From a4a5c3b16755f679269a72cc6815017c04bd4fb7 Mon Sep 17 00:00:00 2001 From: james-otten Date: Sat, 27 Apr 2024 21:39:20 -0400 Subject: [PATCH] helm --- infra/README.md | 10 +- infra/helm/meshdb/Chart.yaml | 24 +++ infra/helm/meshdb/secret.values.yaml | 15 ++ infra/helm/meshdb/templates/_helpers.tpl | 62 ++++++ infra/helm/meshdb/templates/configmap.yaml | 30 +++ infra/helm/meshdb/templates/meshweb.yaml | 181 ++++++++++++++++++ .../meshdb/templates/meshweb_static_pvc.yaml | 12 ++ infra/helm/meshdb/templates/nginx.yaml | 70 +++++++ .../meshdb/templates/nginx_configmap.yaml | 29 +++ infra/helm/meshdb/templates/pelias.yaml | 51 +++++ infra/helm/meshdb/templates/postgres.yaml | 85 ++++++++ infra/helm/meshdb/templates/postgres_pvc.yaml | 12 ++ infra/helm/meshdb/templates/redis.yaml | 63 ++++++ infra/helm/meshdb/templates/secrets.yaml | 15 ++ infra/helm/meshdb/templates/service.yaml | 81 ++++++++ infra/helm/meshdb/values.yaml | 114 +++++++++++ 16 files changed, 851 insertions(+), 3 deletions(-) create mode 100644 infra/helm/meshdb/Chart.yaml create mode 100644 infra/helm/meshdb/secret.values.yaml create mode 100644 infra/helm/meshdb/templates/_helpers.tpl create mode 100644 infra/helm/meshdb/templates/configmap.yaml create mode 100644 infra/helm/meshdb/templates/meshweb.yaml create mode 100644 infra/helm/meshdb/templates/meshweb_static_pvc.yaml create mode 100644 infra/helm/meshdb/templates/nginx.yaml create mode 100644 infra/helm/meshdb/templates/nginx_configmap.yaml create mode 100644 infra/helm/meshdb/templates/pelias.yaml create mode 100644 infra/helm/meshdb/templates/postgres.yaml create mode 100644 infra/helm/meshdb/templates/postgres_pvc.yaml create mode 100644 infra/helm/meshdb/templates/redis.yaml create mode 100644 infra/helm/meshdb/templates/secrets.yaml create mode 100644 infra/helm/meshdb/templates/service.yaml create mode 100644 infra/helm/meshdb/values.yaml diff --git a/infra/README.md b/infra/README.md index 5a63cb7b..8e44a973 100644 --- a/infra/README.md +++ b/infra/README.md @@ -16,7 +16,7 @@ echo "disable: servicelb" >> /etc/rancher/k3s/config.yaml 7. Install metallb on master node ``` -IP_RANGE="10.70.90.71/32" +IP_RANGE="10.70.90.80/29" cat < /var/lib/rancher/k3s/server/manifests/metallb.yaml apiVersion: v1 kind: Namespace @@ -68,7 +68,11 @@ NODE_TOKEN="$(cat /var/lib/rancher/k3s/server/node-token)" target_host="$1" -ssh -t ubuntu@$target_host "curl -sfL https://get.k3s.io>k3s; sudo bash k3s --server https://${MASTER_IP}:6443 --token $NODE_TOKEN" +ssh -t ubuntu@$target_host "curl -sfL https://get.k3s.io>k3s; sudo bash k3s --server https://${MASTER_IP}:6443 --token $NODE_TOKEN;sudo apt-get update && sudo apt-get install nfs-common -y" ``` -9. Install helm chart... \ No newline at end of file +9. Install longhorn `kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.6.0/deploy/longhorn.yaml` + +10. `kubectl create namespace meshdbdev0 && helm template . -f values.yaml -f secret.values.yaml | kubectl apply -f -` + +11. If you need a superuser: `kubectl exec -it -n meshdbdev0 service/meshdb-meshweb bash` and `python manage.py createsuperuser` diff --git a/infra/helm/meshdb/Chart.yaml b/infra/helm/meshdb/Chart.yaml new file mode 100644 index 00000000..b618e60f --- /dev/null +++ b/infra/helm/meshdb/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: meshdb +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/infra/helm/meshdb/secret.values.yaml b/infra/helm/meshdb/secret.values.yaml new file mode 100644 index 00000000..bd92eab2 --- /dev/null +++ b/infra/helm/meshdb/secret.values.yaml @@ -0,0 +1,15 @@ +pg: + password: the_real_value + +aws: + access_key_id: the_real_value + secret_access_key: the_real_value + +meshweb: + django_secret_key: the_real_value + nn_assign_psk: the_real_value + query_psk: the_real_value + pano_github_token: the_real_value + +uisp: + psk: the_real_value diff --git a/infra/helm/meshdb/templates/_helpers.tpl b/infra/helm/meshdb/templates/_helpers.tpl new file mode 100644 index 00000000..a1381dd7 --- /dev/null +++ b/infra/helm/meshdb/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "meshdb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "meshdb.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "meshdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "meshdb.labels" -}} +helm.sh/chart: {{ include "meshdb.chart" . }} +{{ include "meshdb.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "meshdb.selectorLabels" -}} +app.kubernetes.io/name: {{ include "meshdb.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "meshdb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "meshdb.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/infra/helm/meshdb/templates/configmap.yaml b/infra/helm/meshdb/templates/configmap.yaml new file mode 100644 index 00000000..03847993 --- /dev/null +++ b/infra/helm/meshdb/templates/configmap.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: meshdbconfig + namespace: {{ .Values.meshdb_app_namespace }} +data: + DB_NAME: {{ .Values.pg.dbname }} + DB_USER: {{ .Values.pg.user | quote }} + DB_HOST: {{ include "meshdb.fullname" . }}-postgres.{{ .Values.meshdb_app_namespace }}.svc.cluster.local + DB_PORT: {{ .Values.pg.port | quote }} + # Backups + BACKUP_S3_BUCKET_NAME: {{ .Values.meshweb.backup_s3_bucket_name | quote }} + BACKUP_S3_BASE_FOLDER: {{ .Values.meshweb.backup_s3_base_folder | quote }} + + CELERY_BROKER: "redis://{{ include "meshdb.fullname" . }}-redis.{{ .Values.meshdb_app_namespace }}.svc.cluster.local:{{ .Values.redis.port }}/0" + + # Change to pelias:3000 when using full docker-compose + PELIAS_ADDRESS_PARSER_URL: {{ include "meshdb.fullname" . }}-pelias.{{ .Values.meshdb_app_namespace }}.svc.cluster.local + + # Comment this out to enter prod mode + DEBUG: {{ .Values.meshweb.enable_debug | quote }} + DISABLE_PROFILING: {{ .Values.meshweb.disable_profiling | quote }} + + # Comment this out to allow edits to the panoramas in the admin panel + DISABLE_PANO_EDITS: {{ .Values.meshweb.disable_pano_edits | quote }} + + UISP_URL: {{ .Values.uisp.url | quote }} + UISP_USER: {{ .Values.uisp.user | quote }} + + ADMIN_MAP_BASE_URL: {{ .Values.map.base_url | quote }} diff --git a/infra/helm/meshdb/templates/meshweb.yaml b/infra/helm/meshdb/templates/meshweb.yaml new file mode 100644 index 00000000..55294451 --- /dev/null +++ b/infra/helm/meshdb/templates/meshweb.yaml @@ -0,0 +1,181 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "meshdb.fullname" . }}-meshweb + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "meshdb.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: meshdb-meshweb-app + {{- include "meshdb.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-meshweb + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.meshweb.image.repository }}:{{ .Values.meshweb.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.meshweb.port }} + protocol: TCP + env: + - name: DB_NAME + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DB_NAME + - name: DB_USER + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DB_USER + - name: DB_HOST + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DB_HOST + - name: DB_PORT + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DB_PORT + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: postgres-password + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: aws-access-key-id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: aws-secret-access-key + - name: BACKUP_S3_BUCKET_NAME + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: BACKUP_S3_BUCKET_NAME + - name: BACKUP_S3_BASE_FOLDER + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: BACKUP_S3_BASE_FOLDER + - name: CELERY_BROKER + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: CELERY_BROKER + - name: DJANGO_SECRET_KEY + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: django-secret-key + - name: PELIAS_ADDRESS_PARSER_URL + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: PELIAS_ADDRESS_PARSER_URL + - name: NN_ASSIGN_PSK + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: nn-assign-psk + - name: QUERY_PSK + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: query-psk + - name: DEBUG + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DEBUG + - name: DISABLE_PROFILING + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DISABLE_PROFILING + - name: DISABLE_PANO_EDITS + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DISABLE_PANO_EDITS + - name: PANO_GITHUB_TOKEN + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: pano-github-token + - name: UISP_URL + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: UISP_URL + - name: UISP_USER + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: UISP_USER + - name: UISP_PASS + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: uisp-pass + - name: ADMIN_MAP_BASE_URL + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: ADMIN_MAP_BASE_URL + volumeMounts: + - name: static-content-vol + mountPath: /opt/meshdb/static + {{ if eq .Values.meshweb.liveness_probe "true" }} + livenessProbe: + exec: + command: + - curl + - http://127.0.0.1:{{ .Values.meshweb.port }}/api/v1 + periodSeconds: 3 + initialDelaySeconds: 4 + timeoutSeconds: 3 + {{ end }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: static-content-vol + persistentVolumeClaim: + claimName: {{ .Values.meshweb.static_pvc_name }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/helm/meshdb/templates/meshweb_static_pvc.yaml b/infra/helm/meshdb/templates/meshweb_static_pvc.yaml new file mode 100644 index 00000000..f96f2ef1 --- /dev/null +++ b/infra/helm/meshdb/templates/meshweb_static_pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.meshweb.static_pvc_name }} + namespace: {{ .Values.meshdb_app_namespace }} +spec: + accessModes: + - ReadWriteMany + storageClassName: longhorn + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/infra/helm/meshdb/templates/nginx.yaml b/infra/helm/meshdb/templates/nginx.yaml new file mode 100644 index 00000000..5ff47b07 --- /dev/null +++ b/infra/helm/meshdb/templates/nginx.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "meshdb.fullname" . }}-nginx + namespace: {{ .Values.meshdb_app_namespace }} + labels: + name: meshdb-nginx + {{- include "meshdb.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "meshdb.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: meshdb-nginx-app + {{- include "meshdb.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-nginx + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "nginx:latest" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: nginx + containerPort: {{ .Values.nginx.port }} + protocol: TCP + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d/nginx.conf + subPath: nginx.conf + readOnly: true + - name: static-data-vol + mountPath: /var/www/html/static + readOnly: true + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: nginx-conf + configMap: + name: nginx-conf + items: + - key: nginx.conf + path: nginx.conf + - name: static-data-vol + persistentVolumeClaim: + claimName: {{ .Values.meshweb.static_pvc_name }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/helm/meshdb/templates/nginx_configmap.yaml b/infra/helm/meshdb/templates/nginx_configmap.yaml new file mode 100644 index 00000000..cf0692da --- /dev/null +++ b/infra/helm/meshdb/templates/nginx_configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-conf + namespace: {{ .Values.meshdb_app_namespace }} +data: + nginx.conf: | + server { + listen {{ .Values.nginx.port }}; + server_name {{ .Values.nginx.server_name }}; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log debug; + + location = /favicon.ico { access_log off; log_not_found off; } + location /static/ { + root /var/www/html; + } + + location / { + proxy_pass http://{{ include "meshdb.fullname" . }}-meshweb.{{ .Values.meshdb_app_namespace }}.svc.cluster.local:{{ .Values.meshweb.port }}/; + #proxy_set_header Host $host; + proxy_set_header Host {{ .Values.nginx.server_name }}; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_redirect off; + } + } + diff --git a/infra/helm/meshdb/templates/pelias.yaml b/infra/helm/meshdb/templates/pelias.yaml new file mode 100644 index 00000000..f9770bed --- /dev/null +++ b/infra/helm/meshdb/templates/pelias.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "meshdb.fullname" . }}-pelias + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "meshdb.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: meshdb-pelias-app + {{- include "meshdb.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-pelias + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "pelias/parser" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: pelias + containerPort: {{ .Values.pelias.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/helm/meshdb/templates/postgres.yaml b/infra/helm/meshdb/templates/postgres.yaml new file mode 100644 index 00000000..3b57e8de --- /dev/null +++ b/infra/helm/meshdb/templates/postgres.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "meshdb.fullname" . }}-postgres + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "meshdb.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: meshdb-postgres-app + {{- include "meshdb.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-postgres + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: postgres:15-bookworm + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: postgres + containerPort: {{ .Values.pg.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{ if eq .Values.pg.liveness_probe "true" }} + livenessProbe: + exec: + command: + - pg_isready -U ${DB_USER} + periodSeconds: 5 + initialDelaySeconds: 5 + timeoutSeconds: 3 + {{ end }} + env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DB_NAME + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: meshdbconfig + key: DB_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: meshdb-secrets + key: postgres-password + - name: PGDATA + value: "/var/lib/postgresql/data/meshdb_data" + volumeMounts: + - name: pg-data-vol + mountPath: /var/lib/postgresql/data + volumes: + - name: pg-data-vol + persistentVolumeClaim: + claimName: {{ .Values.pg.pvc_name }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/helm/meshdb/templates/postgres_pvc.yaml b/infra/helm/meshdb/templates/postgres_pvc.yaml new file mode 100644 index 00000000..a6178e78 --- /dev/null +++ b/infra/helm/meshdb/templates/postgres_pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.pg.pvc_name }} + namespace: {{ .Values.meshdb_app_namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 20Gi \ No newline at end of file diff --git a/infra/helm/meshdb/templates/redis.yaml b/infra/helm/meshdb/templates/redis.yaml new file mode 100644 index 00000000..0798e40e --- /dev/null +++ b/infra/helm/meshdb/templates/redis.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "meshdb.fullname" . }}-redis + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "meshdb.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: meshdb-redis-app + {{- include "meshdb.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-redis + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "redis:latest" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: redis + containerPort: {{ .Values.redis.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{ if eq .Values.redis.liveness_probe "true" }} + livenessProbe: + exec: + command: + - "redis-cli" + - "--raw" + - "incr" + - "ping" + periodSeconds: 3 + initialDelaySeconds: 2 + timeoutSeconds: 3 + {{ end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/helm/meshdb/templates/secrets.yaml b/infra/helm/meshdb/templates/secrets.yaml new file mode 100644 index 00000000..78d1520c --- /dev/null +++ b/infra/helm/meshdb/templates/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: meshdb-secrets + namespace: {{ .Values.meshdb_app_namespace }} +type: Opaque +data: + postgres-password: {{ .Values.pg.password | b64enc | quote }} + aws-access-key-id: {{ .Values.aws.access_key_id | b64enc | quote }} + aws-secret-access-key: {{ .Values.aws.secret_access_key | b64enc | quote }} + django-secret-key: {{ .Values.meshweb.django_secret_key | b64enc | quote }} + nn-assign-psk: {{ .Values.meshweb.nn_assign_psk | b64enc | quote }} + query-psk: {{ .Values.meshweb.query_psk | b64enc | quote }} + uisp-pass: {{ .Values.uisp.psk | b64enc | quote }} + pano-github-token: {{ .Values.meshweb.pano_github_token | b64enc | quote }} diff --git a/infra/helm/meshdb/templates/service.yaml b/infra/helm/meshdb/templates/service.yaml new file mode 100644 index 00000000..16ec990c --- /dev/null +++ b/infra/helm/meshdb/templates/service.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "meshdb.fullname" . }}-nginx + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + type: LoadBalancer + ports: + - port: {{ .Values.nginx.port }} + targetPort: {{ .Values.nginx.port }} + protocol: TCP + name: nginx + selector: + app: meshdb-nginx-app +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "meshdb.fullname" . }}-postgres + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + ports: + - port: {{ .Values.pg.port }} + targetPort: {{ .Values.pg.port }} + protocol: TCP + name: postgres + selector: + app: meshdb-postgres-app +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "meshdb.fullname" . }}-redis + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + ports: + - port: {{ .Values.redis.port }} + targetPort: {{ .Values.redis.port }} + protocol: TCP + name: redis + selector: + app: meshdb-redis-app +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "meshdb.fullname" . }}-pelias + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + ports: + - port: {{ .Values.pelias.port }} + targetPort: {{ .Values.pelias.port }} + protocol: TCP + name: pelias + selector: + app: meshdb-pelias-app +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "meshdb.fullname" . }}-meshweb + namespace: {{ .Values.meshdb_app_namespace }} + labels: + {{- include "meshdb.labels" . | nindent 4 }} +spec: + ports: + - port: {{ .Values.meshweb.port }} + targetPort: {{ .Values.meshweb.port }} + protocol: TCP + name: meshweb-service + selector: + app: meshdb-meshweb-app + diff --git a/infra/helm/meshdb/values.yaml b/infra/helm/meshdb/values.yaml new file mode 100644 index 00000000..ee2d4739 --- /dev/null +++ b/infra/helm/meshdb/values.yaml @@ -0,0 +1,114 @@ +# Default values for meshdb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +meshdb_app_namespace: "meshdbdev0" + +pg: + dbname: meshdb + user: meshdb + port: "5432" + pvc_name: "meshdb-postgres-pvc" + liveness_probe: "true" + +meshweb: + port: 8081 + backup_s3_bucket_name: meshdb-data-backups + backup_s3_base_folder: "meshdb-backups/development/" + enable_debug: "False" + disable_profiling: "True" + disable_pano_edits: "True" + static_pvc_name: "meshdb-static-pvc" + liveness_probe: "true" + image: + repository: willnilges/meshdb + tag: main + +nginx: + server_name: "db.nycmesh.net" + port: 80 + +uisp: + url: "https://uisp.mesh.nycmesh.net/nms" + user: "nycmesh_readonly" + +redis: + liveness_probe: "true" + port: 6379 + +pelias: + port: 6800 + +map: + base_url: "http://admin-map.grandsvc.mesh.nycmesh.net" + +replicaCount: 1 + +image: + pullPolicy: Always + +nameOverride: "" +fullnameOverride: "meshdb" + +#serviceAccount: +# # Specifies whether a service account should be created +# create: true +# # Automatically mount a ServiceAccount's API credentials? +# automount: true +# # Annotations to add to the service account +# annotations: {} +# # The name of the service account to use. +# # If not set and create is true, a name is generated using the fullname template +# name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {}