From 20f1ad9ae1f2e60764fcc9fadc28b51c5561a7aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karsten=20Ra=CC=88th?= Date: Wed, 11 Oct 2023 21:18:51 +0200 Subject: [PATCH 1/5] Default Helm chart initial commit - please do not use it. --- k8s/helm/kds/.helmignore | 23 ++++++ k8s/helm/kds/Chart.yaml | 24 ++++++ k8s/helm/kds/templates/NOTES.txt | 22 +++++ k8s/helm/kds/templates/_helpers.tpl | 62 ++++++++++++++ k8s/helm/kds/templates/deployment.yaml | 61 ++++++++++++++ k8s/helm/kds/templates/hpa.yaml | 32 ++++++++ k8s/helm/kds/templates/ingress.yaml | 61 ++++++++++++++ k8s/helm/kds/templates/service.yaml | 15 ++++ k8s/helm/kds/templates/serviceaccount.yaml | 12 +++ .../kds/templates/tests/test-connection.yaml | 15 ++++ k8s/helm/kds/values.yaml | 82 +++++++++++++++++++ 11 files changed, 409 insertions(+) create mode 100644 k8s/helm/kds/.helmignore create mode 100644 k8s/helm/kds/Chart.yaml create mode 100644 k8s/helm/kds/templates/NOTES.txt create mode 100644 k8s/helm/kds/templates/_helpers.tpl create mode 100644 k8s/helm/kds/templates/deployment.yaml create mode 100644 k8s/helm/kds/templates/hpa.yaml create mode 100644 k8s/helm/kds/templates/ingress.yaml create mode 100644 k8s/helm/kds/templates/service.yaml create mode 100644 k8s/helm/kds/templates/serviceaccount.yaml create mode 100644 k8s/helm/kds/templates/tests/test-connection.yaml create mode 100644 k8s/helm/kds/values.yaml diff --git a/k8s/helm/kds/.helmignore b/k8s/helm/kds/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s/helm/kds/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/k8s/helm/kds/Chart.yaml b/k8s/helm/kds/Chart.yaml new file mode 100644 index 0000000..7af17bb --- /dev/null +++ b/k8s/helm/kds/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: kds +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" diff --git a/k8s/helm/kds/templates/NOTES.txt b/k8s/helm/kds/templates/NOTES.txt new file mode 100644 index 0000000..11fac95 --- /dev/null +++ b/k8s/helm/kds/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kds.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kds.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kds.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kds.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/k8s/helm/kds/templates/_helpers.tpl b/k8s/helm/kds/templates/_helpers.tpl new file mode 100644 index 0000000..6c99a21 --- /dev/null +++ b/k8s/helm/kds/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kds.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kds.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kds.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kds.labels" -}} +helm.sh/chart: {{ include "kds.chart" . }} +{{ include "kds.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kds.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kds.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kds.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kds.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/k8s/helm/kds/templates/deployment.yaml b/k8s/helm/kds/templates/deployment.yaml new file mode 100644 index 0000000..a80f593 --- /dev/null +++ b/k8s/helm/kds/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kds.fullname" . }} + labels: + {{- include "kds.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "kds.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kds.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kds.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/k8s/helm/kds/templates/hpa.yaml b/k8s/helm/kds/templates/hpa.yaml new file mode 100644 index 0000000..c8bc0c1 --- /dev/null +++ b/k8s/helm/kds/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kds.fullname" . }} + labels: + {{- include "kds.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kds.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/k8s/helm/kds/templates/ingress.yaml b/k8s/helm/kds/templates/ingress.yaml new file mode 100644 index 0000000..72a0d1c --- /dev/null +++ b/k8s/helm/kds/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "kds.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "kds.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/k8s/helm/kds/templates/service.yaml b/k8s/helm/kds/templates/service.yaml new file mode 100644 index 0000000..87c6961 --- /dev/null +++ b/k8s/helm/kds/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kds.fullname" . }} + labels: + {{- include "kds.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "kds.selectorLabels" . | nindent 4 }} diff --git a/k8s/helm/kds/templates/serviceaccount.yaml b/k8s/helm/kds/templates/serviceaccount.yaml new file mode 100644 index 0000000..b2a3ad1 --- /dev/null +++ b/k8s/helm/kds/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kds.serviceAccountName" . }} + labels: + {{- include "kds.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/k8s/helm/kds/templates/tests/test-connection.yaml b/k8s/helm/kds/templates/tests/test-connection.yaml new file mode 100644 index 0000000..6465047 --- /dev/null +++ b/k8s/helm/kds/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "kds.fullname" . }}-test-connection" + labels: + {{- include "kds.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "kds.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/k8s/helm/kds/values.yaml b/k8s/helm/kds/values.yaml new file mode 100644 index 0000000..b5fe3b4 --- /dev/null +++ b/k8s/helm/kds/values.yaml @@ -0,0 +1,82 @@ +# Default values for kds. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 957e5c281939ff20ee5469239d4157b495fbad98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karsten=20Ra=CC=88th?= Date: Tue, 17 Oct 2023 15:09:06 +0200 Subject: [PATCH 2/5] Dockerfile adjusted to Java 17 and docker-compose adjusted to kds imaga --- Dockerfile | 17 +++++++++++++---- docker-compose.yml | 40 +++++++++++++++++----------------------- 2 files changed, 30 insertions(+), 27 deletions(-) diff --git a/Dockerfile b/Dockerfile index 03de66b..4eadf5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,13 @@ -FROM adoptopenjdk:11-jre-hotspot -COPY ./target/*.jar /app/app.jar -WORKDIR /app -ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar ./app.jar" ] +FROM eclipse-temurin:17-jre + +WORKDIR / + +COPY [ "./target/tng-key-distribution-latest.jar", "/tng-key-distribution.jar" ] + +ENV JAVA_OPTS="$JAVA_OPTS -Xms256M -Xmx1G" + +EXPOSE 8080 + +USER 65534:65534 + +ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /tng-key-distribution.jar" ] diff --git a/docker-compose.yml b/docker-compose.yml index f337100..4e68b80 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,41 +2,35 @@ version: '3' services: postgres: - image: library/postgres:9.6 - container_name: tng-key-distribution-postgres + image: postgres ports: - 5432:5432 environment: - POSTGRES_DB: postgres - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres + - POSTGRES_PASSWORD=admin # do not use this for production deployments + - PGPASSWORD=admin # do not use this for production deployments + - POSTGRES_USER=postgres + - POSTGRES_DB=postgres restart: unless-stopped networks: persistence: - backend: + tng-kds: build: . - image: eu-digital-green-certificates/dgc-verifier-service - container_name: tng-key-distribution - ports: - - 8080:8080 + image: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution:latest volumes: - ./certs:/ec/prod/app/san/dgc + - ./logs:/logs + ports: + - 8080:8080 environment: - SERVER_PORT=8080 - - SPRING_PROFILES_ACTIVE=cloud - - SPRING_DATASOURCE_URL=jdbc:postgresql://dgc-verifier-service-postgres:5432/postgres + - SPRING_PROFILES_ACTIVE=log2console,local + - SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/postgres + - SPRING_DATASOURCE_DRIVERCLASSNAME=org.postgresql.Driver + - SPRING_DATASOURCE_JNDI_NAME=false + - SPRING_JPA_DATABASEPLATFORM=org.hibernate.dialect.PostgreSQLDialect - SPRING_DATASOURCE_USERNAME=postgres - - SPRING_DATASOURCE_PASSWORD=postgres - - DGC_GATEWAY_CONNECTOR_ENDPOINT=https://dgc-gateway.example.com - - DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PATH=file:/ec/prod/app/san/dgc/tls_trust_store.p12 - - DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PASSWORD=dgcg-p4ssw0rd - - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_ALIAS=1 - - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PATH=file:/ec/prod/app/san/dgc/tls_key_store.p12 - - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PASSWORD=dgcg-p4ssw0rd - - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_ALIAS=ta - - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PATH=file:/ec/prod/app/san/dgc/trust_anchor.jks - - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PASSWORD=dgcg-p4ssw0rd + - SPRING_DATASOURCE_PASSWORD=admin # do not use this for production deployments depends_on: - postgres networks: @@ -44,5 +38,5 @@ services: persistence: networks: - backend: persistence: + backend: From 4e11554b93e011ea391510739b709877f035c29b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karsten=20Ra=CC=88th?= Date: Tue, 17 Oct 2023 17:54:00 +0200 Subject: [PATCH 3/5] Helm charts adjusted. --- docker-compose.yml | 2 +- k8s/helm/kds/Chart.yaml | 2 +- k8s/helm/kds/templates/NOTES.txt | 22 ------- k8s/helm/kds/templates/_helpers.tpl | 22 ++++--- k8s/helm/kds/templates/deployment.yaml | 61 ------------------- k8s/helm/kds/templates/hpa.yaml | 32 ---------- .../kds/templates/postgres-deployment.yaml | 28 +++++++++ k8s/helm/kds/templates/postgres-service.yaml | 12 ++++ k8s/helm/kds/templates/service.yaml | 15 ----- .../kds/templates/tests/test-connection.yaml | 15 ----- k8s/helm/kds/templates/tng-ingress.yaml | 16 +++++ .../kds/templates/tng-kds-deployemnt.yaml | 41 +++++++++++++ k8s/helm/kds/templates/tng-kds-service.yaml | 12 ++++ k8s/helm/kds/values.yaml | 33 ++++++++-- 14 files changed, 152 insertions(+), 161 deletions(-) delete mode 100644 k8s/helm/kds/templates/NOTES.txt delete mode 100644 k8s/helm/kds/templates/deployment.yaml delete mode 100644 k8s/helm/kds/templates/hpa.yaml create mode 100644 k8s/helm/kds/templates/postgres-deployment.yaml create mode 100644 k8s/helm/kds/templates/postgres-service.yaml delete mode 100644 k8s/helm/kds/templates/service.yaml delete mode 100644 k8s/helm/kds/templates/tests/test-connection.yaml create mode 100644 k8s/helm/kds/templates/tng-ingress.yaml create mode 100644 k8s/helm/kds/templates/tng-kds-deployemnt.yaml create mode 100644 k8s/helm/kds/templates/tng-kds-service.yaml diff --git a/docker-compose.yml b/docker-compose.yml index 4e68b80..7712316 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,7 +16,7 @@ services: tng-kds: build: . - image: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution:latest + image: kds:0.0.1 volumes: - ./certs:/ec/prod/app/san/dgc - ./logs:/logs diff --git a/k8s/helm/kds/Chart.yaml b/k8s/helm/kds/Chart.yaml index 7af17bb..a537146 100644 --- a/k8s/helm/kds/Chart.yaml +++ b/k8s/helm/kds/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kds -description: A Helm chart for Kubernetes +description: A Helm chart for TNG Key Distribution Service # A chart can be either an 'application' or a 'library' chart. # diff --git a/k8s/helm/kds/templates/NOTES.txt b/k8s/helm/kds/templates/NOTES.txt deleted file mode 100644 index 11fac95..0000000 --- a/k8s/helm/kds/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kds.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kds.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kds.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kds.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/k8s/helm/kds/templates/_helpers.tpl b/k8s/helm/kds/templates/_helpers.tpl index 6c99a21..bb93154 100644 --- a/k8s/helm/kds/templates/_helpers.tpl +++ b/k8s/helm/kds/templates/_helpers.tpl @@ -42,14 +42,6 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} -{{/* -Selector labels -*/}} -{{- define "kds.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kds.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - {{/* Create the name of the service account to use */}} @@ -60,3 +52,17 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Template labels +*/}} +{{- define "kds.templateLabels" -}} + app: {{ template "kds.fullname" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "kds.selectorLabels" -}} + app: {{ template "kds.fullname" . }} +{{- end -}} diff --git a/k8s/helm/kds/templates/deployment.yaml b/k8s/helm/kds/templates/deployment.yaml deleted file mode 100644 index a80f593..0000000 --- a/k8s/helm/kds/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kds.fullname" . }} - labels: - {{- include "kds.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "kds.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "kds.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "kds.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/k8s/helm/kds/templates/hpa.yaml b/k8s/helm/kds/templates/hpa.yaml deleted file mode 100644 index c8bc0c1..0000000 --- a/k8s/helm/kds/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "kds.fullname" . }} - labels: - {{- include "kds.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "kds.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/k8s/helm/kds/templates/postgres-deployment.yaml b/k8s/helm/kds/templates/postgres-deployment.yaml new file mode 100644 index 0000000..d1261ea --- /dev/null +++ b/k8s/helm/kds/templates/postgres-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kds.fullname" . }}-postgres + namespace: {{ .Values.namespace }} +spec: + replicas: {{ .Values.postgres.replicas | int }} + selector: + matchLabels: + {{- include "kds.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "kds.templateLabels" . | nindent 8 }} + spec: + containers: + - name: {{ include "kds.fullname" . }}-postgres + image: {{ .Values.postgres.image }}:{{ .Values.postgres.tag }} + imagePullPolicy: {{ .Values.postgres.pullPolicy }} + ports: + - containerPort: 5432 + env: + - name: POSTGRES_PASSWORD + value: {{ .Values.postgres.password | quote }} + - name: POSTGRES_USER + value: {{ .Values.postgres.user | quote }} + - name: POSTGRES_DB + value: {{ .Values.postgres.database | quote }} diff --git a/k8s/helm/kds/templates/postgres-service.yaml b/k8s/helm/kds/templates/postgres-service.yaml new file mode 100644 index 0000000..ef4e6a0 --- /dev/null +++ b/k8s/helm/kds/templates/postgres-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kds.fullname" . }}-postgres-service +spec: + selector: + app: postgres + ports: + - protocol: TCP + port: {{ .Values.postgres.port | int }} + targetPort: {{ .Values.postgres.port | int }} + type: ClusterIP diff --git a/k8s/helm/kds/templates/service.yaml b/k8s/helm/kds/templates/service.yaml deleted file mode 100644 index 87c6961..0000000 --- a/k8s/helm/kds/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kds.fullname" . }} - labels: - {{- include "kds.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "kds.selectorLabels" . | nindent 4 }} diff --git a/k8s/helm/kds/templates/tests/test-connection.yaml b/k8s/helm/kds/templates/tests/test-connection.yaml deleted file mode 100644 index 6465047..0000000 --- a/k8s/helm/kds/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "kds.fullname" . }}-test-connection" - labels: - {{- include "kds.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "kds.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/k8s/helm/kds/templates/tng-ingress.yaml b/k8s/helm/kds/templates/tng-ingress.yaml new file mode 100644 index 0000000..34c8f4e --- /dev/null +++ b/k8s/helm/kds/templates/tng-ingress.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-ingress +spec: + rules: + - host: my-kds-app.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: tng-kds-service + port: + number: 8080 diff --git a/k8s/helm/kds/templates/tng-kds-deployemnt.yaml b/k8s/helm/kds/templates/tng-kds-deployemnt.yaml new file mode 100644 index 0000000..8863bb8 --- /dev/null +++ b/k8s/helm/kds/templates/tng-kds-deployemnt.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kds.fullname" . }} + labels: + {{- include "kds.labels" . | nindent 4 }} + namespace: {{ .Values.namespace }} +spec: + replicas: {{ .Values.tngKds.replicas | int }} + selector: + matchLabels: + {{- include "kds.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "kds.templateLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.tngKds.image }}:{{ .Values.tngKds.tag }} + imagePullPolicy: {{ .Values.tngKds.pullPolicy }} + ports: + - name: http + containerPort: 8080 + env: + - name: SERVER_PORT + value: {{ .Values.tngKds.serverPort | quote }} + - name: SPRING_PROFILES_ACTIVE + value: {{ .Values.tngKds.springProfiles | quote }} + - name: SPRING_DATASOURCE_URL + value: {{ .Values.tngKds.springDatasourceUrl | quote }} + - name: SPRING_DATASOURCE_DRIVERCLASSNAME + value: {{ .Values.tngKds.springDatasourceDriverClassName | quote }} + - name: SPRING_DATASOURCE_JNDI_NAME + value: {{ .Values.tngKds.springDatasourceJndiName | quote }} + - name: SPRING_JPA_DATABASEPLATFORM + value: {{ .Values.tngKds.springJpaDatabasePlatform | quote }} + - name: SPRING_DATASOURCE_USERNAME + value: {{ .Values.tngKds.springDatasourceUsername | quote }} + - name: SPRING_DATASOURCE_PASSWORD + value: {{ .Values.tngKds.springDatasourcePassword | quote }} diff --git a/k8s/helm/kds/templates/tng-kds-service.yaml b/k8s/helm/kds/templates/tng-kds-service.yaml new file mode 100644 index 0000000..5bf6ee4 --- /dev/null +++ b/k8s/helm/kds/templates/tng-kds-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: tng-kds-service +spec: + selector: + app: tng-kds + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + type: ClusterIP diff --git a/k8s/helm/kds/values.yaml b/k8s/helm/kds/values.yaml index b5fe3b4..9aa8a0e 100644 --- a/k8s/helm/kds/values.yaml +++ b/k8s/helm/kds/values.yaml @@ -4,16 +4,12 @@ replicaCount: 1 -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +namespace: default + serviceAccount: # Specifies whether a service account should be created create: true @@ -80,3 +76,28 @@ nodeSelector: {} tolerations: [] affinity: {} + +postgres: + image: postgres + tag: latest + password: admin + user: postgres + database: postgres + replicas: 2 + pullPolicy: IfNotPresent + port: 5432 + +tngKds: + image: localhost:5000/kds + tag: latest + pullPolicy: IfNotPresent + serverPort: 8080 + replicas: 2 + springProfiles: "log2console,local" + springDatasourceUrl: "jdbc:postgresql://postgres-service:5432/postgres" + springDatasourceDriverClassName: "org.postgresql.Driver" + springDatasourceJndiName: "false" + springJpaDatabasePlatform: "org.hibernate.dialect.PostgreSQLDialect" + springDatasourceUsername: postgres + springDatasourcePassword: admin + From a294861d64a295254812548a28cc36da1dca939d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karsten=20Ra=CC=88th?= Date: Wed, 18 Oct 2023 18:48:17 +0200 Subject: [PATCH 4/5] Helm charts for backend and postgres refactored, OpenApi added --- .github/workflows/ci-release.yml | 6 +- docker-compose.yml | 4 +- .../kds/templates/postgres-deployment.yaml | 28 ----- k8s/helm/kds/templates/postgres-service.yaml | 12 -- k8s/helm/kds/templates/tng-ingress.yaml | 16 --- .../kds/templates/tng-kds-deployemnt.yaml | 41 ------- k8s/helm/kds/templates/tng-kds-service.yaml | 12 -- k8s/helm/{kds => tngkds}/.helmignore | 0 k8s/helm/tngkds/Chart.yaml | 24 ++++ .../tngkds/charts/tngkds-backend/.helmignore | 23 ++++ .../charts/tngkds-backend}/Chart.yaml | 4 +- .../tngkds-backend/templates/_helpers.tpl | 46 ++++++++ .../tngkds-backend/templates/configmap.yml | 7 ++ .../tngkds-backend/templates/deployment.yaml | 75 ++++++++++++ .../tngkds-backend/templates/secrets.yml | 7 ++ .../tngkds-backend/templates/service.yaml | 19 +++ .../tngkds/charts/tngkds-backend/values.yaml | 108 ++++++++++++++++++ .../tngkds/charts/tngkds-postgres/.helmignore | 23 ++++ .../tngkds/charts/tngkds-postgres/Chart.yaml | 24 ++++ .../tngkds-postgres/templates/_helpers.tpl | 46 ++++++++ .../tngkds-postgres/templates/configmap.yml | 7 ++ .../tngkds-postgres/templates/deployment.yaml | 49 ++++++++ .../tngkds-postgres/templates/pv-claim.yaml | 13 +++ .../tngkds-postgres/templates/secrets.yml | 7 ++ .../tngkds-postgres/templates/service.yaml | 16 +++ .../tngkds/charts/tngkds-postgres/values.yaml | 89 +++++++++++++++ k8s/helm/tngkds/templates/NOTES.txt | 22 ++++ .../{kds => tngkds}/templates/_helpers.tpl | 38 +++--- k8s/helm/tngkds/templates/deployment.yaml | 61 ++++++++++ k8s/helm/tngkds/templates/hpa.yaml | 32 ++++++ .../{kds => tngkds}/templates/ingress.yaml | 4 +- k8s/helm/tngkds/templates/service.yaml | 15 +++ .../templates/serviceaccount.yaml | 4 +- k8s/helm/{kds => tngkds}/values.yaml | 35 ++---- pom.xml | 61 ++++++++++ .../keydistribution/config/OpenApiConfig.java | 4 +- 36 files changed, 810 insertions(+), 172 deletions(-) delete mode 100644 k8s/helm/kds/templates/postgres-deployment.yaml delete mode 100644 k8s/helm/kds/templates/postgres-service.yaml delete mode 100644 k8s/helm/kds/templates/tng-ingress.yaml delete mode 100644 k8s/helm/kds/templates/tng-kds-deployemnt.yaml delete mode 100644 k8s/helm/kds/templates/tng-kds-service.yaml rename k8s/helm/{kds => tngkds}/.helmignore (100%) create mode 100644 k8s/helm/tngkds/Chart.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/.helmignore rename k8s/helm/{kds => tngkds/charts/tngkds-backend}/Chart.yaml (96%) create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-backend/values.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/.helmignore create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml create mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/values.yaml create mode 100644 k8s/helm/tngkds/templates/NOTES.txt rename k8s/helm/{kds => tngkds}/templates/_helpers.tpl (72%) create mode 100644 k8s/helm/tngkds/templates/deployment.yaml create mode 100644 k8s/helm/tngkds/templates/hpa.yaml rename k8s/helm/{kds => tngkds}/templates/ingress.yaml (95%) create mode 100644 k8s/helm/tngkds/templates/service.yaml rename k8s/helm/{kds => tngkds}/templates/serviceaccount.yaml (68%) rename k8s/helm/{kds => tngkds}/values.yaml (73%) diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 670833f..3086fd5 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -49,7 +49,7 @@ jobs: docker push "${APP_PACKAGES_URL}:latest" docker push "${APP_PACKAGES_URL}:${APP_VERSION}" env: - APP_PACKAGES_URL: docker.pkg.github.com/${{ github.repository }}/dgca-verifier-service + APP_PACKAGES_URL: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution APP_PACKAGES_USERNAME: ${{ github.actor }} APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: assets @@ -82,8 +82,8 @@ jobs: cf target -o ${CF_ORG} -s ${CF_SPACE} cf push ${APP_NAME} --docker-image ${APP_IMAGE}:${APP_VERSION} --docker-username ${CF_DOCKER_USERNAME} env: - APP_NAME: dgca-verifier-service-eu-test - APP_IMAGE: docker.pkg.github.com/${{ github.repository }}/dgca-verifier-service + APP_NAME: tng-key-distribution-test + APP_IMAGE: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution CF_API: ${{ secrets.CF_API }} CF_ORG: ${{ secrets.CF_ORG }} CF_SPACE: ${{ secrets.CF_SPACE }} diff --git a/docker-compose.yml b/docker-compose.yml index 7712316..025645e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,7 +16,7 @@ services: tng-kds: build: . - image: kds:0.0.1 + image: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution:latest volumes: - ./certs:/ec/prod/app/san/dgc - ./logs:/logs @@ -24,7 +24,7 @@ services: - 8080:8080 environment: - SERVER_PORT=8080 - - SPRING_PROFILES_ACTIVE=log2console,local + - SPRING_PROFILES_ACTIVE=cloud - SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/postgres - SPRING_DATASOURCE_DRIVERCLASSNAME=org.postgresql.Driver - SPRING_DATASOURCE_JNDI_NAME=false diff --git a/k8s/helm/kds/templates/postgres-deployment.yaml b/k8s/helm/kds/templates/postgres-deployment.yaml deleted file mode 100644 index d1261ea..0000000 --- a/k8s/helm/kds/templates/postgres-deployment.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kds.fullname" . }}-postgres - namespace: {{ .Values.namespace }} -spec: - replicas: {{ .Values.postgres.replicas | int }} - selector: - matchLabels: - {{- include "kds.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "kds.templateLabels" . | nindent 8 }} - spec: - containers: - - name: {{ include "kds.fullname" . }}-postgres - image: {{ .Values.postgres.image }}:{{ .Values.postgres.tag }} - imagePullPolicy: {{ .Values.postgres.pullPolicy }} - ports: - - containerPort: 5432 - env: - - name: POSTGRES_PASSWORD - value: {{ .Values.postgres.password | quote }} - - name: POSTGRES_USER - value: {{ .Values.postgres.user | quote }} - - name: POSTGRES_DB - value: {{ .Values.postgres.database | quote }} diff --git a/k8s/helm/kds/templates/postgres-service.yaml b/k8s/helm/kds/templates/postgres-service.yaml deleted file mode 100644 index ef4e6a0..0000000 --- a/k8s/helm/kds/templates/postgres-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kds.fullname" . }}-postgres-service -spec: - selector: - app: postgres - ports: - - protocol: TCP - port: {{ .Values.postgres.port | int }} - targetPort: {{ .Values.postgres.port | int }} - type: ClusterIP diff --git a/k8s/helm/kds/templates/tng-ingress.yaml b/k8s/helm/kds/templates/tng-ingress.yaml deleted file mode 100644 index 34c8f4e..0000000 --- a/k8s/helm/kds/templates/tng-ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: my-ingress -spec: - rules: - - host: my-kds-app.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: tng-kds-service - port: - number: 8080 diff --git a/k8s/helm/kds/templates/tng-kds-deployemnt.yaml b/k8s/helm/kds/templates/tng-kds-deployemnt.yaml deleted file mode 100644 index 8863bb8..0000000 --- a/k8s/helm/kds/templates/tng-kds-deployemnt.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kds.fullname" . }} - labels: - {{- include "kds.labels" . | nindent 4 }} - namespace: {{ .Values.namespace }} -spec: - replicas: {{ .Values.tngKds.replicas | int }} - selector: - matchLabels: - {{- include "kds.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "kds.templateLabels" . | nindent 8 }} - spec: - containers: - - name: {{ .Chart.Name }} - image: {{ .Values.tngKds.image }}:{{ .Values.tngKds.tag }} - imagePullPolicy: {{ .Values.tngKds.pullPolicy }} - ports: - - name: http - containerPort: 8080 - env: - - name: SERVER_PORT - value: {{ .Values.tngKds.serverPort | quote }} - - name: SPRING_PROFILES_ACTIVE - value: {{ .Values.tngKds.springProfiles | quote }} - - name: SPRING_DATASOURCE_URL - value: {{ .Values.tngKds.springDatasourceUrl | quote }} - - name: SPRING_DATASOURCE_DRIVERCLASSNAME - value: {{ .Values.tngKds.springDatasourceDriverClassName | quote }} - - name: SPRING_DATASOURCE_JNDI_NAME - value: {{ .Values.tngKds.springDatasourceJndiName | quote }} - - name: SPRING_JPA_DATABASEPLATFORM - value: {{ .Values.tngKds.springJpaDatabasePlatform | quote }} - - name: SPRING_DATASOURCE_USERNAME - value: {{ .Values.tngKds.springDatasourceUsername | quote }} - - name: SPRING_DATASOURCE_PASSWORD - value: {{ .Values.tngKds.springDatasourcePassword | quote }} diff --git a/k8s/helm/kds/templates/tng-kds-service.yaml b/k8s/helm/kds/templates/tng-kds-service.yaml deleted file mode 100644 index 5bf6ee4..0000000 --- a/k8s/helm/kds/templates/tng-kds-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tng-kds-service -spec: - selector: - app: tng-kds - ports: - - protocol: TCP - port: 8080 - targetPort: 8080 - type: ClusterIP diff --git a/k8s/helm/kds/.helmignore b/k8s/helm/tngkds/.helmignore similarity index 100% rename from k8s/helm/kds/.helmignore rename to k8s/helm/tngkds/.helmignore diff --git a/k8s/helm/tngkds/Chart.yaml b/k8s/helm/tngkds/Chart.yaml new file mode 100644 index 0000000..d50a026 --- /dev/null +++ b/k8s/helm/tngkds/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tngkds +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/k8s/helm/tngkds/charts/tngkds-backend/.helmignore b/k8s/helm/tngkds/charts/tngkds-backend/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/k8s/helm/kds/Chart.yaml b/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml similarity index 96% rename from k8s/helm/kds/Chart.yaml rename to k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml index a537146..ef2337c 100644 --- a/k8s/helm/kds/Chart.yaml +++ b/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: kds +name: tngkds-backend description: A Helm chart for TNG Key Distribution Service # A chart can be either an 'application' or a 'library' chart. @@ -21,4 +21,4 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.0.1" +appVersion: "1.16.0" diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl b/k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl new file mode 100644 index 0000000..b30552c --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl @@ -0,0 +1,46 @@ +{{/* +Template labels +*/}} +{{- define "tngkds-backend.templateLabels" -}} + app: {{ template "tngkds-backend.fullname" . }} +{{- end -}} + +{{- define "tngkds-backend.selectorLabels" -}} + app: {{ template "tngkds-backend.fullname" . }} +{{- end -}} + +{{- define "tngkds-backend.labels" -}} + app: {{ template "tngkds-backend.fullname" . }} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tngkds-backend.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tngkds-backend.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tngkds-backend.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml b/k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml new file mode 100644 index 0000000..fb77939 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "tngkds-backend.fullname" . }}-cfg +data: + host: "{{ .Values.configMap.data.host }}" + dbname: "{{ .Values.configMap.data.dbName }}" diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml b/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml new file mode 100644 index 0000000..52cbe17 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tngkds-backend.fullname" . }} + labels: + {{- include "tngkds-backend.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "tngkds-backend.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "tngkds-backend.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + {{ range .Values.service.ports }} + - name: {{ .name }} + containerPort: {{ .port }} + protocol: {{ .protocol }} + {{ end }} + env: + - name: SERVER_PORT + value: "{{ .Values.server.port }}" + - name: SPRING_PROFILES_ACTIVE + value: {{ .Values.spring.profile }} + - name: SPRING_DATASOURCE_URL + value: "jdbc:postgresql://{{ .Values.psql.serviceName }}.{{ .Release.Namespace }}.{{ .Values.psql.cluster }}:{{ .Values.psql.port }}/{{ .Values.psql.dbName }}" + - name: SPRING_DATASOURCE_DRIVERCLASSNAME + value: "org.postgresql.Driver" + - name: SPRING_DATASOURCE_JNDI_NAME + value: "false" + - name: SPRING_JPA_DATABASEPLATFORM + value: "org.hibernate.dialect.PostgreSQLDialect" + - name: SPRING_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "tngkds-backend.fullname" . }}-secret + key: pgUser + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "tngkds-backend.fullname" . }}-secret + key: pgPassword + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml b/k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml new file mode 100644 index 0000000..eead9f3 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "tngkds-backend.fullname" . }}-secret +stringData: + pgUser: "postgres" + pgPassword: "postgres" diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml b/k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml new file mode 100644 index 0000000..b41452a --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "tngkds-backend.fullname" . }}-service + labels: + {{- include "tngkds-backend.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.service.type }} + ports: + {{ range .Values.service.ports }} + - port: {{ .port }} + targetPort: {{ .targetPort | int}} + nodePort: {{ .nodePort }} + protocol: {{ .protocol }} + name: {{ .name }} + {{ end }} + selector: + {{- include "tngkds-backend.selectorLabels" . | nindent 4 }} diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml new file mode 100644 index 0000000..2f7265a --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml @@ -0,0 +1,108 @@ +# Default values for tngkds-backend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: localhost:5000/kds + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + ports: + - name: http + port: 8080 + targetPort: 8080 + nodePort: 30164 + protocol: TCP + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Postgres +psql: + serviceName: postgres + port: 5432 + dbName: postgres + cluster: svc.cluster.local + +# ConfigMap +configMap: + data: + host: localhost + dbName: postgres + +# Spring +spring: + profile: cloud + +# Server port +server: + port: 8080 diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/.helmignore b/k8s/helm/tngkds/charts/tngkds-postgres/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml new file mode 100644 index 0000000..f138934 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: tngkds-postgres +description: A Helm chart for PostgreSQL database for TNG Key Distribution Service + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl b/k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl new file mode 100644 index 0000000..c7471d9 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl @@ -0,0 +1,46 @@ +{{/* +Template labels +*/}} +{{- define "tngkds-postgres.templateLabels" -}} + app: {{ template "tngkds-postgres.fullname" . }} +{{- end -}} + +{{- define "tngkds-postgres.selectorLabels" -}} + app: {{ template "tngkds-postgres.fullname" . }} +{{- end -}} + +{{- define "tngkds-postgres.labels" -}} + app: {{ template "tngkds-postgres.fullname" . }} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tngkds-postgres.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tngkds-postgres.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tngkds-postgres.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml new file mode 100644 index 0000000..34d2e43 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "tngkds-postgres.fullname" . }}-cfg +data: + host: "{{ .Values.configMap.data.host }}" + dbname: "{{ .Values.configMap.data.dbName }}" diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml new file mode 100644 index 0000000..d46629a --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tngkds-postgres.fullname" . }} + labels: + {{- include "tngkds-postgres.labels" . | nindent 4 }} + tier: database +spec: + selector: + matchLabels: + {{- include "tngkds-postgres.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "tngkds-postgres.labels" . | nindent 8 }} + tier: database + spec: + containers: + - name: postgres + image: postgres + imagePullPolicy: "IfNotPresent" + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: {{ include "tngkds-postgres.fullname" . }}-secret + key: pgUser + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "tngkds-postgres.fullname" . }}-secret + key: pgPassword + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: {{ include "tngkds-postgres.fullname" . }}-cfg + key: dbname + ports: + - containerPort: 5432 + name: postgres + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres-persistance-storage + volumes: + - name: postgres-persistance-storage + persistentVolumeClaim: + claimName: {{ include "tngkds-postgres.fullname" . }}-pv-claim diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml new file mode 100644 index 0000000..6a6bd21 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "tngkds-postgres.fullname" . }}-pv-claim + labels: + {{- include "tngkds-postgres.labels" . | nindent 4 }} + tier: database +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml new file mode 100644 index 0000000..1720e47 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "tngkds-postgres.fullname" . }}-secret +stringData: + pgUser: "postgres" + pgPassword: "postgres" diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml new file mode 100644 index 0000000..e6fcc29 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + {{- include "tngkds-postgres.labels" . | nindent 4 }} + tier: database +spec: + type: NodePort + ports: + {{ range .Values.service.ports }} + - port: {{ .port }} + {{ end }} + selector: + {{- include "tngkds-postgres.selectorLabels" . | nindent 4 }} + tier: database diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml new file mode 100644 index 0000000..2b66f43 --- /dev/null +++ b/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml @@ -0,0 +1,89 @@ +# Default values for tngkds-postgres. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + ports: + - port: 5432 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# ConfigMap +configMap: + data: + host: localhost + dbName: postgres diff --git a/k8s/helm/tngkds/templates/NOTES.txt b/k8s/helm/tngkds/templates/NOTES.txt new file mode 100644 index 0000000..caedd9c --- /dev/null +++ b/k8s/helm/tngkds/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "tngkds.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "tngkds.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "tngkds.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "tngkds.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/k8s/helm/kds/templates/_helpers.tpl b/k8s/helm/tngkds/templates/_helpers.tpl similarity index 72% rename from k8s/helm/kds/templates/_helpers.tpl rename to k8s/helm/tngkds/templates/_helpers.tpl index bb93154..c0b246e 100644 --- a/k8s/helm/kds/templates/_helpers.tpl +++ b/k8s/helm/tngkds/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "kds.name" -}} +{{- define "tngkds.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "kds.fullname" -}} +{{- define "tngkds.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,43 +26,37 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "kds.chart" -}} +{{- define "tngkds.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "kds.labels" -}} -helm.sh/chart: {{ include "kds.chart" . }} -{{ include "kds.selectorLabels" . }} +{{- define "tngkds.labels" -}} +helm.sh/chart: {{ include "tngkds.chart" . }} +{{ include "tngkds.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} +{{/* +Selector labels +*/}} +{{- define "tngkds.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tngkds.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + {{/* Create the name of the service account to use */}} -{{- define "kds.serviceAccountName" -}} +{{- define "tngkds.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "kds.fullname" .) .Values.serviceAccount.name }} +{{- default (include "tngkds.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} - -{{/* -Template labels -*/}} -{{- define "kds.templateLabels" -}} - app: {{ template "kds.fullname" . }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "kds.selectorLabels" -}} - app: {{ template "kds.fullname" . }} -{{- end -}} diff --git a/k8s/helm/tngkds/templates/deployment.yaml b/k8s/helm/tngkds/templates/deployment.yaml new file mode 100644 index 0000000..4e6ea05 --- /dev/null +++ b/k8s/helm/tngkds/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tngkds.fullname" . }} + labels: + {{- include "tngkds.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "tngkds.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "tngkds.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "tngkds.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/k8s/helm/tngkds/templates/hpa.yaml b/k8s/helm/tngkds/templates/hpa.yaml new file mode 100644 index 0000000..74bdc60 --- /dev/null +++ b/k8s/helm/tngkds/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "tngkds.fullname" . }} + labels: + {{- include "tngkds.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "tngkds.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/k8s/helm/kds/templates/ingress.yaml b/k8s/helm/tngkds/templates/ingress.yaml similarity index 95% rename from k8s/helm/kds/templates/ingress.yaml rename to k8s/helm/tngkds/templates/ingress.yaml index 72a0d1c..0d0eb41 100644 --- a/k8s/helm/kds/templates/ingress.yaml +++ b/k8s/helm/tngkds/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "kds.fullname" . -}} +{{- $fullName := include "tngkds.fullname" . -}} {{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} @@ -17,7 +17,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "kds.labels" . | nindent 4 }} + {{- include "tngkds.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/k8s/helm/tngkds/templates/service.yaml b/k8s/helm/tngkds/templates/service.yaml new file mode 100644 index 0000000..8bcc07d --- /dev/null +++ b/k8s/helm/tngkds/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "tngkds.fullname" . }} + labels: + {{- include "tngkds.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "tngkds.selectorLabels" . | nindent 4 }} diff --git a/k8s/helm/kds/templates/serviceaccount.yaml b/k8s/helm/tngkds/templates/serviceaccount.yaml similarity index 68% rename from k8s/helm/kds/templates/serviceaccount.yaml rename to k8s/helm/tngkds/templates/serviceaccount.yaml index b2a3ad1..8f7f62e 100644 --- a/k8s/helm/kds/templates/serviceaccount.yaml +++ b/k8s/helm/tngkds/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "kds.serviceAccountName" . }} + name: {{ include "tngkds.serviceAccountName" . }} labels: - {{- include "kds.labels" . | nindent 4 }} + {{- include "tngkds.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/k8s/helm/kds/values.yaml b/k8s/helm/tngkds/values.yaml similarity index 73% rename from k8s/helm/kds/values.yaml rename to k8s/helm/tngkds/values.yaml index 9aa8a0e..2466c99 100644 --- a/k8s/helm/kds/values.yaml +++ b/k8s/helm/tngkds/values.yaml @@ -1,15 +1,19 @@ -# Default values for kds. +# Default values for tngkds. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -namespace: default - serviceAccount: # Specifies whether a service account should be created create: true @@ -76,28 +80,3 @@ nodeSelector: {} tolerations: [] affinity: {} - -postgres: - image: postgres - tag: latest - password: admin - user: postgres - database: postgres - replicas: 2 - pullPolicy: IfNotPresent - port: 5432 - -tngKds: - image: localhost:5000/kds - tag: latest - pullPolicy: IfNotPresent - serverPort: 8080 - replicas: 2 - springProfiles: "log2console,local" - springDatasourceUrl: "jdbc:postgresql://postgres-service:5432/postgres" - springDatasourceDriverClassName: "org.postgresql.Driver" - springDatasourceJndiName: "false" - springJpaDatabasePlatform: "org.hibernate.dialect.PostgreSQLDialect" - springDatasourceUsername: postgres - springDatasourcePassword: admin - diff --git a/pom.xml b/pom.xml index 7a1e4cd..14c4c43 100644 --- a/pom.xml +++ b/pom.xml @@ -27,6 +27,7 @@ 8.3.1 3.0.9 2022.0.3 + 2.1.0 5.3.23 6.1.2 1.18.28 @@ -78,6 +79,45 @@ https://github.com/WorldHealthOrganization/tng-key-distribution + + + docker + + docker + jar + + + + + org.springframework.boot + spring-boot-maven-plugin + + ${project.build.directory}/docker + ddccg + + + + maven-assembly-plugin + + + make-zip-ACC + none + + + make-zip-test + none + + + make-zip-PRD + none + + + + + + + + who-github @@ -170,6 +210,11 @@ lombok ${lombok.version} + + org.springdoc + springdoc-openapi-starter-webmvc-ui + ${springdoc.version} + org.liquibase liquibase-core @@ -459,6 +504,22 @@ + + org.springdoc + springdoc-openapi-maven-plugin + 1.3 + + http://localhost:8080/api/docs + + + + integration-test + + generate + + + + diff --git a/src/main/java/tng/trustnetwork/keydistribution/config/OpenApiConfig.java b/src/main/java/tng/trustnetwork/keydistribution/config/OpenApiConfig.java index bfb1deb..51d05bb 100644 --- a/src/main/java/tng/trustnetwork/keydistribution/config/OpenApiConfig.java +++ b/src/main/java/tng/trustnetwork/keydistribution/config/OpenApiConfig.java @@ -25,8 +25,8 @@ public class OpenApiConfig { public OpenAPI openApi() { return new OpenAPI() .info(new Info() - .title("Digital Green Certificate Verifier Service") - .description("The API defines how to exchange verification information for digital green certificates.") + .title("TNG Key Distribution Service") + .description("The API defines the key distribution service for digital green certificates.") .version(buildProperties.getVersion()) .license(new License() .name("Apache 2.0") From c35849d66b8149cc38c7e927ead894babf87ba95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karsten=20Ra=CC=88th?= Date: Wed, 18 Oct 2023 18:52:42 +0200 Subject: [PATCH 5/5] Image for backend changed --- k8s/helm/tngkds/charts/tngkds-backend/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml index 2f7265a..8cff916 100644 --- a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml +++ b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: - repository: localhost:5000/kds + repository: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: ""