helm/cloudypress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Created chart and CI/CD

Browse Source
This commit is contained in:
Lars Scheibling
2023-03-19 22:43:41 +00:00
parent 9f91f4efe5
commit 520bfbb549
19 changed files with 40 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Chart/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,11 @@
You have successfully installed your new website {{ .Values.site.url }}
Ingress Domains:
- {{ .Values.site.url | replace "www." "" }}
- www.{{ .Values.site.url | replace "www." "" }}
- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressNames }}
{{- range .Values.site.additionalIngressNames }}
- {{ . }}
{{- end }}
{{- end }}

33
Chart/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{/*
Define the application name and fullname
*/}}
{{- define "..name" -}}
{{- .Values.site.url | trunc 63 | replace "." "-" | trimSuffix "-" }}
{{- end }}
{{- define "..fullname" -}}
{{ include "..name" . }}
{{- end }}
{{/*
Define the chart name and version
*/}}
{{- define "..chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Define the chart common labels
*/}}
{{- define "..labels" -}}
helm.sh/chart: {{ include "..chart" . }}
app.kubernetes.io/name: {{ include "..name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
cloudyne.systems/package: {{ .Values.customer.package.size }}
{{- end }}

22
Chart/templates/certificate.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "..fullname" . }}-cert
labels:
{{- include "..labels" . | nindent 8 }}
spec:
issuerRef:
name: cloudyne-internal-root-v2
kind: ClusterIssuer
secretName: {{ include "..fullname" . }}-cert-secret
commonName: {{ .Values.site.url }}
dnsNames:
- {{ .Values.site.url | replace "www." "" }}
- www.{{ .Values.site.url | replace "www." "" }}
- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressNames }}
{{- range .Values.site.additionalIngressNames }}
- {{ . }}
{{- end }}
{{- end }}

266
Chart/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,266 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "..fullname" . }}-env
labels:
{{- include "..labels" . | nindent 8 }}
data:
SMTP_PORT: '2525'
SMTP_AUTH: 'true'
SMTP_FORCE_FROM: "noreply@customer.v3.nu"
SMTP_FROM_NAME: "V3 Customer Mailer"
WP_ENV: "production"
{{- if .Values.site.overrideMainUrl }}
WP_HOME: "https://{{ .Values.site.overrideMainUrl }}"
{{- else }}
WP_HOME: "https://{{ .Values.site.url }}"
{{- end }}
{{- if and .Values.site.init .Values.site.init.composerPackage }}
RUN_COMPOSER: 'true'
INSTALL_SITE: {{ .Values.site.init.composerPackage }}
SET_THEME: {{ .Values.site.init.themeName | default "" }}
{{- end }}
{{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }}
RUN_IMPORTS: 'true'
IMPORT_CONTENT: {{ .Values.site.init.content.url }}
{{- end }}
{{- if and .Values.site.init .Values.site.init.database .Values.site.init.database.import }}
RUN_DATABASEIMPORTS: 'true'
IMPORT_DATABASE: {{ .Values.site.init.database.url }}
FORCE_IMPORT_DB: {{ .Values.site.init.database.force | default "false" | quote }}
{{- end }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "..fullname" . }}-cfg
labels:
{{- include "..labels" . | nindent 8 }}
data:
www.conf: |-
[www]
{{- if and .Values.global .Values.global.php }}
listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }}
listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }}
pm = {{ .Values.global.php.pmMode | default "ondemand" }}
pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }}
pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }}
pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }}
security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }}
php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }}
php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }}
php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" }}
php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }}
php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }}
{{- else }}
listen = 127.0.0.1:8123
listen.backlog = 511
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 30s
pm.max_requests = 1000
security.limit_extensions = .php
php_admin_value[expose_php] = Off
php_admin_value[short_open_tag] = Off
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source
php_value[log_errors] = On
{{- end }}
ping.path = /fpm-ping
listen.allowed_clients = 127.0.0.1
catch_workers_output = yes
php_value[error_log] = /dev/stderr
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
php_admin_value[{{ $k }}] = {{ $v }}
{{- end }}
{{- end }}
nginx.conf: |
worker_processes auto;
error_log stderr warn;
pid /run/nginx/nginx.pid;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.globalAdditions | default "" }}
{{- end }}
events {
{{- if and .Values.global .Values.global.nginx }}}
worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }};
{{ .Values.global.nginx.eventsAdditions | default "" }}
{{- else }}
worker_connections 1024;
{{- end }}
}
http {
include mime.types;
default_type application/octet-stream;
disable_symlinks off;
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
{{- if and .Values.global .Values.global.nginx }}}
keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }};
{{- else }}
keepalive_timeout 61;
{{- end }}
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
{{- if and .Values.global .Values.global.nginx }}}
sendfile {{ .Values.global.nginx.sendfile | default "off" }};
tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }};
absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }};
{{- else }}
sendfile off;
tcp_nodelay on;
absolute_redirect off;
{{- end }}
{{- if and .Values.site .Values.site.webroot }}}
root {{ .Values.site.webroot.path | default "/app/web" }};
index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }};
{{- else }}
root /app/web;
index {{ .Values.site.webroot.indexes }};
{{- end }}
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.rootLocationAdditions | default "" }}
{{- end }}
}
location ~* /app/web/app/uploads/.*.php$ {
deny all;
}
location ~* /wp-content/uploads/.*.php$ {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
location ~ \.php$ {
{{- if and .Values.global .Values.global.nginx }}}
fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }};
fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }};
fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }};
fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }};
{{- else }}
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 300;
{{- end }}
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:8123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.phpLocationAdditions | default "" }}
{{- end }}
}
location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ {
expires 5d;
}
gzip_comp_level 5;
gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\. {
log_not_found off;
deny all;
}
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:8123;
}
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.serverAdditions | default "" }}
{{- end }}
}
proxy_hide_header X-Powered-By;
fastcgi_hide_header X-Powered-By;
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.httpAdditions }}
{{- end }}
include /etc/nginx/modules/*.conf;
}

20
Chart/templates/database.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: "kci.rocks/v1alpha1"
kind: "Database"
metadata:
name: {{ include "..fullname" . }}-db
labels:
{{- include "..labels" . | nindent 8 }}
spec:
secretName: {{ include "..fullname" . }}-db-auth
instance: {{ .Values.global.dbInstance | default "kincaid" }}
deletionProtected: yes
backup:
enable: No
cron: "0 0 * * *"
secretsTemplates:
PMA_HOST:{{` "{{ .DatabaseHost }}" `}}
PMA_PORT:{{` "{{ .DatabasePort }}" `}}
PMA_USER:{{` "{{ .UserName }}" `}}
PMA_PASS:{{` "{{ .Password }}" `}}
PMA_NAME:{{` "{{ .DatabaseName }}" `}}
DATABASE_URL:{{` "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" `}}

116
Chart/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,116 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 4 }}
cloudyne.systems/component: site
spec:
{{- if and .Values.customer .Values.customer.package }}
replicas: {{ .Values.customer.package.replicas | default 1 }}
{{- else }}
replicas: 1
{{- end }}
selector:
matchLabels:
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
template:
metadata:
labels:
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
spec:
securityContext:
fsGroup: 65534
volumes:
- name: cloud
persistentVolumeClaim:
claimName: pvc-{{ include "..fullname" . }}
- name: local
emptyDir: {}
- name: serverconfig
configMap:
name: {{ include "..fullname" . }}-cfg
initContainers:
- name: deploy
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
{{- if .Values.global }}
image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-init" }}:{{ .Values.global.imagetag | default "latest" }}
{{- else }}
image: ghcr.io/cloudynes/php-init:latest
{{- end }}
imagePullPolicy: Always
volumeMounts:
- name: local
mountPath: /app
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }}
{{- range $v := .Values.site.storage.cloud.folders }}
- name: cloud
mountPath: {{ $v.localPath }}
subPath: {{ $v.cloudPath }}
{{- end }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "..fullname" . }}-env
- secretRef:
name: {{ include "..fullname" . }}-db-auth
- secretRef:
name: global-secrets
containers:
- name: wordpress
securityContext:
runAsUser: 65534
{{- if .Values.global }}
image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-nginx" }}:{{ .Values.global.imagetag | default "latest" }}
{{- else }}
image: ghcr.io/cloudynes/php-nginx:latest
{{- end }}
imagePullPolicy: Always
volumeMounts:
- name: local
mountPath: /app
- name: serverconfig
mountPath: /etx/nginx/nginx.conf
subPath: nginx.conf
- name: serverconfig
mountPath: /usr/local/etc/php-fpm.d/www.conf
subPath: www.conf
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }}
{{- range $v := .Values.site.storage.cloud.folders }}
- name: cloud
mountPath: {{ $v.localPath }}
subPath: {{ $v.cloudPath }}
{{- end }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "..fullname" . }}-env
- secretRef:
name: {{ include "..fullname" . }}-db-auth
- secretRef:
name: global-secrets
resources:
{{- if and .Values.customer .Values.customer.package .Values.customer.package.cpu }}
requests:
cpu: {{ .Values.customer.package.cpu.avg | default "1000m" }}
memory: {{ .Values.customer.package.mem.avg | default "1Gi" }}
limits:
cpu: {{ .Values.customer.package.cpu.peak | default "1000m" }}
memory: {{ .Values.customer.package.mem.peak | default "1Gi" }}
{{- else }}
requests:
cpu: 1000m
memory: 1Gi
limits:
cpu: 1000m
memory: 1Gi
{{- end }}
ports:
- containerPort: 8080
name: http
protocol: TCP

28
Chart/templates/externalsecret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: global-secrets-ext
namespace: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 8 }}
spec:
refreshInterval: 4h
secretStoreRef:
kind: ClusterSecretStore
name: az-cluster-store
target:
name: global-secrets
creationPolicy: Owner
data:
- secretKey: COMPOSER_AUTH
remoteRef:
key: secret/GITLAB-COMPOSER-AUTH
- secretKey: SMTP_USER
remoteRef:
key: secret/SMTP-USER
- secretKey: SMTP_PASS
remoteRef:
key: secret/SMTP-PASSWORD
- secretKey: SMTP_HOST
remoteRef:
key: secret/SMTP-HOST

76
Chart/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 4 }}
spec:
ingressClassName: nginx
tls:
- secretName: {{ include "..fullname" . }}-cert-secret
hosts:
- {{ .Values.site.url | replace "www." "" }}
- www.{{ .Values.site.url | replace "www." "" }}
- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressNames }}
{{- range .Values.site.additionalIngressNames }}
- {{ . }}
{{- end }}
{{- end }}
rules:
- host: {{ .Values.site.url | replace "www." "" }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: www.{{ .Values.site.url | replace "www." "" }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
{{- if .Values.site.additionalIngressNames }}
{{- range .Values.site.additionalIngressNames }}
- host: {{ . }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
{{- end }}
{{- end }}

38
Chart/templates/persistentvolume.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-{{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 8 }}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: {{ .Values.customer.package.disk }}
csi:
driver: blob.csi.azure.com
nodeStageSecretRef:
name: cloudyne{{ .Values.site.storage.cloud.class }}-credentials
namespace: blob-csi
volumeAttributes:
containername: {{ .Values.site.storage.cloud.container }}
csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }}
csi.storage.k8s.io/pvc/namespace: {{ include "..fullname" . }}
secretnamespace: {{ include "..fullname" . }}
skuName: {{ .Values.site.storage.cloud.type }}
volumeHandle: {{ .Values.site.storage.cloud.class }}-retain_{{ include "..fullname" . }}
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING
- --cache-size-mb=3500
- -o uid=65534
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.site.storage.cloud.class }}-retain
volumeMode: Filesystem
---

22
Chart/templates/persistentvolumeclaim.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
volume.beta.kubernetes.io/storage-provisioner: blob.csi.azure.com
volume.kubernetes.io/storage-provisioner: blob.csi.azure.com
labels:
{{- include "..labels" . | nindent 8 }}
name: pvc-{{ include "..fullname" . }}
spec:
volumeMode: Filesystem
volumeName: pv-{{ include "..fullname" . }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.customer.package.disk }}
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud }}
storageClassName: {{ .Values.site.storage.cloud.class }}-retain
{{- end }}

16
Chart/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 8 }}
cloudyne.systems/component: site
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
type: ClusterIP

15
Chart/templates/tests/site-live.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "..fullname" . }}-test-connection"
labels:
{{- include "..labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "..fullname" . }}:8080']
restartPolicy: Never