other parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------- | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable autoscaling for Keycloak | `false` | +| `autoscaling.minReplicas` | Minimum number of Keycloak replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of Keycloak replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `autoscaling.behavior.scaleUp.stabilizationWindowSeconds` | The number of seconds for which past recommendations should be considered while scaling up | `120` | +| `autoscaling.behavior.scaleUp.selectPolicy` | The priority of policies that the autoscaler will apply when scaling up | `Max` | +| `autoscaling.behavior.scaleUp.policies` | HPA scaling policies when scaling up | `[]` | +| `autoscaling.behavior.scaleDown.stabilizationWindowSeconds` | The number of seconds for which past recommendations should be considered while scaling down | `300` | +| `autoscaling.behavior.scaleDown.selectPolicy` | The priority of policies that the autoscaler will apply when scaling down | `Max` | +| `autoscaling.behavior.scaleDown.policies` | HPA scaling policies when scaling down | `[]` | + +### Metrics parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | ------- | +| `metrics.enabled` | Enable exposing Keycloak statistics | `false` | +| `metrics.service.ports.http` | Metrics service HTTP port | `8080` | +| `metrics.service.annotations` | Annotations for enabling prometheus to access the metrics endpoints | `{}` | +| `metrics.service.extraPorts` | Add additional ports to the keycloak metrics service (i.e. admin port 9000) | `[]` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.port` | Metrics service HTTP port | `http` | +| `metrics.serviceMonitor.endpoints` | The endpoint configuration of the ServiceMonitor. Path is mandatory. Interval, timeout and labellings can be overwritten. | `[]` | +| `metrics.serviceMonitor.path` | Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead | `""` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Create PrometheusRule Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.prometheusRule.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.groups` | Groups, containing the alert rules. | `[]` | + +### keycloak-config-cli parameters + +| Name | Description | Value | +| --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | +| `keycloakConfigCli.enabled` | Whether to enable keycloak-config-cli job | `false` | +| `keycloakConfigCli.image.registry` | keycloak-config-cli container image registry | `REGISTRY_NAME` | +| `keycloakConfigCli.image.repository` | keycloak-config-cli container image repository | `REPOSITORY_NAME/keycloak-config-cli` | +| `keycloakConfigCli.image.digest` | keycloak-config-cli container image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `keycloakConfigCli.image.pullPolicy` | keycloak-config-cli container image pull policy | `IfNotPresent` | +| `keycloakConfigCli.image.pullSecrets` | keycloak-config-cli container image pull secrets | `[]` | +| `keycloakConfigCli.annotations` | Annotations for keycloak-config-cli job | `{}` | +| `keycloakConfigCli.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `keycloakConfigCli.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `keycloakConfigCli.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `keycloakConfigCli.hostAliases` | Job pod host aliases | `[]` | +| `keycloakConfigCli.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if keycloakConfigCli.resources is set (keycloakConfigCli.resources is recommended for production). | `small` | +| `keycloakConfigCli.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `keycloakConfigCli.containerSecurityContext.enabled` | Enabled keycloak-config-cli Security Context | `true` | +| `keycloakConfigCli.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `keycloakConfigCli.containerSecurityContext.runAsUser` | Set keycloak-config-cli Security Context runAsUser | `1001` | +| `keycloakConfigCli.containerSecurityContext.runAsGroup` | Set keycloak-config-cli Security Context runAsGroup | `1001` | +| `keycloakConfigCli.containerSecurityContext.runAsNonRoot` | Set keycloak-config-cli Security Context runAsNonRoot | `true` | +| `keycloakConfigCli.containerSecurityContext.privileged` | Set keycloak-config-cli Security Context privileged | `false` | +| `keycloakConfigCli.containerSecurityContext.readOnlyRootFilesystem` | Set keycloak-config-cli Security Context readOnlyRootFilesystem | `true` | +| `keycloakConfigCli.containerSecurityContext.allowPrivilegeEscalation` | Set keycloak-config-cli Security Context allowPrivilegeEscalation | `false` | +| `keycloakConfigCli.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `keycloakConfigCli.containerSecurityContext.seccompProfile.type` | Set keycloak-config-cli Security Context seccomp profile | `RuntimeDefault` | +| `keycloakConfigCli.podSecurityContext.enabled` | Enabled keycloak-config-cli pods' Security Context | `true` | +| `keycloakConfigCli.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `keycloakConfigCli.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `keycloakConfigCli.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `keycloakConfigCli.podSecurityContext.fsGroup` | Set keycloak-config-cli pod's Security Context fsGroup | `1001` | +| `keycloakConfigCli.backoffLimit` | Number of retries before considering a Job as failed | `1` | +| `keycloakConfigCli.podLabels` | Pod extra labels | `{}` | +| `keycloakConfigCli.podAnnotations` | Annotations for job pod | `{}` | +| `keycloakConfigCli.extraEnvVars` | Additional environment variables to set | `[]` | +| `keycloakConfigCli.nodeSelector` | Node labels for pod assignment | `{}` | +| `keycloakConfigCli.podTolerations` | Tolerations for job pod assignment | `[]` | +| `keycloakConfigCli.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `keycloakConfigCli.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `keycloakConfigCli.extraVolumes` | Extra volumes to add to the job | `[]` | +| `keycloakConfigCli.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | +| `keycloakConfigCli.initContainers` | Add additional init containers to the Keycloak config cli pod | `[]` | +| `keycloakConfigCli.sidecars` | Add additional sidecar containers to the Keycloak config cli pod | `[]` | +| `keycloakConfigCli.configuration` | keycloak-config-cli realms configuration | `{}` | +| `keycloakConfigCli.existingConfigmap` | ConfigMap with keycloak-config-cli configuration | `""` | +| `keycloakConfigCli.cleanupAfterFinished.enabled` | Enables Cleanup for Finished Jobs | `false` | +| `keycloakConfigCli.cleanupAfterFinished.seconds` | Sets the value of ttlSecondsAfterFinished | `600` | + +### Database parameters + +| Name | Description | Value | +| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------ | +| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | +| `postgresql.auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""` | +| `postgresql.auth.username` | Name for a custom user to create | `bn_keycloak` | +| `postgresql.auth.password` | Password for the custom user to create | `""` | +| `postgresql.auth.database` | Name for a custom database to create | `bitnami_keycloak` | +| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | +| `postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` | +| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `externalDatabase.host` | Database host | `""` | +| `externalDatabase.port` | Database port number | `5432` | +| `externalDatabase.user` | Non-root username for Keycloak | `bn_keycloak` | +| `externalDatabase.password` | Password for the non-root username for Keycloak | `""` | +| `externalDatabase.database` | Keycloak database name | `bitnami_keycloak` | +| `externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `""` | +| `externalDatabase.existingSecretHostKey` | Name of an existing secret key containing the database host name | `""` | +| `externalDatabase.existingSecretPortKey` | Name of an existing secret key containing the database port | `""` | +| `externalDatabase.existingSecretUserKey` | Name of an existing secret key containing the database user | `""` | +| `externalDatabase.existingSecretDatabaseKey` | Name of an existing secret key containing the database name | `""` | +| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `""` | +| `externalDatabase.annotations` | Additional custom annotations for external database secret object | `{}` | + +### Keycloak Cache parameters + +| Name | Description | Value | +| ----------------- | -------------------------------------------------------------------------- | ------------ | +| `cache.enabled` | Switch to enable or disable the keycloak distributed cache for kubernetes. | `true` | +| `cache.stackName` | Set infinispan cache stack to use | `kubernetes` | +| `cache.stackFile` | Set infinispan cache stack filename to use | `""` | + +### Keycloak Logging parameters + +| Name | Description | Value | +| ---------------- | ------------------------------------------------------------------------------ | --------- | +| `logging.output` | Alternates between the default log output format or json format | `default` | +| `logging.level` | Allowed values as documented: FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL, OFF | `INFO` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release --set auth.adminPassword=secretpassword oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the Keycloak administrator password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/keycloak +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/keycloak/values.yaml) + +Keycloak realms, users and clients can be created from the Keycloak administration panel. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 21.0.0 + +This major release updates the keycloak branch to its newest major, 24.x.x. Follow the [upstream documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-24-0-0) for upgrade instructions. + +### To 20.0.0 + +This major bump changes the following security defaults: + +- `runAsGroup` is changed from `0` to `1001` +- `readOnlyRootFilesystem` is set to `true` +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +### To 19.0.0 + +This major release bumps the PostgreSQL chart version to [14.x.x](https://github.com/bitnami/charts/pull/22750); no major issues are expected during the upgrade. + +### To 17.0.0 + +This major updates the PostgreSQL subchart to its newest major, 13.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1300) you can find more information about the changes introduced in that version. + +### To 15.0.0 + +This major updates the default serviceType from `LoadBalancer` to `ClusterIP` to avoid inadvertently exposing Keycloak directly to the internet without an Ingress. + +### To 12.0.0 + +This major updates the PostgreSQL subchart to its newest major, 12.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1200) you can find more information about the changes introduced in that version. + +### To 10.0.0 + +This major release updates Keycloak to its major version `19`. Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-19-0-0) for a complete list of changes and further information. + +### To 9.0.0 + +This major release updates Keycloak to its major version `18`. Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-18-0-0) for a complete list of changes and further information. + +### To 8.0.0 + +This major release updates Keycloak to its major version `17`. Among other features, this new version has deprecated WildFly in favor of Quarkus, which introduces breaking changes like: + +- Removal of `/auth` from the default context path. +- Changes in the configuration and deployment of custom providers. +- Significant changes in configuring Keycloak. + +Please, refer to the official [Keycloak migration documentation](https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-17-0-0) and [Migrating to Quarkus distribution document](https://www.keycloak.org/migration/migrating-to-quarkus) for a complete list of changes and further information. + +### To 7.0.0 + +This major release updates the PostgreSQL subchart to its newest major *11.x.x*, which contain several changes in the supported values (check the [upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1100) to obtain more information). + +#### Upgrading Instructions + +To upgrade to *7.0.0* from *6.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *keycloak* and the release namespace *default*): + +1. Obtain the credentials and the names of the PVCs used to hold the data on your current release: + +```console +export KEYCLOAK_PASSWORD=$(kubectl get secret --namespace default keycloak -o jsonpath="{.data.admin-password}" | base64 --decode) +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default keycloak-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=keycloak,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option *--cascade=false*) and secret: + +```console +kubectl delete statefulsets.apps --cascade=false keycloak-postgresql +kubectl delete secret keycloak-postgresql --namespace default +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +CURRENT_PG_VERSION=$(kubectl exec keycloak-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION') +helm upgrade keycloak bitnami/keycloak \ + --set auth.adminPassword=$KEYCLOAK_PASSWORD \ + --set postgresql.image.tag=$CURRENT_PG_VERSION \ + --set postgresql.auth.password=$POSTGRESQL_PASSWORD \ + --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC +``` + +1. Delete the existing PostgreSQL pods and the new statefulset will create a new one: + +```console +kubectl delete pod keycloak-postgresql-0 +``` + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running *helm dependency update*, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore. +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3. + +#### Useful links + +- [Bitnami Tutorial](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-resolve-helm2-helm3-post-migration-issues-index.html) +- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration) +- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3) + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/forms-flow-web/README.md b/charts/forms-flow-web/README.md new file mode 100644 index 00000000..fd04ad69 --- /dev/null +++ b/charts/forms-flow-web/README.md @@ -0,0 +1,190 @@ +# Formsflow.ai Web Application + +formsflow.ai delivers progressive web application with React version 17.0.2 and create-react-app. Also currently uses form.io version 3.2.0. + +## Introduction + +This chart bootstraps a forms-flow-web deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `forms-flow-web`: + +```console +helm install forms-flow-web forms-flow-web +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + + +```console +helm install forms-flow-web forms-flow-web --set ingress.ingressClassName=INGRESS_CLASS --set ingress.hostname=HOSTNAME +``` + +> Note: You need to substitute the placeholders `INGRESS_CLASS`, `HOSTNAME` with a reference to your Helm chart registry and repository. For example, in the case of Formsflow, you need to use `DOMAIN_NAME=example.com` and `INGRESS_CLASS=nginx` + +These commands deploy Forms-flow-web on the Kubernetes cluster + +> **Tip**: List all releases using `helm list` + +### Resource requests and limits + +Forms-flow-web charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +```yaml +resources: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi +``` + +### Change Forms-flow-web version + +To modify the Forms-flow-web version used in this chart you can specify a [valid image tag](https://hub.docker.com/repository/docker/formsflow/forms-flow-web) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +```yaml +image: + registry: docker.io + repository: formsflow/forms-flow-web + tag: X.Y.Z +``` + +## Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `replicaCount` | Number of replicas to run for the application. | `1` | +| `image.registry` | Docker registry for the application image. | `docker.io` | +| `image.repository` | Repository name for the application image. | `formsflow/forms-flow-web` | +| `image.pullPolicy` | Image pull policy for the application. | `IfNotPresent` | +| `image.tag` | Tag of the image to use for the application. | `v7.0.0-alpha` | +| `image.pullSecrets` | Secrets to use for pulling the application image. | `["forms-flow-ai-auth"]` | +| `nameOverride` | Override for the name of the application. | `""` | +| `fullnameOverride` | Override for the full name of the application. | `""` | +| `commonLabels` | Common labels to apply to all resources. | `{}` | +| `commonAnnotations` | Common annotations to apply to all resources. | `{}` | +| `nodeSelector` | Node selector for scheduling pods. | `{}` | +| `tolerations` | Tolerations for scheduling pods. | `[]` | +| `affinity` | Affinity rules for scheduling pods. | `{}` | +| `priorityClassName` | Name of the priority class for the application pods. | `""` | +| `schedulerName` | Name of the scheduler to use for scheduling pods. | `""` | +| `terminationGracePeriodSeconds` | Grace period for pod termination. | `""` | +| `topologySpreadConstraints` | Constraints for spreading pods across nodes. | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode for the application. | `false` | +| `diagnosticMode.command` | Command to run in diagnostic mode. | `["sleep"]` | +| `diagnosticMode.args` | Arguments for the diagnostic mode command. | `["infinity"]` | +| `hostAliases` | Host aliases for the application pods. | `[]` | +| `serviceAccount.create` | Create a service account for the application. | `true` | +| `serviceAccount.annotations` | Annotations for the service account. | `{}` | +| `serviceAccount.name` | Name of the service account to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Automount the service account token. | `false` | +| `podAnnotations` | Annotations for the application pods. | `{}` | +| `podLabels` | Labels for the application pods. | `{}` | +| `podAffinityPreset` | Pod affinity preset for the application. | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset for the application. | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type for the application. | `""` | +| `nodeAffinityPreset.key` | Key for node affinity preset. | `""` | +| `nodeAffinityPreset.values` | Values for node affinity preset. | `[]` | +| `podSecurityContext.enabled` | Enable pod security context. | `false` | +| `podSecurityContext.fsGroupChangePolicy`| Policy for changing filesystem group. | `Always` | +| `podSecurityContext.sysctls` | Sysctl settings for the pod. | `[]` | +| `podSecurityContext.supplementalGroups` | Supplemental groups for the pod. | `[]` | +| `podSecurityContext.fsGroup` | Filesystem group for the pod. | `1001` | +| `containerSecurityContext.enabled` | Enable container security context. | `false` | +| `containerSecurityContext.seLinuxOptions` | SELinux options for the container. | `{}` | +| `containerSecurityContext.runAsUser` | User ID to run the container as. | `1001` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container as. | `1001` | +| `containerSecurityContext.runAsNonRoot` | Run the container as a non-root user. | `false` | +| `containerSecurityContext.privileged` | Allow the container to run in privileged mode. | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Mount the root filesystem as read-only. | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation. | `false` | +| `containerSecurityContext.capabilities.drop` | Capabilities to drop from the container. | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Seccomp profile type for the container. | `RuntimeDefault` | +| `command` | Command to run in the container. | `[]` | +| `args` | Arguments to pass to the command. | `[]` | +| `lifecycleHooks.postStart` | Lifecycle hooks for the pod, such as post-start actions. | `{exec: {command: ["/bin/sh", "-c", "envsubst < /tmp/{{.Chart.Name}}-config.template/config.js > {{.Values.config_path}}/config.js;"]}}` | +| `automountServiceAccountToken` | Automount the service account token in the pod. | `true` | +| `extraEnvVars` | Extra environment variables to add to the container. | `[]` | +| `extraEnvVarsCM` | ConfigMap for extra environment variables. | `""` | +| `extraVolumes` | Extra volumes to add to the pod. | `{}` | +| `extraVolumeMounts` | Extra volume mounts for the pod. | `{}` | +| `existingSecret` | Existing secret containing username, password, and database name. | `""` | +| `updateStrategy.type` | Update strategy for the deployment (e.g., `RollingUpdate`). | `RollingUpdate` | +| `updateStrategy.rollingUpdate.maxSurge` | Maximum number of pods that can be created above the desired number of pods during an update. | `25%` | +| `updateStrategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be unavailable during an update. | `25%` | +| `pdb.create` | Create a Pod Disruption Budget for the application. | `true` | +| `pdb.minAvailable` | Minimum number of available pods during disruptions. | `""` | +| `pdb.maxUnavailable` | Maximum number of unavailable pods during disruptions. | `""` | +| `customStartupProbe` | Custom startup probe configuration for the application. | `{}` | +| `customLivenessProbe` | Custom liveness probe configuration for the application. | `{}` | +| `customReadinessProbe` | Custom readiness probe configuration for the application. | `{}` | +| `formsflow.configmap` | Name of the FormsFlow configmap for integration environment variables. | `forms-flow-ai` | +| `formsflow.secret` | Name of the FormsFlow secret for integration environment variables. | `forms-flow-ai` | +| `analytics.configmap` | Name of the FormsFlow analytics configmap for integration. | `forms-flow-analytics` | +| `analytics.secret` | Name of the FormsFlow analytics secret for integration. | `forms-flow-analytics` | +| `web.base_custom_url` | Base URL for the web application. | `""` | +| `web.custom_theme_url` | Custom theme URL for the web application. | `""` | +| `config_path` | Path for configuration files. | `/usr/share/nginx/html/config/` | +| `webclient` | Name of the web client application. | `"{{.Chart.Name}}"` | +| `webname` | Name of the web application. | `formsflow` | +| `UserAccesPermissions` | User access permissions for the application. | `""` | +| `autoscaling.enabled` | Enable or disable autoscaling for the application. | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas for autoscaling. | `1` | +| `autoscaling.maxReplicas` | Maximum number of replicas for autoscaling. | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage for autoscaling. | `""` | +| `autoscaling.targetMemory` | Target memory utilization percentage for autoscaling. | `""` | +| `autoscaling.behavior.scaleUp` | Scaling behavior when scaling up. | `{ stabilizationWindowSeconds: 120, selectPolicy: Max, policies: [] }` | +| `autoscaling.behavior.scaleDown` | Scaling behavior when scaling down. | `{ stabilizationWindowSeconds: 300, selectPolicy: Max, policies: [{ type: Pods, value: 1, periodSeconds: 300 }] }` | + + +## Ingress Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `ingress.enabled` | Enable or disable ingress for the application. | `true` | +| `ingress.ingressClassName` | Class name for the ingress resource. | `""` | +| `ingress.pathType` | Type of path matching for the ingress. | `ImplementationSpecific` | +| `ingress.apiVersion` | API version of the ingress resource. | `""` | +| `ingress.controller` | Ingress controller to use. | `default` | +| `ingress.hostname` | Hostname for the ingress resource. | `forms-flow-web.local` | +| `ingress.path` | Path for the ingress resource. | `/` | +| `ingress.servicePort` | Service port to route traffic to. | `8080` | +| `ingress.annotations` | Annotations for the ingress resource. | `{}` | +| `ingress.labels` | Labels for the ingress resource. | `{}` | +| `ingress.tls` | Enable TLS for the ingress. | `true` | +| `ingress.selfSigned` | Whether to use self-signed certificates. | `false` | +| `ingress.extraHosts` | Additional hosts for the ingress. | `[]` | +| `ingress.extraPaths` | Additional paths for the ingress. | `[]` | +| `ingress.extraTls` | Additional TLS settings for the ingress. | `[]` | +| `ingress.secrets` | Secrets for TLS configuration. | `[]` | +| `ingress.extraRules` | Additional rules for the ingress. | `[]` | + +## Resource Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `resourcesPreset` | Resource preset for the application. | `small` | +| `resources.limits.cpu` | Maximum CPU resource limit for the application. | `200m` | +| `resources.limits.memory` | Maximum memory resource limit for the application. | `1Gi` | +| `resources.requests.cpu` | Minimum CPU resource request for the application. | `100m` | +| `resources.requests.memory` | Minimum memory resource request for the application. | `512Mi` | + +## Service Parameters + +| Parameter | Description | Default Value | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------| +| `service.type` | Type of the service (e.g., `ClusterIP`, `NodePort`, `LoadBalancer`). | `ClusterIP` | +| `service.ports` | Ports for the service. | `[{ name: http, port: 8080, targetPort: http, protocol: TCP }]` | +| `service.loadBalancerIP` | LoadBalancer IP for the service (if applicable). | `""` | +| `service.loadBalancerSourceRanges` | Allowed IP ranges for LoadBalancer source. | `[]` | +| `service.externalTrafficPolicy` | External traffic policy for the service. | `""` | +| `service.clusterIP` | Static ClusterIP for the service. | `""` | +| `service.annotations` | Annotations for the service. | `{}` | +| `service.sessionAffinity` | Session affinity settings for the service (e.g., `None` or `ClientIP`). | `None` | +| `service.sessionAffinityConfig` | Additional settings for session affinity. | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | + From 0fd39d38354eac11411e7eec3b21d63b96a6bc31 Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 4 Dec 2024 00:23:02 -0800 Subject: [PATCH 21/35] updated proxy configmap --- .../templates/proxy-config.yaml | 2 +- charts/forms-flow-ai/templates/configmap.yaml | 44 +++++++++---------- charts/forms-flow-ai/templates/secrets.yaml | 10 ++--- .../templates/proxy-config.yaml | 4 +- .../templates/proxy-config.yaml | 2 +- .../templates/proxy-config.yaml | 4 +- .../templates/proxy-config.yaml | 2 +- .../templates/proxy-config.yaml | 2 +- 8 files changed, 35 insertions(+), 35 deletions(-) diff --git a/charts/forms-flow-admin/templates/proxy-config.yaml b/charts/forms-flow-admin/templates/proxy-config.yaml index 11fed6c2..901ccddb 100644 --- a/charts/forms-flow-admin/templates/proxy-config.yaml +++ b/charts/forms-flow-admin/templates/proxy-config.yaml @@ -26,7 +26,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Content-Type application/json; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; } } } diff --git a/charts/forms-flow-ai/templates/configmap.yaml b/charts/forms-flow-ai/templates/configmap.yaml index c9a39712..eccdfc49 100644 --- a/charts/forms-flow-ai/templates/configmap.yaml +++ b/charts/forms-flow-ai/templates/configmap.yaml @@ -12,19 +12,19 @@ data: DATABASE_NAME: {{ ternary (tpl .Values.formsflowdb.postgresql.database .) "" .Values.formsflowdb.postgresql.enabled | quote }} DATABASE_PORT: {{ ternary .Values.formsflowdb.service.ports.postgresql "" .Values.formsflowdb.postgresql.enabled | quote }} DATABASE_SERVICE_NAME: {{ ternary (tpl .Values.formsflowdb.postgresql.fullnameOverride .) "" .Values.formsflowdb.postgresql.enabled | quote }} - BPM_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/camunda + BPM_API_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/camunda KEYCLOAK_JWT_OIDC_ALGORITHMS: "RS256" KEYCLOAK_JWT_OIDC_CACHING_ENABLED: "True" KEYCLOAK_JWT_OIDC_JWKS_CACHE_TIMEOUT: "300" - KEYCLOAK_JWT_OIDC_CONFIG: https://{{tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname" ) .}}/auth/realms/{{ index .Values "forms-flow-idm" "realm" }}/.well-known/openid-configuration + KEYCLOAK_JWT_OIDC_CONFIG: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname" ) .}}/auth/realms/{{ index .Values "forms-flow-idm" "realm" }}/.well-known/openid-configuration KEYCLOAK_JWT_OIDC_ISSUER: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }}/auth/realms/{{ index .Values "forms-flow-idm" "realm" }} KEYCLOAK_JWT_OIDC_JWKS_URI: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }}/auth/realms/{{ index .Values "forms-flow-idm" "realm" }}/protocol/openid-connect/certs KEYCLOAK_TOKEN_URL: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }}/auth/realms/{{ index .Values "forms-flow-idm" "realm" }}/protocol/openid-connect/token KEYCLOAK_URL: https://{{ tpl (index .Values "forms-flow-idm" "keycloak" "ingress" "hostname") . }} KEYCLOAK_URL_REALM: {{ index .Values "forms-flow-idm" "realm" }} - FORMIO_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/formio - FORMIO_DOMAIN: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/formio - WEB_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/api + FORMIO_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/formio + FORMIO_DOMAIN: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/formio + WEB_API_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/api {{- if .Values.mongodb.enabled }} NODE_CONFIG: '{"mongo":"mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}"}' MONGODB_URI: {{ ternary (tpl "mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}" .) "" .Values.mongodb.enabled | quote }} @@ -32,31 +32,31 @@ data: MONGODB_URI: {{ ternary (tpl "mongodb+srv://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}/{{ .Values.mongodb.auth.databases | first }}" .) "" .Values.mongodb.enabled | quote }} NODE_CONFIG: '{"mongo":"mongodb+srv://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}/{{ .Values.mongodb.auth.databases | first }}"}' {{- end }} - FORMSFLOW_WEB_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}} - FORMSFLOW_ADMIN_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/admin/api/v1 - FORMSFLOW_ADMIN_BASE: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/admin/api + FORMSFLOW_WEB_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }} + FORMSFLOW_ADMIN_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/admin/api/v1 + FORMSFLOW_ADMIN_BASE: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/admin/api MODEL_ID: "Seethal/sentiment_analysis_generic_dataset" - INSIGHT_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/redash + INSIGHT_API_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/redash KEYCLOAK_ENABLE_CLIENT_AUTH: "{{ index .Values "forms-flow-idm" "keycloak" "EnableKeycloakClientAuth" }}" - MULTI_TENANCY_ENABLED: "{{index .Values "forms-flow-web" "EnableMultitenant" }}" - DATA_ANALYSIS_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/analysis + MULTI_TENANCY_ENABLED: "{{ index .Values "forms-flow-web" "EnableMultitenant" }}" + DATA_ANALYSIS_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/analysis NODE_ENV: "production" CUSTOM_SUBMISSION_URL: "" CUSTOM_SUBMISSION_ENABLED: "false" - FORMSFLOW_DOC_API_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/docapi - DRAFT_ENABLED: "{{.Values.draft_enabled}}" + FORMSFLOW_DOC_API_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/docapi + DRAFT_ENABLED: "{{ .Values.draft_enabled }}" DRAFT_POLLING_RATE: "15000" - EXPORT_PDF_ENABLED: "{{.Values.export_pdf_enabled}}" - REDIS_HOST: "{{.Values.redis_host}}" - REDIS_PORT: "{{.Values.redis_port}}" - REDIS_ENABLED: "{{.Values.EnableRedis}}" + EXPORT_PDF_ENABLED: "{{ .Values.export_pdf_enabled }}" + REDIS_HOST: "{{ .Values.redis_host }}" + REDIS_PORT: "{{ .Values.redis_port }}" + REDIS_ENABLED: "{{ .Values.EnableRedis }}" CHROME_DRIVER_PATH: "/usr/local/bin/chromedriver" - ENABLE_CHATBOT: "{{.Values.EnableChatBot}}" - CHATBOT_URL: https://{{tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/analysis/conversations + ENABLE_CHATBOT: "{{ .Values.EnableChatBot }}" + CHATBOT_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/analysis/conversations ENABLE_LOW_CODE_DESIGNER: "false" - ELASTIC_SERVER: "{{.Values.elastic_server}}" - REDIS_URL: "{{.Values.redis_url}}" + ELASTIC_SERVER: "{{ .Values.elastic_server }}" + REDIS_URL: "{{ .Values.redis_url }}" IPAAS_EMBED_BASE_URL: "{{ .Values.ipaas.embed_base_url }}" IPAAS_API_BASE_URL: "{{ .Values.ipaas.api_base_url }}" - CONFIGURE_LOGS: "{{.Values.configure_logs}}" + CONFIGURE_LOGS: "{{ .Values.configure_logs }}" KEYCLOAK_URL_HTTP_RELATIVE_PATH: {{ index .Values "forms-flow-idm" "context-path" }} \ No newline at end of file diff --git a/charts/forms-flow-ai/templates/secrets.yaml b/charts/forms-flow-ai/templates/secrets.yaml index aece5ae9..788593a5 100644 --- a/charts/forms-flow-ai/templates/secrets.yaml +++ b/charts/forms-flow-ai/templates/secrets.yaml @@ -10,10 +10,10 @@ stringData: FORMIO_JWT_SECRET: "{{ .Release.Namespace }}-jwt-secret" KEYCLOAK_CLIENTID: {{ index .Values "forms-flow-bpm" "clientid" }} KEYCLOAK_CLIENTSECRET: {{ index .Values "forms-flow-bpm" "clientsecret" }} - WEB_CLIENTID: {{ index .Values "forms-flow-web" "clientid"}} - WEBSOCKET_ENCRYPT_KEY: "{{.Values.websocket_encrypt_key}}" - ADMIN_WEB_CLIENTID: {{ index .Values "forms-flow-web" "clientid"}} - INSIGHT_API_KEY: "{{.Values.insight_api_key}}" - REDIS_PASSCODE: "{{.Values.redis_pass_code}}" + WEB_CLIENTID: {{ index .Values "forms-flow-web" "clientid" }} + WEBSOCKET_ENCRYPT_KEY: "{{ .Values.websocket_encrypt_key }}" + ADMIN_WEB_CLIENTID: {{ index .Values "forms-flow-web" "clientid" }} + INSIGHT_API_KEY: "{{ .Values.insight_api_key }}" + REDIS_PASSCODE: "{{ .Values.redis_pass_code }}" IPAAS_EMBEDDED_API_KEY: "{{ .Values.ipaas.embedded_api_key }}" IPAAS_JWT_PRIVATE_KEY: "{{ .Values.ipaas.jwt_private_key }}" \ No newline at end of file diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index e06526c6..87c43b5a 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -21,10 +21,10 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - sub_filter "http:///{{.Values.ingress.subFilterHost}}/" "https://{{.Values.ingress.subFilterHost}}/"; + sub_filter "http:///{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; proxy_set_header SCRIPT_NAME /redash; - proxy_pass http://localhost:{{.Values.server.httpPort}}; + proxy_pass http://localhost:{{ .Values.server.httpPort }}; } } diff --git a/charts/forms-flow-api/templates/proxy-config.yaml b/charts/forms-flow-api/templates/proxy-config.yaml index b2813da9..529741d3 100644 --- a/charts/forms-flow-api/templates/proxy-config.yaml +++ b/charts/forms-flow-api/templates/proxy-config.yaml @@ -24,7 +24,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header SCRIPT_NAME /api; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; } } } diff --git a/charts/forms-flow-data-analysis/templates/proxy-config.yaml b/charts/forms-flow-data-analysis/templates/proxy-config.yaml index 9677add7..8582ff88 100644 --- a/charts/forms-flow-data-analysis/templates/proxy-config.yaml +++ b/charts/forms-flow-data-analysis/templates/proxy-config.yaml @@ -25,11 +25,11 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header SCRIPT_NAME /analysis; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; } location /analysis/swagger.json { proxy_set_header Host $http_host; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}/swagger.json; + proxy_pass http://localhost:{{ .Values.ingress.servicePort }}/swagger.json; } } } diff --git a/charts/forms-flow-documents-api/templates/proxy-config.yaml b/charts/forms-flow-documents-api/templates/proxy-config.yaml index 7b828a02..b93b86bc 100644 --- a/charts/forms-flow-documents-api/templates/proxy-config.yaml +++ b/charts/forms-flow-documents-api/templates/proxy-config.yaml @@ -24,7 +24,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header SCRIPT_NAME /docapi; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; } } } diff --git a/charts/forms-flow-forms/templates/proxy-config.yaml b/charts/forms-flow-forms/templates/proxy-config.yaml index 9758cf6b..b673939a 100644 --- a/charts/forms-flow-forms/templates/proxy-config.yaml +++ b/charts/forms-flow-forms/templates/proxy-config.yaml @@ -22,7 +22,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Content-Type application/json; - proxy_pass http://localhost:{{.Values.ingress.servicePort}}; + proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; } } } From ca6e842e95f126c2aa8aa40e698ce376c464c4ef Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 4 Dec 2024 00:27:52 -0800 Subject: [PATCH 22/35] updated confimap for ai --- charts/forms-flow-ai/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/forms-flow-ai/templates/configmap.yaml b/charts/forms-flow-ai/templates/configmap.yaml index eccdfc49..f7c5ed5e 100644 --- a/charts/forms-flow-ai/templates/configmap.yaml +++ b/charts/forms-flow-ai/templates/configmap.yaml @@ -52,7 +52,7 @@ data: REDIS_ENABLED: "{{ .Values.EnableRedis }}" CHROME_DRIVER_PATH: "/usr/local/bin/chromedriver" ENABLE_CHATBOT: "{{ .Values.EnableChatBot }}" - CHATBOT_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") .}}/analysis/conversations + CHATBOT_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/analysis/conversations ENABLE_LOW_CODE_DESIGNER: "false" ELASTIC_SERVER: "{{ .Values.elastic_server }}" REDIS_URL: "{{ .Values.redis_url }}" From d330e8f66a6677d7a823019a3e69820ce83f24d1 Mon Sep 17 00:00:00 2001 From: amal Date: Thu, 5 Dec 2024 01:08:23 -0800 Subject: [PATCH 23/35] updated deployment of api --- charts/forms-flow-api/templates/deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/forms-flow-api/templates/deployment.yaml b/charts/forms-flow-api/templates/deployment.yaml index 5a91425c..9426ec67 100644 --- a/charts/forms-flow-api/templates/deployment.yaml +++ b/charts/forms-flow-api/templates/deployment.yaml @@ -203,6 +203,11 @@ spec: configMapKeyRef: key: MULTI_TENANCY_ENABLED name: "{{ .Values.formsflow.configmap }}" + - name: FORMSFLOW_ADMIN_URL + valueFrom: + configMapKeyRef: + key: FORMSFLOW_ADMIN_URL + name: "{{ .Values.formsflow.configmap }}" - name: FORMIO_URL valueFrom: configMapKeyRef: From 0dde2c31be38294aae91af7c336188aad25be4f6 Mon Sep 17 00:00:00 2001 From: amal Date: Fri, 6 Dec 2024 04:09:10 -0800 Subject: [PATCH 24/35] updated analytics proxy config redirection --- charts/forms-flow-analytics/templates/proxy-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index 87c43b5a..7bccaad2 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -21,7 +21,7 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - sub_filter "http:///{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; + sub_filter "http://{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; proxy_set_header SCRIPT_NAME /redash; proxy_pass http://localhost:{{ .Values.server.httpPort }}; From ec4eb481e7f59664ff3382a6be730fcfda553208 Mon Sep 17 00:00:00 2001 From: amal Date: Mon, 9 Dec 2024 10:30:40 -0800 Subject: [PATCH 25/35] Updated chart.yaml for analytics --- charts/forms-flow-analytics/Chart.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/forms-flow-analytics/Chart.yaml b/charts/forms-flow-analytics/Chart.yaml index 28dafe55..3db14bc9 100644 --- a/charts/forms-flow-analytics/Chart.yaml +++ b/charts/forms-flow-analytics/Chart.yaml @@ -5,7 +5,6 @@ icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/ version: v8.0.0 type: application appVersion: "8.0.0" -dependencies: dependencies: - name: redis version: "^19.1.0" From 2255fceb2c1681a588bba814791f01476dc8f148 Mon Sep 17 00:00:00 2001 From: amal Date: Mon, 9 Dec 2024 10:49:51 -0800 Subject: [PATCH 26/35] Removed un necessary sub folders from forms-flow-ssl directory --- .../forms-flow-ssl/forms-flow-admin/Chart.yaml | 4 ---- .../forms-flow-admin/templates/cert.yaml | 12 ------------ .../forms-flow-admin/templates/issuer.yaml | 18 ------------------ .../forms-flow-admin/values.yaml | 4 ---- .../forms-flow-analytics/Chart.yaml | 4 ---- .../forms-flow-analytics/templates/cert.yaml | 12 ------------ .../forms-flow-analytics/templates/issuer.yaml | 18 ------------------ .../forms-flow-analytics/values.yaml | 4 ---- .../forms-flow-ssl/forms-flow-api/Chart.yaml | 4 ---- .../forms-flow-api/templates/cert.yaml | 12 ------------ .../forms-flow-api/templates/issuer.yaml | 18 ------------------ .../forms-flow-ssl/forms-flow-api/values.yaml | 4 ---- .../forms-flow-ssl/forms-flow-bpm/Chart.yaml | 4 ---- .../forms-flow-bpm/templates/cert.yaml | 12 ------------ .../forms-flow-bpm/templates/issuer.yaml | 18 ------------------ .../forms-flow-ssl/forms-flow-bpm/values.yaml | 4 ---- .../forms-flow-data-analysis/Chart.yaml | 4 ---- .../templates/cert.yaml | 12 ------------ .../templates/issuer.yaml | 18 ------------------ .../forms-flow-data-analysis/values.yaml | 4 ---- .../forms-flow-documents-api/Chart.yaml | 4 ---- .../templates/cert.yaml | 12 ------------ .../templates/issuer.yaml | 18 ------------------ .../forms-flow-documents-api/values.yaml | 4 ---- .../forms-flow-ssl/forms-flow-forms/Chart.yaml | 4 ---- .../forms-flow-forms/templates/cert.yaml | 12 ------------ .../forms-flow-forms/templates/issuer.yaml | 18 ------------------ .../forms-flow-forms/values.yaml | 4 ---- 28 files changed, 266 deletions(-) delete mode 100644 charts/forms-flow-ssl/forms-flow-admin/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-admin/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-admin/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-admin/values.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-analytics/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-analytics/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-analytics/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-analytics/values.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-api/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-api/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-api/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-api/values.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-bpm/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-bpm/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-bpm/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-bpm/values.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-data-analysis/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-data-analysis/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-data-analysis/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-data-analysis/values.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-documents-api/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-documents-api/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-documents-api/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-documents-api/values.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-forms/Chart.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-forms/templates/cert.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-forms/templates/issuer.yaml delete mode 100644 charts/forms-flow-ssl/forms-flow-forms/values.yaml diff --git a/charts/forms-flow-ssl/forms-flow-admin/Chart.yaml b/charts/forms-flow-ssl/forms-flow-admin/Chart.yaml deleted file mode 100644 index 5cec17d8..00000000 --- a/charts/forms-flow-ssl/forms-flow-admin/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-admin -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-admin/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-admin/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-admin/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-admin/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-admin/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-admin/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-admin/values.yaml b/charts/forms-flow-ssl/forms-flow-admin/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-admin/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-analytics/Chart.yaml b/charts/forms-flow-ssl/forms-flow-analytics/Chart.yaml deleted file mode 100644 index a9351b0a..00000000 --- a/charts/forms-flow-ssl/forms-flow-analytics/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-analytics -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-analytics/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-analytics/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-analytics/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-analytics/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-analytics/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-analytics/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-analytics/values.yaml b/charts/forms-flow-ssl/forms-flow-analytics/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-analytics/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-api/Chart.yaml b/charts/forms-flow-ssl/forms-flow-api/Chart.yaml deleted file mode 100644 index 6034e27f..00000000 --- a/charts/forms-flow-ssl/forms-flow-api/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-api -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-api/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-api/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-api/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-api/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-api/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-api/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-api/values.yaml b/charts/forms-flow-ssl/forms-flow-api/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-api/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-bpm/Chart.yaml b/charts/forms-flow-ssl/forms-flow-bpm/Chart.yaml deleted file mode 100644 index 773f0777..00000000 --- a/charts/forms-flow-ssl/forms-flow-bpm/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-bpm -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-bpm/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-bpm/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-bpm/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-bpm/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-bpm/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-bpm/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-bpm/values.yaml b/charts/forms-flow-ssl/forms-flow-bpm/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-bpm/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-data-analysis/Chart.yaml b/charts/forms-flow-ssl/forms-flow-data-analysis/Chart.yaml deleted file mode 100644 index 49e34abb..00000000 --- a/charts/forms-flow-ssl/forms-flow-data-analysis/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-data-analysis -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-data-analysis/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-data-analysis/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-data-analysis/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-data-analysis/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-data-analysis/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-data-analysis/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-data-analysis/values.yaml b/charts/forms-flow-ssl/forms-flow-data-analysis/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-data-analysis/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-documents-api/Chart.yaml b/charts/forms-flow-ssl/forms-flow-documents-api/Chart.yaml deleted file mode 100644 index 80ec228d..00000000 --- a/charts/forms-flow-ssl/forms-flow-documents-api/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-documents-api -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-documents-api/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-documents-api/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-documents-api/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-documents-api/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-documents-api/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-documents-api/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-documents-api/values.yaml b/charts/forms-flow-ssl/forms-flow-documents-api/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-documents-api/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-forms/Chart.yaml b/charts/forms-flow-ssl/forms-flow-forms/Chart.yaml deleted file mode 100644 index e881a35a..00000000 --- a/charts/forms-flow-ssl/forms-flow-forms/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v2 -name: forms-flow-forms -version: v8.0.0 -icon: "https://raw.githubusercontent.com/AOT-Technologies/forms-flow-ai/develop/.images/logo.png" \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-forms/templates/cert.yaml b/charts/forms-flow-ssl/forms-flow-forms/templates/cert.yaml deleted file mode 100644 index a2854b16..00000000 --- a/charts/forms-flow-ssl/forms-flow-forms/templates/cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} -spec: - secretName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}}-tls - issuerRef: - name: {{ .Chart.Name }}-{{.Release.Namespace}} - kind: ClusterIssuer - commonName: {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} - dnsNames: - - {{ .Chart.Name }}-{{.Release.Namespace}}.{{tpl .Values.Domain .}} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-forms/templates/issuer.yaml b/charts/forms-flow-ssl/forms-flow-forms/templates/issuer.yaml deleted file mode 100644 index 4e5f2f58..00000000 --- a/charts/forms-flow-ssl/forms-flow-forms/templates/issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: {{ .Values.issuer.acmeEmail }} - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: "{{ .Chart.Name }}-{{.Release.Namespace}}" - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: {{ .Values.issuer.ingressClass }} \ No newline at end of file diff --git a/charts/forms-flow-ssl/forms-flow-forms/values.yaml b/charts/forms-flow-ssl/forms-flow-forms/values.yaml deleted file mode 100644 index 826458f3..00000000 --- a/charts/forms-flow-ssl/forms-flow-forms/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -Domain: # -issuer: - acmeEmail: "" - ingressClass: nginx \ No newline at end of file From bfe1c80aaac1307bef3eeacc6c95408b156216f6 Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 18 Dec 2024 04:39:20 -0800 Subject: [PATCH 27/35] nginx conf is updated for analytics and webapi --- charts/forms-flow-analytics/templates/proxy-config.yaml | 4 +++- charts/forms-flow-api/templates/proxy-config.yaml | 6 +++--- charts/forms-flow-api/values.yaml | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index 7bccaad2..cabf0351 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -13,6 +13,7 @@ data: location /redash/ { sub_filter ="/" ="/redash/"; sub_filter ="/static/ ="/redash/static/; + sub_filter ="/api/ ="/redash/api/; sub_filter ="/static/images/redash_icon_small.png ="/redash/static/images/redash_icon_small.png; sub_filter url(/static/fonts) url(/redash/static/fonts); sub_filter_once off; @@ -21,7 +22,8 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - sub_filter "http://{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; + sub_filter "http://{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; + add_header Content-Security-Policy "frame-ancestors 'self' "; proxy_set_header SCRIPT_NAME /redash; proxy_pass http://localhost:{{ .Values.server.httpPort }}; diff --git a/charts/forms-flow-api/templates/proxy-config.yaml b/charts/forms-flow-api/templates/proxy-config.yaml index 529741d3..e79708fc 100644 --- a/charts/forms-flow-api/templates/proxy-config.yaml +++ b/charts/forms-flow-api/templates/proxy-config.yaml @@ -14,8 +14,8 @@ data: http { server { listen 80; - location /api { - sub_filter ="/api/swaggerui/ ="/api/swaggerui/; + location /webapi { + sub_filter ="/webapi/swaggerui/ ="/webapi/swaggerui/; sub_filter_once off; sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain; @@ -23,7 +23,7 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header SCRIPT_NAME /api; + proxy_set_header SCRIPT_NAME /webapi; proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; } } diff --git a/charts/forms-flow-api/values.yaml b/charts/forms-flow-api/values.yaml index 49533acc..3465de75 100644 --- a/charts/forms-flow-api/values.yaml +++ b/charts/forms-flow-api/values.yaml @@ -253,7 +253,7 @@ ingress: hostname: forms-flow-api.local ## @param ingress.path [string] Default path for the ingress record (evaluated as template) ## - path: "/api" + path: "/webapi" ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## From a28863db7789fd72fb6e6f26028ba17821164b84 Mon Sep 17 00:00:00 2001 From: amal Date: Wed, 18 Dec 2024 04:46:17 -0800 Subject: [PATCH 28/35] updated configmap path for webapi for formsflow ai --- charts/forms-flow-ai/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/forms-flow-ai/templates/configmap.yaml b/charts/forms-flow-ai/templates/configmap.yaml index f7c5ed5e..42265822 100644 --- a/charts/forms-flow-ai/templates/configmap.yaml +++ b/charts/forms-flow-ai/templates/configmap.yaml @@ -24,7 +24,7 @@ data: KEYCLOAK_URL_REALM: {{ index .Values "forms-flow-idm" "realm" }} FORMIO_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/formio FORMIO_DOMAIN: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/formio - WEB_API_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/api + WEB_API_URL: https://{{ tpl (index .Values "forms-flow-web" "ingress" "hostname") . }}/webapi {{- if .Values.mongodb.enabled }} NODE_CONFIG: '{"mongo":"mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}"}' MONGODB_URI: {{ ternary (tpl "mongodb://{{ .Values.mongodb.auth.usernames | first }}:{{ .Values.mongodb.auth.passwords | first }}@{{ .Values.mongodb.service.nameOverride }}:{{ .Values.mongodb.service.ports.mongodb }}/{{ .Values.mongodb.auth.databases | first }}" .) "" .Values.mongodb.enabled | quote }} From 19fba609d962c001cd88af0b4d16649ce8dfc1cd Mon Sep 17 00:00:00 2001 From: amal Date: Thu, 19 Dec 2024 23:23:31 -0800 Subject: [PATCH 29/35] Updated redash database password env and --- charts/forms-flow-analytics/templates/_helpers.tpl | 2 +- charts/forms-flow-analytics/templates/proxy-config.yaml | 3 +-- charts/forms-flow-api/values.yaml | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/forms-flow-analytics/templates/_helpers.tpl b/charts/forms-flow-analytics/templates/_helpers.tpl index da017892..ea4e7f83 100644 --- a/charts/forms-flow-analytics/templates/_helpers.tpl +++ b/charts/forms-flow-analytics/templates/_helpers.tpl @@ -93,7 +93,7 @@ Shared environment block used across each component. - name: REDASH_DATABASE_PASSWORD valueFrom: secretKeyRef: - name: {{ .Release.Name }} + name: {{ include "redash.fullname" . }} key: redashDatabasePassword - name: REDASH_DATABASE_HOSTNAME value: {{ include "redash.postgresql.fullname" . }} diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index cabf0351..9d1de305 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -22,8 +22,7 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - sub_filter "http://{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; - add_header Content-Security-Policy "frame-ancestors 'self' "; + sub_filter "http://{{ .Values.ingress.subFilterHost }}/" "https://{{ .Values.ingress.subFilterHost }}/"; proxy_set_header SCRIPT_NAME /redash; proxy_pass http://localhost:{{ .Values.server.httpPort }}; diff --git a/charts/forms-flow-api/values.yaml b/charts/forms-flow-api/values.yaml index 3465de75..ffb929b7 100644 --- a/charts/forms-flow-api/values.yaml +++ b/charts/forms-flow-api/values.yaml @@ -26,7 +26,6 @@ commonLabels: {} ## commonAnnotations: {} -nodeSelector: {} ## @param tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## From c9573234aceaf80a149b68490e18ccb8cf58ef6c Mon Sep 17 00:00:00 2001 From: amal Date: Fri, 20 Dec 2024 06:33:49 -0800 Subject: [PATCH 30/35] added new env variables to formsflow-web --- charts/forms-flow-web/templates/configmap.yaml | 5 ++++- charts/forms-flow-web/templates/deployment.yaml | 15 +++++++++++++++ .../templates/template-configmap.yaml | 5 ++++- charts/forms-flow-web/values.yaml | 5 ++++- 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/charts/forms-flow-web/templates/configmap.yaml b/charts/forms-flow-web/templates/configmap.yaml index f2413fe3..ebf757d3 100644 --- a/charts/forms-flow-web/templates/configmap.yaml +++ b/charts/forms-flow-web/templates/configmap.yaml @@ -21,4 +21,7 @@ data: ENABLE_DASHBOARDS_MODULE: "true" ENABLE_PROCESSES_MODULE: "true" ENABLE_APPLICATIONS_MODULE: "true" - REACT_APP_LANGUAGE: "{{tpl .Values.Language .}}" \ No newline at end of file + REACT_APP_LANGUAGE: "{{tpl .Values.Language .}}" + REACT_APP_SHOW_PREMIUM_ICON: "{{tpl .Values.ShowPremiumIcon .}}" + REACT_APP_IS_ENTERPRISE: "{{tpl .Values.IsEnterPrise .}}" + REACT_APP_CLARITY_KEY: "{{tpl .Values.ClarityKey .}}" \ No newline at end of file diff --git a/charts/forms-flow-web/templates/deployment.yaml b/charts/forms-flow-web/templates/deployment.yaml index 999e905f..e6473085 100644 --- a/charts/forms-flow-web/templates/deployment.yaml +++ b/charts/forms-flow-web/templates/deployment.yaml @@ -254,6 +254,21 @@ spec: configMapKeyRef: key: REACT_APP_LANGUAGE name: "{{ .Chart.Name }}" + - name: REACT_APP_CLARITY_KEY + valueFrom: + configMapKeyRef: + key: REACT_APP_CLARITY_KEY + name: "{{ .Chart.Name }}" + - name: REACT_APP_IS_ENTERPRISE + valueFrom: + configMapKeyRef: + key: REACT_APP_IS_ENTERPRISE + name: "{{ .Chart.Name }}" + - name: REACT_APP_SHOW_PREMIUM_ICON + valueFrom: + configMapKeyRef: + key: REACT_APP_SHOW_PREMIUM_ICON + name: "{{ .Chart.Name }}" {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 8 }} {{- end }} diff --git a/charts/forms-flow-web/templates/template-configmap.yaml b/charts/forms-flow-web/templates/template-configmap.yaml index 3cac68fc..a915ebfe 100644 --- a/charts/forms-flow-web/templates/template-configmap.yaml +++ b/charts/forms-flow-web/templates/template-configmap.yaml @@ -46,5 +46,8 @@ data: "REACT_APP_ENABLE_CHATBOT": "${REACT_APP_ENABLE_CHATBOT}", "REACT_APP_CHATBOT_URL": "${REACT_APP_CHATBOT_URL}", "REACT_APP_ENABLE_LOW_CODE_DESIGNER": "${ENABLE_LOW_CODE_DESIGNER}", - "REACT_APP_KEYCLOAK_URL_HTTP_RELATIVE_PATH": "${KEYCLOAK_URL_HTTP_RELATIVE_PATH}" + "REACT_APP_KEYCLOAK_URL_HTTP_RELATIVE_PATH": "${KEYCLOAK_URL_HTTP_RELATIVE_PATH}", + "REACT_APP_SHOW_PREMIUM_ICON": "${REACT_APP_SHOW_PREMIUM_ICON}", + "REACT_APP_IS_ENTERPRISE": "${REACT_APP_IS_ENTERPRISE}", + "REACT_APP_CLARITY_KEY": "${REACT_APP_CLARITY_KEY}" } \ No newline at end of file diff --git a/charts/forms-flow-web/values.yaml b/charts/forms-flow-web/values.yaml index c827ce56..4000efed 100644 --- a/charts/forms-flow-web/values.yaml +++ b/charts/forms-flow-web/values.yaml @@ -507,4 +507,7 @@ config_path: /usr/share/nginx/html/config/ webclient: "{{.Chart.Name}}" webname: formsflow UserAccesPermissions: "" -Language: "" \ No newline at end of file +Language: "" +ShowPremiumIcon: "" +IsEnterPrise: "" +ClarityKey: "" \ No newline at end of file From 19e00917077fdefa60fa1d78adb21ad00dfcc607 Mon Sep 17 00:00:00 2001 From: amal Date: Fri, 20 Dec 2024 06:40:13 -0800 Subject: [PATCH 31/35] added whitespace in the configmap values --- charts/forms-flow-web/templates/configmap.yaml | 16 ++++++++-------- charts/forms-flow-web/values.yaml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/forms-flow-web/templates/configmap.yaml b/charts/forms-flow-web/templates/configmap.yaml index ebf757d3..0d88059b 100644 --- a/charts/forms-flow-web/templates/configmap.yaml +++ b/charts/forms-flow-web/templates/configmap.yaml @@ -9,19 +9,19 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: - KEYCLOAK_CLIENT: "{{tpl .Values.webclient .}}" - APPLICATION_NAME: "{{tpl .Values.webname .}}" + KEYCLOAK_CLIENT: "{{ tpl .Values.webclient . }}" + APPLICATION_NAME: "{{ tpl .Values.webname . }}" USER_ACCESS_PERMISSIONS: "{{ .Values.UserAccesPermissions }}" PUBLIC_WORKFLOW_ENABLED: "false" OPENTELEMETRY_SERVICE: "false" - WEB_BASE_CUSTOM_URL: "{{tpl .Values.web.base_custom_url .}}" - CUSTOM_THEME_URL: "{{tpl .Values.web.custom_theme_url .}}" + WEB_BASE_CUSTOM_URL: "{{ tpl .Values.web.base_custom_url . }}" + CUSTOM_THEME_URL: "{{ tpl .Values.web.custom_theme_url . }}" ENABLE_FORMS_MODULE: "true" ENABLE_TASKS_MODULE: "true" ENABLE_DASHBOARDS_MODULE: "true" ENABLE_PROCESSES_MODULE: "true" ENABLE_APPLICATIONS_MODULE: "true" - REACT_APP_LANGUAGE: "{{tpl .Values.Language .}}" - REACT_APP_SHOW_PREMIUM_ICON: "{{tpl .Values.ShowPremiumIcon .}}" - REACT_APP_IS_ENTERPRISE: "{{tpl .Values.IsEnterPrise .}}" - REACT_APP_CLARITY_KEY: "{{tpl .Values.ClarityKey .}}" \ No newline at end of file + REACT_APP_LANGUAGE: "{{ tpl .Values.Language . }}" + REACT_APP_SHOW_PREMIUM_ICON: "{{ tpl .Values.ShowPremiumIcon . }}" + REACT_APP_IS_ENTERPRISE: "{{ tpl .Values.IsEnterPrise . }}" + REACT_APP_CLARITY_KEY: "{{ tpl .Values.ClarityKey . }}" \ No newline at end of file diff --git a/charts/forms-flow-web/values.yaml b/charts/forms-flow-web/values.yaml index 4000efed..dfc1504b 100644 --- a/charts/forms-flow-web/values.yaml +++ b/charts/forms-flow-web/values.yaml @@ -504,7 +504,7 @@ web: base_custom_url: "" custom_theme_url: "" config_path: /usr/share/nginx/html/config/ -webclient: "{{.Chart.Name}}" +webclient: "{{ .Chart.Name }}" webname: formsflow UserAccesPermissions: "" Language: "" From f5aa67fcd930dfc7229de370896a8013c191f5ea Mon Sep 17 00:00:00 2001 From: amal Date: Mon, 6 Jan 2025 19:11:33 -0800 Subject: [PATCH 32/35] updated the nginx config with dynamic listen value --- .../forms-flow-admin/templates/_helpers.tpl | 6 +++++ .../templates/deployment.yaml | 14 ++++++++--- .../forms-flow-admin/templates/ingress.yaml | 6 +---- .../templates/proxy-config.yaml | 4 ++-- charts/forms-flow-admin/values.yaml | 24 +++++++++---------- charts/forms-flow-api/templates/_helpers.tpl | 7 +++++- .../forms-flow-api/templates/deployment.yaml | 8 +++++++ charts/forms-flow-api/templates/ingress.yaml | 6 +---- .../templates/proxy-config.yaml | 4 ++-- charts/forms-flow-api/values.yaml | 24 +++++++++---------- .../templates/_helpers.tpl | 7 +++++- .../templates/deployment.yaml | 8 +++++++ .../templates/ingress.yaml | 6 +---- .../templates/proxy-config.yaml | 6 ++--- charts/forms-flow-data-analysis/values.yaml | 23 +++++++++--------- .../templates/_helpers.tpl | 7 +++++- .../templates/deployment.yaml | 8 +++++++ .../templates/ingress.yaml | 6 +---- .../templates/proxy-config.yaml | 4 ++-- charts/forms-flow-documents-api/values.yaml | 23 +++++++++--------- .../forms-flow-forms/templates/_helpers.tpl | 7 ++++++ .../templates/deployment.yaml | 14 ++++++++--- .../forms-flow-forms/templates/ingress.yaml | 6 +---- .../templates/proxy-config.yaml | 4 ++-- charts/forms-flow-forms/values.yaml | 24 +++++++++---------- 25 files changed, 150 insertions(+), 106 deletions(-) diff --git a/charts/forms-flow-admin/templates/_helpers.tpl b/charts/forms-flow-admin/templates/_helpers.tpl index 31a9590d..bdac49a1 100644 --- a/charts/forms-flow-admin/templates/_helpers.tpl +++ b/charts/forms-flow-admin/templates/_helpers.tpl @@ -94,3 +94,9 @@ Return true if a configmap object should be created {{- define "forms-flow-admin.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} {{- end -}} +{{/* +Return the proper forms-flow-admin side car nginx image name +*/}} +{{- define "forms-flow-admin.nginx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.ExtraContainer.image "global" .Values.global) }} +{{- end -}} \ No newline at end of file diff --git a/charts/forms-flow-admin/templates/deployment.yaml b/charts/forms-flow-admin/templates/deployment.yaml index 853ced47..326ee051 100644 --- a/charts/forms-flow-admin/templates/deployment.yaml +++ b/charts/forms-flow-admin/templates/deployment.yaml @@ -244,9 +244,17 @@ spec: {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: nginx + image: {{ include "forms-flow-admin.nginx.image" . }} + ports: + - containerPort: {{ .Values.ingress.servicePort }} + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf volumes: - name: admin-logs emptyDir: {} diff --git a/charts/forms-flow-admin/templates/ingress.yaml b/charts/forms-flow-admin/templates/ingress.yaml index ac8d42f9..95ed5c05 100644 --- a/charts/forms-flow-admin/templates/ingress.yaml +++ b/charts/forms-flow-admin/templates/ingress.yaml @@ -27,11 +27,7 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: - service: - name: {{ include "common.names.fullname" . }} - port: - number: 80 + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-admin/templates/proxy-config.yaml b/charts/forms-flow-admin/templates/proxy-config.yaml index 901ccddb..d350f7fa 100644 --- a/charts/forms-flow-admin/templates/proxy-config.yaml +++ b/charts/forms-flow-admin/templates/proxy-config.yaml @@ -13,7 +13,7 @@ data: events { worker_connections 1024; } http { server { - listen 80; + listen {{ .Values.ingress.servicePort }}; location /admin { sub_filter ="/ ="/admin/; sub_filter ="/api/v1/swagger.json ="/admin/api/v1/swagger.json; @@ -26,7 +26,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Content-Type application/json; - proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; + proxy_pass http://localhost:{{ .Values.containerPorts.http }}; } } } diff --git a/charts/forms-flow-admin/values.yaml b/charts/forms-flow-admin/values.yaml index 856ad649..d09f0041 100644 --- a/charts/forms-flow-admin/values.yaml +++ b/charts/forms-flow-admin/values.yaml @@ -253,7 +253,7 @@ ingress: ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## - servicePort: 5000 + servicePort: 8080 ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations @@ -419,8 +419,8 @@ service: targetPort: http protocol: TCP - name: nginx - port: 80 - targetPort: 80 + port: 8080 + targetPort: 8080 protocol: TCP ## - name: system ## port: 1764 @@ -486,15 +486,15 @@ containerPorts: ## - mountPath: /usr/share/filebeat/filebeat.yml ## subPath: filebeat.yml ## name: admin-filebeat -sidecars: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf +## sidecars configuration +sidecars: {} +ExtraContainer: + ## nginx configuration for sidecar + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + pullPolicy: IfNotPresent + tag: "latest" configuration: [] diff --git a/charts/forms-flow-api/templates/_helpers.tpl b/charts/forms-flow-api/templates/_helpers.tpl index 07325b97..f72448e5 100644 --- a/charts/forms-flow-api/templates/_helpers.tpl +++ b/charts/forms-flow-api/templates/_helpers.tpl @@ -77,7 +77,12 @@ Return true if a configmap object should be created {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} {{- end -}} - +{{/* +Return the proper forms-flow-api side car nginx image name +*/}} +{{- define "forms-flow-api.nginx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.ExtraContainer.image "global" .Values.global) }} +{{- end -}} {{/* Return the proper Docker Image Registry Secret Names */}} diff --git a/charts/forms-flow-api/templates/deployment.yaml b/charts/forms-flow-api/templates/deployment.yaml index 9426ec67..adc2aa7a 100644 --- a/charts/forms-flow-api/templates/deployment.yaml +++ b/charts/forms-flow-api/templates/deployment.yaml @@ -297,6 +297,14 @@ spec: {{- if .Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} + - name: nginx + image: {{ include "forms-flow-api.nginx.image" . }} + ports: + - containerPort: {{ .Values.ingress.servicePort }} + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf volumes: - name: api-logs emptyDir: {} diff --git a/charts/forms-flow-api/templates/ingress.yaml b/charts/forms-flow-api/templates/ingress.yaml index 026e7a7b..ec643f93 100644 --- a/charts/forms-flow-api/templates/ingress.yaml +++ b/charts/forms-flow-api/templates/ingress.yaml @@ -27,11 +27,7 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: - service: - name: {{ include "common.names.fullname" . }} - port: - number: 80 + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-api/templates/proxy-config.yaml b/charts/forms-flow-api/templates/proxy-config.yaml index e79708fc..d052b7a1 100644 --- a/charts/forms-flow-api/templates/proxy-config.yaml +++ b/charts/forms-flow-api/templates/proxy-config.yaml @@ -13,7 +13,7 @@ data: events { worker_connections 1024; } http { server { - listen 80; + listen {{ .Values.ingress.servicePort }}; location /webapi { sub_filter ="/webapi/swaggerui/ ="/webapi/swaggerui/; sub_filter_once off; @@ -24,7 +24,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header SCRIPT_NAME /webapi; - proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; + proxy_pass http://localhost:{{ .Values.containerPorts.http }}; } } } diff --git a/charts/forms-flow-api/values.yaml b/charts/forms-flow-api/values.yaml index ffb929b7..c9c196d6 100644 --- a/charts/forms-flow-api/values.yaml +++ b/charts/forms-flow-api/values.yaml @@ -195,16 +195,14 @@ extraVolumes: {} ## extraVolumeMounts: {} ## sidecars configuration -sidecars: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - +sidecars: {} +ExtraContainer: + ## nginx configuration for sidecar + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + pullPolicy: IfNotPresent + tag: "latest" ## @param auth.existingSecret Existing secret containing password,username,dbname and ## existingSecret: "" @@ -256,7 +254,7 @@ ingress: ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## - servicePort: 5000 + servicePort: 8080 ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations @@ -402,8 +400,8 @@ service: targetPort: http protocol: TCP - name: nginx - port: 80 - targetPort: 80 + port: 8080 + targetPort: 8080 protocol: TCP ## - name: system ## port: 1764 diff --git a/charts/forms-flow-data-analysis/templates/_helpers.tpl b/charts/forms-flow-data-analysis/templates/_helpers.tpl index 50a3529b..1fb5cedb 100644 --- a/charts/forms-flow-data-analysis/templates/_helpers.tpl +++ b/charts/forms-flow-data-analysis/templates/_helpers.tpl @@ -76,7 +76,12 @@ Return true if a configmap object should be created {{- define "forms-flow-data-analysis.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} {{- end -}} - +{{/* +Return the proper forms-flow-data-analysis side car nginx image name +*/}} +{{- define "forms-flow-data-analysis.nginx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.ExtraContainer.image "global" .Values.global) }} +{{- end -}} {{/* Return the proper Docker Image Registry Secret Names diff --git a/charts/forms-flow-data-analysis/templates/deployment.yaml b/charts/forms-flow-data-analysis/templates/deployment.yaml index 215b7833..e0157146 100644 --- a/charts/forms-flow-data-analysis/templates/deployment.yaml +++ b/charts/forms-flow-data-analysis/templates/deployment.yaml @@ -195,6 +195,14 @@ spec: {{- if .Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} + - name: nginx + image: {{ include "forms-flow-data-analysis.nginx.image" . }} + ports: + - containerPort: {{ .Values.ingress.servicePort }} + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf volumes: - name: data-analysis-logs emptyDir: {} diff --git a/charts/forms-flow-data-analysis/templates/ingress.yaml b/charts/forms-flow-data-analysis/templates/ingress.yaml index 1a2a2b63..657b3ffb 100644 --- a/charts/forms-flow-data-analysis/templates/ingress.yaml +++ b/charts/forms-flow-data-analysis/templates/ingress.yaml @@ -27,11 +27,7 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: - service: - name: {{ include "common.names.fullname" . }} - port: - number: 80 + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-data-analysis/templates/proxy-config.yaml b/charts/forms-flow-data-analysis/templates/proxy-config.yaml index 8582ff88..a23be105 100644 --- a/charts/forms-flow-data-analysis/templates/proxy-config.yaml +++ b/charts/forms-flow-data-analysis/templates/proxy-config.yaml @@ -13,7 +13,7 @@ data: events { worker_connections 1024; } http { server { - listen 80; + listen {{ .Values.ingress.servicePort }}; location /analysis { rewrite ^/analysis/(.*)$ /$1 break; sub_filter '="/' '="/analysis/'; @@ -25,11 +25,11 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header SCRIPT_NAME /analysis; - proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; + proxy_pass http://localhost:{{ .Values.containerPorts.http }}; } location /analysis/swagger.json { proxy_set_header Host $http_host; - proxy_pass http://localhost:{{ .Values.ingress.servicePort }}/swagger.json; + proxy_pass http://localhost:{{ .Values.containerPorts.http }}/swagger.json; } } } diff --git a/charts/forms-flow-data-analysis/values.yaml b/charts/forms-flow-data-analysis/values.yaml index 05ba8c10..c1bc6327 100644 --- a/charts/forms-flow-data-analysis/values.yaml +++ b/charts/forms-flow-data-analysis/values.yaml @@ -197,15 +197,14 @@ extraVolumes: {} extraVolumeMounts: {} ## sidecars configuration -sidecars: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf +sidecars: {} +ExtraContainer: + ## nginx configuration for sidecar + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + pullPolicy: IfNotPresent + tag: "latest" ## @param auth.existingSecret Existing secret containing password,username,dbname and ## @@ -258,7 +257,7 @@ ingress: ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## - servicePort: 5000 + servicePort: 8080 ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations @@ -404,8 +403,8 @@ service: targetPort: http protocol: TCP - name: nginx - port: 80 - targetPort: 80 + port: 8080 + targetPort: 8080 protocol: TCP ## - name: system ## port: 1764 diff --git a/charts/forms-flow-documents-api/templates/_helpers.tpl b/charts/forms-flow-documents-api/templates/_helpers.tpl index 4873fb9a..5a8b6701 100644 --- a/charts/forms-flow-documents-api/templates/_helpers.tpl +++ b/charts/forms-flow-documents-api/templates/_helpers.tpl @@ -67,7 +67,12 @@ Create the name of the service account to use {{- define "forms-flow-documents-api.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} {{- end -}} - +{{/* +Return the proper forms-flow-documents-api side car nginx image name +*/}} +{{- define "forms-flow-documents-api.nginx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.ExtraContainer.image "global" .Values.global) }} +{{- end -}} {{/* Return the proper Docker Image Registry Secret Names diff --git a/charts/forms-flow-documents-api/templates/deployment.yaml b/charts/forms-flow-documents-api/templates/deployment.yaml index 0d780185..0ffde0f8 100644 --- a/charts/forms-flow-documents-api/templates/deployment.yaml +++ b/charts/forms-flow-documents-api/templates/deployment.yaml @@ -197,6 +197,14 @@ spec: {{- if .Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} + - name: nginx + image: {{ include "forms-flow-documents-api.nginx.image" . }} + ports: + - containerPort: {{ .Values.ingress.servicePort }} + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf volumes: - name: documents-logs emptyDir: {} diff --git a/charts/forms-flow-documents-api/templates/ingress.yaml b/charts/forms-flow-documents-api/templates/ingress.yaml index 13c33ae5..db29d611 100644 --- a/charts/forms-flow-documents-api/templates/ingress.yaml +++ b/charts/forms-flow-documents-api/templates/ingress.yaml @@ -27,11 +27,7 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: - service: - name: {{ include "common.names.fullname" . }} - port: - number: 80 + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-documents-api/templates/proxy-config.yaml b/charts/forms-flow-documents-api/templates/proxy-config.yaml index b93b86bc..32a8b0ae 100644 --- a/charts/forms-flow-documents-api/templates/proxy-config.yaml +++ b/charts/forms-flow-documents-api/templates/proxy-config.yaml @@ -13,7 +13,7 @@ data: events { worker_connections 1024; } http { server { - listen 80; + listen {{ .Values.ingress.servicePort }}; location /docapi { sub_filter ="/docapi/swaggerui/ ="/docapi/swaggerui/; sub_filter_once off; @@ -24,7 +24,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header SCRIPT_NAME /docapi; - proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; + proxy_pass http://localhost:{{ .Values.containerPorts.http }}; } } } diff --git a/charts/forms-flow-documents-api/values.yaml b/charts/forms-flow-documents-api/values.yaml index 58a29ceb..cf004bc2 100644 --- a/charts/forms-flow-documents-api/values.yaml +++ b/charts/forms-flow-documents-api/values.yaml @@ -199,15 +199,14 @@ extraVolumeMounts: {} ## sidecars configuration -sidecars: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf +sidecars: {} +ExtraContainer: + ## nginx configuration for sidecar + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + pullPolicy: IfNotPresent + tag: "latest" ## @param auth.existingSecret Existing secret containing password,username,dbname and ## @@ -263,7 +262,7 @@ ingress: ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## - servicePort: 5006 + servicePort: 8080 ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations @@ -409,8 +408,8 @@ service: targetPort: http protocol: TCP - name: nginx - port: 80 - targetPort: 80 + port: 8080 + targetPort: 8080 protocol: TCP ## - name: system ## port: 1764 diff --git a/charts/forms-flow-forms/templates/_helpers.tpl b/charts/forms-flow-forms/templates/_helpers.tpl index ec9bc373..3de29208 100644 --- a/charts/forms-flow-forms/templates/_helpers.tpl +++ b/charts/forms-flow-forms/templates/_helpers.tpl @@ -83,4 +83,11 @@ Return true if a configmap object should be created */}} {{- define "forms-flow-forms.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper forms-flow-forms side car nginx image name +*/}} +{{- define "forms-flow-forms.nginx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.ExtraContainer.image "global" .Values.global) }} {{- end -}} \ No newline at end of file diff --git a/charts/forms-flow-forms/templates/deployment.yaml b/charts/forms-flow-forms/templates/deployment.yaml index 82c55ea3..950755a0 100644 --- a/charts/forms-flow-forms/templates/deployment.yaml +++ b/charts/forms-flow-forms/templates/deployment.yaml @@ -186,9 +186,17 @@ spec: {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: nginx + image: {{ include "forms-flow-forms.nginx.image" . }} + ports: + - containerPort: {{ .Values.ingress.servicePort }} + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf volumes: - name: forms-logs emptyDir: {} diff --git a/charts/forms-flow-forms/templates/ingress.yaml b/charts/forms-flow-forms/templates/ingress.yaml index 2cf0b1a5..415974a9 100644 --- a/charts/forms-flow-forms/templates/ingress.yaml +++ b/charts/forms-flow-forms/templates/ingress.yaml @@ -27,11 +27,7 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: - service: - name: {{ include "common.names.fullname" . }} - port: - number: 80 + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ (tpl .name $) }} diff --git a/charts/forms-flow-forms/templates/proxy-config.yaml b/charts/forms-flow-forms/templates/proxy-config.yaml index b673939a..f8d43ab4 100644 --- a/charts/forms-flow-forms/templates/proxy-config.yaml +++ b/charts/forms-flow-forms/templates/proxy-config.yaml @@ -13,7 +13,7 @@ data: events { worker_connections 1024; } http { server { - listen 80; + listen {{ .Values.ingress.servicePort }}; location /formio/ { rewrite ^/formio/(.*)$ /$1 break; proxy_set_header Host $http_host; @@ -22,7 +22,7 @@ data: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Content-Type application/json; - proxy_pass http://localhost:{{ .Values.ingress.servicePort }}; + proxy_pass http://localhost:{{ .Values.containerPorts.http }}; } } } diff --git a/charts/forms-flow-forms/values.yaml b/charts/forms-flow-forms/values.yaml index 0ae1eee6..ab58bee3 100644 --- a/charts/forms-flow-forms/values.yaml +++ b/charts/forms-flow-forms/values.yaml @@ -252,7 +252,7 @@ ingress: ## @param ingress.servicePort Backend service port to use ## Default is http. Alternative is https. ## - servicePort: 3001 + servicePort: 8080 ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations @@ -447,8 +447,8 @@ service: targetPort: http protocol: TCP - name: nginx - port: 80 - targetPort: 80 + port: 8080 + targetPort: 8080 protocol: TCP ## - name: system ## port: 1764 @@ -514,15 +514,15 @@ containerPorts: ## - mountPath: /usr/share/filebeat/filebeat.yml ## subPath: filebeat.yml ## name: admin-filebeat -sidecars: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf +## sidecars configuration +sidecars: {} +ExtraContainer: + ## nginx configuration for sidecar + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + pullPolicy: IfNotPresent + tag: "latest" configuration: [] From 035b416508e3e99f6d97f754af26034b78fbffdd Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 7 Jan 2025 03:06:47 -0800 Subject: [PATCH 33/35] Updated analytics with nginx configurations --- .../templates/ingress.yaml | 3 ++- .../templates/proxy-config.yaml | 2 +- .../templates/server-deployment.yaml | 11 +++++--- charts/forms-flow-analytics/values.yaml | 26 ++++++++++--------- 4 files changed, 25 insertions(+), 17 deletions(-) diff --git a/charts/forms-flow-analytics/templates/ingress.yaml b/charts/forms-flow-analytics/templates/ingress.yaml index c433b7c0..a7d18855 100644 --- a/charts/forms-flow-analytics/templates/ingress.yaml +++ b/charts/forms-flow-analytics/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "redash.fullname" . -}} {{- $ingressPathType := .Values.ingress.pathType -}} +{{- $ingressPortNumber := .Values.ingress.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -37,7 +38,7 @@ spec: service: name: {{ $fullName }} port: - number: 80 + number: {{ $ingressPortNumber }} {{- end }} {{- end }} {{- end }} diff --git a/charts/forms-flow-analytics/templates/proxy-config.yaml b/charts/forms-flow-analytics/templates/proxy-config.yaml index 9d1de305..8867d363 100644 --- a/charts/forms-flow-analytics/templates/proxy-config.yaml +++ b/charts/forms-flow-analytics/templates/proxy-config.yaml @@ -9,7 +9,7 @@ data: events { worker_connections 1024; } http { server { - listen 80; + listen {{ .Values.ingress.port }}; location /redash/ { sub_filter ="/" ="/redash/"; sub_filter ="/static/ ="/redash/static/; diff --git a/charts/forms-flow-analytics/templates/server-deployment.yaml b/charts/forms-flow-analytics/templates/server-deployment.yaml index b23e2feb..a4b74a69 100644 --- a/charts/forms-flow-analytics/templates/server-deployment.yaml +++ b/charts/forms-flow-analytics/templates/server-deployment.yaml @@ -33,9 +33,6 @@ spec: initContainers: {{ toYaml . | nindent 8 }} {{- end }} containers: - {{- with .Values.server.extraContainers -}} - {{- toYaml . | nindent 8 }} - {{- end }} - name: {{ include "redash.name" . }}-server securityContext: {{ toYaml .Values.server.securityContext | nindent 12 }} image: {{ .Values.image.registry }}/{{ .Values.image.repo }}:{{ .Values.image.tag | default .Chart.AppVersion }} @@ -64,6 +61,14 @@ spec: {{- with .Values.server.resources }} resources: {{ toYaml . | nindent 12 }} {{- end }} + - name: nginx + image: {{ .Values.server.extraContainers.image.registry }}/{{ .Values.server.extraContainers.image.repo }}:{{ .Values.server.extraContainers.image.tag }} + ports: + - containerPort: {{ .Values.server.extraContainers.ContainerPort }} + volumeMounts: + - name: nginx-config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf {{- $volumes := concat .Values.volumes .Values.server.volumes -}} {{- with $volumes }} volumes: {{ toYaml . | nindent 8 }} diff --git a/charts/forms-flow-analytics/values.yaml b/charts/forms-flow-analytics/values.yaml index fa9ca7b6..cc54bf50 100644 --- a/charts/forms-flow-analytics/values.yaml +++ b/charts/forms-flow-analytics/values.yaml @@ -361,14 +361,16 @@ server: priorityClassName: extraContainers: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf + image: + registry: docker.io + # image.repo -- Redash image name used for server and worker pods + repo: nginxinc/nginx-unprivileged + # image.tag -- Redash image [tag](https://hub.docker.com/r/redash/redash/tags) + tag: latest + # image.pullPolicy - Image pull policy + pullPolicy: IfNotPresent + ContainerPort: 8080 + service: # service.annotations -- Annotations to add to the service @@ -381,10 +383,10 @@ service: externalTrafficPolicy: "" # service.port -- Service external port port: 5000 - + sidecar: - port: 80 - httpPort: 80 + port: 8080 + httpPort: 8080 ingress: # ingress.enabled -- Enable ingress controller resource enabled: true @@ -400,7 +402,7 @@ ingress: #ingress.pathType -- How ingress paths should be treated. pathType: Prefix - port: 80 + port: 8080 # ingress.tls -- Ingress TLS configuration tls: [] # - secretName: forms-flow-analytics-test.aot-technologies.com-tls From f3ceca8f77abb8f8a916528980d6ee8928ab9c3e Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 7 Jan 2025 03:35:24 -0800 Subject: [PATCH 34/35] updated resources for nginx in formsflow-analytics --- .../forms-flow-analytics/templates/server-deployment.yaml | 3 +++ charts/forms-flow-analytics/values.yaml | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/charts/forms-flow-analytics/templates/server-deployment.yaml b/charts/forms-flow-analytics/templates/server-deployment.yaml index a4b74a69..b23d63cc 100644 --- a/charts/forms-flow-analytics/templates/server-deployment.yaml +++ b/charts/forms-flow-analytics/templates/server-deployment.yaml @@ -65,6 +65,9 @@ spec: image: {{ .Values.server.extraContainers.image.registry }}/{{ .Values.server.extraContainers.image.repo }}:{{ .Values.server.extraContainers.image.tag }} ports: - containerPort: {{ .Values.server.extraContainers.ContainerPort }} + {{- with .Values.server.extraContainers.resources }} + resources: {{ toYaml . | nindent 12 }} + {{- end }} volumeMounts: - name: nginx-config-volume mountPath: /etc/nginx/nginx.conf diff --git a/charts/forms-flow-analytics/values.yaml b/charts/forms-flow-analytics/values.yaml index cc54bf50..8bf53e41 100644 --- a/charts/forms-flow-analytics/values.yaml +++ b/charts/forms-flow-analytics/values.yaml @@ -370,6 +370,13 @@ server: # image.pullPolicy - Image pull policy pullPolicy: IfNotPresent ContainerPort: 8080 + resources: + limits: + cpu: 150m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi service: From c56a50128a53951437b0a6749ad43583030b3851 Mon Sep 17 00:00:00 2001 From: amal Date: Tue, 7 Jan 2025 20:31:27 -0800 Subject: [PATCH 35/35] updated analytics with nginx container and data analysis with image name --- .../forms-flow-analytics/templates/server-deployment.yaml | 3 --- charts/forms-flow-analytics/values.yaml | 7 ------- charts/forms-flow-data-analysis/values.yaml | 2 +- 3 files changed, 1 insertion(+), 11 deletions(-) diff --git a/charts/forms-flow-analytics/templates/server-deployment.yaml b/charts/forms-flow-analytics/templates/server-deployment.yaml index b23d63cc..a4b74a69 100644 --- a/charts/forms-flow-analytics/templates/server-deployment.yaml +++ b/charts/forms-flow-analytics/templates/server-deployment.yaml @@ -65,9 +65,6 @@ spec: image: {{ .Values.server.extraContainers.image.registry }}/{{ .Values.server.extraContainers.image.repo }}:{{ .Values.server.extraContainers.image.tag }} ports: - containerPort: {{ .Values.server.extraContainers.ContainerPort }} - {{- with .Values.server.extraContainers.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} volumeMounts: - name: nginx-config-volume mountPath: /etc/nginx/nginx.conf diff --git a/charts/forms-flow-analytics/values.yaml b/charts/forms-flow-analytics/values.yaml index 8bf53e41..cc54bf50 100644 --- a/charts/forms-flow-analytics/values.yaml +++ b/charts/forms-flow-analytics/values.yaml @@ -370,13 +370,6 @@ server: # image.pullPolicy - Image pull policy pullPolicy: IfNotPresent ContainerPort: 8080 - resources: - limits: - cpu: 150m - memory: 200Mi - requests: - cpu: 100m - memory: 100Mi service: diff --git a/charts/forms-flow-data-analysis/values.yaml b/charts/forms-flow-data-analysis/values.yaml index c1bc6327..74e13518 100644 --- a/charts/forms-flow-data-analysis/values.yaml +++ b/charts/forms-flow-data-analysis/values.yaml @@ -4,7 +4,7 @@ image: repository: formsflow/forms-flow-data-analysis-api pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v7.0.0-alpha-trim" + tag: "v7.0.0-alpha" ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: