diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ae44538..91636b9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "0.7.1" + HELM_CHART_VERSION: "0.5.0" stages: - deploy @@ -21,5 +21,5 @@ deploy: - | curl --request POST \ --user gitlab-ci-token:$CI_JOB_TOKEN \ - --form "chart=@cloudypress-${HELM_CHART_VERSION}.tgz" \ + --form "chart=@wordyne-${HELM_CHART_VERSION}.tgz" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts" diff --git a/Chart/Chart.yaml b/Chart/Chart.yaml index 4f7d314..6aeff85 100644 --- a/Chart/Chart.yaml +++ b/Chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: cloudypress -description: A helm chart for deploying Wordpress on Cloudyne Hosting +name: wordyne +description: Helm chart for deploying pre-built website containers to kubernetes clusters type: application -version: "0.7.0" -appVersion: "6.1.1" +version: "0.5.1" +appVersion: "6.2.2" diff --git a/Chart/templates/NOTES.txt b/Chart/templates/NOTES.txt deleted file mode 100644 index 2381f3c..0000000 --- a/Chart/templates/NOTES.txt +++ /dev/null @@ -1,11 +0,0 @@ -You have successfully installed your new website {{ .Values.site.url }} -Ingress Domains: -- {{ .Values.site.url | replace "www." "" }} -- www.{{ .Values.site.url | replace "www." "" }} -- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net -- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net -{{- if .Values.site.additionalIngressNames }} -{{- range .Values.site.additionalIngressNames }} -- {{ . }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index 8b57a08..9a79f30 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -3,13 +3,24 @@ Define the application name and fullname */}} {{- define "..name" -}} -{{- .Values.site.url | trunc 63 | replace "." "-" | trimSuffix "-" }} +{{- .Values.site.domain | trunc 63 | replace "." "-" | trimSuffix "-" }} {{- end }} {{- define "..fullname" -}} {{ include "..name" . }} {{- end }} + +{{- define "..resourcelimits" -}} +resources: + limits: + cpu: {{ .Values.site.resources.cpu.peak }} + memory: {{ .Values.site.resources.mem.peak }} + requests: + cpu: {{ .Values.site.resources.cpu.avg }} + memory: {{ .Values.site.resources.mem.avg }} +{{- end }} + {{/* Define the chart name and version */}} @@ -27,7 +38,7 @@ app.kubernetes.io/name: {{ include "..name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} -cloudyne.systems/customer: {{ .Values.customer.name }} -cloudyne.systems/site: {{ .Values.site.url }} -cloudyne.systems/package: {{ .Values.customer.package.size }} +cloudyne.systems/customer: {{ .Values.customer.legalName }} +cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} +cloudyne.systems/site: {{ .Values.site.domain }} {{- end }} diff --git a/Chart/templates/certificate.yaml b/Chart/templates/certificate.yaml index a4ba8a8..cc87c76 100644 --- a/Chart/templates/certificate.yaml +++ b/Chart/templates/certificate.yaml @@ -11,12 +11,12 @@ spec: secretName: {{ include "..fullname" . }}-cert-secret commonName: {{ .Values.site.url }} dnsNames: - - {{ .Values.site.url | replace "www." "" }} - - www.{{ .Values.site.url | replace "www." "" }} - - {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - - www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - {{- if .Values.site.additionalIngressNames }} - {{- range .Values.site.additionalIngressNames }} + - {{ .Values.site.domain | replace "www." "" }} + - www.{{ .Values.site.domain | replace "www." "" }} + - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net + - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net +{{- if .Values.site.additionalIngressDomains }} + {{- range .Values.site.additionalIngressDomains }} - {{ . }} - {{- end }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 0bbfec5..ed8c79d 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -8,53 +8,26 @@ data: SMTP_PORT: '2525' SMTP_AUTH: 'true' SMTP_FROM: 'customer-noreply@v3.nu' - {{- if .Values.email }} - {{- if .Values.email.forceFromEmail }} + {{- if .Values.email }} + {{- if .Values.email.forceFromEmail }} SMTP_FORCE_FROM: {{ .Values.email.forceFromEmail }} - {{- end }} - {{- if .Values.email.forceFromName }} - SMTP_FORCE_FROM_NAME: {{ .Values.email.forceFromName }} - {{- end }} - {{- if .Values.email.allowedDomains }} - # join list of allowd domains with comma + {{- end }} + {{- if .Values.email.domains }} SMTP_ALLOWONLY_DOMAINS: {{ .Values.email.allowedDomains | join "," }} - {{- end }} - {{- if .Values.email.allowedEmails }} - # join list of allowd emails with comma + {{- end }} + {{- if .Values.email.allowedEmails }} SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }} - {{- end }} - {{- else }} + {{- end }} + {{- else }} SMTP_FORCE_FROM: "customer-noreply@v3.nu" SMTP_FROM_NAME: "V3 Customer Mailer" - {{- end }} - - WP_ENV: "production" - {{- if .Values.site.overrideMainUrl }} - WP_HOME: "https://{{ .Values.site.overrideMainUrl }}" - {{- else }} - WP_HOME: "https://{{ .Values.site.url }}" - {{- end }} - - {{- if and .Values.site.init .Values.site.init.composerPackage }} - RUN_COMPOSER: 'true' - INSTALL_SITE: {{ .Values.site.init.composerPackage }} - SET_THEME: {{ .Values.site.init.themeName | default "" }} - {{- end }} - - {{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }} - RUN_IMPORTS: 'true' - IMPORT_CONTENT: {{ .Values.site.init.content.url }} - {{- end }} - - {{- if and .Values.site.init .Values.site.init.database .Values.site.init.database.import }} - RUN_DATABASEIMPORTS: 'true' - IMPORT_DATABASE: {{ .Values.site.init.database.url }} - FORCE_IMPORT_DB: {{ .Values.site.init.database.force | default "false" | quote }} - {{- end }} + {{- end }} + WP_ENV: "{{ .Values.site.environment | default "production" }}" + WP_HOME: "{{ .Values.site.redirectDomain | default ( .Values.site.domain ) }}" {{- if .Values.site.additional_env }} - {{- range $k, $v := .Values.site.additional_env }} + {{- range $k, $v := .Values.site.additionalEnv }} {{ $k }}: {{ $v }} - {{- end }} + {{- end }} {{- end }} --- kind: ConfigMap @@ -64,226 +37,152 @@ metadata: labels: {{- include "..labels" . | nindent 8 }} data: - www.conf: |- - [www] - - - {{- if and .Values.global .Values.global.php }} - listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }} - listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }} - - pm = {{ .Values.global.php.pmMode | default "ondemand" }} - pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }} - pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }} - pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }} - security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }} - php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }} - php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }} - php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen" }} - php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }} - php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }} - - {{- else }} - - listen = 127.0.0.1:8123 - listen.backlog = 511 - - pm = ondemand - pm.max_children = 100 - pm.process_idle_timeout = 30s - pm.max_requests = 1000 - security.limit_extensions = .php - php_admin_value[expose_php] = Off - php_admin_value[short_open_tag] = Off - php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source - php_value[log_errors] = On - - {{- end }} - - ping.path = /fpm-ping - listen.allowed_clients = 127.0.0.1 - catch_workers_output = yes - php_value[error_log] = /dev/stderr - - - {{- if .Values.global.php.adminValues }} - {{- range $k, $v := .Values.global.php.adminValues }} - php_admin_value[{{ $k }}] = {{ $v }} - {{- end }} - {{- end }} - - - nginx.conf: | - worker_processes auto; - error_log stderr warn; - pid /run/nginx/nginx.pid; - - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.globalAdditions | default "" }} - {{- end }} - - events { - {{- if and .Values.global .Values.global.nginx }} - worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }}; - {{ .Values.global.nginx.eventsAdditions | default "" }} - {{- else }} - worker_connections 1024; - {{- end }} + init.json: |- + { + "exitOnError": true, + "webserverUser": "unit", + "webserverGroup": "unit", + "applicationDir": "/app", + "permissions": "0770", + "updatePermissions": true, + "importDatabase": {{ .Values.database.import | default false }} + "databasePath": "{{ .Values.database.importPath | default "" }}" + "overwriteDatabase": {{ .Values.database.overwrite | default false }} + "generateSalts": true, + "activateTheme": "{{ .Values.site.theme | default .name }}" } - http { - include mime.types; - default_type application/octet-stream; + unit.json: |- + { + "settings": { + "http": { + "header_read_timeout": 60, + "body_read_timeout": 60, + "idle_timeout": 60, + "max_body_size": 512111110 + } + }, + "listeners": { + "*:8080": { + "pass": "routes" + } + }, + "routes": [ + { + "action": { + "return": 200 + }, + "match": { + "uri": [ + "/unit-ping", + "/fpm-ping" + ] + } + }, + { + "action": { + "return": 404 + }, + "match": { + "uri": [ + "/app/uploads/*.php", + "/app/uploads/*.php/*" + ] + } + }, + { + "action": { + "pass": "applications/php/direct" + }, + "match": { + "uri": [ + "*.php", + "*.php/*", + "/wp/wp-admin/" + ] + } + }, + { + "action": { + "return": 302, + "location": "/wp/wp-admin" + }, + "match": { + "uri": [ + "/wp-admin", + "/wp-admin/*" + ] + } + }, + {{- if eq .Values.site.enableWebpRoute "true" }} + { + "match": { + "uri": [ + "*.jpg", + "*.jpeg", + "*.gif", + "*.png" + ] + }, + "action": { + "share": [ + "/app/web$uri.webp", + "/app/web$uri" + ], + "fallback": { + "pass": "applications/php/index" + } - disable_symlinks off; - - log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '$request_time $upstream_response_time $pipe $upstream_cache_status'; - - access_log /dev/stdout main_timed; - error_log /dev/stderr notice; - {{- if and .Values.global .Values.global.nginx }} - keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }}; - {{- else }} - keepalive_timeout 61; - {{- end }} - - client_max_body_size 512m; - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - - server { - listen [::]:8080 default_server; - listen 8080 default_server; - server_name _; - {{- if and .Values.global .Values.global.nginx }} - sendfile {{ .Values.global.nginx.sendfile | default "off" }}; - tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }}; - absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }}; - {{- else }} - sendfile off; - tcp_nodelay on; - absolute_redirect off; + } + }, {{- end }} - - {{- if and .Values.site .Values.site.webroot }} - root {{ .Values.site.webroot.path | default "/app/web" }}; - index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }}; - {{- else }} - root /app/web; - index index.php index.html; - {{- end }} - - - location / { - try_files $uri $uri/ /index.php?q=$uri&$args; - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.rootLocationAdditions | default "" }} - {{- end }} - + { + "action": { + "share": "/app/web$uri", + "fallback": { + "pass": "applications/php/index" + } + } } + ], - location ~* /app/web/app/uploads/.*.php$ { - deny all; + "applications": { + "php": { + "type": "php", + "options": { + "user": { + "display_errors": "{{ .Values.site.displayErrors | default "0" }}" + "log_errors": "{{ .Values.site.logErrors | default "1" }}" + }, + "admin": { + "expose_php": "Off", + "short_open_tag": "Off", + "disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source", + "log_errors": "On", + "date.timezone": "{{ .Values.customer.timezone | default "Europe/Stockholm" }}", + + {{- if and .Values.advanced .Values.advanced.php .Values.advanced.php.additionalAdminValues }} + {{- range $k, $v := .Values.advanced.php.additionalAdminValues }} + "{{ $k }}": "{{ $v }}", + {{- end }} + {{- else }} + "memory_limit": "{{ .Values.site.resources.php.memory | default "512M" }}", + "upload_max_filesize": "{{ .Values.site.resources.php.upload | default "512M" }}", + "post_max_size": "{{ .Values.site.resources.php.post | default "512M" }}", + "max_execution_time": "{{ .Values.site.resources.php.executionTime | default "300" }}", + "max_input_time": "{{ .Values.site.resources.php.inputTime | default "300" }}", + {{- end }} + } + }, + "targets": { + "direct": { + "root": "/app/web" + }, + "index": { + "root": "/app/web", + "script": "index.php" + } + } } - - location ~* /wp-content/uploads/.*.php$ { - deny all; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/lib/nginx/html; - } - - location ~ \.php$ { - {{- if and .Values.global .Values.global.nginx }} - fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }}; - fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }}; - fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }}; - fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }}; - {{- else }} - fastcgi_buffer_size 128k; - fastcgi_buffers 4 256k; - fastcgi_busy_buffers_size 256k; - fastcgi_read_timeout 300; - {{- end }} - - include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:8123; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.phpLocationAdditions | default "" }} - {{- end }} - } - - location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ { - expires 5d; - } - - gzip_comp_level 5; - gzip_min_length 256; - gzip_types - application/atom+xml - application/javascript - application/json - application/rss+xml - application/vnd.ms-fontobject - application/x-font-ttf - application/x-font-opentype - application/x-font-truetype - application/x-javascript - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/eot - font/opentype - font/otf - image/svg+xml - image/x-icon - image/vnd.microsoft.icon - text/css - text/plain - text/javascript - text/x-component; - - gzip_disable "MSIE [1-6]\.(?!.*SV1)"; - location ~ /\. { - log_not_found off; - deny all; - } - - location ~ ^/(fpm-status|fpm-ping)$ { - access_log off; - allow 127.0.0.1; - deny all; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_pass 127.0.0.1:8123; - } - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.serverAdditions | default "" }} - {{- end }} - } - - proxy_hide_header X-Powered-By; - fastcgi_hide_header X-Powered-By; - server_tokens off; - - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options SAMEORIGIN; - add_header X-XSS-Protection "1; mode=block"; - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.httpAdditions }} - {{- end }} - - include /etc/nginx/modules/*.conf; } diff --git a/Chart/templates/database.yaml b/Chart/templates/database.yaml index d7a5ddf..eca8fb5 100644 --- a/Chart/templates/database.yaml +++ b/Chart/templates/database.yaml @@ -6,7 +6,7 @@ metadata: {{- include "..labels" . | nindent 8 }} spec: secretName: {{ include "..fullname" . }}-db-auth - instance: {{ .Values.global.dbInstance | default "kincaid" }} + instance: {{ .Values.database.server | default "kincaid" }} deletionProtected: yes backup: enable: No diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 84a3071..d3ebc46 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -6,29 +6,29 @@ metadata: {{- include "..labels" . | nindent 4 }} cloudyne.systems/component: site spec: -{{- if and .Values.customer .Values.customer.package }} - replicas: {{ .Values.customer.package.replicas | default 1 }} -{{- else }} + {{- if .Values.site.resources }} + replicas: {{ .Values.site.resources.replicas | default 1 }} + {{- else }} replicas: 1 -{{- end }} + {{- end }} selector: matchLabels: - cloudyne.systems/customer: {{ .Values.customer.name }} - cloudyne.systems/site: {{ .Values.site.url }} + cloudyne.systems/customer: {{ .Values.customer.legalName }} + cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} + cloudyne.systems/site: {{ .Values.site.domain }} template: metadata: labels: - cloudyne.systems/customer: {{ .Values.customer.name }} - cloudyne.systems/site: {{ .Values.site.url }} + cloudyne.systems/customer: {{ .Values.customer.legalName }} + cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} + cloudyne.systems/site: {{ .Values.site.domain }} spec: securityContext: - fsGroup: 65534 + fsGroup: 101 volumes: - name: cloud persistentVolumeClaim: claimName: pvc-{{ include "..fullname" . }} - - name: local - emptyDir: {} - name: serverconfig configMap: name: {{ include "..fullname" . }}-cfg @@ -37,19 +37,22 @@ spec: securityContext: allowPrivilegeEscalation: false runAsUser: 0 - {{- if .Values.global }} - image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-init" }}:{{ .Values.global.imagetag | default "latest" }} - {{- else }} - image: ghcr.io/cloudynes/php-init:latest - {{- end }} + image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}" imagePullPolicy: Always + imagePullSecrets: + - name: pull-secret volumeMounts: - - name: local - mountPath: /app - name: cloud mountPath: /full-cloud - {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} - {{- range $v := .Values.site.storage.cloud.folders }} + {{- if .Values.storage.wpContent }} + {{- range $v := .Values.storage.wpContent }} + - name: cloud + mountPath: "/app/web/app/{{ $v }}" + subPath: "{{ $v }}" + {{- end }} + {{- end }} + {{- if .Values.storage.additionalMounts }} + {{- range $v := .Values.storage.additionalMounts }} - name: cloud mountPath: {{ $v.localPath }} subPath: {{ $v.cloudPath }} @@ -65,24 +68,22 @@ spec: containers: - name: wordpress securityContext: - runAsUser: 65534 - {{- if .Values.global }} - image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-nginx" }}:{{ .Values.global.imagetag | default "latest" }} - {{- else }} - image: ghcr.io/cloudynes/php-nginx:latest - {{- end }} + runAsUser: 101 + image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}" imagePullPolicy: Always volumeMounts: - - name: local - mountPath: /app - name: serverconfig - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: serverconfig - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} - {{- range $v := .Values.site.storage.cloud.folders }} + mountPath: /docker-entrypoint.d/unit.json + subPath: unit.json + {{- if .Values.storage.wpContent }} + {{- range $v := .Values.storage.wpContent }} + - name: cloud + mountPath: "/app/web/app/{{ $v }}" + subPath: "{{ $v }}" + {{- end }} + {{- end }} + {{- if .Values.storage.additionalMounts }} + {{- range $v := .Values.storage.additionalMounts }} - name: cloud mountPath: {{ $v.localPath }} subPath: {{ $v.cloudPath }} @@ -95,22 +96,7 @@ spec: name: {{ include "..fullname" . }}-db-auth - secretRef: name: global-secrets - resources: - {{- if and .Values.customer .Values.customer.package .Values.customer.package.cpu }} - requests: - cpu: {{ .Values.customer.package.cpu.avg | default "1000m" }} - memory: {{ .Values.customer.package.mem.avg | default "1Gi" }} - limits: - cpu: {{ .Values.customer.package.cpu.peak | default "1000m" }} - memory: {{ .Values.customer.package.mem.peak | default "1Gi" }} - {{- else }} - requests: - cpu: 1000m - memory: 1Gi - limits: - cpu: 1000m - memory: 1Gi - {{- end }} + {{- include "..resourcelimits" . | nindent 10 }} ports: - containerPort: 8080 name: http diff --git a/Chart/templates/externalsecret.yaml b/Chart/templates/externalsecret.yaml index 7522d18..475f1ca 100644 --- a/Chart/templates/externalsecret.yaml +++ b/Chart/templates/externalsecret.yaml @@ -2,7 +2,6 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: global-secrets-ext - namespace: {{ include "..fullname" . }} labels: {{- include "..labels" . | nindent 8 }} spec: @@ -26,3 +25,22 @@ spec: - secretKey: SMTP_HOST remoteRef: key: secret/SMTP-HOST +--- +apiVersion: v1 +kind: ExternalSecret +metadata: + name: pull-secret-ext + labels: + {{- include "..labels" . | nindent 8 }} +spec: + refreshInterval: 4h + secretStoreRef: + kind: ClusterSecretStore + name: az-cluster-store + target: + name: pull-secret + creationPolicy: Owner + data: + - secretKey: .dockerconfigjson + remoteRef: + key: secret/CLDY-CR-PULL-TOKEN diff --git a/Chart/templates/ingress.yaml b/Chart/templates/ingress.yaml index ba4f8a2..c45e744 100644 --- a/Chart/templates/ingress.yaml +++ b/Chart/templates/ingress.yaml @@ -12,18 +12,18 @@ spec: tls: - secretName: {{ include "..fullname" . }}-cert-secret hosts: - - {{ .Values.site.url | replace "www." "" }} - - www.{{ .Values.site.url | replace "www." "" }} - - {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - - www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - {{- if .Values.site.additionalIngressNames }} - {{- range .Values.site.additionalIngressNames }} - - {{ . }} - {{- end }} + - {{ .Values.site.domain | replace "www." "" }} + - www.{{ .Values.site.domain | replace "www." "" }} + - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net + - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net +{{- if .Values.site.additionalIngressDomains }} + {{- range .Values.site.additionalIngressDomains }} + - {{ . }} {{- end }} +{{- end }} rules: - - host: {{ .Values.site.url | replace "www." "" }} + - host: {{ .Values.site.domain | replace "www." "" }} http: paths: - path: / @@ -33,7 +33,28 @@ spec: name: {{ include "..fullname" . }} port: number: 80 - - host: www.{{ .Values.site.url | replace "www." "" }} + - host: www.{{ .Values.site.domain | replace "www." "" }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "..fullname" . }} + port: + number: 80 + - host: {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "..fullname" . }} + port: + number: 80 + + - host: www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net http: paths: - path: / @@ -43,28 +64,8 @@ spec: name: {{ include "..fullname" . }} port: number: 80 - - host: {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" . }} - port: - number: 80 - - host: www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" . }} - port: - number: 80 - {{- if .Values.site.additionalIngressNames }} - {{- range .Values.site.additionalIngressNames }} + {{- if .Values.site.additionalIngressDomains }} + {{- range .Values.site.additionalIngressDomains }} - host: {{ . }} http: paths: @@ -72,8 +73,8 @@ spec: pathType: Prefix backend: service: - name: {{ include "..fullname" . }} + name: {{ include "..fullname" $ }} port: - number: 80 - {{- end }} - {{- end }} + number: 80 + {{- end }} + {{- end }} \ No newline at end of file diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 16d88bd..bc86d81 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -8,19 +8,19 @@ spec: accessModes: - ReadWriteOnce capacity: - storage: {{ .Values.customer.package.disk }} + storage: {{ .Values.site.resources.disk | default "5Gi" }} csi: driver: blob.csi.azure.com nodeStageSecretRef: - name: cloudyne{{ .Values.site.storage.cloud.class }}-credentials + name: cloudyne{{ .Values.storage.class | default "premium01" }}-credentials namespace: blob-csi volumeAttributes: - containername: {{ .Values.site.storage.cloud.container }} + containername: {{ .Values.storage.container | default ( .Values.site.domain | replace "." "-") }} csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }} csi.storage.k8s.io/pvc/namespace: {{ include "..fullname" . }} secretnamespace: {{ include "..fullname" . }} - skuName: {{ .Values.site.storage.cloud.type }} - volumeHandle: {{ .Values.site.storage.cloud.class }}-retain_{{ include "..fullname" . }} + skuName: {{ .Values.storage.type | default "Premium_LRS" }} + volumeHandle: {{ .Values.storage.class | default "premium01" }}-retain_{{ include "..fullname" . }} mountOptions: - -o allow_other - --file-cache-timeout-in-seconds=120 @@ -31,8 +31,8 @@ spec: - -o negative_timeout=120 - --log-level=LOG_WARNING - --cache-size-mb=3500 - - -o uid=65534 + - -o uid=101 persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.site.storage.cloud.class }}-retain + storageClassName: {{ .Values.storage.class | default "premium01" }}-retain volumeMode: Filesystem --- \ No newline at end of file diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index ad227d5..f30c488 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -15,8 +15,8 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.customer.package.disk }} + storage: {{ .Values.site.resources.disk | default "5Gi" }} -{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud }} - storageClassName: {{ .Values.site.storage.cloud.class }}-retain +{{- if and .Values.storage .Values.storage.class }} + storageClassName: {{ .Values.storage.class | default "premium01" }}-retain {{- end }} \ No newline at end of file diff --git a/Chart/templates/service.yaml b/Chart/templates/service.yaml index 75afb15..3bafb28 100644 --- a/Chart/templates/service.yaml +++ b/Chart/templates/service.yaml @@ -4,13 +4,13 @@ metadata: name: {{ include "..fullname" . }} labels: {{- include "..labels" . | nindent 8 }} - cloudyne.systems/component: site spec: ports: - name: http port: 80 targetPort: 8080 selector: - cloudyne.systems/customer: {{ .Values.customer.name }} - cloudyne.systems/site: {{ .Values.site.url }} + cloudyne.systems/customer: {{ .Values.customer.legalName }} + cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} + cloudyne.systems/site: {{ .Values.site.domain }} type: ClusterIP diff --git a/Chart/values.yaml b/Chart/values.yaml index 010a6f2..ceb5c1c 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -1,155 +1,228 @@ -# Customer Information customer: + # The (dns-compliant) customer name + name: scheibling-consulting-ab - # Customer Name/identifier - name: mycustomer + # The legal name of the customer + legalName: Scheibling Consulting AB - # Timezone for customer + # The legal ID of the customer + legalId: 559005-XXXX + + # The timezone for the customer timezone: "Europe/Stockholm" - # Package/Resource Settings - package: {} +email: + # Force a given sender email + # forceSender: "example@email.com" - # Defaults: - # package: - # size: small - # replicas: 1 - # cpu: - # avg: 500m - # peak: 1000m - # mem: - # avg: 512Mi - # peak: 1Gi - # disk: 5Gi + # Set a default sender/display name + # defaultSender: "customer-noreply@v3.nu" + # defaultSenderName: "Customer Name" -# Settings for email sent from site -# default is sending from customer@mail -email: {} + # Specify allowed domains/emails to use as senders + domains: + - scheibling.se + emails: + - it@scheibling.se -# email: -# forceFromEmail: "user@domain.com" -# forceFromName: "Some Customer" -# allowedDomains: -# - "customerdomainA.se" -# - "customerdomainB.se" -# allowedEmails: -# - "noreply@customerdomainC.com" +# Database configuration +database: + server: kincaid -# Website Configuration -site: - # The main URL for the website - url: "www.mycustomer.com" + # Import database from file + import: true + importPath: "/path/to/database.sql" + overwriteExisting: false - # Additional environment variables to pass to the container - additional_env: {} - # MY_ENV_VAR: "value" +# Storage Settings +storage: + # The storage class to use for the site + # Default: premium01 + class: "premium01" - # Create sites with another main domain for WP, - # but the rest of the components named according to site-tld - # overrideMainUrl: "" + # The storage type to use for the site + # Default: Premium_LRS + type: "Premium_LRS" - # Whether to keep plugins and Wordpress updated - autoUpdate: 'true' + # The storage container to use for the site + # Default: - + container: "scheibling-se" - # Storage settings - storage: {} - - # Defaults: - # storage: - # cloud: - # class: "premium01" - # type: "Premium_LRS" - # container: "www-mycustomer-com" - # folders: - # - cloudPath: "uploads" - # localPath: "/app/web/app/uploads" - # - cloudyPath: "gallery" - # localPath: "/app/web/app/uploads" - - - # Initialization Settings - init: - # The composer package that contains the site - composerPackage: "somens/mycustomer-app" - - # The name of the theme which the composer package refers to - themeName: "mycustomer-app-theme" - - # Optional: Import content to wp-content directory from zip file - content: {} - - # content: - # import: 'true' - # url: "https://mycustomer.com/wp-content-data.zip" - - # Optional: Import database from URL - database: {} - - # database: - # import: 'true' - # force: false - # url: "https://www.mycustomer.com/mysqldump.sql" - - # Settings for the webroot (used by Nginx) - webroot: - path: "/app/web" - indexes: "index.php index.html index.htm" + # WP Content Folders + wpContent: + - uploads + - languages - # Additional ingress names for the site - # Default ingress names are (customer domain: testsite.com, domain = testsite, tld = com): + additionalMounts: {} + # - cloudPath: uploads + # localPath: /app/web/app/uploads + +site: + # The name of the repository/composerpackage/dockerimage + # Default: domain.replace('.', '-') + name: "scheibling-se" + + # Tag of the container to deploy + imageTag: "latest" + + # The primary domain/TLD where the site will be available + domain: scheibling.se + + # The main url (subdomain) for the site + # Only needed if it differs from the domain + # ex. + redirectDomain: www.scheibling.se + + # Additional ingress domains that should all + # point to the same site + # Defaults are: # - . # - www.. # - -.eu.cust.azurecd.net # - www--.eu.cust.azurecd.net - additionalIngressNames: [] + additionalIngressDomains: + - www2.scheibling.se + + # PHP Version + phpVersion: "8.0" + + # Set environment (production/test/staging) + # Default: production + environment: production + + # Additional env vars + # additionalEnv: + # MY_ENV_VAR: "value" + additionalEnv: {} + + # Enable the route for trying .webp files before images + enableWebpRoute: "true" + + # The resource limits for the site + resources: + replicas: 1 + php: + memory: 512M + post: 512M + upload: 512M + inputTime: "300" + executionTime: "300" + cpu: + avg: 500m + peak: 1000m + mem: + avg: 256Mi + peak: 512Mi + disk: 5Gi + + # Log Errors + logErrors: "1" + + # Display Errors + displayErrors: "0" + +# advanced: + # php: + # displayErrors: "0" + # logErrors: "1" + # additionalAdminValues: {} + +# # Defaults: +# # storage: +# # cloud: +# # class: "premium01" +# # type: "Premium_LRS" +# # container: "www-mycustomer-com" +# # folders: +# # - cloudPath: "uploads" +# # localPath: "/app/web/app/uploads" +# # - cloudyPath: "gallery" +# # localPath: "/app/web/app/uploads" -# Global configuration -global: - # Which image to use for the web server - serverImage: ghcr.io/cloudynes/php-nginx +# # Initialization Settings +# init: +# # The composer package that contains the site +# composerPackage: "somens/mycustomer-app" - # Which image to use for the initialization - initImage: ghcr.io/cloudynes/php-init +# # The name of the theme which the composer package refers to +# themeName: "mycustomer-app-theme" - # The tag to use for the above images - imageTag: fpm8.0-alpine3.16 +# # Optional: Import content to wp-content directory from zip file +# content: {} - # The database instance where the database will be provisioned - dbInstance: "kincaid" +# # content: +# # import: 'true' +# # url: "https://mycustomer.com/wp-content-data.zip" + +# # Optional: Import database from URL +# database: {} + +# # database: +# # import: 'true' +# # force: false +# # url: "https://www.mycustomer.com/mysqldump.sql" - php: - listenAddress: "127.0.0.1:8123" - listenBacklog: "511" +# # Settings for the webroot (used by Nginx) +# webroot: +# path: "/app/web" +# indexes: "index.php index.html index.htm" + +# # Additional ingress names for the site +# # Default ingress names are (customer domain: testsite.com, domain = testsite, tld = com): +# # - . +# # - www.. +# # - -.eu.cust.azurecd.net +# # - www--.eu.cust.azurecd.net +# additionalIngressNames: [] - pmMode: "ondemand" - pmMaxChildren: "100" - pmProcessIdle: "30s" - pmMaxRequests: "1000" - limitExtensions: ".php" - exposePHP: "Off" - shortOpenTag": "Off" - disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" - logErrors: "On" +# # Global configuration +# global: +# # Which image to use for the web server +# serverImage: ghcr.io/cloudynes/php-nginx - adminValues: - upload_max_filesize: "256M" - post_max_size: "256M" +# # Which image to use for the initialization +# initImage: ghcr.io/cloudynes/php-init - nginx: - workerConnections: "1024" - keepaliveTimeout: "61" - sendfile: "off" - tcpNodelay: "on" - absoluteRedirects: "off" - fcgiBufferSize: "128k" - fcgiBuffers: "4 256k" - fcgiBusyBufferSize: "256k" - fcgiReadTimeout: "300" - globalAdditions: "" - eventsAdditions: "" - httpAdditions: "" - serverAdditions: "" - rootLocationAdditions: "" - phpLocationAdditions: "" +# # The tag to use for the above images +# imageTag: fpm8.0-alpine3.16 + +# # The database instance where the database will be provisioned +# dbInstance: "kincaid" + +# php: +# listenAddress: "127.0.0.1:8123" +# listenBacklog: "511" + +# pmMode: "ondemand" +# pmMaxChildren: "100" +# pmProcessIdle: "30s" +# pmMaxRequests: "1000" + +# limitExtensions: ".php" +# exposePHP: "Off" +# shortOpenTag": "Off" +# disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" +# logErrors: "On" + +# adminValues: +# upload_max_filesize: "256M" +# post_max_size: "256M" + +# nginx: +# workerConnections: "1024" +# keepaliveTimeout: "61" +# sendfile: "off" +# tcpNodelay: "on" +# absoluteRedirects: "off" +# fcgiBufferSize: "128k" +# fcgiBuffers: "4 256k" +# fcgiBusyBufferSize: "256k" +# fcgiReadTimeout: "300" +# globalAdditions: "" +# eventsAdditions: "" +# httpAdditions: "" +# serverAdditions: "" +# rootLocationAdditions: "" +# phpLocationAdditions: ""