helm/cloudypress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Started creating chart

Browse Source
This commit is contained in:
Lars Scheibling
2023-03-18 23:16:04 +00:00
parent 7b0c0a0950
commit da2afcd24b
20 changed files with 723 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
values.yaml

0
chart/templates/NOTES.txt → chart/templates-old/NOTES.txt
View File

62
chart/templates-old/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "..name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "..fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "..chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "..labels" -}}
helm.sh/chart: {{ include "..chart" . }}
{{ include "..selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "..selectorLabels" -}}
app.kubernetes.io/name: {{ include "..name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "..serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "..fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

61
chart/templates-old/deployment.yaml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "..selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "..selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "..serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

0
chart/templates/hpa.yaml → chart/templates-old/hpa.yaml
View File

0
chart/templates/ingress.yaml → chart/templates-old/ingress.yaml
View File

0
chart/templates/service.yaml → chart/templates-old/service.yaml
View File

0
chart/templates/serviceaccount.yaml → chart/templates-old/serviceaccount.yaml
View File

0
chart/templates/tests/test-connection.yaml → chart/templates-old/tests/test-connection.yaml
View File

53
chart/templates/_helpers.tpl
View File

@@ -1,62 +1,33 @@
{{/*
Expand the name of the chart.
Define the application name and fullname
*/}}
{{- define "..name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- .Values.site.url | trunc 63 | replace "." "-" | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "..fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{ include "..name" . }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
Define the chart name and version
*/}}
{{- define "..chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
Define the chart common labels
*/}}
{{- define "..labels" -}}
helm.sh/chart: {{ include "..chart" . }}
{{ include "..selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "..selectorLabels" -}}
app.kubernetes.io/name: {{ include "..name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "..serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "..fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
cloudyne.systems/package: {{ .Values.customer.package.size }}
{{- end }}

14
chart/templates/certificate.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "..fullname" . }}-cert
labels:
{{- include "..labels" . | nindent 8 }}
spec:
issuerRef:
name: cloudyne-internal-root-v2
kind: ClusterIssuer
secretName: {{ include "..fullname" . }}-cert-secret
commonName: {{ .Values.site.url }}
dnsNames: {{ range .Values.site.ingressNames }}
- {{ . }}{{end}}

263
chart/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,263 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "..fullname" . }}-env
labels:
{{- include "..labels" . | nindent 8 }}
data:
SMTP_PORT: 2525
SMTP_AUTH: "true"
SMTP_FORCE_FROM: "noreply@customer.v3.nu"
SMTP_FROM_NAME: "Gunnar Nilsson Maskin AB"
WP_ENV: "production"
WP_HOME: {{ .Values.site.url }}
WP_SITEURL: {{ .Values.site.url }}/wp
{{- if and .values.Site.init .Values.site.init.composerPackage }}
RUN_COMPOSER: "true"
INSTALL_SITE: {{ .Values.site.init.composerPackage }}
SET_THEME: {{ .Values.site.init.themeName | default "" }}
{{- end }}
{{- if and .values.Site.init .Values.site.init.content .Values.site.init.content.import }}
RUN_IMPORTS: "true"
IMPORT_CONTENT: {{ .Values.site.init.content.url }}
{{- end }}
{{- if and .values.Site.init .Values.site.init.database .Values.site.init.database.import }}
RUN_DATABASEIMPORTS: "true"
IMPORT_DATABASE: {{ .Values.site.init.database.url }}
FORCE_IMPORT_DB: {{ .Values.site.init.database.force | default "false" }}
{{- end }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "..fullname" . }}-configfiles
labels:
{{- include "..labels" . | nindent 8 }}
data:
www.conf: |-
[www]
{{- if and .Values.global .Values.global.php }}
listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }}
listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }}
pm = {{ .Values.global.php.pmMode | default "ondemand" }}
pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }}
pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }}
pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }}
security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }}
php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }}
php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }}
php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" }}
php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }}
php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }}
{{- else }}
listen = 127.0.0.1:8123
listen.backlog = 511
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 30s
pm.max_requests = 1000
security.limit_extensions = .php
php_admin_value[expose_php] = Off
php_admin_value[short_open_tag] = Off
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source
php_value[log_errors] = On
{{- end }}
ping.path = /fpm-ping
listen.allowed_clients = 127.0.0.1
catch_workers_output = yes
php_value[error_log] = /dev/stderr
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
php_admin_value[{{ $k }}] = {{ $v }}
{{- end }}
{{- end }}
nginx.conf: |
worker_processes auto;
error_log stderr warn;
pid /run/nginx/nginx.pid;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.globalAdditions | default "" }}
{{- end }}
events {
{{- if and .Values.global .Values.global.nginx }}}
worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }};
{{ .Values.global.nginx.eventsAdditions | default "" }}
{{- else }}
worker_connections 1024;
{{- end }}
}
http {
include mime.types;
default_type application/octet-stream;
disable_symlinks off;
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
{{- if and .Values.global .Values.global.nginx }}}
keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }};
{{- else }}
keepalive_timeout 61;
{{- end }}
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
{{- if and .Values.global .Values.global.nginx }}}
sendfile {{ .Values.global.nginx.sendfile | default "off" }};
tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }};
absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }};
{{- else }}
sendfile off;
tcp_nodelay on;
absolute_redirect off;
{{- end }}
{{- if and .Values.site .Values.site.webroot }}}
root {{ .Values.site.webroot.path | default "/app/web" }};
index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }};
{{- else }}
root /app/web;
index {{ .Values.site.webroot.indexes }};
{{- end }}
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.rootLocationAdditions | default "" }}
{{- end }}
}
location ~* /app/web/app/uploads/.*.php$ {
deny all;
}
location ~* /wp-content/uploads/.*.php$ {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
location ~ \.php$ {
{{- if and .Values.global .Values.global.nginx }}}
fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }};
fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }};
fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }};
fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }};
{{- else }}
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 300;
{{- end }}
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:8123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.phpLocationAdditions | default "" }}
{{- end }}
}
location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ {
expires 5d;
}
gzip_comp_level 5;
gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\. {
log_not_found off;
deny all;
}
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:8123;
}
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.serverAdditions | default "" }}
{{- end }}
}
proxy_hide_header X-Powered-By;
fastcgi_hide_header X-Powered-By;
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
{{- if and .Values.global .Values.global.nginx }}}
{{ .Values.global.nginx.httpAdditions }}
{{- end }}
include /etc/nginx/modules/*.conf;
}

20
chart/templates/database.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: "kci.rocks/v1alpha1"
kind: "Database"
metadata:
name: {{ include "..fullname" . }}-db
labels:
{{- include "..labels" . | nindent 8 }}
spec:
secretName: {{ include "..fullname" . }}-db-auth
instance: {{ .Values.global.dbInstance | default "kincaid" }}
deletionProtected: true
backup:
enable: false
cron: "0 0 * * *"
secretsTemplates:
PMA_HOST:{{` "{{ .DatabaseHost }}" `}}
PMA_PORT:{{` "{{ .DatabasePort }}" `}}
PMA_USER:{{` "{{ .UserName }}" `}}
PMA_PASS:{{` "{{ .Password }}" `}}
PMA_NAME:{{` "{{ .DatabaseName }}" `}}
DATABASE_URL:{{` "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" `}}

96
chart/templates/deployment.yaml
View File

@@ -1,61 +1,63 @@
apiVersion: apps/v1
kind: Deployment
kind: Certificate
metadata:
name: {{ include "..fullname" . }}
name: {{ include "..fullname" . }}-cert
labels:
{{- include "..labels" . | nindent 4 }}
{{- include "..labels" . | nindent 8 }}
cloudyne.systems/component: site
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- if and .Values.customer .Values.customer.package }}
replicas: {{ .Values.customer.package.replicas | default 1 }}
{{- end }}
selector:
matchLabels:
{{- include "..selectorLabels" . | nindent 6 }}
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "..selectorLabels" . | nindent 8 }}
cloudyne.systems/customer: {{ .Values.customer.name }}
cloudyne.systems/site: {{ .Values.site.url }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "..serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
fsGroup: 65534
volumes:
- name: cloud
persistentVolumeClaim:
claimName: pvc-{{ include "..fullname" . }}
- name: local
emptyDir: {}
initContainers:
- name: deploy
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
{{- if .Values.global }}
image: {{ .Values.global.initImage }}:{{ .Values.global.imagetag }}
{{- else }}
image: ghcr.io/cloudynes/php-init:latest
{{- end }}
imagePullPolicy: Always
command: [ "bash", "/init-py/init.sh" ]
volumeMounts:
- name: site
mountPath: /app
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }}
{{- range $v := .Values.site.storage.cloud.folders }}
- name: cloud
mountPath: {{ $v.localPath }}
subPath: {{ $v.cloudPath }}
{{- end }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "..fullname" . }}-env
- secretRef:
name: {{ include "..fullname" . }}-db-auth
containers:
- name: {{ .Chart.Name }}
- name: wordpress
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
runAsUser: 65534

28
chart/templates/externalsecret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: global-secrets-ext
namespace: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 8 }}
spec:
refreshInterval: 4h
secretStoreRef:
kind: ClusterSecretStore
name: az-cluster-store
target:
name: global-secrets
creationPolicy: Owner
data:
- secretKey: COMPOSER_AUTH
remoteRef:
key: secret/GITLAB-COMPOSER-AUTH
- secretKey: SMTP_USER
remoteRef:
key: secret/SMTP-USER
- secretKey: SMTP_PASS
remoteRef:
key: secret/SMTP-PASSWORD
- secretKey: SMTP_HOST
remoteRef:
key: secret/SMTP-HOST

38
chart/templates/persistentvolume.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-{{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 8 }}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: {{ .Values.customer.package.disk }}
csi:
driver: blob.csi.azure.com
nodeStageSecretRef:
name: cloudyne{{ .Values.site.storage.cloud.class }}-credentials
namespace: blob-csi
volumeAttributes:
containername: {{ .Values.site.storage.cloud.container }}
csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }}
csi.storage.k8s.io/pvc/namespace: {{ .Values.customer.name }}
secretnamespace: {{ .Values.customer.name }}
skuName: {{ .Values.site.storage.cloud.type }}
volumeHandle: {{ .Values.site.storage.cloud.class }}-retain_{{ include "..fullname" . }}
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING
- --cache-size-mb=3500
- -o uid=65534
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.site.storage.cloud.class }}-retain
volumeMode: Filesystem
---

19
chart/templates/persistentvolumeclaim.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
volume.beta.kubernetes.io/storage-provisioner: blob.csi.azure.com
volume.kubernetes.io/storage-provisioner: blob.csi.azure.com
labels:
{{- include "..labels" . | nindent 8 }}
name: pvc-{{ include "..fullname" . }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.customer.package.disk }}
storageClassName: {{ .Values.site.storage.cloud.class }}-retain
volumeMode: Filesystem
volumeName: pv-{{ include "..fullname" . }}

12
chart/templates/resourcequota.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 4 }}
spec:
hard:
requests.cpu: {{ .Values.customer.package.cpu.avg }}
limits.cpu: {{ .Values.customer.package.cpu.peak }}
requests.memory: {{ .Values.customer.package.mem.avg }}
limits.memory: {{ .Values.customer.package.mem.peak }}

15
chart/templates/tests/site-live.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "..fullname" . }}-test-connection"
labels:
{{- include "..labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "..fullname" . }}:8080']
restartPolicy: Never

177
chart/values.yaml
View File

@@ -1,63 +1,128 @@
replicaCount: 1
# Customer Information
customer:
image:
repository: ghcr.io/cloudynes/php-nginx
tag: latest
pullPolicy: Always
# Customer Name/identifier
name: gunnarnilssonmaskin
initImage:
repository: ghcr.io/cloudynes/php-init
tag: latest
pullPolicy: Always
# Namespace
customerName: gunnarnilssonmaskin
# Site
siteUrl: www.gunnarnilssonmaskin.se
allowedDomains:
- "www.gunnarnilssonmaskin.se"
- "gunnarnilssonmaskin.se"
- "gunnarnilssonmaskin-se.eu.cust.azurecd.net"
- "www.gunnarnilssonmaskin-se.eu.cust.azurecd.net"
# Storage
azureStorageContainer: ""
azureStorageTier: "premium01-persistent"
# Initial Import
initSettings:
RUN_COMPOSER: "true"
INSTALL_SITE: "buildahome/gunnarnilssonmaskin-se"
RUN_IMPORTS: "true"
IMPORT_CONTENT: "https://www.gunnarnilssonmaskin.se/gunnar.sql"
RUN_DATABASEIMPORTS: "true"
IMPORT_DATABASE: "https://www.gunnarnilssonmaskin.se/gunnar.sql"
FORCE_IMPORT_DB: "false"
SET_THEME: "gunnarnilssonmaskin-se-theme"
cloudFolders:
- name: uploads
cloudPath: uploads
containerPath: /app/web/app/uploads
- name: gallery
cloudPath: gallery
containerPath: /app/web/app/gallery
- name: sqldump
cloudPath: sqldump
containerPath: /sqldump
# Timezone for customer
timezone: "Europe/Stockholm"
# Package/Resource Settings
package:
size: small
persistentVolume: 5Gi
request:
cpu: 500m
memory: 512Mi
limit:
cpu: 1
memory: 1Gi
replicas: 1
cpu:
avg: 500m
peak: 1000m
mem:
avg: 512Mi
peak: 1Gi
disk: 5Gi
database:
instance: kincaid
deletionProtected: true
# Website Configuration
site:
# The main URL for the website
url: "www.gunnarnilssonmaskin.se"
# Settings for the webroot (used by Nginx)
webroot:
path: "/app/web"
indexes: "index.php index.html index.htm"
# Whether to keep plugins and Wordpress updated
autoUpdate: true
# Initialization Settings
init:
# The composer package that contains the site
composerPackage: "buildahome/gunnarnilssonmaskin-se"
# The name of the theme which the composer package refers to
themeName: "gunnarnilssonmaskin-se-theme"
# Import content to wp-content directory from zip file
content:
import: true
url: "https://www.gunnarnilssonmaskin.se/gunnar.zip"
# # Import database from URL
# database:
# import: true
# force: false
# url: "https://www.gunnarnilssonmaskin.se/gunnar.sql"
# The allowed names for ingress to this site
ingressNames:
- "gunnarnilssonmaskin.se"
- "www.gunnarnilssonmaskin.se"
- "gunnarnilssonmaskin-se.eu.cust.azurecd.net"
- "www-gunnarnilssonmaskin-se.eu.cust.azurecd.net"
# Storage settings
storage:
# Settings for cloud storage
cloud:
# Storage class to use for the cloud storage
class: "premium01"
type: "Premium_LRS"
# The container in Azure storage
container: "gunnarnilssonmaskin-se"
# Folders to map up to the Azure storage
folders:
- cloudPath: "uploads"
localPath: "/app/web/app/uploads"
- cloudyPath: "gallery"
localPath: "/app/web/app/uploads"
# Global configuration
global:
# Which image to use for the web server
serverImage: ghcr.io/cloudynes/php-nginx
# Which image to use for the initialization
initImage: ghcr.io/cloudynes/php-init
# The tag to use for the above images
imageTag: latest
# The database instance where the database will be provisioned
dbInstance: "kincaid"
php:
listenAddress: "127.0.0.1:8123"
listenBacklog: "511"
pmMode: "ondemand"
pmMaxChildren: "100"
pmProcessIdle: "30s"
pmMaxRequests: "1000"
limitExtensions: ".php"
exposePHP: "Off"
shortOpenTag": "Off"
disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source"
logErrors: "On"
adminValues:
upload_max_filesize: "256M"
post_max_size: "256M"
nginx:
workerConnections: "1024"
keepaliveTimeout: "61"
sendfile: "off"
tcpNodelay: "on"
absoluteRedirects: "off"
fcgiBufferSize: "128k"
fcgiBuffers: "4 256k"
fcgiBusyBufferSize: "256k"
fcgiReadTimeout: "300"
globalAdditions: ""
eventsAdditions: ""
httpAdditions: ""
serverAdditions: ""
rootLocationAdditions: ""
phpLocationAdditions: ""