From da2afcd24bfd98cf6039245ac69b9f5cc617f2bb Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 18 Mar 2023 23:16:04 +0000 Subject: [PATCH] Started creating chart --- .gitignore | 1 + chart/{templates => templates-old}/NOTES.txt | 0 chart/templates-old/_helpers.tpl | 62 +++++ chart/templates-old/deployment.yaml | 61 ++++ chart/{templates => templates-old}/hpa.yaml | 0 .../{templates => templates-old}/ingress.yaml | 0 .../{templates => templates-old}/service.yaml | 0 .../serviceaccount.yaml | 0 .../tests/test-connection.yaml | 0 chart/templates/_helpers.tpl | 53 +--- chart/templates/certificate.yaml | 14 + chart/templates/configmap.yaml | 263 ++++++++++++++++++ chart/templates/database.yaml | 20 ++ chart/templates/deployment.yaml | 118 ++++---- chart/templates/externalsecret.yaml | 28 ++ chart/templates/persistentvolume.yaml | 38 +++ chart/templates/persistentvolumeclaim.yaml | 19 ++ chart/templates/resourcequota.yaml | 12 + chart/templates/tests/site-live.yaml | 15 + chart/values.yaml | 171 ++++++++---- 20 files changed, 723 insertions(+), 152 deletions(-) create mode 100644 .gitignore rename chart/{templates => templates-old}/NOTES.txt (100%) create mode 100644 chart/templates-old/_helpers.tpl create mode 100644 chart/templates-old/deployment.yaml rename chart/{templates => templates-old}/hpa.yaml (100%) rename chart/{templates => templates-old}/ingress.yaml (100%) rename chart/{templates => templates-old}/service.yaml (100%) rename chart/{templates => templates-old}/serviceaccount.yaml (100%) rename chart/{templates => templates-old}/tests/test-connection.yaml (100%) create mode 100644 chart/templates/certificate.yaml create mode 100644 chart/templates/configmap.yaml create mode 100644 chart/templates/database.yaml create mode 100644 chart/templates/externalsecret.yaml create mode 100644 chart/templates/persistentvolume.yaml create mode 100644 chart/templates/persistentvolumeclaim.yaml create mode 100644 chart/templates/resourcequota.yaml create mode 100644 chart/templates/tests/site-live.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7d10100 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +values.yaml \ No newline at end of file diff --git a/chart/templates/NOTES.txt b/chart/templates-old/NOTES.txt similarity index 100% rename from chart/templates/NOTES.txt rename to chart/templates-old/NOTES.txt diff --git a/chart/templates-old/_helpers.tpl b/chart/templates-old/_helpers.tpl new file mode 100644 index 0000000..7fc608d --- /dev/null +++ b/chart/templates-old/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "..name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "..fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "..chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "..labels" -}} +helm.sh/chart: {{ include "..chart" . }} +{{ include "..selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "..selectorLabels" -}} +app.kubernetes.io/name: {{ include "..name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "..serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "..fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/chart/templates-old/deployment.yaml b/chart/templates-old/deployment.yaml new file mode 100644 index 0000000..4fbbb2f --- /dev/null +++ b/chart/templates-old/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "..fullname" . }} + labels: + {{- include "..labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "..selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "..selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "..serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/chart/templates/hpa.yaml b/chart/templates-old/hpa.yaml similarity index 100% rename from chart/templates/hpa.yaml rename to chart/templates-old/hpa.yaml diff --git a/chart/templates/ingress.yaml b/chart/templates-old/ingress.yaml similarity index 100% rename from chart/templates/ingress.yaml rename to chart/templates-old/ingress.yaml diff --git a/chart/templates/service.yaml b/chart/templates-old/service.yaml similarity index 100% rename from chart/templates/service.yaml rename to chart/templates-old/service.yaml diff --git a/chart/templates/serviceaccount.yaml b/chart/templates-old/serviceaccount.yaml similarity index 100% rename from chart/templates/serviceaccount.yaml rename to chart/templates-old/serviceaccount.yaml diff --git a/chart/templates/tests/test-connection.yaml b/chart/templates-old/tests/test-connection.yaml similarity index 100% rename from chart/templates/tests/test-connection.yaml rename to chart/templates-old/tests/test-connection.yaml diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 7fc608d..8b57a08 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -1,62 +1,33 @@ {{/* -Expand the name of the chart. +Define the application name and fullname */}} + {{- define "..name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- .Values.site.url | trunc 63 | replace "." "-" | trimSuffix "-" }} {{- end }} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} {{- define "..fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} +{{ include "..name" . }} {{- end }} {{/* -Create chart name and version as used by the chart label. +Define the chart name and version */}} + {{- define "..chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* -Common labels +Define the chart common labels */}} {{- define "..labels" -}} helm.sh/chart: {{ include "..chart" . }} -{{ include "..selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "..selectorLabels" -}} app.kubernetes.io/name: {{ include "..name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "..serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "..fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +cloudyne.systems/customer: {{ .Values.customer.name }} +cloudyne.systems/site: {{ .Values.site.url }} +cloudyne.systems/package: {{ .Values.customer.package.size }} {{- end }} diff --git a/chart/templates/certificate.yaml b/chart/templates/certificate.yaml new file mode 100644 index 0000000..f42645a --- /dev/null +++ b/chart/templates/certificate.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "..fullname" . }}-cert + labels: + {{- include "..labels" . | nindent 8 }} +spec: + issuerRef: + name: cloudyne-internal-root-v2 + kind: ClusterIssuer + secretName: {{ include "..fullname" . }}-cert-secret + commonName: {{ .Values.site.url }} + dnsNames: {{ range .Values.site.ingressNames }} + - {{ . }}{{end}} diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml new file mode 100644 index 0000000..21b773e --- /dev/null +++ b/chart/templates/configmap.yaml @@ -0,0 +1,263 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "..fullname" . }}-env + labels: + {{- include "..labels" . | nindent 8 }} +data: + SMTP_PORT: 2525 + SMTP_AUTH: "true" + SMTP_FORCE_FROM: "noreply@customer.v3.nu" + SMTP_FROM_NAME: "Gunnar Nilsson Maskin AB" + WP_ENV: "production" + WP_HOME: {{ .Values.site.url }} + WP_SITEURL: {{ .Values.site.url }}/wp + + {{- if and .values.Site.init .Values.site.init.composerPackage }} + RUN_COMPOSER: "true" + INSTALL_SITE: {{ .Values.site.init.composerPackage }} + SET_THEME: {{ .Values.site.init.themeName | default "" }} + {{- end }} + + {{- if and .values.Site.init .Values.site.init.content .Values.site.init.content.import }} + RUN_IMPORTS: "true" + IMPORT_CONTENT: {{ .Values.site.init.content.url }} + {{- end }} + + {{- if and .values.Site.init .Values.site.init.database .Values.site.init.database.import }} + RUN_DATABASEIMPORTS: "true" + IMPORT_DATABASE: {{ .Values.site.init.database.url }} + FORCE_IMPORT_DB: {{ .Values.site.init.database.force | default "false" }} + {{- end }} + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "..fullname" . }}-configfiles + labels: + {{- include "..labels" . | nindent 8 }} +data: + www.conf: |- + [www] + + + {{- if and .Values.global .Values.global.php }} + listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }} + listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }} + + pm = {{ .Values.global.php.pmMode | default "ondemand" }} + pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }} + pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }} + pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }} + security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }} + php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }} + php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }} + php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" }} + php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }} + php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }} + + {{- else }} + + listen = 127.0.0.1:8123 + listen.backlog = 511 + + pm = ondemand + pm.max_children = 100 + pm.process_idle_timeout = 30s + pm.max_requests = 1000 + security.limit_extensions = .php + php_admin_value[expose_php] = Off + php_admin_value[short_open_tag] = Off + php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source + php_value[log_errors] = On + + {{- end }} + + ping.path = /fpm-ping + listen.allowed_clients = 127.0.0.1 + catch_workers_output = yes + php_value[error_log] = /dev/stderr + + + {{- if .Values.global.php.adminValues }} + {{- range $k, $v := .Values.global.php.adminValues }} + php_admin_value[{{ $k }}] = {{ $v }} + {{- end }} + {{- end }} + + + nginx.conf: | + worker_processes auto; + error_log stderr warn; + pid /run/nginx/nginx.pid; + + {{- if and .Values.global .Values.global.nginx }} + {{ .Values.global.nginx.globalAdditions | default "" }} + {{- end }} + + events { + {{- if and .Values.global .Values.global.nginx }}} + worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }}; + {{ .Values.global.nginx.eventsAdditions | default "" }} + {{- else }} + worker_connections 1024; + {{- end }} + } + + http { + include mime.types; + default_type application/octet-stream; + + disable_symlinks off; + + log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '$request_time $upstream_response_time $pipe $upstream_cache_status'; + + access_log /dev/stdout main_timed; + error_log /dev/stderr notice; + {{- if and .Values.global .Values.global.nginx }}} + keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }}; + {{- else }} + keepalive_timeout 61; + {{- end }} + + + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + server { + listen [::]:8080 default_server; + listen 8080 default_server; + server_name _; + {{- if and .Values.global .Values.global.nginx }}} + sendfile {{ .Values.global.nginx.sendfile | default "off" }}; + tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }}; + absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }}; + {{- else }} + sendfile off; + tcp_nodelay on; + absolute_redirect off; + {{- end }} + + {{- if and .Values.site .Values.site.webroot }}} + root {{ .Values.site.webroot.path | default "/app/web" }}; + index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }}; + {{- else }} + root /app/web; + index {{ .Values.site.webroot.indexes }}; + {{- end }} + + + location / { + try_files $uri $uri/ /index.php?q=$uri&$args; + {{- if and .Values.global .Values.global.nginx }}} + {{ .Values.global.nginx.rootLocationAdditions | default "" }} + {{- end }} + + } + + location ~* /app/web/app/uploads/.*.php$ { + deny all; + } + + location ~* /wp-content/uploads/.*.php$ { + deny all; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /var/lib/nginx/html; + } + + location ~ \.php$ { + {{- if and .Values.global .Values.global.nginx }}} + fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }}; + fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }}; + fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }}; + fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }}; + {{- else }} + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_read_timeout 300; + {{- end }} + + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass 127.0.0.1:8123; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + {{- if and .Values.global .Values.global.nginx }}} + {{ .Values.global.nginx.phpLocationAdditions | default "" }} + {{- end }} + } + + location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ { + expires 5d; + } + + gzip_comp_level 5; + gzip_min_length 256; + gzip_types + application/atom+xml + application/javascript + application/json + application/rss+xml + application/vnd.ms-fontobject + application/x-font-ttf + application/x-font-opentype + application/x-font-truetype + application/x-javascript + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/eot + font/opentype + font/otf + image/svg+xml + image/x-icon + image/vnd.microsoft.icon + text/css + text/plain + text/javascript + text/x-component; + + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + location ~ /\. { + log_not_found off; + deny all; + } + + location ~ ^/(fpm-status|fpm-ping)$ { + access_log off; + allow 127.0.0.1; + deny all; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass 127.0.0.1:8123; + } + {{- if and .Values.global .Values.global.nginx }}} + {{ .Values.global.nginx.serverAdditions | default "" }} + {{- end }} + + } + + proxy_hide_header X-Powered-By; + fastcgi_hide_header X-Powered-By; + server_tokens off; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + {{- if and .Values.global .Values.global.nginx }}} + {{ .Values.global.nginx.httpAdditions }} + {{- end }} + + include /etc/nginx/modules/*.conf; + } \ No newline at end of file diff --git a/chart/templates/database.yaml b/chart/templates/database.yaml new file mode 100644 index 0000000..8e63317 --- /dev/null +++ b/chart/templates/database.yaml @@ -0,0 +1,20 @@ +apiVersion: "kci.rocks/v1alpha1" +kind: "Database" +metadata: + name: {{ include "..fullname" . }}-db + labels: + {{- include "..labels" . | nindent 8 }} +spec: + secretName: {{ include "..fullname" . }}-db-auth + instance: {{ .Values.global.dbInstance | default "kincaid" }} + deletionProtected: true + backup: + enable: false + cron: "0 0 * * *" + secretsTemplates: + PMA_HOST:{{` "{{ .DatabaseHost }}" `}} + PMA_PORT:{{` "{{ .DatabasePort }}" `}} + PMA_USER:{{` "{{ .UserName }}" `}} + PMA_PASS:{{` "{{ .Password }}" `}} + PMA_NAME:{{` "{{ .DatabaseName }}" `}} + DATABASE_URL:{{` "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" `}} diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 4fbbb2f..f48a206 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -1,61 +1,63 @@ apiVersion: apps/v1 -kind: Deployment +kind: Certificate metadata: - name: {{ include "..fullname" . }} - labels: - {{- include "..labels" . | nindent 4 }} + name: {{ include "..fullname" . }}-cert + labels: + {{- include "..labels" . | nindent 8 }} + cloudyne.systems/component: site spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "..selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "..selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "..serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- if and .Values.customer .Values.customer.package }} + replicas: {{ .Values.customer.package.replicas | default 1 }} + {{- end }} + selector: + matchLabels: + cloudyne.systems/customer: {{ .Values.customer.name }} + cloudyne.systems/site: {{ .Values.site.url }} + template: + metadata: + labels: + cloudyne.systems/customer: {{ .Values.customer.name }} + cloudyne.systems/site: {{ .Values.site.url }} + spec: + securityContext: + fsGroup: 65534 + volumes: + - name: cloud + persistentVolumeClaim: + claimName: pvc-{{ include "..fullname" . }} + - name: local + emptyDir: {} + initContainers: + - name: deploy + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + {{- if .Values.global }} + image: {{ .Values.global.initImage }}:{{ .Values.global.imagetag }} + {{- else }} + image: ghcr.io/cloudynes/php-init:latest + {{- end }} + imagePullPolicy: Always + command: [ "bash", "/init-py/init.sh" ] + volumeMounts: + - name: site + mountPath: /app + {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} + {{- range $v := .Values.site.storage.cloud.folders }} + - name: cloud + mountPath: {{ $v.localPath }} + subPath: {{ $v.cloudPath }} + {{- end }} + {{- end }} + envFrom: + - configMapRef: + name: {{ include "..fullname" . }}-env + - secretRef: + name: {{ include "..fullname" . }}-db-auth + containers: + - name: wordpress + securityContext: + runAsUser: 65534 + + + \ No newline at end of file diff --git a/chart/templates/externalsecret.yaml b/chart/templates/externalsecret.yaml new file mode 100644 index 0000000..7522d18 --- /dev/null +++ b/chart/templates/externalsecret.yaml @@ -0,0 +1,28 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: global-secrets-ext + namespace: {{ include "..fullname" . }} + labels: + {{- include "..labels" . | nindent 8 }} +spec: + refreshInterval: 4h + secretStoreRef: + kind: ClusterSecretStore + name: az-cluster-store + target: + name: global-secrets + creationPolicy: Owner + data: + - secretKey: COMPOSER_AUTH + remoteRef: + key: secret/GITLAB-COMPOSER-AUTH + - secretKey: SMTP_USER + remoteRef: + key: secret/SMTP-USER + - secretKey: SMTP_PASS + remoteRef: + key: secret/SMTP-PASSWORD + - secretKey: SMTP_HOST + remoteRef: + key: secret/SMTP-HOST diff --git a/chart/templates/persistentvolume.yaml b/chart/templates/persistentvolume.yaml new file mode 100644 index 0000000..bde11de --- /dev/null +++ b/chart/templates/persistentvolume.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-{{ include "..fullname" . }} + labels: + {{- include "..labels" . | nindent 8 }} +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: {{ .Values.customer.package.disk }} + csi: + driver: blob.csi.azure.com + nodeStageSecretRef: + name: cloudyne{{ .Values.site.storage.cloud.class }}-credentials + namespace: blob-csi + volumeAttributes: + containername: {{ .Values.site.storage.cloud.container }} + csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }} + csi.storage.k8s.io/pvc/namespace: {{ .Values.customer.name }} + secretnamespace: {{ .Values.customer.name }} + skuName: {{ .Values.site.storage.cloud.type }} + volumeHandle: {{ .Values.site.storage.cloud.class }}-retain_{{ include "..fullname" . }} + mountOptions: + - -o allow_other + - --file-cache-timeout-in-seconds=120 + - --use-attr-cache=true + - --cancel-list-on-mount-seconds=10 + - -o attr_timeout=120 + - -o entry_timeout=120 + - -o negative_timeout=120 + - --log-level=LOG_WARNING + - --cache-size-mb=3500 + - -o uid=65534 + persistentVolumeReclaimPolicy: Retain + storageClassName: {{ .Values.site.storage.cloud.class }}-retain + volumeMode: Filesystem +--- \ No newline at end of file diff --git a/chart/templates/persistentvolumeclaim.yaml b/chart/templates/persistentvolumeclaim.yaml new file mode 100644 index 0000000..ec507a9 --- /dev/null +++ b/chart/templates/persistentvolumeclaim.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + volume.beta.kubernetes.io/storage-provisioner: blob.csi.azure.com + volume.kubernetes.io/storage-provisioner: blob.csi.azure.com + labels: + {{- include "..labels" . | nindent 8 }} + name: pvc-{{ include "..fullname" . }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.customer.package.disk }} + storageClassName: {{ .Values.site.storage.cloud.class }}-retain + volumeMode: Filesystem + volumeName: pv-{{ include "..fullname" . }} \ No newline at end of file diff --git a/chart/templates/resourcequota.yaml b/chart/templates/resourcequota.yaml new file mode 100644 index 0000000..e631370 --- /dev/null +++ b/chart/templates/resourcequota.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ include "..fullname" . }} + labels: + {{- include "..labels" . | nindent 4 }} +spec: + hard: + requests.cpu: {{ .Values.customer.package.cpu.avg }} + limits.cpu: {{ .Values.customer.package.cpu.peak }} + requests.memory: {{ .Values.customer.package.mem.avg }} + limits.memory: {{ .Values.customer.package.mem.peak }} diff --git a/chart/templates/tests/site-live.yaml b/chart/templates/tests/site-live.yaml new file mode 100644 index 0000000..4e07cf9 --- /dev/null +++ b/chart/templates/tests/site-live.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "..fullname" . }}-test-connection" + labels: + {{- include "..labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "..fullname" . }}:8080'] + restartPolicy: Never diff --git a/chart/values.yaml b/chart/values.yaml index 7a109f2..f136080 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,63 +1,128 @@ -replicaCount: 1 +# Customer Information +customer: -image: - repository: ghcr.io/cloudynes/php-nginx - tag: latest - pullPolicy: Always + # Customer Name/identifier + name: gunnarnilssonmaskin -initImage: - repository: ghcr.io/cloudynes/php-init - tag: latest - pullPolicy: Always + # Timezone for customer + timezone: "Europe/Stockholm" -# Namespace -customerName: gunnarnilssonmaskin + # Package/Resource Settings + package: + size: small + replicas: 1 + cpu: + avg: 500m + peak: 1000m + mem: + avg: 512Mi + peak: 1Gi + disk: 5Gi -# Site -siteUrl: www.gunnarnilssonmaskin.se -allowedDomains: - - "www.gunnarnilssonmaskin.se" - - "gunnarnilssonmaskin.se" - - "gunnarnilssonmaskin-se.eu.cust.azurecd.net" - - "www.gunnarnilssonmaskin-se.eu.cust.azurecd.net" +# Website Configuration +site: + # The main URL for the website + url: "www.gunnarnilssonmaskin.se" -# Storage -azureStorageContainer: "" -azureStorageTier: "premium01-persistent" + # Settings for the webroot (used by Nginx) + webroot: + path: "/app/web" + indexes: "index.php index.html index.htm" -# Initial Import -initSettings: - RUN_COMPOSER: "true" - INSTALL_SITE: "buildahome/gunnarnilssonmaskin-se" - RUN_IMPORTS: "true" - IMPORT_CONTENT: "https://www.gunnarnilssonmaskin.se/gunnar.sql" - RUN_DATABASEIMPORTS: "true" - IMPORT_DATABASE: "https://www.gunnarnilssonmaskin.se/gunnar.sql" - FORCE_IMPORT_DB: "false" - SET_THEME: "gunnarnilssonmaskin-se-theme" + # Whether to keep plugins and Wordpress updated + autoUpdate: true -cloudFolders: - - name: uploads - cloudPath: uploads - containerPath: /app/web/app/uploads - - name: gallery - cloudPath: gallery - containerPath: /app/web/app/gallery - - name: sqldump - cloudPath: sqldump - containerPath: /sqldump + # Initialization Settings + init: + # The composer package that contains the site + composerPackage: "buildahome/gunnarnilssonmaskin-se" -package: - size: small - persistentVolume: 5Gi - request: - cpu: 500m - memory: 512Mi - limit: - cpu: 1 - memory: 1Gi + # The name of the theme which the composer package refers to + themeName: "gunnarnilssonmaskin-se-theme" -database: - instance: kincaid - deletionProtected: true + # Import content to wp-content directory from zip file + content: + import: true + url: "https://www.gunnarnilssonmaskin.se/gunnar.zip" + + # # Import database from URL + # database: + # import: true + # force: false + # url: "https://www.gunnarnilssonmaskin.se/gunnar.sql" + # The allowed names for ingress to this site + ingressNames: + - "gunnarnilssonmaskin.se" + - "www.gunnarnilssonmaskin.se" + - "gunnarnilssonmaskin-se.eu.cust.azurecd.net" + - "www-gunnarnilssonmaskin-se.eu.cust.azurecd.net" + + # Storage settings + storage: + + # Settings for cloud storage + cloud: + # Storage class to use for the cloud storage + class: "premium01" + type: "Premium_LRS" + + # The container in Azure storage + container: "gunnarnilssonmaskin-se" + + # Folders to map up to the Azure storage + folders: + - cloudPath: "uploads" + localPath: "/app/web/app/uploads" + - cloudyPath: "gallery" + localPath: "/app/web/app/uploads" + +# Global configuration +global: + # Which image to use for the web server + serverImage: ghcr.io/cloudynes/php-nginx + + # Which image to use for the initialization + initImage: ghcr.io/cloudynes/php-init + + # The tag to use for the above images + imageTag: latest + + # The database instance where the database will be provisioned + dbInstance: "kincaid" + + php: + listenAddress: "127.0.0.1:8123" + listenBacklog: "511" + + pmMode: "ondemand" + pmMaxChildren: "100" + pmProcessIdle: "30s" + pmMaxRequests: "1000" + + limitExtensions: ".php" + exposePHP: "Off" + shortOpenTag": "Off" + disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" + logErrors: "On" + + adminValues: + upload_max_filesize: "256M" + post_max_size: "256M" + + nginx: + workerConnections: "1024" + keepaliveTimeout: "61" + sendfile: "off" + tcpNodelay: "on" + absoluteRedirects: "off" + fcgiBufferSize: "128k" + fcgiBuffers: "4 256k" + fcgiBusyBufferSize: "256k" + fcgiReadTimeout: "300" + globalAdditions: "" + eventsAdditions: "" + httpAdditions: "" + serverAdditions: "" + rootLocationAdditions: "" + phpLocationAdditions: "" \ No newline at end of file