Skip to content

Commit

Permalink
Implement helm chart
Browse files Browse the repository at this point in the history
  • Loading branch information
@wkoot
wkoot committed Jul 10, 2024
1 parent 506a86e commit 00bea29
Show file tree
Hide file tree
Showing 14 changed files with 167 additions and 69 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,8 @@ jobs:
push: true
- name: Anchore SBOM Action
uses: anchore/[email protected]
- name: Package and push Helm chart to Docker Hub
run: |
cd helm
helm package .
helm push quality-time-*.tgz oci://registry-1.docker.io/ictu
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ wheels/
.installed.cfg
*.egg
MANIFEST
/helm/quality-time-*.tgz

# Unit test / coverage reports
htmlcov/
Expand Down
19 changes: 19 additions & 0 deletions docs/src/deployment.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ For example:
- "1080:${PROXY_PORT:-80}"
```
## Kubernetes
The helm chart for deploying on Kubernetes does not support overriding port numbers.
Setting port environment variables in the `values.yaml` will not change the service port mapping, while the app within the pod will listen on the altered port.
Instead, only the ingress should be configured.

## Configuring authentication (mandatory)

You need to either configure an LDAP server to authenticate users with or configure forwarded authentication.
Expand All @@ -48,6 +54,7 @@ You need to either configure an LDAP server to authenticate users with or config

To configure an LDAP server to authenticate users with, set the `LDAP_URL`, `LDAP_ROOT_DN`, `LDAP_LOOKUP_USER_DN`, `LDAP_LOOKUP_USER_PASSWORD`, and `LDAP_SEARCH_FILTER` environment variables.
Note that `LDAP_URL` may be a comma-separated list of LDAP connection URL(s).

Add the LDAP environment variables to the API-server service in the [compose file](https://github.com/ICTU/quality-time/blob/master/docker/docker-compose.yml):

```yaml
Expand All @@ -60,6 +67,18 @@ Add the LDAP environment variables to the API-server service in the [compose fil
- LDAP_SEARCH_FILTER=(|(uid=$username)(cn=$username))
```

Alternatively, for a Kubernetes deployment, add the LDAP environment variables to the API-server service in the [Helm values.yaml](https://github.com/ICTU/quality-time/blob/master/helm/values.yaml):

```yaml
api_server:
env:
LDAP_URL: "ldap://host.docker.internal:389"
LDAP_ROOT_DN: "dc=example,dc=org"
LDAP_LOOKUP_USER_DN: "cn=admin,dc=example,dc=org"
LDAP_LOOKUP_USER_PASSWORD: "admin"
LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"
```

When using the `LDAP_SEARCH_FILTER` as shown above, users can use either their LDAP canonical name (`cn`) or their LDAP user id to login. The `$username` variable is filled by *Quality-time* at run time with the username that the user enters in the login dialog box.

```{seealso}
Expand Down
6 changes: 3 additions & 3 deletions helm/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
apiVersion: v2
name: Quality-time
version: 1.0.0
appVersion: "v5.11.0"
name: quality-time
version: 5.14.0
appVersion: "v5.14.0"
description: Helm chart for Quality-time, an automated quality system for software development and maintenance
type: application
home: https://github.com/ICTU/Quality-time
Expand Down
43 changes: 29 additions & 14 deletions helm/templates/api_server.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,24 +29,39 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "api_server_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
optional: true
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
{{- if .Values.ldap }}
- name: DATABASE_HOST
value: {{ .Release.Name }}-{{ template "database_name" . }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
- name: LDAP_LOOKUP_USER_DN
value: "{{ .Values.ldap.lookupUserDN }}"
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.ldapCredential }}
key: LDAP_LOOKUP_USER_DN
optional: true
- name: LDAP_LOOKUP_USER_PASSWORD
value: "{{ .Values.ldap.lookupUserPassword }}"
- name: LDAP_ROOT_DN
value: "{{ .Values.ldap.rootDN }}"
- name: LDAP_SEARCH_FILTER
value: "{{ .Values.ldap.search }}"
- name: LDAP_URL
value: "{{ .Values.ldap.url }}"
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.ldapCredential }}
key: LDAP_LOOKUP_USER_PASSWORD
optional: true
- name: LDAP_SEARCH_FILTER # override to make sure that double dollar signs are processed like in docker
value: {{ .Values.api_server.env.LDAP_SEARCH_FILTER }}
{{- with .Values.api_server.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
resources: {}
securityContext:
capabilities:
drop:
Expand Down
21 changes: 18 additions & 3 deletions helm/templates/collector.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,25 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "collector_name" . }}-env
optional: true
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
resources: {}
- name: DATABASE_HOST
value: {{ .Release.Name }}-{{ template "database_name" . }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
{{- with .Values.collector.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
34 changes: 24 additions & 10 deletions helm/templates/database.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,25 +27,35 @@ spec:
- name: {{ .Release.Name }}-{{ template "database_name" . }}
persistentVolumeClaim:
claimName: {{ .Release.Name }}-{{ template "database_name" . }}
{{- if .Values.database.backupVol }}
- name: backups
persistentVolumeClaim:
claimName: {{ .Values.database.backupVol.claimName }}
{{- end }}
containers:
- name: {{ template "database_name" . }}
image: "{{ .Values.database.image.repository }}:{{ .Values.database.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: Always
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "database_name" . }}-env
optional: true
env:
- name: MONGO_INITDB_ROOT_PASSWORD
value: "root"
- name: MONGO_INITDB_ROOT_USERNAME
value: "root"
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "1"
memory: "1Gi"
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
{{- with .Values.database.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
add:
Expand All @@ -58,6 +68,10 @@ spec:
volumeMounts:
- mountPath: /data/db
name: {{ .Release.Name }}-{{ template "database_name" . }}
{{- if .Values.database.backupVol }}
- mountPath: {{ .Values.database.backupVol.mountPath }}
name: backups
{{- end }}
restartPolicy: Always
---
apiVersion: v1
Expand Down
7 changes: 4 additions & 3 deletions helm/templates/frontend.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,10 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "frontend_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
resources: {}
optional: true
{{- with .Values.frontend.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
21 changes: 18 additions & 3 deletions helm/templates/notifier.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,25 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "notifier_name" . }}-env
optional: true
env:
- name: DATABASE_URL
value: "mongodb://root:root@{{ .Release.Name }}-{{ template "database_name" . }}:27017"
resources: {}
- name: DATABASE_HOST
value: {{ .Release.Name }}-{{ template "database_name" . }}
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_USERNAME
optional: true
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.dbCredential }}
key: DATABASE_PASSWORD
optional: true
{{- with .Values.notifier.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
13 changes: 7 additions & 6 deletions helm/templates/renderer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,15 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "renderer_name" . }}-env
optional: true
env:
- name: LC_ALL
value: "en_GB.UTF-8"
- name: PROXY_HOST
value: "{{ .Release.Name }}-{{ template "www_name" . }}"
- name: TZ
value: "Europe/Amsterdam"
resources: {}
value: {{ .Release.Name }}-{{ template "www_name" . }}
- name: PROXY_PORT
value: "8080"
{{- with .Values.renderer.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
drop:
Expand Down
13 changes: 0 additions & 13 deletions helm/templates/shared.yaml
View file

This file was deleted.

26 changes: 17 additions & 9 deletions helm/templates/www.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,20 +29,26 @@ spec:
envFrom:
- configMapRef:
name: {{ .Release.Name }}-{{ template "www_name" . }}-env
- configMapRef:
name: {{ .Release.Name }}-shared-env
optional: true
env:
- name: API_SERVER_HOST
value: "{{ .Release.Name }}-{{ template "api_server_name" . }}"
value: {{ .Release.Name }}-{{ template "api_server_name" . }}
- name: FRONTEND_HOST
value: "{{ .Release.Name }}-{{ template "frontend_name" . }}"
value: {{ .Release.Name }}-{{ template "frontend_name" . }}
- name: PROXY_PORT
value: "8080"
ports:
- containerPort: 80
resources: {}
- containerPort: 8080
{{- with .Values.www.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
capabilities:
add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
drop:
- ALL
restartPolicy: Always
Expand All @@ -63,8 +69,8 @@ spec:
app.kubernetes.io/component: {{ template "www_name" . }}
ports:
- protocol: TCP
port: 80
targetPort: 80
port: 8080
targetPort: 8080
sessionAffinity: None
---
{{- if .Values.www.ingress -}}
Expand All @@ -90,12 +96,14 @@ spec:
service:
name: {{ .Release.Name }}-{{ template "www_name" . }}
port:
number: 80
number: 8080
path: /
pathType: ImplementationSpecific
{{- if .Values.www.ingress.tls }}
tls:
{{ toYaml .Values.www.ingress.tls | indent 4 }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
Expand Down
22 changes: 17 additions & 5 deletions helm/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
---
secrets:
dbCredential: "quality-time-db-secret"
ldapCredential: "quality-time-ldap-secret"

api_server:
image:
repository: "ictu/quality-time_api_server"
env:
LDAP_URL: "ldap://host.docker.internal:389"
LDAP_ROOT_DN: "dc=example,dc=org"
LDAP_SEARCH_FILTER: "(|(uid=$$username)(cn=$$username))"

collector:
image:
Expand All @@ -10,6 +18,13 @@ collector:
database:
image:
repository: "ictu/quality-time_database"
resources:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "1"
memory: "1Gi"

frontend:
image:
Expand All @@ -22,12 +37,9 @@ notifier:
renderer:
image:
repository: "ictu/quality-time_renderer"

shared:
env:
API_SERVER_PORT: "5001"
FRONTEND_PORT: "5000"
PROXY_PORT: "80"
LC_ALL: "en_GB.UTF-8"
TZ: "Europe/Amsterdam"

www:
image:
Expand Down
Loading

0 comments on commit 00bea29

Please sign in to comment.