Add chart draft

.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

Chart.yaml

+apiVersion: v2
+name: uhepp
+description: A helm chart for uhepp
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.11.0"

templates/_helpers.tpl

+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "..name" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "..labels" -}}
+helm.sh/chart: {{ .Chart.Name }}
+{{ include "..selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "..selectorLabels" -}}
+app.kubernetes.io/name: {{ include "..name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "redis-web-password" -}}
+{{- if .Release.IsInstall }}
+{{- randAlphaNum 24 -}}
+{{- else }}
+{{- (lookup "v1" "Secret" .Release.Namespace (print .Release.Name "-redis" | trunc -63)).data.REDIS_WEB_PASSWORD | b64dec -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "redis-worker-password" -}}
+{{- if .Release.IsInstall }}
+{{- randAlphaNum 24 -}}
+{{- else }}
+{{- (lookup "v1" "Secret" .Release.Namespace (print .Release.Name "-redis" | trunc -63)).data.REDIS_WORKER_PASSWORD | b64dec -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file

templates/configmap_webserver.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ print .Release.Name "-webserver" | trunc -63 }}
+data:
+  k8s-templates.conf: |
+    root /var/webcontent/public;
+
+    client_max_body_size 25m;
+
+    server {
+        listen 80;
+        location /static {
+            root /var/webcontent;
+        }
+        location /--healthz {
+          add_header Content-Type text/plain;
+          return 200 'All systems go!';
+        }
+        location / {
+            include uwsgi_params;
+            uwsgi_pass {{ print .Release.Name "-api" | trunc -63 }}:8080;
+            uwsgi_param HTTP_X_FORWARDED_PROTO https;
+        }
+    }
+

templates/deployment_api.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-api" .Release.Name | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "api"
+spec:
+  replicas: {{ .Values.api.replicas }}
+  selector:
+    matchLabels:
+      {{- include "..selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "api"
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "..selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "api"
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: api
+          env:
+            - name: PRODUCTION
+              value: "1"
+          envFrom:
+            - secretRef:
+                name: {{ printf "%s-super" .Release.Name | trunc -63 }}
+            - secretRef:
+                name: {{ printf "%s-app" .Release.Name | trunc -63 }}
+            - secretRef:
+                name: {{ printf "%s-database" .Release.Name | trunc -63 }}
+            - secretRef:
+                name: {{ printf "%s-oidc" .Release.Name | trunc -63 }}
+            - secretRef:
+                name: {{ printf "%s-redis" .Release.Name | trunc -63 }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.api.repository }}:{{ .Values.api.tag }}"
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+          volumeMounts:
+            - mountPath: /app/webcontent
+              name: webcontent
+          resources:
+            {{- toYaml .Values.api.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: webcontent
+          persistentVolumeClaim:
+            claimName: {{ print .Release.Name "-webcontent" | trunc -63 }}
\ No newline at end of file

templates/deployment_database.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-database" .Release.Name | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "database"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "..selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "database"
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "..selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "database"
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: database
+          envFrom:
+            - secretRef:
+                name: {{ printf "%s-database" .Release.Name | trunc -63 }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.database.repository }}:{{ .Values.database.tag }}"
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          ports:
+            - name: postgres
+              containerPort: 5432
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: 5432
+          readinessProbe:
+            tcpSocket:
+              port: 5432
+          volumeMounts:
+          - name: pgdata
+            mountPath: /var/lib/postgresql/data/pgdata
+            subPath: pgdata
+
+          resources:
+            {{- toYaml .Values.api.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: {{ print .Release.Name "-database" | trunc -63 }}
\ No newline at end of file

templates/deployment_redis.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-redis" .Release.Name | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "redis"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "..selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "redis"
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "..selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "redis"
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: redis
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.redis.repository }}:{{ .Values.redis.tag }}"
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        ports:
+          - name: postgres
+            containerPort: 6379
+            protocol: TCP
+        livenessProbe:
+          tcpSocket:
+            port: 6379
+        readinessProbe:
+          tcpSocket:
+            port: 6379
+        volumeMounts:
+        - name: config
+          mountPath: /usr/local/etc/redis/redis.conf
+          subPath: redis.conf
+          readOnly: true
+        resources:
+          {{- toYaml .Values.redis.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: config
+        configMap:
+          name: {{ printf "%s-redis" .Release.Name | trunc -63 }}
\ No newline at end of file

templates/deployment_webserver.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-webserver" .Release.Name | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "webserver"
+spec:
+  replicas: {{ .Values.webserver.replicas }}
+  selector:
+    matchLabels:
+      {{- include "..selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "webserver"
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "..selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "webserver"
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: webserver
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.webserver.repository }}:{{ .Values.webserver.tag }}"
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        ports:
+        - name: http
+          containerPort: 80
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: "/--healthz"
+            port: http
+        livenessProbe:
+          httpGet:
+            path: "/--healthz"
+            port: http
+
+        volumeMounts:
+          - mountPath: /var/webcontent
+            name: webcontent
+            readOnly: true
+          - mountPath: /etc/nginx/conf.d
+            name: config
+            readOnly: true
+        resources:
+          {{- toYaml .Values.webserver.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: webcontent
+        persistentVolumeClaim:
+          claimName: {{ print .Release.Name "-webcontent" | trunc -63 }}
+      - name: config
+        configMap:
+            name: {{ print .Release.Name "-webserver" | trunc -63 }}
\ No newline at end of file

templates/deployment_worker.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-worker" .Release.Name | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "worker"
+spec:
+  replicas: {{ .Values.worker.replicas }}
+  selector:
+    matchLabels:
+      {{- include "..selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "worker"
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "..selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "worker"
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: worker
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.worker.repository }}:{{ .Values.worker.tag }}"
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        envFrom:
+        - secretRef:
+            name: {{ print .Release.Name "-database" | trunc -63 }}
+        env:
+        - name: REDIS_HOST
+          value: {{ print .Release.Name "-redis" | trunc -63 }}
+        - name: REDIS_USER
+          value: "worker"
+        - name: REDIS_PASSWORD
+          value: {{ include "redis-worker-password" . | quote }}
+        ports:
+          - name: postgres
+            containerPort: 6379
+            protocol: TCP
+        livenessProbe:
+          tcpSocket:
+            port: 6379
+        readinessProbe:
+          tcpSocket:
+            port: 6379
+        resources:
+          {{- toYaml .Values.worker.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file

templates/ingress.yaml

+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name | quote }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.ingressClassName }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- if .Values.ingress.enabled }}
+  tls:
+  - hosts:
+    {{- range .Values.ingress.hosts }}
+    - {{ . | quote }}
+    {{- end }}
+    secretName: {{ print .Release.Name "-tls" | quote }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.ingress.host | quote }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ print .Release.Name "-webserver" | quote }}
+            port:
+              name: http
+{{- end -}}

templates/pvc_database.yaml

+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ print .Release.Name "-webcontent" | trunc -63 }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.database.storageSize }}
+  storageClassName: {{ .Values.database.storageClassName}}
+  volumeMode: Filesystem
\ No newline at end of file

templates/pvc_webcontent.yaml

+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ print .Release.Name "-webcontent" | trunc -63 }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.webserver.storageSize }}
+  storageClassName: {{ .Values.webserver.storageClassName }}
+  volumeMode: Filesystem
\ No newline at end of file

templates/secret_app.yaml

+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ print .Release.Name "-app" | trunc -63 }}
+data:
+  {{- if .Release.IsInstall }}
+  SECRET_KEY: {{ randAlphaNum 20 | b64enc }}
+  {{- else }}
+  SECRET_KEY: {{ (lookup "v1" "Secret" .Release.Namespace (print .Release.Name "-app" | trunc -63)).data.SECRET_KEY }}
+  {{- end }}
+

templates/secret_database.yaml

+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ print .Release.Name "-database" | trunc -63 }}
+data:
+  POSTGRES_USER: 'webapp'
+  POSTGRES_DB: 'uhepp_hub'
+  {{- if .Release.IsInstall }}
+  POSTGRES_PASSWORD: {{ randAlphaNum 20 | b64enc }}
+  {{- else }}
+  POSTGRES_PASSWORD: {{ (lookup "v1" "Secret" .Release.Namespace (print .Release.Name "-database" | trunc -63)).data.POSTGRES_PASSWORD }}
+  {{- end }}
+

templates/secret_oidc.yaml

+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ printf "%s-oidc" .Release.Name | trunc -63 }}
+data:
+  OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret | b64enc }}
+  OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId | b64enc }}
+  OIDC_APP_NAME: {{ .Values.oidc.appName | b64enc }}
+  LOGIN_REDIRECT_URL: {{ .Values.oidc.loginRedirect | b64enc }}
+  LOGOUT_REDIRECT_URL: {{ .Values.oidc.logoutRedirect | b64enc }}
\ No newline at end of file

templates/secret_redis.yaml

+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ printf "%s-redis" .Release.Name | trunc -63 }}
+data:
+  REDIS_WEB_PASSWORD: {{ include "redis-web-password" . | b64enc }}
+  REDIS_WORKER_PASSWORD: {{ include "redis-worker-password" . | b64enc }}
\ No newline at end of file

templates/secret_super.yaml

+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ printf "%s-super" .Release.Name | trunc -63 }}
+data:
+  SUPER_USERNAME: {{ .Values.super.username | b64enc }}
+  SUPER_EMAIL: {{ .Values.super.email | b64enc }}
+  SUPER_PASSWORD: {{ .Values.super.password | b64enc }}

templates/service_api.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ print .Release.Name "-api" | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "api"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "..selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: "api"

templates/service_database.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ print .Release.Name "-database" | trunc -63 }}
+  labels:
+    {{- include "..labels" . | nindent 4 }}
+    app.kubernetes.io/component: "database"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5432
+      targetPort: postgres
+      protocol: TCP
+      name: postgres
+  selector:
+    {{- include "..selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: "database"