From 6cd10457120f099bc7bb22709b7a0cd7d6454771 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 29 Apr 2024 18:47:33 +0200 Subject: [PATCH] Updated helm files --- helm/capif/Chart.yaml | 4 +- helm/capif/templates/deployment.yaml | 72 ++++++++++++++++++- helm/capif/templates/grafana-pvc.yaml | 1 + helm/capif/templates/loki-pvc.yaml | 1 + helm/capif/templates/mongo-pvc.yaml | 1 + .../templates/mongo-register-express.yaml | 17 +++++ helm/capif/templates/mongo-register-pvc.yaml | 17 +++++ helm/capif/templates/nginx-ssl.yaml | 4 +- helm/capif/templates/prometheus-pvc.yaml | 1 + helm/capif/values.yaml | 43 ++++++++++- helm/vault-job/vault-job.yaml | 2 +- 11 files changed, 155 insertions(+), 8 deletions(-) create mode 100644 helm/capif/templates/mongo-register-express.yaml create mode 100644 helm/capif/templates/mongo-register-pvc.yaml diff --git a/helm/capif/Chart.yaml b/helm/capif/Chart.yaml index 625f958..0c8eb5f 100644 --- a/helm/capif/Chart.yaml +++ b/helm/capif/Chart.yaml @@ -13,12 +13,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v3.1.4 +version: v3.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v3.1.4" +appVersion: "v3.1.6" dependencies: - name: "tempo" condition: tempo.enabled diff --git a/helm/capif/templates/deployment.yaml b/helm/capif/templates/deployment.yaml index 4c2e026..ff5ffe2 100644 --- a/helm/capif/templates/deployment.yaml +++ b/helm/capif/templates/deployment.yaml @@ -558,8 +558,15 @@ spec: image: {{ .Values.mongoRegister.mongo.image.repository }}:{{ .Values.mongoRegister.mongo.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.mongoRegister.mongo.image.imagePullPolicy }} name: mongo-register + {{- if .Values.mongoRegister.mongo.persistence.enable }} + volumeMounts: + - name: mongo-register-pvc + mountPath: /data/db + {{- end }} ports: - containerPort: 27017 + securityContext: + runAsUser: 999 resources: {{- toYaml .Values.mongoRegister.mongo.resources | nindent 12 }} readinessProbe: @@ -567,6 +574,12 @@ spec: port: 27017 # initialDelaySeconds: 5 periodSeconds: 5 + {{- if .Values.mongoRegister.mongo.persistence.enable }} + volumes: + - name: mongo-register-pvc + persistentVolumeClaim: + claimName: mongo-register-pvc + {{- end }} restartPolicy: Always {{- end }} --- @@ -674,7 +687,7 @@ spec: ports: - containerPort: 27017 securityContext: - runAsUser: 0 + runAsUser: 999 {{- if eq .Values.mongo.persistence.enable "true" }} volumeMounts: - name: mongo-pvc @@ -765,6 +778,61 @@ spec: periodSeconds: 5 restartPolicy: Always --- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongo-register-express + labels: + io.kompose.service: mongo-register-express + {{- include "capif.labels" . | nindent 4 }} + annotations: + kompose.cmd: kompose -f ../services/docker-compose.yml convert +spec: + replicas: {{ .Values.mongoRegisterExpress.replicas }} + selector: + matchLabels: + io.kompose.service: mongo-register-express + {{- include "capif.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + io.kompose.network/services-default: "true" + io.kompose.service: mongo-register-express + {{- include "capif.selectorLabels" . | nindent 8 }} + annotations: + date: "{{ now | unixEpoch }}" + spec: + hostAliases: + - ip: "{{ .Values.ingress.ip }}" + hostnames: + - "{{ .Values.nginx.nginx.env.capifHostname }}" + containers: + - env: + - name: ME_CONFIG_MONGODB_ADMINPASSWORD + value: {{ quote .Values.mongoRegisterExpress.mongoRegisterExpress.env.meConfigMongodbAdminpassword + }} + - name: ME_CONFIG_MONGODB_ADMINUSERNAME + value: {{ quote .Values.mongoRegisterExpress.mongoRegisterExpress.env.meConfigMongodbAdminusername + }} + - name: ME_CONFIG_MONGODB_URL + value: {{ quote .Values.mongoRegisterExpress.mongoRegisterExpress.env.meConfigMongodbUrl }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.mongoRegisterExpress.mongoRegisterExpress.image.repository }}:{{ .Values.mongoRegisterExpress.mongoRegisterExpress.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.mongoRegisterExpress.mongoRegisterExpress.image.imagePullPolicy }} + name: mongo-register-express + ports: + - containerPort: 8081 + resources: + {{- toYaml .Values.mongoRegisterExpress.mongoRegisterExpress.resources | nindent 12 }} + readinessProbe: + tcpSocket: + port: 8081 +# initialDelaySeconds: 0 + periodSeconds: 5 + restartPolicy: Always +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -998,4 +1066,4 @@ spec: items: - key: "config.yaml" path: "config.yaml" - restartPolicy: Always \ No newline at end of file + restartPolicy: Always diff --git a/helm/capif/templates/grafana-pvc.yaml b/helm/capif/templates/grafana-pvc.yaml index b2c6672..5a55282 100644 --- a/helm/capif/templates/grafana-pvc.yaml +++ b/helm/capif/templates/grafana-pvc.yaml @@ -7,6 +7,7 @@ metadata: io.kompose.service: grafana-claim0 name: grafana-claim0 spec: + storageClassName: {{ .Values.monitoring.grafana.persistence.storageClass }} accessModes: - ReadWriteOnce resources: diff --git a/helm/capif/templates/loki-pvc.yaml b/helm/capif/templates/loki-pvc.yaml index 7da7816..0b90bda 100644 --- a/helm/capif/templates/loki-pvc.yaml +++ b/helm/capif/templates/loki-pvc.yaml @@ -7,6 +7,7 @@ metadata: io.kompose.service: loki-claim0 name: loki-claim0 spec: + storageClassName: {{ .Values.monitoring.loki.persistence.storageClass }} accessModes: - ReadWriteOnce resources: diff --git a/helm/capif/templates/mongo-pvc.yaml b/helm/capif/templates/mongo-pvc.yaml index 2996d57..3c80c14 100644 --- a/helm/capif/templates/mongo-pvc.yaml +++ b/helm/capif/templates/mongo-pvc.yaml @@ -7,6 +7,7 @@ metadata: io.kompose.service: mongo-pvc name: mongo-pvc spec: + storageClassName: {{ .Values.mongo.persistence.storageClass }} accessModes: - ReadWriteOnce resources: diff --git a/helm/capif/templates/mongo-register-express.yaml b/helm/capif/templates/mongo-register-express.yaml new file mode 100644 index 0000000..5de4b22 --- /dev/null +++ b/helm/capif/templates/mongo-register-express.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongo-register-express + labels: + io.kompose.service: mongo-register-express + {{- include "capif.labels" . | nindent 4 }} + annotations: + kompose.cmd: kompose -f ../services/docker-compose.yml convert + kompose.version: 1.28.0 (c4137012e) +spec: + type: {{ .Values.mongoRegisterExpress.type }} + selector: + io.kompose.service: mongo-register-express + {{- include "capif.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.mongoRegisterExpress.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/mongo-register-pvc.yaml b/helm/capif/templates/mongo-register-pvc.yaml new file mode 100644 index 0000000..4d1a259 --- /dev/null +++ b/helm/capif/templates/mongo-register-pvc.yaml @@ -0,0 +1,17 @@ +{{- if eq .Values.monitoring.enable "true" }} +{{- if .Values.mongoRegister.mongo.persistence.enable }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: mongo-register + name: mongo-register-pvc +spec: + storageClassName: {{ .Values.mongoRegister.mongo.persistence.storageClass }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.mongoRegister.mongo.persistence.storage }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/nginx-ssl.yaml b/helm/capif/templates/nginx-ssl.yaml index 275e2c7..39487d5 100644 --- a/helm/capif/templates/nginx-ssl.yaml +++ b/helm/capif/templates/nginx-ssl.yaml @@ -15,7 +15,7 @@ spec: ingressClassName: {{ .Values.nginx.ingressClassName }} {{- end }} rules: - - host: "register{{ .Values.nginx.nginx.env.capifHostname }}" + - host: "{{ .Values.nginx.nginx.env.registerHostname }}" http: paths: - backend: @@ -27,6 +27,6 @@ spec: pathType: Prefix tls: - hosts: - - "register{{ .Values.nginx.nginx.env.capifHostname }}" + - "{{ .Values.nginx.nginx.env.registerHostname }}" secretName: letsencrypt-secret {{- end }} \ No newline at end of file diff --git a/helm/capif/templates/prometheus-pvc.yaml b/helm/capif/templates/prometheus-pvc.yaml index 0ba676f..8f763c6 100644 --- a/helm/capif/templates/prometheus-pvc.yaml +++ b/helm/capif/templates/prometheus-pvc.yaml @@ -9,6 +9,7 @@ metadata: app: prometheus {{- include "capif.labels" . | nindent 4 }} spec: + storageClassName: {{ .Values.monitoring.prometheus.persistence.storageClass }} accessModes: - ReadWriteOnce resources: diff --git a/helm/capif/values.yaml b/helm/capif/values.yaml index a2aea33..4308349 100644 --- a/helm/capif/values.yaml +++ b/helm/capif/values.yaml @@ -258,6 +258,11 @@ mongoRegister: tag: "6.0.2" # -- Image pull policy: Always, IfNotPresent imagePullPolicy: Always + # -- If mongoRegister.mongo.persistence enabled. enable: true, enable: false is = not enabled + persistence: + enable: true + storage: 8Gi + storageClass: nfs-01 resources: {} # limits: # cpu: 100m @@ -333,6 +338,7 @@ mongo: persistence: enable: "true" storage: 8Gi + storageClass: nfs-01 mongoExpress: mongoExpress: env: @@ -363,6 +369,36 @@ mongoExpress: targetPort: 8081 replicas: 1 type: ClusterIP +mongoRegisterExpress: + mongoRegisterExpress: + env: + # User's password MongoDB + meConfigMongodbAdminpassword: example + # Name of User's mongodb + meConfigMongodbAdminusername: root + # URI for connecting MongoDB + meConfigMongodbUrl: mongodb://root:example@mongo-register:27017/ + image: + # -- The docker image repository to use + repository: "mongo-express" + # -- The docker image tag to use + # @default Chart version + tag: "1.0.0-alpha.4" + # -- Image pull policy: Always, IfNotPresent + imagePullPolicy: Always + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ports: + - name: "8082" + port: 8082 + targetPort: 8081 + replicas: 1 + type: ClusterIP nginx: # -- if nginx.ingressType: "Ingress". set up monitoring.prometheus.ingress: true # and monitoring.grafana.ingress: true @@ -379,6 +415,7 @@ nginx: env: # -- Ingress's host to Capif capifHostname: "my-capif.apps.ocp-epg.hi.inet" + registerHostname: "register.app.ocp-epg.hi.inet" image: # -- The docker image repository to use repository: "public.ecr.aws/o2v4a8t6/opencapif/nginx" @@ -534,6 +571,7 @@ monitoring: persistence: enable: "true" storage: 100Mi + storageClass: nfs-01 otel: image: # -- The docker image repository to use @@ -576,7 +614,7 @@ monitoring: # -- The docker image tag to use # @default Chart version tag: "latest" - retentionTime: 5d + retentionTime: 3d resources: {} # limits: # cpu: 100m @@ -587,6 +625,7 @@ monitoring: persistence: enable: "true" storage: 8Gi + storageClass: nfs-01 service: type: ClusterIP port: 9090 @@ -635,6 +674,7 @@ monitoring: persistence: enable: "true" storage: 100Mi + storageClass: nfs-01 service: type: ClusterIP port: 3000 @@ -658,3 +698,4 @@ monitoring: ingressRoute: enable: "" host: grafana.5gnacar.int + diff --git a/helm/vault-job/vault-job.yaml b/helm/vault-job/vault-job.yaml index 6e0e9ce..8f683e2 100644 --- a/helm/vault-job/vault-job.yaml +++ b/helm/vault-job/vault-job.yaml @@ -69,7 +69,7 @@ data: vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem #Crear rol en Vault - vault write pki_int/roles/my-ca use_csr_common_name=true require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h + vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h # Emitir un certificado firmado por la CA intermedia # vault write -format=json pki_int/issue/my-ca \ -- GitLab