diff --git a/.common/traq/.helmignore b/.common/traq/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/.common/traq/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.common/traq/Chart.yaml b/.common/traq/Chart.yaml new file mode 100644 index 000000000..8ad5bab65 --- /dev/null +++ b/.common/traq/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: traq +description: A Helm chart for traQ - a real-time communication tool +type: application +version: "0.1.0" +appVersion: "0.1.0" diff --git a/.common/traq/templates/backend/service.yaml b/.common/traq/templates/backend/service.yaml new file mode 100644 index 000000000..53131a408 --- /dev/null +++ b/.common/traq/templates/backend/service.yaml @@ -0,0 +1,19 @@ +{{- with $.Values.backend }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }} + namespace: {{ $.Release.Namespace }} + annotations: + {{- .service.annotations | toYaml | nindent 4 }} + +spec: + type: ClusterIP + selector: + app: {{ $.Release.Name }} + ports: + - name: http + port: 3000 + targetPort: http + +{{- end }} diff --git a/.common/traq/templates/backend/sts.yaml b/.common/traq/templates/backend/sts.yaml new file mode 100644 index 000000000..3d294dbe0 --- /dev/null +++ b/.common/traq/templates/backend/sts.yaml @@ -0,0 +1,94 @@ +{{- with $.Values.backend }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ $.Release.Name }} + namespace: {{ $.Release.Namespace }} + +spec: + revisionHistoryLimit: 0 + replicas: {{ .replicas }} + strategy: + type: Recreate + + selector: + matchLabels: + app: {{ $.Release.Name }}-backend + template: + metadata: + labels: + app: {{ $.Release.Name }}-backend + spec: + enableServiceLinks: false + {{- if .nodeSelector }} + nodeSelector: + {{- .nodeSelector | toYaml | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ .configMap.existingName }} + - name: keys + secret: + secretName: {{ .keysSecret.existingName }} + - name: cache + emptyDir: {} + + containers: + - name: traq + image: {{ .image }} + imagePullPolicy: Always + ports: + - name: http + containerPort: 3000 + env: + # TODO: use "envFrom" for less configuration mess + - name: TRAQ_MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: mariadb_password + - name: TRAQ_STORAGE_S3_ACCESSKEY + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: storage_s3_access_key + - name: TRAQ_STORAGE_S3_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: storage_s3_secretKey + - name: TRAQ_SKYWAY_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: skyway_secretKey + - name: TRAQ_ES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: es_password + - name: TRAQ_LIVEKIT_APIKEY + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: livekit_apiKey + - name: TRAQ_LIVEKIT_APISECRET + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: livekit_apiSecret + volumeMounts: + - name: config + mountPath: /app/config.yml + subPath: config.yml + - name: keys + mountPath: /keys + - name: cache + mountPath: /storage + {{- if .resources }} + resources: + {{- .resources | toYaml | nindent 12 }} + {{- end }} + +{{- end }} diff --git a/.common/traq/templates/es/cm.yaml b/.common/traq/templates/es/cm.yaml new file mode 100644 index 000000000..6320d1ddd --- /dev/null +++ b/.common/traq/templates/es/cm.yaml @@ -0,0 +1,13 @@ +{{- with $.Values.es }} +{{- if .enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $.Release.Name }}-es + namespace: {{ $.Release.Namespace }} + +data: + es_jvm.options: {{ .jvmOptions | quote }} + +{{- end }} +{{- end }} diff --git a/.common/traq/templates/es/service.yaml b/.common/traq/templates/es/service.yaml new file mode 100644 index 000000000..a046c562c --- /dev/null +++ b/.common/traq/templates/es/service.yaml @@ -0,0 +1,24 @@ +{{- with $.Values.es }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-es + namespace: {{ $.Release.Namespace }} + annotations: + {{- .service.annotations | toYaml | nindent 4 }} + +spec: + type: ClusterIP + selector: + app: {{ $.Release.Name }}-es + ports: + - name: es + port: 9200 + targetPort: es + - name: exporter + port: 9114 + targetPort: exporter + +{{- end }} +{{- end }} diff --git a/.common/traq/templates/es/sts.yaml b/.common/traq/templates/es/sts.yaml new file mode 100644 index 000000000..b06b2a72d --- /dev/null +++ b/.common/traq/templates/es/sts.yaml @@ -0,0 +1,86 @@ +{{- with $.Values.es }} +{{- if .enabled }} +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ $.Release.Name }}-es + namespace: {{ $.Release.Namespace }} + +spec: + serviceName: {{ $.Release.Name }}-es + podManagementPolicy: Parallel + revisionHistoryLimit: 0 + replicas: {{ .replicas }} + + selector: + matchLabels: + app: {{ $.Release.Name }}-es + template: + metadata: + labels: + app: {{ $.Release.Name }}-es + spec: + enableServiceLinks: false + {{- if .nodeSelector }} + nodeSelector: + {{- .nodeSelector | toYaml | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ $.Release.Name }}-es + - name: data + hostPath: + {{- .dataVolume.hostPath | toYaml | nindent 12 }} + + containers: + - name: traq-es + image: {{ .image }} + ports: + - name: http + containerPort: 9200 + env: + - name: discovery.type + value: single-node + # TODO: use "envFrom" for less configuration mess + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: es-password + volumeMounts: + - name: config + mountPath: /usr/share/elasticsearch/config/jvm.options.d/es_jvm.options + subPath: es_jvm.options + - name: data + mountPath: /usr/share/elasticsearch/data + {{- if .resources }} + resources: + {{- .resources | toYaml | nindent 12 }} + {{- end }} + + {{- if .exporter.enabled }} + - name: exporter + image: {{ .exporter.image }} + args: + - --es.uri=http://elastic:$(ELASTIC_PASSWORD)@localhost:9200 + - --es.all + - --es.indices + - --es.shards + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .secret.existingName }} + key: es-password + ports: + - name: exporter + containerPort: 9114 + {{- if .exporter.resources }} + resources: + {{- .exporter.resources | toYaml | nindent 12 }} + {{- end }} + {{- end }} + +{{- end }} +{{- end }} diff --git a/.common/traq/templates/frontend/deployment.yaml b/.common/traq/templates/frontend/deployment.yaml new file mode 100644 index 000000000..0f8cbb39b --- /dev/null +++ b/.common/traq/templates/frontend/deployment.yaml @@ -0,0 +1,53 @@ +{{- with $.Values.frontend }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ $.Release.Name }}-frontend + namespace: {{ $.Release.Namespace }} + +spec: + replicas: {{ .replicas }} + revisionHistoryLimit: 0 + selector: + matchLabels: + app: {{ $.Release.Name }}-frontend + template: + metadata: + labels: + app: {{ $.Release.Name }}-frontend + spec: + enableServiceLinks: false + {{- if .nodeSelector }} + nodeSelector: + {{- .nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if.overrideConfig }} + volumes: + - name: config + configMap: + name: frontend-config + {{- end }} + + containers: + - name: traq-frontend + image: {{ .image }} + ports: + - name: http + containerPort: 80 + {{- if .extraEnvs }} + env: + # TODO: use "envFrom" for less configuration mess + {{- .extraEnvs | toYaml | nindent 12 }} + {{- end }} + {{- if .overrideConfig }} + volumeMounts: + - mountPath: /app/override/config.js + name: config + subPath: config.js + {{- end }} + {{- if .resources }} + resources: + {{- .resources | toYaml | nindent 12 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/.common/traq/templates/frontend/service.yaml b/.common/traq/templates/frontend/service.yaml new file mode 100644 index 000000000..b811bb73d --- /dev/null +++ b/.common/traq/templates/frontend/service.yaml @@ -0,0 +1,17 @@ +{{- with $.Values.frontend }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-frontend + namespace: {{ $.Release.Namespace }} + +spec: + type: ClusterIP + selector: + app: {{ $.Release.Name }}-frontend + ports: + - name: http + port: 80 + targetPort: http + +{{- end }} \ No newline at end of file diff --git a/.common/traq/templates/ingress-route/ingress-route.yaml b/.common/traq/templates/ingress-route/ingress-route.yaml new file mode 100644 index 000000000..2d02ff7b0 --- /dev/null +++ b/.common/traq/templates/ingress-route/ingress-route.yaml @@ -0,0 +1,51 @@ +{{- with .Values.ingressRoute }} +{{- if .enabled }} +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ $.Release.Name }} + namespace: {{ $.Release.Namespace }} + +spec: + entryPoints: + {{- if .tls }} + - websecure + {{- else }} + - web + {{- end }} + {{- if .tls }} + tls: + secretName: {{ .tls }} + {{- end }} + routes: + - kind: Rule + match: Host(`{{ $.Values.host }}`) && (PathPrefix(`/api`) || PathPrefix(`/.well-known`)) + services: + - namespace: {{ $.Release.Namespace }} + kind: Service + name: {{ $.Release.Name }} + port: http + scheme: http + + - kind: Rule + match: Host(`{{ $.Values.host }}`) && PathPrefix(`/widget`) + middlewares: + - name: {{ $.Release.Name }}-widget-strip + services: + - namespace: {{ $.Release.Namespace }} + kind: Service + name: {{ $.Release.Name }}-widget + port: http + scheme: http + + - kind: Rule + match: Host(`{{ $.Values.host }}`) + services: + - namespace: {{ $.Release.Namespace }} + kind: Service + name: {{ $.Release.Name }}-frontend + port: http + scheme: http + +{{- end }} +{{- end }} diff --git a/.common/traq/templates/ingress-route/middlewares.yaml b/.common/traq/templates/ingress-route/middlewares.yaml new file mode 100644 index 000000000..38abfb1a5 --- /dev/null +++ b/.common/traq/templates/ingress-route/middlewares.yaml @@ -0,0 +1,15 @@ +{{- with .Values.ingressRoute }} +{{- if .enabled }} +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ $.Release.Name }}-widget-strip + namespace: {{ $.Release.Namespace }} + +spec: + stripPrefix: + prefixes: + - /widget + +{{- end }} +{{- end }} diff --git a/.common/traq/templates/system-bot/deployment.yaml b/.common/traq/templates/system-bot/deployment.yaml new file mode 100644 index 000000000..64e0cb545 --- /dev/null +++ b/.common/traq/templates/system-bot/deployment.yaml @@ -0,0 +1,47 @@ +{{- with $.Values.systemBot }} +{{- if .enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ $.Release.Name }}-system-bot + namespace: {{ $.Release.Namespace }} + +spec: + replicas: {{ .replicas }} + revisionHistoryLimit: 0 + selector: + matchLabels: + app: {{ $.Release.Name }}-system-bot + template: + metadata: + labels: + app: {{ $.Release.Name }}-system-bot + spec: + enableServiceLinks: false + automountServiceAccountToken: false + {{- if .nodeSelector }} + nodeSelector: + {{- .nodeSelector | toYaml | nindent 8 }} + {{- end }} + + containers: + - name: system-bot + image: {{ .image }} + env: + - name: BOT_SYSTEM_MESSAGE_CHANNEL_ID + value: {{ .channelId | quote }} + - name: TRAQ_ORIGIN + value: wss://{{ $.Values.host }} + # TODO: use "envFrom" for less configuration mess + - name: BOT_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: system-bot + key: access-token + {{- if .resources }} + resources: + {{- .resources | toYaml | nindent 12 }} + {{- end }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/.common/traq/templates/widget/deployment.yaml b/.common/traq/templates/widget/deployment.yaml new file mode 100644 index 000000000..8558bd4a4 --- /dev/null +++ b/.common/traq/templates/widget/deployment.yaml @@ -0,0 +1,36 @@ +{{- with $.Values.widget }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ $.Release.Name }}-widget + namespace: {{ $.Release.Namespace }} + +spec: + replicas: {{ .replicas }} + revisionHistoryLimit: 0 + selector: + matchLabels: + app: {{ $.Release.Name }}-widget + template: + metadata: + labels: + app: {{ $.Release.Name }}-widget + spec: + enableServiceLinks: false + {{- if .nodeSelector }} + nodeSelector: + {{- .nodeSelector | toYaml | nindent 8 }} + {{- end }} + + containers: + - name: traq-widget + image: {{ .image }} + ports: + - name: http + containerPort: 80 + {{- if .resources }} + resources: + {{- .resources | toYaml | nindent 12 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/.common/traq/templates/widget/service.yaml b/.common/traq/templates/widget/service.yaml new file mode 100644 index 000000000..c7203e1bc --- /dev/null +++ b/.common/traq/templates/widget/service.yaml @@ -0,0 +1,17 @@ +{{- with $.Values.widget }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-widget + namespace: {{ $.Release.Namespace }} + +spec: + type: ClusterIP + selector: + app: {{ $.Release.Name }}-widget + ports: + - name: http + port: 80 + targetPort: http + +{{- end }} \ No newline at end of file diff --git a/.common/traq/values.yaml b/.common/traq/values.yaml new file mode 100644 index 000000000..c6a1b1ce4 --- /dev/null +++ b/.common/traq/values.yaml @@ -0,0 +1,68 @@ +host: q.trap.jp + +backend: + image: ghcr.io/traptitech/traq + replicas: 1 + nodeSelector: {} + resources: {} + configMap: + existingName: traq-config + secret: + existingName: traq + keysSecret: + existingName: traq-keys + + service: + annotations: {} + +es: + enabled: true + image: ghcr.io/traptitech/es-with-sudachi:8.8.1-3.1.0 + replicas: 1 + nodeSelector: {} + resources: {} + secret: + existingName: traq + jvmOptions: | + -Xms512m + -Xmx512m + dataVolume: + type: hostPath + hostPath: + path: /opt/elasticsearch/traq-data + type: DirectoryOrCreate + + exporter: + enabled: true + image: quay.io/prometheuscommunity/elasticsearch-exporter + resources: {} + + service: + annotations: {} + +frontend: + image: ghcr.io/traptitech/traq-ui + replicas: 1 + nodeSelector: {} + resources: {} + overrideConfig: + existingName: "" + extraEnvs: [] + +widget: + image: ghcr.io/traptitech/traq-widget + replicas: 1 + nodeSelector: {} + resources: {} + +systemBot: + enabled: true + replicas: 1 + image: ghcr.io/traptitech/traq-system-bot + nodeSelector: {} + resources: {} + channelId: "" + +ingressRoute: + enabled: true + tls: traq-tls diff --git a/.github/workflows/diff.yaml b/.github/workflows/diff.yaml index 06dd0f678..0ca24ef7d 100644 --- a/.github/workflows/diff.yaml +++ b/.github/workflows/diff.yaml @@ -45,22 +45,22 @@ jobs: - name: Build base working-directory: ./base - run: ./build.sh + run: ../head/.scripts/build.sh - name: Build head working-directory: ./head - run: ./build.sh + run: .scripts/build.sh - name: Diff id: diff run: | # With console colors - ./head/diff.sh \ + ./head/.scripts/diff.sh \ base/.built \ head/.built \ --omit-header # Plaintext - ./head/diff.sh \ + ./head/.scripts/diff.sh \ base/.built \ head/.built \ --omit-header --output github \ diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index cca44ca71..e3c7a080d 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -34,7 +34,7 @@ jobs: key: crd-${{ hashFiles('./setup-crd.sh') }} - name: Prepare CRDs if: steps.crd.outputs.cache-hit != 'true' - run: ./setup-crd.sh + run: .scripts/setup-crd.sh - name: Install kubeconform run: | @@ -44,10 +44,10 @@ jobs: sudo install kubeconform /usr/local/bin && rm kubeconform kubeconform-linux-amd64.tar.gz - name: Build - run: ./build.sh + run: .scripts/build.sh - name: Validate run: | for file in .built/*.yaml; do echo "Validating $file" - <"$file" ./check.sh + <"$file" .scripts/check.sh done diff --git a/.gitignore b/.gitignore index 11554c987..a493c8155 100644 --- a/.gitignore +++ b/.gitignore @@ -196,6 +196,6 @@ $RECYCLE.BIN/ !.vscode/extensions.json /.crd -/.built +/.built* charts diff --git a/.scripts/build.sh b/.scripts/build.sh new file mode 100755 index 000000000..aa1aa24b8 --- /dev/null +++ b/.scripts/build.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +set -euo pipefail + +TARGET="" +if [ "$#" -ge 1 ]; then + TARGET=$1 +fi + +contains () { + local e match="$1" + shift + for e; do [[ "$e" == "$match" ]] && return 0; done + return 1 +} + +rm -rf .built +mkdir .built + +skip_dirs=() +for directory in $(echo ./*/ | tr -d './' | tr -d '/'); do + if contains "$directory" "${skip_dirs[@]}"; then + echo "Skipping $directory" + continue + fi + if [ -n "$TARGET" ] && [ "$TARGET" != "$directory" ]; then + continue + fi + + echo "Building ./$directory" + kustomize build ./"$directory" --enable-alpha-plugins --enable-exec --load-restrictor LoadRestrictionsNone --enable-helm \ + | yq ".metadata.namespace = (.metadata.namespace // \"$directory\")" \ + > .built/"$directory".yaml +done diff --git a/check.sh b/.scripts/check.sh similarity index 100% rename from check.sh rename to .scripts/check.sh diff --git a/.scripts/diff-to-old.sh b/.scripts/diff-to-old.sh new file mode 100755 index 000000000..bbee1e7c9 --- /dev/null +++ b/.scripts/diff-to-old.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if [ "$#" -ne 1 ]; then + echo "現在の状態と指定のcommit/branchとのdiffをローカルで取る便利スクリプト(手元で実行することを想定)" + echo "Usage: $0 [directory]" + echo "Example: $0 traq" + echo "Example: TARGET=feat/my-branch $0 traq" + exit 1 +fi + +TARGET="${TARGET:-main}" + +# Create a unique worktree directory in tmp +WORKTREE_DIR=$(mktemp -d /tmp/manifest.XXXXXX) + +# Cleanup function to remove worktree on exit or failure +cleanup() { + if [ -d "$WORKTREE_DIR" ]; then + git worktree remove --force "$WORKTREE_DIR" 2>/dev/null || true + rm -rf "$WORKTREE_DIR" + fi +} + +# Set trap to cleanup on exit +trap cleanup EXIT + +echo "==> Creating git worktree for ${TARGET} ..." +git worktree add -f "$WORKTREE_DIR" "${TARGET}" + +echo "==> Building at ${TARGET} ..." +# Run build.sh in the worktree directory +PWD="$(pwd)" +(cd "$WORKTREE_DIR" && "${PWD}/.scripts/build.sh" "$@") +rm -rf .built.old +mv "$WORKTREE_DIR"/.built .built.old + +echo "==> Building at current ..." +.scripts/build.sh "$@" + +echo "==> Calculating diff ..." +.scripts/diff.sh .built.old .built --omit-header diff --git a/diff.sh b/.scripts/diff.sh similarity index 100% rename from diff.sh rename to .scripts/diff.sh diff --git a/edit-secret.sh b/.scripts/secret-edit.sh similarity index 100% rename from edit-secret.sh rename to .scripts/secret-edit.sh diff --git a/encrypt-secret.sh b/.scripts/secret-encrypt.sh similarity index 100% rename from encrypt-secret.sh rename to .scripts/secret-encrypt.sh diff --git a/set-secret.sh b/.scripts/secret-set.sh similarity index 100% rename from set-secret.sh rename to .scripts/secret-set.sh diff --git a/updatekeys-secret.sh b/.scripts/secret-updatekeys.sh similarity index 100% rename from updatekeys-secret.sh rename to .scripts/secret-updatekeys.sh diff --git a/setup-crd.sh b/.scripts/setup-crd.sh similarity index 100% rename from setup-crd.sh rename to .scripts/setup-crd.sh diff --git a/README.md b/README.md index 26b123872..1a8b5f16b 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ stringData: ファイルの中身が暗号化されて置き換わります。 ```shell -./encrypt-secret.sh secret.yaml +.scripts/secret-encrypt.sh secret.yaml ``` #### 3. `ksops.yaml` から以下のようにファイルを参照する @@ -121,7 +121,7 @@ generators: 既存Secretの値だけを上書きしたい場合、次のスクリプトで編集できます。 -- `./set-secret.sh filename key data` +- `.scripts/secret-set.sh filename key data` - filenameにはファイル名 - keyにはstringData以下のキー名 - dataには上書きしたいデータ @@ -130,14 +130,14 @@ Secret全体を一旦復号化して編集したい場合は、次のスクリ 誤ってコミットすることを防ぐため、ファイルシステム上で復号化はされず、エディター上で編集します。 エディターを閉じると自動的に再度暗号化されます。 -- `./edit-secret.sh filename` +- `.scripts/secret-edit.sh filename` ### 鍵の追加 / 削除方法 当然復号化できる鍵を1つ以上持っていないと(つまりadminでないと)できません。 1. `.sops.yaml` の `age` フィールドの公開鍵一覧(comma-separated)を更新 -2. すべてのSecretファイルに対して、`./updatekeys.sh filename` を実行 +2. すべてのSecretファイルに対して、`.scripts/secret-updatekeys.sh filename` を実行 - `secrets` ディレクトリ以下に存在するので `find . -type f -path '*/secrets/*' | xargs -n 1 ./updatekeys-secret.sh` とすると楽 NOTE: 鍵を削除する場合、中身は遡って復号化できることに注意 diff --git a/build.sh b/build.sh deleted file mode 100755 index 6a41c17c4..000000000 --- a/build.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -contains () { - local e match="$1" - shift - for e; do [[ "$e" == "$match" ]] && return 0; done - return 1 -} - -rm -rf .built -mkdir .built - -# ns-apps: No resource other than secret (which cannot be built in CI) -skip_dirs=("ns-apps") -for directory in $(echo ./*/ | tr -d './' | tr -d '/'); do - if contains "$directory" "${skip_dirs[@]}"; then - echo "Skipping ./$directory" - else - echo "Building ./$directory" - kustomize build ./"$directory" --enable-alpha-plugins --enable-exec --load-restrictor LoadRestrictionsNone --enable-helm \ - | yq ".metadata.namespace = (.metadata.namespace // \"$directory\")" \ - > .built/"$directory".yaml - fi -done diff --git a/traq/backend/deployment.yaml b/traq/backend/deployment.yaml deleted file mode 100644 index 892521469..000000000 --- a/traq/backend/deployment.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: traq-backend - name: traq-backend -spec: - replicas: 1 - selector: - matchLabels: - app: traq-backend - strategy: - type: Recreate - template: - metadata: - labels: - app: traq-backend - spec: - nodeSelector: - kubernetes.io/hostname: c1-203.tokyotech.org - volumes: - - name: config - configMap: - name: traq-config - - name: keys - secret: - secretName: traq-backend-secrets - containers: - - image: ghcr.io/traptitech/traq:3.24.14 - name: traq-backend - ports: - - containerPort: 3000 - protocol: TCP - volumeMounts: - - mountPath: /keys - name: keys - readOnly: true - - mountPath: /app/config.yml - name: config - readOnly: true - subPath: traq.yaml - env: - - name: TRAQ_ES_PASSWORD - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: es_password - - name: TRAQ_MARIADB_PASSWORD - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: mariadb_password - - name: TRAQ_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: storage_s3_accessKey - - name: TRAQ_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: storage_s3_secretKey - - name: TRAQ_SKYWAY_SECRETKEY - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: skyway_secretKey - - name: TRAQ_LIVEKIT_APIKEY - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: livekit_apiKey - - name: TRAQ_LIVEKIT_APISECRET - valueFrom: - secretKeyRef: - name: traq-config-secrets - key: livekit_apiSecret - restartPolicy: Always diff --git a/traq/backend/ingress-route.yaml b/traq/backend/ingress-route.yaml deleted file mode 100644 index 6edc053a6..000000000 --- a/traq/backend/ingress-route.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: traq-backend - -spec: - entryPoints: - - websecure - tls: - secretName: traq-tls - routes: - - kind: Rule - match: Host(`q.trap.jp`) && (PathPrefix(`/api/`) || PathPrefix(`/.well-known/`)) - services: - - namespace: traq - kind: Service - name: traq-backend - port: 8001 - scheme: http - strategy: RoundRobin - weight: 1 diff --git a/traq/backend/kustomization.yaml b/traq/backend/kustomization.yaml deleted file mode 100644 index 9ec425a94..000000000 --- a/traq/backend/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -resources: - - ./deployment.yaml - - ./service.yaml - - ./ingress-route.yaml - -configMapGenerator: - - name: traq-config - files: - - config/traq.yaml - -generators: - - ksops.yaml diff --git a/traq/backend/service.yaml b/traq/backend/service.yaml deleted file mode 100644 index 4e6d7216b..000000000 --- a/traq/backend/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: traq-backend - name: traq-backend -spec: - ports: - - name: "8001" - port: 8001 - targetPort: 3000 - selector: - app: traq-backend diff --git a/traq/certificate/certificate.yaml b/traq/certificate.yaml similarity index 100% rename from traq/certificate/certificate.yaml rename to traq/certificate.yaml diff --git a/traq/certificate/kustomization.yaml b/traq/certificate/kustomization.yaml deleted file mode 100644 index 4412289b4..000000000 --- a/traq/certificate/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - ./certificate.yaml diff --git a/traq/backend/config/traq.yaml b/traq/config/traq.yaml similarity index 100% rename from traq/backend/config/traq.yaml rename to traq/config/traq.yaml diff --git a/traq/es/config/es_jvm.options b/traq/es/config/es_jvm.options deleted file mode 100644 index dbfb041f1..000000000 --- a/traq/es/config/es_jvm.options +++ /dev/null @@ -1,2 +0,0 @@ --Xms256m --Xmx256m diff --git a/traq/es/ksops.yaml b/traq/es/ksops.yaml deleted file mode 100644 index e460c5e66..000000000 --- a/traq/es/ksops.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: ksops - annotations: - config.kubernetes.io/function: | - exec: - path: ksops - -files: - - ./secrets/secrets.yaml diff --git a/traq/es/kustomization.yaml b/traq/es/kustomization.yaml deleted file mode 100644 index 0b56870b0..000000000 --- a/traq/es/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resources: - - service.yaml - - statefulset.yaml - -configMapGenerator: - - name: es-config - files: - - config/es_jvm.options - -generators: - - ksops.yaml diff --git a/traq/es/service.yaml b/traq/es/service.yaml deleted file mode 100644 index a6d654532..000000000 --- a/traq/es/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: es - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9114" - -spec: - type: ClusterIP - selector: - app: es - ports: - - name: es - port: 9200 - targetPort: es - - name: exporter - port: 9114 - targetPort: exporter diff --git a/traq/es/statefulset.yaml b/traq/es/statefulset.yaml deleted file mode 100644 index 6e693c485..000000000 --- a/traq/es/statefulset.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: es - -spec: - serviceName: es - replicas: 1 - podManagementPolicy: Parallel - revisionHistoryLimit: 0 - - selector: - matchLabels: - app: es - - template: - metadata: - labels: - app: es - spec: - enableServiceLinks: false - nodeSelector: - kubernetes.io/hostname: e505.tokyotech.org - - volumes: - - name: data - hostPath: - path: /opt/elasticsearch/traq-data - type: DirectoryOrCreate - - name: config - configMap: - name: es-config - - containers: - - name: es - image: ghcr.io/traptitech/es-with-sudachi:8.8.1-3.1.0 - env: - - name: discovery.type - value: single-node - - name: ELASTIC_PASSWORD - valueFrom: - secretKeyRef: - name: es-password - key: es-password - ports: - # for compatibility with old infra; TODO: remove old host port expose - - name: es - containerPort: 9200 - hostIP: 192.168.0.12 - hostPort: 9201 - volumeMounts: - - mountPath: /usr/share/elasticsearch/data - name: data - - mountPath: /usr/share/elasticsearch/config/jvm.options.d/es_jvm.options - name: config - subPath: es_jvm.options - readOnly: true - resources: - requests: - cpu: "50m" - memory: "500Mi" - limits: - cpu: "1" - memory: "600Mi" - - - name: exporter - image: quay.io/prometheuscommunity/elasticsearch-exporter:v1.9.0 - args: - - --es.uri=http://elastic:$(ELASTIC_PASSWORD)@localhost:9200 - - --es.all - - --es.indices - - --es.shards - env: - - name: ELASTIC_PASSWORD - valueFrom: - secretKeyRef: - name: es-password - key: es-password - ports: - - name: exporter - containerPort: 9114 - resources: - requests: - cpu: "10m" - memory: "20Mi" - limits: - cpu: "100m" - memory: "50Mi" diff --git a/traq/frontend/deployment.yaml b/traq/frontend/deployment.yaml deleted file mode 100644 index e78f35fc8..000000000 --- a/traq/frontend/deployment.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: traq-frontend - name: traq-frontend -spec: - replicas: 1 - selector: - matchLabels: - app: traq-frontend - template: - metadata: - labels: - app: traq-frontend - spec: - nodeSelector: - kubernetes.io/hostname: c1-203.tokyotech.org - containers: - - image: ghcr.io/traptitech/traq-ui:3.26.2 - name: traq-frontend - ports: - - containerPort: 80 - protocol: TCP - env: - - name: NEW_RELIC_LICENSE_KEY - value: "NRJS-5c70f08b45082feb140" - - name: NEW_RELIC_ACCOUNT_ID - value: "6862108" - - name: NEW_RELIC_TRUST_KEY - value: "6862108" - - name: NEW_RELIC_APPLICATION_ID - value: "1120420953" - - name: NEW_RELIC_AGENT_ID - value: "1120420953" - restartPolicy: Always diff --git a/traq/frontend/ingress-route.yaml b/traq/frontend/ingress-route.yaml deleted file mode 100644 index 0175d235f..000000000 --- a/traq/frontend/ingress-route.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: traq-frontend - -spec: - entryPoints: - - websecure - tls: - secretName: traq-tls - routes: - - kind: Rule - match: Host(`q.trap.jp`) - priority: -100 - services: - - namespace: traq - kind: Service - name: traq-frontend - port: 8000 - scheme: http - strategy: RoundRobin - weight: 1 diff --git a/traq/frontend/kustomization.yaml b/traq/frontend/kustomization.yaml deleted file mode 100644 index 95daa59cb..000000000 --- a/traq/frontend/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: - - ./deployment.yaml - - ./service.yaml - - ./ingress-route.yaml diff --git a/traq/frontend/service.yaml b/traq/frontend/service.yaml deleted file mode 100644 index dcff9cbe8..000000000 --- a/traq/frontend/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: traq-frontend - name: traq-frontend -spec: - ports: - - name: "8000" - port: 8000 - targetPort: 80 - selector: - app: traq-frontend diff --git a/traq/kustomization.yaml b/traq/kustomization.yaml index 93abe7cc9..5c120bdf4 100644 --- a/traq/kustomization.yaml +++ b/traq/kustomization.yaml @@ -1,7 +1,19 @@ +helmGlobals: + chartHome: ../.common + +helmCharts: + - name: traq + releaseName: traq + namespace: traq + includeCRDs: true + valuesFile: values.yaml + resources: - - backend - - es - - frontend - - system-bot - - widget - - certificate + - secrets + - certificate.yaml + +configMapGenerator: + - name: traq-config + namespace: traq + files: + - config/traq.yaml diff --git a/traq/es/secrets/secrets.yaml b/traq/secrets/es-password.yaml similarity index 100% rename from traq/es/secrets/secrets.yaml rename to traq/secrets/es-password.yaml diff --git a/traq/backend/ksops.yaml b/traq/secrets/ksops.yaml similarity index 62% rename from traq/backend/ksops.yaml rename to traq/secrets/ksops.yaml index 051512da6..718d09109 100644 --- a/traq/backend/ksops.yaml +++ b/traq/secrets/ksops.yaml @@ -8,5 +8,7 @@ metadata: path: ksops files: - - ./secrets/secrets.yaml - - ./secrets/config-secrets.yaml + - es-password.yaml + - system-bot.yaml + - traq-backend-secrets.yaml + - traq-config-secrets.yaml diff --git a/traq/secrets/kustomization.yaml b/traq/secrets/kustomization.yaml new file mode 100644 index 000000000..c25226eb6 --- /dev/null +++ b/traq/secrets/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: traq + +generators: + - ksops.yaml diff --git a/traq/system-bot/secrets/secrets.yaml b/traq/secrets/system-bot.yaml similarity index 100% rename from traq/system-bot/secrets/secrets.yaml rename to traq/secrets/system-bot.yaml diff --git a/traq/backend/secrets/secrets.yaml b/traq/secrets/traq-backend-secrets.yaml similarity index 100% rename from traq/backend/secrets/secrets.yaml rename to traq/secrets/traq-backend-secrets.yaml diff --git a/traq/backend/secrets/config-secrets.yaml b/traq/secrets/traq-config-secrets.yaml similarity index 100% rename from traq/backend/secrets/config-secrets.yaml rename to traq/secrets/traq-config-secrets.yaml diff --git a/traq/system-bot/deployment.yaml b/traq/system-bot/deployment.yaml deleted file mode 100644 index 938b1a1f4..000000000 --- a/traq/system-bot/deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: system-bot - -spec: - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: system-bot - template: - metadata: - labels: - app: system-bot - spec: - enableServiceLinks: false - automountServiceAccountToken: false - containers: - - name: system-bot - image: ghcr.io/traptitech/traq-system-bot:1.0.0 - env: - - name: BOT_SYSTEM_MESSAGE_CHANNEL_ID - value: 9557ccd3-50b4-483c-a553-7003027203b8 - - name: TRAQ_ORIGIN - value: wss://q.trap.jp - - name: BOT_ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: system-bot - key: access-token diff --git a/traq/system-bot/ksops.yaml b/traq/system-bot/ksops.yaml deleted file mode 100644 index e460c5e66..000000000 --- a/traq/system-bot/ksops.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: ksops - annotations: - config.kubernetes.io/function: | - exec: - path: ksops - -files: - - ./secrets/secrets.yaml diff --git a/traq/system-bot/kustomization.yaml b/traq/system-bot/kustomization.yaml deleted file mode 100644 index 878535d91..000000000 --- a/traq/system-bot/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./deployment.yaml - -generators: - - ksops.yaml diff --git a/traq/values.yaml b/traq/values.yaml new file mode 100644 index 000000000..044402831 --- /dev/null +++ b/traq/values.yaml @@ -0,0 +1,76 @@ +host: q.trap.jp + +backend: + image: ghcr.io/traptitech/traq:3.24.14 + nodeSelector: + kubernetes.io/hostname: c1-203.tokyotech.org + configMap: + existingName: traq-config + secret: + existingName: traq-config-secrets + keysSecret: + existingName: traq-backend-secrets + + service: + annotations: + prometheus.io/port: "3000" + prometheus.io/scrape: "true" + prometheus.io/path: /api/metrics + +es: + image: ghcr.io/traptitech/es-with-sudachi:8.8.1-3.1.0 + nodeSelector: + kubernetes.io/hostname: e505.tokyotech.org + resources: + resources: + requests: + cpu: 50m + memory: 500Mi + limits: + cpu: "1" + memory: 600Mi + secret: + existingName: es-password + jvmOptions: | + -Xms256m + -Xmx256m + + exporter: + image: quay.io/prometheuscommunity/elasticsearch-exporter:v1.9.0 + resources: + requests: + cpu: 10m + memory: 20Mi + limits: + cpu: 100m + memory: 50Mi + + service: + annotations: + prometheus.io/port: "9114" + prometheus.io/scrape: "true" + +frontend: + image: ghcr.io/traptitech/traq-ui:3.26.2 + nodeSelector: + kubernetes.io/hostname: c1-203.tokyotech.org + extraEnvs: + - name: NEW_RELIC_LICENSE_KEY + value: "NRJS-5c70f08b45082feb140" + - name: NEW_RELIC_ACCOUNT_ID + value: "6862108" + - name: NEW_RELIC_TRUST_KEY + value: "6862108" + - name: NEW_RELIC_APPLICATION_ID + value: "1120420953" + - name: NEW_RELIC_AGENT_ID + value: "1120420953" + +widget: + image: ghcr.io/traptitech/traq-widget:0.3.7 + nodeSelector: + kubernetes.io/hostname: c1-203.tokyotech.org + +systemBot: + image: ghcr.io/traptitech/traq-system-bot:1.0.0 + channelId: 9557ccd3-50b4-483c-a553-7003027203b8 diff --git a/traq/widget/deployment.yaml b/traq/widget/deployment.yaml deleted file mode 100644 index 910625294..000000000 --- a/traq/widget/deployment.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: traq-widget - name: traq-widget -spec: - replicas: 1 - selector: - matchLabels: - app: traq-widget - template: - metadata: - labels: - app: traq-widget - spec: - nodeSelector: - kubernetes.io/hostname: c1-203.tokyotech.org - containers: - - image: ghcr.io/traptitech/traq-widget:0.3.7 - name: traq-widget - ports: - - containerPort: 80 - protocol: TCP - restartPolicy: Always diff --git a/traq/widget/ingress-route.yaml b/traq/widget/ingress-route.yaml deleted file mode 100644 index 228787880..000000000 --- a/traq/widget/ingress-route.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: traq-widget - -spec: - entryPoints: - - websecure - tls: - secretName: traq-tls - routes: - - kind: Rule - match: Host(`q.trap.jp`) && PathPrefix(`/widget`) - middlewares: - - name: auth-trapti-tech-soft - namespace: auth - - name: strip-widget-prefix - namespace: traq - services: - - namespace: traq - kind: Service - name: traq-widget - port: 8003 - scheme: http - strategy: RoundRobin - weight: 1 diff --git a/traq/widget/kustomization.yaml b/traq/widget/kustomization.yaml deleted file mode 100644 index 65c0a349e..000000000 --- a/traq/widget/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./deployment.yaml - - ./service.yaml - - ./ingress-route.yaml - - ./strip-widget-prefix.yaml diff --git a/traq/widget/service.yaml b/traq/widget/service.yaml deleted file mode 100644 index 6afd717a1..000000000 --- a/traq/widget/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: traq-widget - name: traq-widget -spec: - ports: - - name: "8003" - port: 8003 - targetPort: 80 - selector: - app: traq-widget diff --git a/traq/widget/strip-widget-prefix.yaml b/traq/widget/strip-widget-prefix.yaml deleted file mode 100644 index 2fa1e51d7..000000000 --- a/traq/widget/strip-widget-prefix.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: strip-widget-prefix -spec: - stripPrefix: - prefixes: - - /widget