helm/wordyne
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: helm:dev-newchart
Branches Tags
helm:main helm:dev-newchart
helm:1.0.25
..
compare: helm:8b85ba35fac86e7db14e6622f5ad90099cf95c24
Branches Tags
helm:main helm:dev-newchart
helm:1.0.25

1 Commits
dev-newcha ... 8b85ba35fa

Author SHA1 Message Date
Lars Scheibling
8b85ba35fa Disabled job template 2023-09-05 17:28:56 +02:00
18 changed files with 394 additions and 729 deletions
Expand all files Collapse all files

23
.gitea/workflows/upload-helm.yml
View File

@@ -1,23 +0,0 @@
name: Upload Helm Chart
run-name: Uploading helm chart
on: [push]
jobs:
Explore-Gitea-Actions:
runs-on: ubuntu-latest
env:
HELM_CHART_VERSION: "1.0.34"
steps:
- uses: actions/checkout@v2
- name: Set up Helm
uses: azure/setup-helm@v1
with:
version: 'v3.0.0'
- run: 'sed -i "s/version:.*/version: \"${HELM_CHART_VERSION}\"/" ./Chart/Chart.yaml'
- run: helm package ./Chart
- name: Upload Helm Chart
run: |
curl -ki -X POST \
--user ${{ secrets.HELM_PKG_UPLOAD_USER }}:${{ secrets.HELM_PKG_UPLOAD_PASS }} \
--upload-file "wordyne-${HELM_CHART_VERSION}.tgz" \
https://helm.cloudyne.io/api/charts

2
.gitignore vendored
View File

@@ -1,4 +1,2 @@
example.yaml example.yaml
example*.yaml example*.yaml
example*.yml
test-*.yaml

6
.gitlab-ci.yml
View File

@@ -1,5 +1,5 @@
variables: variables:
HELM_CHART_VERSION: "1.0.24" HELM_CHART_VERSION: "0.6.13"
stages: stages:
- deploy - deploy
@@ -9,7 +9,9 @@ default:
name: cloudyne/kubectl-helm:latest name: cloudyne/kubectl-helm:latest
entrypoint: [""] entrypoint: [""]
tags: tags:
- shell - build01
- helm
- chartbuild
deploy: deploy:
stage: deploy stage: deploy

2
Chart/Chart.yaml
View File

@@ -2,5 +2,5 @@ apiVersion: v2
name: wordyne name: wordyne
description: Helm chart for deploying pre-built website containers to kubernetes clusters description: Helm chart for deploying pre-built website containers to kubernetes clusters
type: application type: application
version: "1.0.27" version: "0.6.13"
appVersion: "6.2.2" appVersion: "6.2.2"

4
Chart/templates-disabled/job.yaml
View File

@@ -1,4 +1,5 @@
{{- if .Values.site.autoRegisterEnabled | default false }} {{- if .Values.site.skipWPCRegistration | default false }}
{{- else }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@@ -20,5 +21,4 @@ spec:
imagePullSecrets: imagePullSecrets:
- name: pull-secret - name: pull-secret
backoffLimit: 4 backoffLimit: 4
{{- else }}
{{- end }} {{- end }}

36
Chart/templates/_helpers.tpl
View File

@@ -3,17 +3,13 @@ Define the application name and fullname
*/}} */}}
{{- define "..name" -}} {{- define "..name" -}}
{{- .Values.site.name | trunc 63 }} {{- .Values.site.domain | trunc 63 | replace "." "-" | trimSuffix "-" }}
{{- end }} {{- end }}
{{- define "..fullname" -}} {{- define "..fullname" -}}
{{ include "..name" . }} {{ include "..name" . }}
{{- end }} {{- end }}
{{- define "..domains" }}
{{- if .Values.site.additionalDomains }}{{ .Values.site.additionalDomains | toYaml }}{{- end }}
- {{ .Values.site.domain | replace "www." "" }}
{{- end }}
{{- define "..resourcelimits" -}} {{- define "..resourcelimits" -}}
resources: resources:
@@ -42,31 +38,7 @@ app.kubernetes.io/name: {{ include "..name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | trunc 63 | trimSuffix "-" }}
cloudyne.systems/customer-legal-id: '{{ .Values.customer.legalId }}' cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain | quote }} cloudyne.systems/site: {{ .Values.site.domain }}
{{- end }}
{{- define "..selector-labels" -}}
cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }}
cloudyne.systems/site: {{ .Values.site.domain | quote }}
cloudyne.systems/component: site
{{- end }}
{{- define "..affinity-labels" -}}
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: cloudyne.systems/customer
operator: In
values:
- {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }}
- key: cloudyne.systems/site
operator: In
values:
- {{ .Values.site.domain | quote }}
- key: cloudyne.systems/component
operator: In
values:
- "site"
topologyKey: kubernetes.io/hostname
{{- end }} {{- end }}

29
Chart/templates/certificate.yaml
View File

@@ -1,4 +1,3 @@
{{- if and .Values.site.certificate .Values.site.certificate.certManager }}
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
@@ -7,21 +6,17 @@ metadata:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
spec: spec:
issuerRef: issuerRef:
name: {{ .Values.site.certificate.issuerRef }} name: cloudyne-internal-root-v2
kind: {{ .Values.site.certificate.issuerKind }} kind: ClusterIssuer
secretName: {{ include "..fullname" . }}-cert-secret secretName: {{ include "..fullname" . }}-cert-secret
commonName: {{ .Values.site.domain }} commonName: {{ .Values.site.url }}
dnsNames: {{ include "..domains" . | nindent 8 }} dnsNames:
{{- else if and .Values.site.certificate .Values.site.certificate.custom .Values.site.certificate.custom.enabled }} - {{ .Values.site.domain | replace "www." "" }}
apiVersion: v1 - www.{{ .Values.site.domain | replace "www." "" }}
kind: Secret - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
metadata: - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
name: {{ include "..fullname" . }}-cert-secret {{- if .Values.site.additionalIngressDomains }}
labels: {{- range .Values.site.additionalIngressDomains }}
{{- include "..labels" . | nindent 8 }} - {{ . }}
type: kubernetes.io/tls {{- end }}
data:
tls.crt: {{ .Values.site.certificate.custom.cert | b64enc }}
tls.key: {{ .Values.site.certificate.custom.key | b64enc }}
{{- else }}
{{- end }} {{- end }}

153
Chart/templates/configmap.yaml
View File

@@ -5,45 +5,30 @@ metadata:
labels: labels:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
data: data:
{{- if .Values.email.smtpHost }} SMTP_PORT: '2525'
SMTP_HOST: {{ .Values.email.smtpHost }} SMTP_AUTH: 'true'
{{- end }} SMTP_FROM: 'customer-noreply@v3.nu'
{{- if .Values.email.smtpPort }} {{- if .Values.email }}
SMTP_PORT: {{ .Values.email.smtpPort | quote }} {{- if .Values.email.forceFromEmail }}
{{- end }} SMTP_FORCE_FROM: {{ .Values.email.forceFromEmail }}
{{- if .Values.email.smtpAuth }}
SMTP_AUTH: 'True'
{{- if .Values.email.smtpUser }}
SMTP_USER: {{ .Values.email.smtpUser }}
{{- end }} {{- end }}
{{- if .Values.email.smtpPassword }} {{- if .Values.email.domains }}
SMTP_PASSWORD: {{ .Values.email.smtpPassword }}
{{- end }}
{{- end }}
{{- if .Values.email.smtpStarttls }}
SMTP_STARTTLS: 'True'
{{- end }}
{{- if .Values.email.defaultSender }}
SMTP_FROM: {{ .Values.email.defaultSender }}
{{- end }}
{{- if .Values.email.defaultSenderName }}
SMTP_FROM_NAME: {{ .Values.email.defaultSenderName }}
{{- end }}
{{- if .Values.email.forceSender }}
SMTP_FORCE_FROM: {{ .Values.email.forceSender }}
{{- end }}
{{- if .Values.email.domains }}
SMTP_ALLOWONLY_DOMAINS: {{ .Values.email.domains | join "," }} SMTP_ALLOWONLY_DOMAINS: {{ .Values.email.domains | join "," }}
{{- end }} {{- end }}
{{- if .Values.email.allowedEmails }} {{- if .Values.email.allowedEmails }}
SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }} SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }}
{{- end }} {{- end }}
WP_HOME: "https://{{ .Values.site.domain | replace "http://" "" | replace "https://" "" }}" {{- else }}
{{- if .Values.site.env }} SMTP_FORCE_FROM: "customer-noreply@v3.nu"
{{- range $k, $v := .Values.site.env }} SMTP_FROM_NAME: "V3 Customer Mailer"
{{- end }}
WP_ENV: "{{ .Values.site.environment | default "production" }}"
WP_HOME: "https://{{ ( .Values.site.redirectDomain | default ( .Values.site.domain )) | replace "https://" "" | replace "http://" "" }}"
{{- if .Values.site.additionalEnv }}
{{- range $k, $v := .Values.site.additionalEnv }}
{{ $k }}: {{ $v }} {{ $k }}: {{ $v }}
{{- end }} {{- end }}
{{- end }} {{- end }}
--- ---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
@@ -59,26 +44,13 @@ data:
"webserverGroup": "unit", "webserverGroup": "unit",
"applicationDir": "/app", "applicationDir": "/app",
"permissions": "0770", "permissions": "0770",
"updatePermissions": {{ .Values.init.wp.updatePermissions | default false }}, "updatePermissions": true,
"importDatabase": {{ .Values.init.db.active | default false }}, "importDatabase": {{ .Values.database.import | default false }},
"databasePath": "{{ .Values.init.db.path | default "" }}", "databasePath": "{{ .Values.database.importPath | default "" }}",
"databaseUrl": "{{ .Values.init.db.url | default "" }}", "overwriteDatabase": {{ .Values.database.overwrite | default false }},
"importContent": {{ .Values.init.content.active | default false }},
"contentPath": "{{ .Values.init.content.path | default "" }}",
"contentUrl": "{{ .Values.init.content.url | default "" }}",
"overwriteDatabase": {{ .Values.init.db.overwrite | default false }},
"generateSalts": true, "generateSalts": true,
"activateTheme": "{{ .Values.init.wp.theme | default .Values.site.name }}", "activateTheme": "{{ .Values.site.theme | default .Values.site.name }}",
{{- if .Values.init.asJob }} "convertUploadsToWebp": {{ .Values.site.enableWebpConversion | default false }},
"convertUploadsToWebp": {{ .Values.init.content.webpConverter | default true }},
{{- else }}
"convertUploadsToWebp": {{ .Values.init.content.webpConverter | default false }},
{{- end }}
{{- if and .Values.storage.cloud.active .Values.storage.local.active }}
"backupToCloud": true,
{{- else }}
"backupToCloud": false,
{{- end }}
"convertMissingOnly": true "convertMissingOnly": true
} }
@@ -109,30 +81,6 @@ data:
] ]
} }
}, },
{
"action": {
"return": 302,
"location": "/wp/wp-admin"
},
"match": {
"uri": [
"/wp-admin",
"/wp-admin/*"
]
}
},
{
"action": {
"return": 302,
"location": "/wp/wp-login.php"
},
"match": {
"uri": [
"/wp-login.php",
"/wp-login.php*"
]
}
},
{ {
"action": { "action": {
"return": 404 "return": 404
@@ -156,7 +104,19 @@ data:
] ]
} }
}, },
{{- if (.Values.site.webpRoute | default "true") }} {
"action": {
"return": 302,
"location": "/wp/wp-admin"
},
"match": {
"uri": [
"/wp-admin",
"/wp-admin/*"
]
}
},
{{- if eq .Values.site.enableWebpRoute "true" }}
{ {
"match": { "match": {
"uri": [ "uri": [
@@ -191,28 +151,18 @@ data:
"applications": { "applications": {
"php": { "php": {
"type": "php", "type": "php",
"processes": {
"max": {{ .Values.php.maxProc | default 5 }},
"spare": {{ .Values.php.spareProc | default 1 }},
"idle_timeout": {{ .Values.php.procIdleTimeout | default 65 }}
},
"options": { "options": {
"user": { "user": {
{{- if and .Values.php .Values.php.additionalValues }} "display_errors": "{{ .Values.site.displayErrors | default "0" }}",
{{- range $k, $v := .Values.php.additionalValues }} "log_errors": "{{ .Values.site.logErrors | default "1" }}"
"{{ $k }}": "{{ $v }}",
{{- end }}
{{- end }}
"display_errors": "{{ .Values.php.displayErrors | default "Off" }}",
"log_errors": "{{ .Values.php.logErrors | default "On" }}"
}, },
"admin": { "admin": {
"expose_php": "Off", "expose_php": "Off",
"short_open_tag": "Off", "short_open_tag": "Off",
"disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source", "disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source",
"log_errors": "{{ .Values.php.logErrors | default "On" }}", "log_errors": "On",
{{- if and .Values.php .Values.php.additionalAdminValues }} {{- if and .Values.advanced .Values.advanced.php .Values.advanced.php.additionalAdminValues }}
{{- range $k, $v := .Values.php.additionalAdminValues }} {{- range $k, $v := .Values.advanced.php.additionalAdminValues }}
"{{ $k }}": "{{ $v }}", "{{ $k }}": "{{ $v }}",
{{- end }} {{- end }}
{{- else }} {{- else }}
@@ -237,20 +187,3 @@ data:
} }
} }
} }
{{- if .Values.storage.configMap }}
{{- range .Values.storage.configMap }}
{{- if eq .type "configmap" }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "..fullname" $ }}-cm-{{ .name }}
labels:
{{- include "..labels" $ | nindent 8 }}
data:
{{- range $k, $v := .files }}
{{ $v.name }}: {{ $v.content | toYaml | indent 4}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
Chart/templates/database.yaml
View File

@@ -6,7 +6,7 @@ metadata:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
spec: spec:
secretName: {{ include "..fullname" . }}-db-auth secretName: {{ include "..fullname" . }}-db-auth
instance: {{ .Values.site.dbInstance | default "kincaid" }} instance: {{ .Values.database.server | default "kincaid" }}
deletionProtected: yes deletionProtected: yes
backup: backup:
enable: No enable: No

164
Chart/templates/deployment.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: {{ include "..fullname" . }} name: {{ include "..fullname" . }}
labels: labels:
{{- include "..labels" . | nindent 4 }} {{- include "..labels" . | nindent 4 }}
cloudyne.systems/component: site
spec: spec:
{{- if .Values.site.resources }} {{- if .Values.site.resources }}
replicas: {{ .Values.site.resources.replicas | default 1 }} replicas: {{ .Values.site.resources.replicas | default 1 }}
@@ -12,185 +13,96 @@ spec:
{{- end }} {{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "..selector-labels" . | nindent 6 }} cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | lower | trunc 63 }}
cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain }}
template: template:
metadata: metadata:
labels: labels:
{{- include "..selector-labels" . | nindent 8 }} cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | lower | trunc 63 }}
cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain }}
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
volumes: volumes:
- name: cloud
persistentVolumeClaim:
claimName: pvc-{{ include "..fullname" . }}
- name: serverconfig - name: serverconfig
configMap: configMap:
name: {{ include "..fullname" . }}-cfg name: {{ include "..fullname" . }}-cfg
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "file" }}
- name: {{ .name }}
secret:
secretName: {{- include "..fullname" $ }}-exts-{{ .name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.storage.kubernetes }}
{{- range .Values.storage.kubernetes }}
- name: {{ .name }}
{{- if eq .type "secret" }}
secret:
secretName: "{{- include "..fullname" $ }}-sec-{{ .name }}"
{{- end }}
{{- if eq .type "configmap" }}
configMap:
name: "{{- include "..fullname" $ }}-sec-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.storage.cloud.active }}
- name: cloud
persistentVolumeClaim:
claimName: pvc-{{- include "..name" . }}-cloud
{{- end }}
{{- if .Values.storage.local.active }}
- name: local
persistentVolumeClaim:
claimName: pvc-{{- include "..name" . }}-local
{{- end }}
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "docker" }}
imagePullSecrets: imagePullSecrets:
- name: "{{- include "..fullname" $ }}-exts-{{ .name }}" - name: pull-secret
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.storage.kubernetes }}
{{- range .Values.storage.kubernetes }}
{{- if eq .type "docker" }}
imagePullSecrets:
- name: "{{- include "..fullname" $ }}-sec-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
{{- if not .Values.init.asJob }}
initContainers: initContainers:
{{- if and .Values.storage.cloud.active .Values.storage.local.active .Values.storage.local.cloneCloud }} - name: deploy
- name: init-local-storage
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
runAsUser: 0 runAsUser: 0
image: cloudyne/ubuntu-ci:latest image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}"
command: ["python3"]
args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"]
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
- name: cloud - name: cloud
mountPath: /mnt/cloud mountPath: /full-cloud
- name: local
mountPath: /mnt/local
{{- end }}
- name: init-site
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
image: "{{ .Values.site.image }}"
imagePullPolicy: Always
volumeMounts:
- name: serverconfig - name: serverconfig
mountPath: /init-go/config.json mountPath: /init-go/config.json
subPath: init.json subPath: init.json
{{- if .Values.storage.cloud.active }} {{- if .Values.storage.wpContent }}
{{- range $v := .Values.storage.wpContent }}
- name: cloud - name: cloud
mountPath: "/mnt/cloud" mountPath: "/app/web/app/{{ $v }}"
subPath: "{{ $v }}"
{{- end }} {{- end }}
{{- if .Values.storage.local.active }}
{{- range .Values.storage.folders }}
- name: local
mountPath: "/app/web/app/{{ . }}"
subPath: "{{ . }}"
{{- end }} {{- end }}
{{- else }} {{- if .Values.storage.additionalMounts }}
{{- if .Values.storage.cloud.active }} {{- range $v := .Values.storage.additionalMounts }}
{{- range .Values.storage.folders }}
- name: cloud - name: cloud
mountPath: "/app/web/app/{{ . }}" mountPath: {{ $v.localPath }}
subPath: "{{ . }}" subPath: {{ $v.cloudPath }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "..fullname" . }}-env name: {{ include "..fullname" . }}-env
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "env" }}
- secretRef:
name: "{{- include "..fullname" $ }}-exts-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
- secretRef: - secretRef:
name: {{ include "..fullname" . }}-db-auth name: {{ include "..fullname" . }}-db-auth
command: ["sh"] - secretRef:
args: ["-c", "/init-go/init-go"] name: global-secrets
{{- end }} command: [ "/init-go/init-go" ]
containers: containers:
- name: wordpress - name: wordpress
securityContext: securityContext:
runAsUser: 101 runAsUser: 101
image: "{{ .Values.site.image }}" image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}"
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
- name: serverconfig - name: serverconfig
mountPath: /docker-entrypoint.d/unit.json mountPath: /docker-entrypoint.d/unit.json
subPath: unit.json subPath: unit.json
{{- if .Values.storage.cloud.active }} {{- if .Values.storage.wpContent }}
{{- range $v := .Values.storage.wpContent }}
- name: cloud - name: cloud
mountPath: "/mnt/cloud" mountPath: "/app/web/app/{{ $v }}"
{{- end }} subPath: "{{ $v }}"
{{- if .Values.storage.local.active }}
{{- range .Values.storage.folders }}
{{- if or ( eq . "certificates" ) ( eq . "secrets" ) }}
- name: local
mountPath: "/app/{{ . }}"
subPath: "{{ . }}"
{{- else }}
- name: local
mountPath: "/app/web/app/{{ . }}"
subPath: "{{ . }}"
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- else }} {{- if .Values.storage.additionalMounts }}
{{- if .Values.storage.cloud.active }} {{- range $v := .Values.storage.additionalMounts }}
{{- range .Values.storage.folders }}
{{- if or ( eq . "certificates" ) ( eq . "secrets" ) }}
- name: cloud - name: cloud
mountPath: "/app/{{ . }}" mountPath: {{ $v.localPath }}
subPath: "{{ . }}" subPath: {{ $v.cloudPath }}
{{- else }}
- name: cloud
mountPath: "/app/web/app/{{ . }}"
subPath: "{{ . }}"
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- end }}
{{- include "..resourcelimits" . | nindent 10 }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "..fullname" . }}-env name: {{ include "..fullname" . }}-env
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "env" }}
- secretRef:
name: "{{- include "..fullname" $ }}-exts-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
- secretRef: - secretRef:
name: {{ include "..fullname" . }}-db-auth name: {{ include "..fullname" . }}-db-auth
- secretRef:
name: global-secrets
{{- include "..resourcelimits" . | nindent 10 }}
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http
protocol: TCP protocol: TCP

69
Chart/templates/externalsecret.yaml
View File

@@ -1,37 +1,60 @@
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: {{ include "..fullname" $ }}-ext-{{ .name }} name: {{ include "..fullname" . }}-ex-gl-secret
labels: labels:
{{- include "..labels" $ | nindent 8 }} {{- include "..labels" . | nindent 8 }}
spec: spec:
refreshInterval: {{ .refreshInterval | default "10h" }} refreshInterval: 4h
secretStoreRef: secretStoreRef:
{{- if .ref.clusterSecretStore }}
kind: ClusterSecretStore kind: ClusterSecretStore
name: {{ .ref.clusterSecretStore }} name: az-cluster-store
{{- else }}
kind: SecretStore
name: {{ .ref.secretStore }}
namespace: {{ .ref.secretStoreNamespace }}
{{- end }}
target: target:
name: {{ include "..fullname" $ }}-exts-{{ .name }} name: global-secrets
creationPolicy: Orphan
template: template:
{{- if eq .type "docker"}}
type: kubernetes.io/dockerconfigjson
{{- end }}
metadata: metadata:
labels: labels:
app.kubernetes.io/managed-by: External-Secrets app.kubernetes.io/managed-by: External-Secrets
data: data:
{{- range $v := .items }} - secretKey: COMPOSER_AUTH
- secretKey: {{ $v.target }}
remoteRef: remoteRef:
key: {{ $v.source }} key: secret/GITLAB-COMPOSER-AUTH
{{- end }} - secretKey: SMTP_USER
{{- end }} remoteRef:
{{- end }} key: secret/SMTP-USER
- secretKey: SMTP_PASS
remoteRef:
key: secret/SMTP-PASSWORD
- secretKey: SMTP_HOST
remoteRef:
key: secret/SMTP-HOST
- secretKey: WPC_REGISTRATION_SECRET
remoteRef:
key: secret/WPC-REGISTRATION-SECRET
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ include "..fullname" . }}-ex-pull-secret
labels:
{{- include "..labels" . | nindent 8 }}
spec:
refreshInterval: 4h
secretStoreRef:
kind: ClusterSecretStore
name: az-cluster-store
target:
name: pull-secret
template:
metadata:
labels:
app.kubernetes.io/managed-by: External-Secrets
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: "{{`{{ .dockerconfig | toString }}`}}"
creationPolicy: Orphan
data:
- secretKey: dockerconfig
remoteRef:
key: secret/CLDY-CR-PULL-TOKEN

63
Chart/templates/ingress.yaml
View File

@@ -9,19 +9,64 @@ metadata:
{{- include "..labels" . | nindent 4 }} {{- include "..labels" . | nindent 4 }}
spec: spec:
ingressClassName: nginx ingressClassName: nginx
{{- if or .Values.site.certificate.certManager .Values.site.certificate.importCert }}
tls: tls:
- secretName: {{ include "..fullname" . }}-cert-secret - secretName: {{ include "..fullname" . }}-cert-secret
hosts: {{ include "..domains" . | nindent 6 }} hosts:
{{- else if .Values.site.certificate.existingCert }} - {{ .Values.site.domain | replace "www." "" }}
tls: - www.{{ .Values.site.domain | replace "www." "" }}
- secretName: {{ .Values.site.certificate.existingCertName }} - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
hosts: {{ include "..domains" . | nindent 6 }} - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
{{- if .Values.site.additionalIngressDomains }}
{{- range .Values.site.additionalIngressDomains }}
- {{ . }}
{{- end }}
{{- end }} {{- end }}
rules: rules:
{{- range include "..domains" . | split "\n" }} - host: {{ .Values.site.domain | replace "www." "" }}
{{- if ne . "" }} http:
- host: {{ . | replace "- " ""}} paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: www.{{ .Values.site.domain | replace "www." "" }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
- host: www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "..fullname" . }}
port:
number: 80
{{- if .Values.site.additionalIngressDomains }}
{{- range .Values.site.additionalIngressDomains }}
- host: {{ . }}
http: http:
paths: paths:
- path: / - path: /

132
Chart/templates/job.yaml
View File

@@ -1,132 +0,0 @@
#dev-newchart
{{- if .Values.init.asJob }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "..fullname" . }}-initializer
labels:
{{- include "..labels" . | nindent 4 }}
cloudyne.systems/component: site-init
spec:
backoffLimit: 2
template:
spec:
restartPolicy: "OnFailure"
affinity: {{ include "..affinity-labels" . | nindent 8 }}
securityContext:
fsGroup: 101
volumes:
- name: serverconfig
configMap:
name: {{ include "..fullname" . }}-cfg
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "file" }}
- name: {{ .name }}
secret:
secretName: {{- include "..fullname" $ }}-exts-{{ .name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.storage.kubernetes }}
{{- range .Values.storage.kubernetes }}
- name: {{ .name }}
{{- if eq .type "secret" }}
secret:
secretName: "{{- include "..fullname" $ }}-sec-{{ .name }}"
{{- end }}
{{- if eq .type "configmap" }}
configMap:
name: "{{- include "..fullname" $ }}-sec-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.storage.cloud.active }}
- name: cloud
persistentVolumeClaim:
claimName: pvc-{{- include "..name" . }}-cloud
{{- end }}
{{- if .Values.storage.local.active }}
- name: local
persistentVolumeClaim:
claimName: pvc-{{- include "..name" . }}-local
{{- end }}
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "docker" }}
imagePullSecrets:
- name: "{{- include "..fullname" $ }}-exts-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.storage.kubernetes }}
{{- range .Values.storage.kubernetes }}
{{- if eq .type "docker" }}
imagePullSecrets:
- name: "{{- include "..fullname" $ }}-sec-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
{{- if and .Values.storage.cloud.active .Values.storage.local.active .Values.storage.local.cloneCloud }}
initContainers:
- name: init-local-storage
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
image: cloudyne/ubuntu-ci:latest
command: ["python3"]
args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"]
imagePullPolicy: IfNotPresent
volumeMounts:
- name: cloud
mountPath: /mnt/cloud
- name: local
mountPath: /mnt/local
{{- end }}
containers:
- name: init-site
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
image: "{{ .Values.site.image }}"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: serverconfig
mountPath: /init-go/config.json
subPath: init.json
{{- if .Values.storage.cloud.active }}
- name: cloud
mountPath: "/mnt/cloud"
{{- end }}
{{- if .Values.storage.local.active }}
{{- range .Values.storage.folders }}
- name: local
mountPath: "/app/web/app/{{ . }}"
subPath: "{{ . }}"
{{- end }}
{{- else }}
{{- if .Values.storage.cloud.active }}
{{- range .Values.storage.folders }}
- name: cloud
mountPath: "/app/web/app/{{ . }}"
subPath: "{{ . }}"
{{- end }}
{{- end }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "..fullname" . }}-env
{{- if and .Values.secrets .Values.secrets.external }}
{{- range .Values.secrets.external }}
{{- if eq .type "env" }}
- secretRef:
name: "{{- include "..fullname" $ }}-exts-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
- secretRef:
name: {{ include "..fullname" . }}-db-auth
command: ["sh"]
args: ["-c", "/init-go/init-go"]
{{- end }}

27
Chart/templates/persistentvolume.yaml
View File

@@ -1,27 +1,26 @@
{{ if .Values.storage.cloud.active }}
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: pv-{{ include "..name" . }}-cloud name: pv-{{ include "..fullname" . }}
labels: labels:
{{- include "..labels" . | nindent 4 }} {{- include "..labels" . | nindent 8 }}
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
capacity: capacity:
storage: {{ .Values.site.resources.disk }} storage: {{ .Values.site.resources.disk | default "5Gi" }}
csi: csi:
driver: {{ .Values.storage.cloud.driver | default "blob.csi.azure.com" }} driver: blob.csi.azure.com
nodeStageSecretRef: nodeStageSecretRef:
name: {{ .Values.storage.cloud.account }}-credentials name: cloudyne{{ .Values.storage.class | default "premium01" }}-credentials
namespace: blob-csi namespace: blob-csi
volumeAttributes: volumeAttributes:
containername: {{ .Values.storage.cloud.container }} containername: {{ .Values.storage.container | default ( .Values.site.domain | replace "." "-") }}
csi.storage.k8s.io/pv/name: pv-{{ include "..name" . }}-cloud csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }}
csi.storage.k8s.io/pvc/namespace: {{ .Release.Namespace }} csi.storage.k8s.io/pvc/namespace: {{ include "..fullname" . }}
secretnamespace: {{ .Release.Namespace }} secretnamespace: {{ include "..fullname" . }}
skuName: {{ .Values.storage.cloud.sku | default "Premium_LRS" }} skuName: {{ .Values.storage.type | default "Premium_LRS" }}
volumeHandle: {{ .Values.storage.cloud.class }}_{{ .Values.storage.cloud.container }} volumeHandle: {{ .Values.storage.class | default "premium01" }}-retain_{{ include "..fullname" . }}
mountOptions: mountOptions:
- -o allow_other - -o allow_other
- --file-cache-timeout-in-seconds=120 - --file-cache-timeout-in-seconds=120
@@ -34,6 +33,6 @@ spec:
- --cache-size-mb=3500 - --cache-size-mb=3500
- -o uid=101 - -o uid=101
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.storage.cloud.class }} storageClassName: {{ .Values.storage.class | default "premium01" }}-retain
volumeMode: Filesystem volumeMode: Filesystem
{{- end }} ---

35
Chart/templates/persistentvolumeclaim.yaml
View File

@@ -1,37 +1,22 @@
{{- if .Values.storage.cloud.active }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-{{ include "..name" . }}-cloud
labels:
{{- include "..labels" . | nindent 4 }}
annotations:
volume.beta.kubernetes.io/storage-provisioner: {{ .Values.storage.cloud.driver }}
volume.kubernetes.io/storage-provisioner: {{ .Values.storage.cloud.driver }}
spec:
volumeMode: Filesystem
volumeName: pv-{{ include "..name" . }}-cloud
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.site.resources.disk }}
storageClassName: {{ .Values.storage.cloud.class }}
{{- end }}
{{- if .Values.storage.local.active }}
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: pvc-{{ include "..name" . }}-local annotations:
volume.beta.kubernetes.io/storage-provisioner: blob.csi.azure.com
volume.kubernetes.io/storage-provisioner: blob.csi.azure.com
labels: labels:
{{- include "..labels" . | nindent 4 }} {{- include "..labels" . | nindent 8 }}
name: pvc-{{ include "..fullname" . }}
spec: spec:
volumeMode: Filesystem volumeMode: Filesystem
volumeName: pv-{{ include "..fullname" . }}
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: {{ .Values.site.resources.disk }} storage: {{ .Values.site.resources.disk | default "5Gi" }}
storageClassName: {{ .Values.storage.local.class }}
{{- if and .Values.storage .Values.storage.class }}
storageClassName: {{ .Values.storage.class | default "premium01" }}-retain
{{- end }} {{- end }}

17
Chart/templates/secret.yaml
View File

@@ -1,17 +0,0 @@
{{- if .Values.storage.kubernetes }}
{{- range .Values.storage.kubernetes }}
{{- if eq .type "secret" }}
---
kind: Secret
apiVersion: v1
metadata:
name: {{ include "..fullname" $ }}-sec-{{ .name }}
labels:
{{- include "..labels" $ | nindent 8 }}
stringData:
{{- range $k, $v := .files }}
{{ $v.name }}: {{ $v.content | toYaml | indent 4}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

4
Chart/templates/service.yaml
View File

@@ -10,5 +10,7 @@ spec:
port: 80 port: 80
targetPort: 8080 targetPort: 8080
selector: selector:
{{- include "..selector-labels" . | nindent 4 }} cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | lower | trunc 63 }}
cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }}
cloudyne.systems/site: {{ .Values.site.domain }}
type: ClusterIP type: ClusterIP

239
Chart/values.yaml
View File

@@ -1,41 +1,111 @@
customer: customer:
# The customer name (DNS-Compliant) # The (dns-compliant) customer name (Required)
name: customerdomain-tld # name: dns-compliant-customer-name
# The customer legal name # The legal name of the customer (Required)
legalName: Customer Name Ltd. # legalName: Customer Name Ltd
# The customer legal ID # The legal ID of the customer (Required)
legalId: 112233-4455 # legalId: 112233-4455
# The customer timezone # The timezone for the customer
timezone: "Europe/Stockholm" timezone: "Europe/Stockholm"
email:
# Force a given sender email
# forceSender: "example@email.com"
# Set a default sender/display name
# defaultSender: "customer-noreply@v3.nu"
# defaultSenderName: "Customer Name"
# Specify allowed domains/emails to use as senders
# domains:
# - customer.tld
# emails:
# - mail@customer.tld
# Database configuration
database:
# Database server to use
server: kincaid
# Import database from file if not already imported
import: false
importPath: "/full-cloud/import.sql"
overwriteExisting: false
# Storage Settings
storage:
# The storage class to use for the site
# Default: premium01
class: "premium01"
# The storage type to use for the site
# Default: Premium_LRS
type: "Premium_LRS"
# The storage container to use for the site (REQUIRED)
# Default: <domain>-<tld>
# container: "company-tld"
# Skip WPC Auto-registration
# Default: false
# skipWPCRegistration: false
# WP Content Folders
wpContent:
- uploads
- languages
additionalMounts: {}
# - cloudPath: uploads
# localPath: /app/web/app/uploads
site: site:
name: "customerdomain-tld" # The name of the repository/composerpackage/dockerimage
domain: "customerdomain.tld" # Default: domain.replace('.', '-')
additionalDomains: [] # name: "customer-tld"
image: "ghcr.io/cloudynes/php-bedrock:8.0-alpine" # Tag of the container to deploy
# imageTag: "latest"
env: # The primary domain/TLD where the site will be available
WP_ENV: "production" # domain: customer.tld
webpRoute: true # The main url (subdomain) for the site
dbInstance: "" # Only needed if it differs from the domain
# ex.
# redirectDomain: tempdomain.customer.tld
certificate: # Additional ingress domains that should all
certManager: false # point to the same site
# issuerRef: "" # Defaults are:
# issuerKind: "" # - <domain>.<tld>
existingCert: false # - www.<domain>.<tld>
# existingCertName: "" # - <domain>-<tld>.eu.cust.azurecd.net
importCert: false # - www-<domain>-<tld>.eu.cust.azurecd.net
# importCertValue: | additionalIngressDomains: []
# ....
# importKeyValue: |
# ....
# PHP Version
phpVersion: "8.0"
# Set environment (production/test/staging)
# Default: production
environment: production
# Additional env vars
# additionalEnv:
# MY_ENV_VAR: "value"
additionalEnv: {}
# Enable the route for trying .webp files before images
enableWebpRoute: "true"
# Enable the automatic conversion of WebP images
enableWebpConversion: "true"
# The resource limits for the site
resources: resources:
replicas: 1 replicas: 1
php: php:
@@ -52,114 +122,15 @@ site:
peak: 512Mi peak: 512Mi
disk: 5Gi disk: 5Gi
secrets: # Log Errors
external: [] logErrors: "1"
# - name: "ex-gl-secret"
# type: "env"
# ref:
# secretStore: ""
# clusterSecretStore: "az-cluster-store"
# target: "global-secrets"
# items:
# - source: secret/SMTP-USER
# target: SMTP_USER
# - source: secret/SMTP-PASSWORD
# target: SMTP_PASS
# - source: secret/SMTP-HOST
# target: SMTP_HOST
# - name: "ex-pull-secret"
# type: "docker"
# ref:
# secretStore: ""
# secretStoreNamespace: ""
# clusterSecretStore: "az-cluster-store"
# target: "pull-secret"
# items:
# - source: secret/PULL-TOKEN
# target: dockerconfig
# Display Errors
displayErrors: "0"
storage: # advanced:
kubernetes: # php:
- name: "pull-secret" # displayErrors: "0"
type: "secret" # logErrors: "1"
files: # additionalAdminValues: {}
- name: .dockerconfigjson
content: |
{"auths":{"ghcr.io":{"username":"ghcr.io","password":"ghcr.io","auth":"ghcr.io"}}}
# - name: "secret01"
# type: "secret"
# files:
# - name: x
# mount: /x.txt
# content: |
# Hello World
# - name: "config01"
# type: configmap
# files:
# - name: x
# mount: /x.txt
# content: |
# test:
# data:
# - x
# - y
# - z
cloud:
active: false
driver: "blob.csi.azure.com"
account: "azstorage11"
sku: "Premium_LRS"
class: "azstorage11class-retain"
container: "customerdomain-tld"
local:
active: true
cloneCloud: False
class: "longhorn"
folders:
- uploads
- languages
init:
asJob: false
wp:
theme: "abctheme"
updatePermissions: true
db:
active: false
overwrite: false
# path: "/full-cloud/init.sql"
# url: "https://url.to/init.sql"
content:
active: false
overwrite: false
webpConverter: false
# path: "/full-cloud/content.zip"
# url: "https://url.to/content.zip"
email:
smtpHost: ""
smtpPort: ""
smtpAuth: false
smtpUser: ""
smtpPassword: ""
smtpStarttls: false
forceSender: ""
defaultSender: ""
defaultSenderName: ""
domains:
- domain
emails:
- email
php:
maxProc: 5
spareProc: 2
procIdleTimeout: 65
logErrors: "On"
displayErrors: "Off"
additionalValues: {}
additionalAdminValues: {}