helm/wordyne
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Created version 0.5

Browse Source
This commit is contained in:
Lars Scheibling
2023-06-03 22:01:56 +00:00
parent 8b4a25bafb
commit c9f6674f75
14 changed files with 489 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -1,5 +1,5 @@
variables: variables:
HELM_CHART_VERSION: "0.7.1" HELM_CHART_VERSION: "0.5.0"
stages: stages:
- deploy - deploy
@@ -21,5 +21,5 @@ deploy:
- | - |
curl --request POST \ curl --request POST \
--user gitlab-ci-token:$CI_JOB_TOKEN \ --user gitlab-ci-token:$CI_JOB_TOKEN \
--form "chart=@cloudypress-${HELM_CHART_VERSION}.tgz" \ --form "chart=@wordyne-${HELM_CHART_VERSION}.tgz" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts"

8
Chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
name: cloudypress name: wordyne
description: A helm chart for deploying Wordpress on Cloudyne Hosting description: Helm chart for deploying pre-built website containers to kubernetes clusters
type: application type: application
version: "0.7.0" version: "0.5.1"
appVersion: "6.1.1" appVersion: "6.2.2"

11
Chart/templates/NOTES.txt
View File

@@ -1,11 +0,0 @@
You have successfully installed your new website {{ .Values.site.url }}
Ingress Domains:
- {{ .Values.site.url | replace "www." "" }}
- www.{{ .Values.site.url | replace "www." "" }}
- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressNames }}
{{- range .Values.site.additionalIngressNames }}
- {{ . }}
{{- end }}
{{- end }}

19
Chart/templates/_helpers.tpl
View File

@@ -3,13 +3,24 @@ Define the application name and fullname
*/}} */}}
{{- define "..name" -}} {{- define "..name" -}}
{{- .Values.site.url | trunc 63 | replace "." "-" | trimSuffix "-" }} {{- .Values.site.domain | trunc 63 | replace "." "-" | trimSuffix "-" }}
{{- end }} {{- end }}
{{- define "..fullname" -}} {{- define "..fullname" -}}
{{ include "..name" . }} {{ include "..name" . }}
{{- end }} {{- end }}
{{- define "..resourcelimits" -}}
resources:
limits:
cpu: {{ .Values.site.resources.cpu.peak }}
memory: {{ .Values.site.resources.mem.peak }}
requests:
cpu: {{ .Values.site.resources.cpu.avg }}
memory: {{ .Values.site.resources.mem.avg }}
{{- end }}
{{/* {{/*
Define the chart name and version Define the chart name and version
*/}} */}}
@@ -27,7 +38,7 @@ app.kubernetes.io/name: {{ include "..name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
cloudyne.systems/customer: {{ .Values.customer.name }} cloudyne.systems/customer: {{ .Values.customer.legalName }}
cloudyne.systems/site: {{ .Values.site.url }} cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/package: {{ .Values.customer.package.size }} cloudyne.systems/site: {{ .Values.site.domain }}
{{- end }} {{- end }}

16
Chart/templates/certificate.yaml
View File

@@ -11,12 +11,12 @@ spec:
secretName: {{ include "..fullname" . }}-cert-secret secretName: {{ include "..fullname" . }}-cert-secret
commonName: {{ .Values.site.url }} commonName: {{ .Values.site.url }}
dnsNames: dnsNames:
- {{ .Values.site.url | replace "www." "" }} - {{ .Values.site.domain | replace "www." "" }}
- www.{{ .Values.site.url | replace "www." "" }} - www.{{ .Values.site.domain | replace "www." "" }}
- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressNames }} {{- if .Values.site.additionalIngressDomains }}
{{- range .Values.site.additionalIngressNames }} {{- range .Values.site.additionalIngressDomains }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}

407
Chart/templates/configmap.yaml
View File

@@ -8,53 +8,26 @@ data:
SMTP_PORT: '2525' SMTP_PORT: '2525'
SMTP_AUTH: 'true' SMTP_AUTH: 'true'
SMTP_FROM: 'customer-noreply@v3.nu' SMTP_FROM: 'customer-noreply@v3.nu'
{{- if .Values.email }} {{- if .Values.email }}
{{- if .Values.email.forceFromEmail }} {{- if .Values.email.forceFromEmail }}
SMTP_FORCE_FROM: {{ .Values.email.forceFromEmail }} SMTP_FORCE_FROM: {{ .Values.email.forceFromEmail }}
{{- end }} {{- end }}
{{- if .Values.email.forceFromName }} {{- if .Values.email.domains }}
SMTP_FORCE_FROM_NAME: {{ .Values.email.forceFromName }}
{{- end }}
{{- if .Values.email.allowedDomains }}
# join list of allowd domains with comma
SMTP_ALLOWONLY_DOMAINS: {{ .Values.email.allowedDomains | join "," }} SMTP_ALLOWONLY_DOMAINS: {{ .Values.email.allowedDomains | join "," }}
{{- end }} {{- end }}
{{- if .Values.email.allowedEmails }} {{- if .Values.email.allowedEmails }}
# join list of allowd emails with comma
SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }} SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }}
{{- end }} {{- end }}
{{- else }} {{- else }}
SMTP_FORCE_FROM: "customer-noreply@v3.nu" SMTP_FORCE_FROM: "customer-noreply@v3.nu"
SMTP_FROM_NAME: "V3 Customer Mailer" SMTP_FROM_NAME: "V3 Customer Mailer"
{{- end }} {{- end }}
WP_ENV: "{{ .Values.site.environment | default "production" }}"
WP_ENV: "production" WP_HOME: "{{ .Values.site.redirectDomain | default ( .Values.site.domain ) }}"
{{- if .Values.site.overrideMainUrl }}
WP_HOME: "https://{{ .Values.site.overrideMainUrl }}"
{{- else }}
WP_HOME: "https://{{ .Values.site.url }}"
{{- end }}
{{- if and .Values.site.init .Values.site.init.composerPackage }}
RUN_COMPOSER: 'true'
INSTALL_SITE: {{ .Values.site.init.composerPackage }}
SET_THEME: {{ .Values.site.init.themeName | default "" }}
{{- end }}
{{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }}
RUN_IMPORTS: 'true'
IMPORT_CONTENT: {{ .Values.site.init.content.url }}
{{- end }}
{{- if and .Values.site.init .Values.site.init.database .Values.site.init.database.import }}
RUN_DATABASEIMPORTS: 'true'
IMPORT_DATABASE: {{ .Values.site.init.database.url }}
FORCE_IMPORT_DB: {{ .Values.site.init.database.force | default "false" | quote }}
{{- end }}
{{- if .Values.site.additional_env }} {{- if .Values.site.additional_env }}
{{- range $k, $v := .Values.site.additional_env }} {{- range $k, $v := .Values.site.additionalEnv }}
{{ $k }}: {{ $v }} {{ $k }}: {{ $v }}
{{- end }} {{- end }}
{{- end }} {{- end }}
--- ---
kind: ConfigMap kind: ConfigMap
@@ -64,226 +37,152 @@ metadata:
labels: labels:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
data: data:
www.conf: |- init.json: |-
[www] {
"exitOnError": true,
"webserverUser": "unit",
{{- if and .Values.global .Values.global.php }} "webserverGroup": "unit",
listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }} "applicationDir": "/app",
listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }} "permissions": "0770",
"updatePermissions": true,
pm = {{ .Values.global.php.pmMode | default "ondemand" }} "importDatabase": {{ .Values.database.import | default false }}
pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }} "databasePath": "{{ .Values.database.importPath | default "" }}"
pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }} "overwriteDatabase": {{ .Values.database.overwrite | default false }}
pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }} "generateSalts": true,
security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }} "activateTheme": "{{ .Values.site.theme | default .name }}"
php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }}
php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }}
php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen" }}
php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }}
php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }}
{{- else }}
listen = 127.0.0.1:8123
listen.backlog = 511
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 30s
pm.max_requests = 1000
security.limit_extensions = .php
php_admin_value[expose_php] = Off
php_admin_value[short_open_tag] = Off
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source
php_value[log_errors] = On
{{- end }}
ping.path = /fpm-ping
listen.allowed_clients = 127.0.0.1
catch_workers_output = yes
php_value[error_log] = /dev/stderr
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
php_admin_value[{{ $k }}] = {{ $v }}
{{- end }}
{{- end }}
nginx.conf: |
worker_processes auto;
error_log stderr warn;
pid /run/nginx/nginx.pid;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.globalAdditions | default "" }}
{{- end }}
events {
{{- if and .Values.global .Values.global.nginx }}
worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }};
{{ .Values.global.nginx.eventsAdditions | default "" }}
{{- else }}
worker_connections 1024;
{{- end }}
} }
http { unit.json: |-
include mime.types; {
default_type application/octet-stream; "settings": {
"http": {
"header_read_timeout": 60,
"body_read_timeout": 60,
"idle_timeout": 60,
"max_body_size": 512111110
}
},
"listeners": {
"*:8080": {
"pass": "routes"
}
},
"routes": [
{
"action": {
"return": 200
},
"match": {
"uri": [
"/unit-ping",
"/fpm-ping"
]
}
},
{
"action": {
"return": 404
},
"match": {
"uri": [
"/app/uploads/*.php",
"/app/uploads/*.php/*"
]
}
},
{
"action": {
"pass": "applications/php/direct"
},
"match": {
"uri": [
"*.php",
"*.php/*",
"/wp/wp-admin/"
]
}
},
{
"action": {
"return": 302,
"location": "/wp/wp-admin"
},
"match": {
"uri": [
"/wp-admin",
"/wp-admin/*"
]
}
},
{{- if eq .Values.site.enableWebpRoute "true" }}
{
"match": {
"uri": [
"*.jpg",
"*.jpeg",
"*.gif",
"*.png"
]
},
"action": {
"share": [
"/app/web$uri.webp",
"/app/web$uri"
],
"fallback": {
"pass": "applications/php/index"
}
disable_symlinks off; }
},
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
{{- if and .Values.global .Values.global.nginx }}
keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }};
{{- else }}
keepalive_timeout 61;
{{- end }}
client_max_body_size 512m;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
{{- if and .Values.global .Values.global.nginx }}
sendfile {{ .Values.global.nginx.sendfile | default "off" }};
tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }};
absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }};
{{- else }}
sendfile off;
tcp_nodelay on;
absolute_redirect off;
{{- end }} {{- end }}
{
{{- if and .Values.site .Values.site.webroot }} "action": {
root {{ .Values.site.webroot.path | default "/app/web" }}; "share": "/app/web$uri",
index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }}; "fallback": {
{{- else }} "pass": "applications/php/index"
root /app/web; }
index index.php index.html; }
{{- end }}
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.rootLocationAdditions | default "" }}
{{- end }}
} }
],
location ~* /app/web/app/uploads/.*.php$ { "applications": {
deny all; "php": {
"type": "php",
"options": {
"user": {
"display_errors": "{{ .Values.site.displayErrors | default "0" }}"
"log_errors": "{{ .Values.site.logErrors | default "1" }}"
},
"admin": {
"expose_php": "Off",
"short_open_tag": "Off",
"disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source",
"log_errors": "On",
"date.timezone": "{{ .Values.customer.timezone | default "Europe/Stockholm" }}",
{{- if and .Values.advanced .Values.advanced.php .Values.advanced.php.additionalAdminValues }}
{{- range $k, $v := .Values.advanced.php.additionalAdminValues }}
"{{ $k }}": "{{ $v }}",
{{- end }}
{{- else }}
"memory_limit": "{{ .Values.site.resources.php.memory | default "512M" }}",
"upload_max_filesize": "{{ .Values.site.resources.php.upload | default "512M" }}",
"post_max_size": "{{ .Values.site.resources.php.post | default "512M" }}",
"max_execution_time": "{{ .Values.site.resources.php.executionTime | default "300" }}",
"max_input_time": "{{ .Values.site.resources.php.inputTime | default "300" }}",
{{- end }}
}
},
"targets": {
"direct": {
"root": "/app/web"
},
"index": {
"root": "/app/web",
"script": "index.php"
}
}
} }
location ~* /wp-content/uploads/.*.php$ {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
location ~ \.php$ {
{{- if and .Values.global .Values.global.nginx }}
fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }};
fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }};
fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }};
fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }};
{{- else }}
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 300;
{{- end }}
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:8123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.phpLocationAdditions | default "" }}
{{- end }}
}
location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ {
expires 5d;
}
gzip_comp_level 5;
gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\. {
log_not_found off;
deny all;
}
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:8123;
}
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.serverAdditions | default "" }}
{{- end }}
} }
proxy_hide_header X-Powered-By;
fastcgi_hide_header X-Powered-By;
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.httpAdditions }}
{{- end }}
include /etc/nginx/modules/*.conf;
} }

2
Chart/templates/database.yaml
View File

@@ -6,7 +6,7 @@ metadata:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
spec: spec:
secretName: {{ include "..fullname" . }}-db-auth secretName: {{ include "..fullname" . }}-db-auth
instance: {{ .Values.global.dbInstance | default "kincaid" }} instance: {{ .Values.database.server | default "kincaid" }}
deletionProtected: yes deletionProtected: yes
backup: backup:
enable: No enable: No

88
Chart/templates/deployment.yaml
View File

@@ -6,29 +6,29 @@ metadata:
{{- include "..labels" . | nindent 4 }} {{- include "..labels" . | nindent 4 }}
cloudyne.systems/component: site cloudyne.systems/component: site
spec: spec:
{{- if and .Values.customer .Values.customer.package }} {{- if .Values.site.resources }}
replicas: {{ .Values.customer.package.replicas | default 1 }} replicas: {{ .Values.site.resources.replicas | default 1 }}
{{- else }} {{- else }}
replicas: 1 replicas: 1
{{- end }} {{- end }}
selector: selector:
matchLabels: matchLabels:
cloudyne.systems/customer: {{ .Values.customer.name }} cloudyne.systems/customer: {{ .Values.customer.legalName }}
cloudyne.systems/site: {{ .Values.site.url }} cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain }}
template: template:
metadata: metadata:
labels: labels:
cloudyne.systems/customer: {{ .Values.customer.name }} cloudyne.systems/customer: {{ .Values.customer.legalName }}
cloudyne.systems/site: {{ .Values.site.url }} cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain }}
spec: spec:
securityContext: securityContext:
fsGroup: 65534 fsGroup: 101
volumes: volumes:
- name: cloud - name: cloud
persistentVolumeClaim: persistentVolumeClaim:
claimName: pvc-{{ include "..fullname" . }} claimName: pvc-{{ include "..fullname" . }}
- name: local
emptyDir: {}
- name: serverconfig - name: serverconfig
configMap: configMap:
name: {{ include "..fullname" . }}-cfg name: {{ include "..fullname" . }}-cfg
@@ -37,19 +37,22 @@ spec:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
runAsUser: 0 runAsUser: 0
{{- if .Values.global }} image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}"
image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-init" }}:{{ .Values.global.imagetag | default "latest" }}
{{- else }}
image: ghcr.io/cloudynes/php-init:latest
{{- end }}
imagePullPolicy: Always imagePullPolicy: Always
imagePullSecrets:
- name: pull-secret
volumeMounts: volumeMounts:
- name: local
mountPath: /app
- name: cloud - name: cloud
mountPath: /full-cloud mountPath: /full-cloud
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} {{- if .Values.storage.wpContent }}
{{- range $v := .Values.site.storage.cloud.folders }} {{- range $v := .Values.storage.wpContent }}
- name: cloud
mountPath: "/app/web/app/{{ $v }}"
subPath: "{{ $v }}"
{{- end }}
{{- end }}
{{- if .Values.storage.additionalMounts }}
{{- range $v := .Values.storage.additionalMounts }}
- name: cloud - name: cloud
mountPath: {{ $v.localPath }} mountPath: {{ $v.localPath }}
subPath: {{ $v.cloudPath }} subPath: {{ $v.cloudPath }}
@@ -65,24 +68,22 @@ spec:
containers: containers:
- name: wordpress - name: wordpress
securityContext: securityContext:
runAsUser: 65534 runAsUser: 101
{{- if .Values.global }} image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}"
image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-nginx" }}:{{ .Values.global.imagetag | default "latest" }}
{{- else }}
image: ghcr.io/cloudynes/php-nginx:latest
{{- end }}
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
- name: local
mountPath: /app
- name: serverconfig - name: serverconfig
mountPath: /etc/nginx/nginx.conf mountPath: /docker-entrypoint.d/unit.json
subPath: nginx.conf subPath: unit.json
- name: serverconfig {{- if .Values.storage.wpContent }}
mountPath: /usr/local/etc/php-fpm.d/www.conf {{- range $v := .Values.storage.wpContent }}
subPath: www.conf - name: cloud
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} mountPath: "/app/web/app/{{ $v }}"
{{- range $v := .Values.site.storage.cloud.folders }} subPath: "{{ $v }}"
{{- end }}
{{- end }}
{{- if .Values.storage.additionalMounts }}
{{- range $v := .Values.storage.additionalMounts }}
- name: cloud - name: cloud
mountPath: {{ $v.localPath }} mountPath: {{ $v.localPath }}
subPath: {{ $v.cloudPath }} subPath: {{ $v.cloudPath }}
@@ -95,22 +96,7 @@ spec:
name: {{ include "..fullname" . }}-db-auth name: {{ include "..fullname" . }}-db-auth
- secretRef: - secretRef:
name: global-secrets name: global-secrets
resources: {{- include "..resourcelimits" . | nindent 10 }}
{{- if and .Values.customer .Values.customer.package .Values.customer.package.cpu }}
requests:
cpu: {{ .Values.customer.package.cpu.avg | default "1000m" }}
memory: {{ .Values.customer.package.mem.avg | default "1Gi" }}
limits:
cpu: {{ .Values.customer.package.cpu.peak | default "1000m" }}
memory: {{ .Values.customer.package.mem.peak | default "1Gi" }}
{{- else }}
requests:
cpu: 1000m
memory: 1Gi
limits:
cpu: 1000m
memory: 1Gi
{{- end }}
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http

20
Chart/templates/externalsecret.yaml
View File

@@ -2,7 +2,6 @@ apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: global-secrets-ext name: global-secrets-ext
namespace: {{ include "..fullname" . }}
labels: labels:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
spec: spec:
@@ -26,3 +25,22 @@ spec:
- secretKey: SMTP_HOST - secretKey: SMTP_HOST
remoteRef: remoteRef:
key: secret/SMTP-HOST key: secret/SMTP-HOST
---
apiVersion: v1
kind: ExternalSecret
metadata:
name: pull-secret-ext
labels:
{{- include "..labels" . | nindent 8 }}
spec:
refreshInterval: 4h
secretStoreRef:
kind: ClusterSecretStore
name: az-cluster-store
target:
name: pull-secret
creationPolicy: Owner
data:
- secretKey: .dockerconfigjson
remoteRef:
key: secret/CLDY-CR-PULL-TOKEN

73
Chart/templates/ingress.yaml
View File

@@ -12,18 +12,18 @@ spec:
tls: tls:
- secretName: {{ include "..fullname" . }}-cert-secret - secretName: {{ include "..fullname" . }}-cert-secret
hosts: hosts:
- {{ .Values.site.url | replace "www." "" }} - {{ .Values.site.domain | replace "www." "" }}
- www.{{ .Values.site.url | replace "www." "" }} - www.{{ .Values.site.domain | replace "www." "" }}
- {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
- www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressNames }} {{- if .Values.site.additionalIngressDomains }}
{{- range .Values.site.additionalIngressNames }} {{- range .Values.site.additionalIngressDomains }}
- {{ . }} - {{ . }}
{{- end }}
{{- end }} {{- end }}
{{- end }}
rules: rules:
- host: {{ .Values.site.url | replace "www." "" }} - host: {{ .Values.site.domain | replace "www." "" }}
http: http:
paths: paths:
- path: / - path: /
@@ -33,7 +33,28 @@ spec:
name: {{ include "..fullname" . }} name: {{ include "..fullname" . }}
port: port:
number: 80 number: 80
- host: www.{{ .Values.site.url | replace "www." "" }} - host: www.{{ .Values.site.domain | replace "www." "" }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http: http:
paths: paths:
- path: / - path: /
@@ -43,28 +64,8 @@ spec:
name: {{ include "..fullname" . }} name: {{ include "..fullname" . }}
port: port:
number: 80 number: 80
- host: {{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net {{- if .Values.site.additionalIngressDomains }}
http: {{- range .Values.site.additionalIngressDomains }}
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: www.{{ .Values.site.url | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
{{- if .Values.site.additionalIngressNames }}
{{- range .Values.site.additionalIngressNames }}
- host: {{ . }} - host: {{ . }}
http: http:
paths: paths:
@@ -72,8 +73,8 @@ spec:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: {{ include "..fullname" . }} name: {{ include "..fullname" $ }}
port: port:
number: 80 number: 80
{{- end }} {{- end }}
{{- end }} {{- end }}

14
Chart/templates/persistentvolume.yaml
View File

@@ -8,19 +8,19 @@ spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
capacity: capacity:
storage: {{ .Values.customer.package.disk }} storage: {{ .Values.site.resources.disk | default "5Gi" }}
csi: csi:
driver: blob.csi.azure.com driver: blob.csi.azure.com
nodeStageSecretRef: nodeStageSecretRef:
name: cloudyne{{ .Values.site.storage.cloud.class }}-credentials name: cloudyne{{ .Values.storage.class | default "premium01" }}-credentials
namespace: blob-csi namespace: blob-csi
volumeAttributes: volumeAttributes:
containername: {{ .Values.site.storage.cloud.container }} containername: {{ .Values.storage.container | default ( .Values.site.domain | replace "." "-") }}
csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }} csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }}
csi.storage.k8s.io/pvc/namespace: {{ include "..fullname" . }} csi.storage.k8s.io/pvc/namespace: {{ include "..fullname" . }}
secretnamespace: {{ include "..fullname" . }} secretnamespace: {{ include "..fullname" . }}
skuName: {{ .Values.site.storage.cloud.type }} skuName: {{ .Values.storage.type | default "Premium_LRS" }}
volumeHandle: {{ .Values.site.storage.cloud.class }}-retain_{{ include "..fullname" . }} volumeHandle: {{ .Values.storage.class | default "premium01" }}-retain_{{ include "..fullname" . }}
mountOptions: mountOptions:
- -o allow_other - -o allow_other
- --file-cache-timeout-in-seconds=120 - --file-cache-timeout-in-seconds=120
@@ -31,8 +31,8 @@ spec:
- -o negative_timeout=120 - -o negative_timeout=120
- --log-level=LOG_WARNING - --log-level=LOG_WARNING
- --cache-size-mb=3500 - --cache-size-mb=3500
- -o uid=65534 - -o uid=101
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.site.storage.cloud.class }}-retain storageClassName: {{ .Values.storage.class | default "premium01" }}-retain
volumeMode: Filesystem volumeMode: Filesystem
--- ---

6
Chart/templates/persistentvolumeclaim.yaml
View File

@@ -15,8 +15,8 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: {{ .Values.customer.package.disk }} storage: {{ .Values.site.resources.disk | default "5Gi" }}
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud }} {{- if and .Values.storage .Values.storage.class }}
storageClassName: {{ .Values.site.storage.cloud.class }}-retain storageClassName: {{ .Values.storage.class | default "premium01" }}-retain
{{- end }} {{- end }}

6
Chart/templates/service.yaml
View File

@@ -4,13 +4,13 @@ metadata:
name: {{ include "..fullname" . }} name: {{ include "..fullname" . }}
labels: labels:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
cloudyne.systems/component: site
spec: spec:
ports: ports:
- name: http - name: http
port: 80 port: 80
targetPort: 8080 targetPort: 8080
selector: selector:
cloudyne.systems/customer: {{ .Values.customer.name }} cloudyne.systems/customer: {{ .Values.customer.legalName }}
cloudyne.systems/site: {{ .Values.site.url }} cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain }}
type: ClusterIP type: ClusterIP

327
Chart/values.yaml
View File

@@ -1,155 +1,228 @@
# Customer Information
customer: customer:
# The (dns-compliant) customer name
name: scheibling-consulting-ab
# Customer Name/identifier # The legal name of the customer
name: mycustomer legalName: Scheibling Consulting AB
# Timezone for customer # The legal ID of the customer
legalId: 559005-XXXX
# The timezone for the customer
timezone: "Europe/Stockholm" timezone: "Europe/Stockholm"
# Package/Resource Settings email:
package: {} # Force a given sender email
# forceSender: "example@email.com"
# Defaults: # Set a default sender/display name
# package: # defaultSender: "customer-noreply@v3.nu"
# size: small # defaultSenderName: "Customer Name"
# replicas: 1
# cpu:
# avg: 500m
# peak: 1000m
# mem:
# avg: 512Mi
# peak: 1Gi
# disk: 5Gi
# Settings for email sent from site # Specify allowed domains/emails to use as senders
# default is sending from customer@mail domains:
email: {} - scheibling.se
emails:
- it@scheibling.se
# email: # Database configuration
# forceFromEmail: "user@domain.com" database:
# forceFromName: "Some Customer" server: kincaid
# allowedDomains:
# - "customerdomainA.se"
# - "customerdomainB.se"
# allowedEmails:
# - "noreply@customerdomainC.com"
# Website Configuration # Import database from file
site: import: true
# The main URL for the website importPath: "/path/to/database.sql"
url: "www.mycustomer.com" overwriteExisting: false
# Additional environment variables to pass to the container # Storage Settings
additional_env: {} storage:
# MY_ENV_VAR: "value" # The storage class to use for the site
# Default: premium01
class: "premium01"
# Create sites with another main domain for WP, # The storage type to use for the site
# but the rest of the components named according to site-tld # Default: Premium_LRS
# overrideMainUrl: "" type: "Premium_LRS"
# Whether to keep plugins and Wordpress updated # The storage container to use for the site
autoUpdate: 'true' # Default: <domain>-<tld>
container: "scheibling-se"
# Storage settings # WP Content Folders
storage: {} wpContent:
- uploads
# Defaults: - languages
# storage:
# cloud:
# class: "premium01"
# type: "Premium_LRS"
# container: "www-mycustomer-com"
# folders:
# - cloudPath: "uploads"
# localPath: "/app/web/app/uploads"
# - cloudyPath: "gallery"
# localPath: "/app/web/app/uploads"
# Initialization Settings
init:
# The composer package that contains the site
composerPackage: "somens/mycustomer-app"
# The name of the theme which the composer package refers to
themeName: "mycustomer-app-theme"
# Optional: Import content to wp-content directory from zip file
content: {}
# content:
# import: 'true'
# url: "https://mycustomer.com/wp-content-data.zip"
# Optional: Import database from URL
database: {}
# database:
# import: 'true'
# force: false
# url: "https://www.mycustomer.com/mysqldump.sql"
# Settings for the webroot (used by Nginx)
webroot:
path: "/app/web"
indexes: "index.php index.html index.htm"
# Additional ingress names for the site additionalMounts: {}
# Default ingress names are (customer domain: testsite.com, domain = testsite, tld = com): # - cloudPath: uploads
# localPath: /app/web/app/uploads
site:
# The name of the repository/composerpackage/dockerimage
# Default: domain.replace('.', '-')
name: "scheibling-se"
# Tag of the container to deploy
imageTag: "latest"
# The primary domain/TLD where the site will be available
domain: scheibling.se
# The main url (subdomain) for the site
# Only needed if it differs from the domain
# ex.
redirectDomain: www.scheibling.se
# Additional ingress domains that should all
# point to the same site
# Defaults are:
# - <domain>.<tld> # - <domain>.<tld>
# - www.<domain>.<tld> # - www.<domain>.<tld>
# - <domain>-<tld>.eu.cust.azurecd.net # - <domain>-<tld>.eu.cust.azurecd.net
# - www-<domain>-<tld>.eu.cust.azurecd.net # - www-<domain>-<tld>.eu.cust.azurecd.net
additionalIngressNames: [] additionalIngressDomains:
- www2.scheibling.se
# PHP Version
phpVersion: "8.0"
# Set environment (production/test/staging)
# Default: production
environment: production
# Additional env vars
# additionalEnv:
# MY_ENV_VAR: "value"
additionalEnv: {}
# Enable the route for trying .webp files before images
enableWebpRoute: "true"
# The resource limits for the site
resources:
replicas: 1
php:
memory: 512M
post: 512M
upload: 512M
inputTime: "300"
executionTime: "300"
cpu:
avg: 500m
peak: 1000m
mem:
avg: 256Mi
peak: 512Mi
disk: 5Gi
# Log Errors
logErrors: "1"
# Display Errors
displayErrors: "0"
# advanced:
# php:
# displayErrors: "0"
# logErrors: "1"
# additionalAdminValues: {}
# # Defaults:
# # storage:
# # cloud:
# # class: "premium01"
# # type: "Premium_LRS"
# # container: "www-mycustomer-com"
# # folders:
# # - cloudPath: "uploads"
# # localPath: "/app/web/app/uploads"
# # - cloudyPath: "gallery"
# # localPath: "/app/web/app/uploads"
# Global configuration # # Initialization Settings
global: # init:
# Which image to use for the web server # # The composer package that contains the site
serverImage: ghcr.io/cloudynes/php-nginx # composerPackage: "somens/mycustomer-app"
# Which image to use for the initialization # # The name of the theme which the composer package refers to
initImage: ghcr.io/cloudynes/php-init # themeName: "mycustomer-app-theme"
# The tag to use for the above images # # Optional: Import content to wp-content directory from zip file
imageTag: fpm8.0-alpine3.16 # content: {}
# The database instance where the database will be provisioned # # content:
dbInstance: "kincaid" # # import: 'true'
# # url: "https://mycustomer.com/wp-content-data.zip"
# # Optional: Import database from URL
# database: {}
# # database:
# # import: 'true'
# # force: false
# # url: "https://www.mycustomer.com/mysqldump.sql"
php: # # Settings for the webroot (used by Nginx)
listenAddress: "127.0.0.1:8123" # webroot:
listenBacklog: "511" # path: "/app/web"
# indexes: "index.php index.html index.htm"
# # Additional ingress names for the site
# # Default ingress names are (customer domain: testsite.com, domain = testsite, tld = com):
# # - <domain>.<tld>
# # - www.<domain>.<tld>
# # - <domain>-<tld>.eu.cust.azurecd.net
# # - www-<domain>-<tld>.eu.cust.azurecd.net
# additionalIngressNames: []
pmMode: "ondemand"
pmMaxChildren: "100"
pmProcessIdle: "30s"
pmMaxRequests: "1000"
limitExtensions: ".php" # # Global configuration
exposePHP: "Off" # global:
shortOpenTag": "Off" # # Which image to use for the web server
disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" # serverImage: ghcr.io/cloudynes/php-nginx
logErrors: "On"
adminValues: # # Which image to use for the initialization
upload_max_filesize: "256M" # initImage: ghcr.io/cloudynes/php-init
post_max_size: "256M"
nginx: # # The tag to use for the above images
workerConnections: "1024" # imageTag: fpm8.0-alpine3.16
keepaliveTimeout: "61"
sendfile: "off" # # The database instance where the database will be provisioned
tcpNodelay: "on" # dbInstance: "kincaid"
absoluteRedirects: "off"
fcgiBufferSize: "128k" # php:
fcgiBuffers: "4 256k" # listenAddress: "127.0.0.1:8123"
fcgiBusyBufferSize: "256k" # listenBacklog: "511"
fcgiReadTimeout: "300"
globalAdditions: "" # pmMode: "ondemand"
eventsAdditions: "" # pmMaxChildren: "100"
httpAdditions: "" # pmProcessIdle: "30s"
serverAdditions: "" # pmMaxRequests: "1000"
rootLocationAdditions: ""
phpLocationAdditions: "" # limitExtensions: ".php"
# exposePHP: "Off"
# shortOpenTag": "Off"
# disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source"
# logErrors: "On"
# adminValues:
# upload_max_filesize: "256M"
# post_max_size: "256M"
# nginx:
# workerConnections: "1024"
# keepaliveTimeout: "61"
# sendfile: "off"
# tcpNodelay: "on"
# absoluteRedirects: "off"
# fcgiBufferSize: "128k"
# fcgiBuffers: "4 256k"
# fcgiBusyBufferSize: "256k"
# fcgiReadTimeout: "300"
# globalAdditions: ""
# eventsAdditions: ""
# httpAdditions: ""
# serverAdditions: ""
# rootLocationAdditions: ""
# phpLocationAdditions: ""