diff --git a/charts/brokencrystals/templates/_helpers.tpl b/charts/brokencrystals/templates/_helpers.tpl index 3f22a95e..cd31aba8 100644 --- a/charts/brokencrystals/templates/_helpers.tpl +++ b/charts/brokencrystals/templates/_helpers.tpl @@ -2,7 +2,7 @@ Expand the name of the chart. */}} {{- define "brokencrystals.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" }} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* @@ -27,7 +27,7 @@ If release name contains chart name it will be used as a full name. Create chart name and version as used by the chart label. */}} {{- define "brokencrystals.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 50 | trimSuffix "-" }} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* diff --git a/charts/brokencrystals/templates/bc-postgres-deployment.yaml b/charts/brokencrystals/templates/bc-postgres-deployment.yaml deleted file mode 100644 index 8f44b1de..00000000 --- a/charts/brokencrystals/templates/bc-postgres-deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "brokencrystals.fullname" . }}-postgres - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "brokencrystals.fullname" . }}-postgres -spec: - selector: - matchLabels: - app: {{ include "brokencrystals.fullname" . }}-postgres - template: - metadata: - labels: - app: {{ include "brokencrystals.fullname" . }}-postgres - spec: - containers: - - name: {{ include "brokencrystals.fullname" . }}-postgres - image: postgres - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 60 - periodSeconds: 30 - env: - - name: POSTGRES_DB - value: "bc" - - name: POSTGRES_USER - value: "bc" - - name: POSTGRES_PASSWORD - value: "bc" - resources: - requests: - cpu: 200m - memory: 100Mi - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-postgres - mountPath: /docker-entrypoint-initdb.d/pg.sql - subPath: pg.sql - readOnly: true - volumes: - - name: {{ include "brokencrystals.fullname" . }}-postgres - configMap: - name: {{ include "brokencrystals.fullname" . }}-postgres - - ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ include "brokencrystals.fullname" . }}-postgres - namespace: {{ .Release.Namespace }} -spec: - selector: - app: {{ include "brokencrystals.fullname" . }}-postgres - ports: - - name: postgres - port: 5432 - protocol: TCP - targetPort: 5432 - diff --git a/charts/brokencrystals/templates/bc-prod-deployment.yaml b/charts/brokencrystals/templates/bc-prod-deployment.yaml index c070ac8a..eec342de 100644 --- a/charts/brokencrystals/templates/bc-prod-deployment.yaml +++ b/charts/brokencrystals/templates/bc-prod-deployment.yaml @@ -1,31 +1,37 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "brokencrystals.fullname" . }}-nodejs + name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} labels: - app: {{ include "brokencrystals.fullname" . }}-nodejs + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} spec: selector: matchLabels: - app: {{ include "brokencrystals.fullname" . }}-nodejs + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: - app: {{ include "brokencrystals.fullname" . }}-nodejs + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} spec: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "postgres" + - "keycloak" + - "nodejs" + - "proxy" containers: - - name: {{ include "brokencrystals.fullname" . }}-nodejs-app - image: neuralegion/brokencrystals:{{ .Values.images.main }} -# command: ["/bin/sleep"] -# args: ["10000"] + - name: nodejs + image: brightsec/brokencrystals:{{ .Values.images.main }} env: - name: URL value: "https://{{ .Values.ingress.url }}" - # value: "https://brokencrystals.com" - name: DATABASE_HOST - value: "{{ include "brokencrystals.fullname" . }}-postgres" + value: "postgres" - name: DATABASE_SCHEMA value: "bc" - name: DATABASE_USER @@ -58,10 +64,8 @@ spec: value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" resources: requests: - cpu: 1800m + cpu: 500m memory: 1024Mi - limits: - memory: 15G livenessProbe: httpGet: path: /api/config @@ -69,20 +73,143 @@ spec: scheme: HTTP initialDelaySeconds: 120 periodSeconds: 30 + - name: postgres + image: postgres + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 60 + periodSeconds: 30 + env: + - name: POSTGRES_DB + value: "bc" + - name: POSTGRES_USER + value: "bc" + - name: POSTGRES_PASSWORD + value: "bc" + resources: + requests: + cpu: 200m + memory: 100Mi + volumeMounts: + - name: {{ include "brokencrystals.fullname" . }}-postgres + mountPath: /docker-entrypoint-initdb.d/pg.sql + subPath: pg.sql + readOnly: true + + - name: keycloak + image: jboss/keycloak:latest + resources: + requests: + cpu: 100m + memory: 500Mi + livenessProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 30 + env: + - name: DB_VENDOR + value: "POSTGRES" + - name: DB_ADDR + value: "{{ include "brokencrystals.fullname" . }}-keycloak-postgres" + - name: DB_DATABASE + value: "keycloak" + - name: DB_SCHEMA + value: "public" + - name: DB_PASSWORD + value: "password" + - name: KEYCLOAK_USER + value: "admin" + - name: KEYCLOAK_PASSWORD + value: "Pa55w0rd" + - name: KEYCLOAK_IMPORT + value: "/opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled" + - name: PROXY_ADDRESS_FORWARDING + value: "true" + - name: KEYCLOAK_FRONTEND_URL + value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/" + volumeMounts: + - name: {{ include "brokencrystals.fullname" . }}-keycloak + mountPath: /opt/jboss/keycloak/imports/realm-export.json + subPath: realm-export.json + readOnly: true + - name: proxy + image: neuralegion/brokencrystals-proxy-http:{{ .Values.images.client }} + env: + - name: URL + value: "https://{{ .Values.ingress.url }}" + - name: DATABASE_HOST + value: "postgres" + - name: DATABASE_SCHEMA + value: "bc" + - name: DATABASE_USER + value: "bc" + - name: DATABASE_PASSWORD + value: "bc" + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_DEBUG + value: "true" + - name: AWS_BUCKET + value: "https://neuralegion-open-bucket.s3.amazonaws.com" + - name: GOOGLE_MAPS_API + value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ" + - name: JWT_PRIVATE_KEY_LOCATION + value: "config/keys/jwtRS256.key" + - name: JWT_PUBLIC_KEY_LOCATION + value: "config/keys/jwtRS256.key.pub.pem" + - name: JWT_SECRET_KEY + value: "1234" + - name: JWK_PRIVATE_KEY_LOCATION + value: "config/keys/jwk.key.pem" + - name: JWK_PUBLIC_KEY_LOCATION + value: "config/keys/jwk.pub.key.pem" + - name: JWK_PUBLIC_JSON + value: "config/keys/jwk.pub.json" + - name: JKU_URL + value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" + - name: X5U_URL + value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" + volumeMounts: + - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + readOnly: true + resources: + requests: + cpu: 500m + memory: 50Mi + livenessProbe: + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 30 + restartPolicy: Always + volumes: + - name: {{ include "brokencrystals.fullname" . }}-postgres + configMap: + name: {{ include "brokencrystals.fullname" . }}-postgres + - name: {{ include "brokencrystals.fullname" . }}-keycloak + configMap: + name: {{ include "brokencrystals.fullname" . }}-keycloak + - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + configMap: + name: {{ include "brokencrystals.fullname" . }}-nginx-proxy --- kind: Service apiVersion: v1 metadata: -# name: bc-nodejs-prod-service - name: {{ include "brokencrystals.fullname" . }}-nodejs - namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }} spec: selector: - app: {{ include "brokencrystals.fullname" . }}-nodejs + app: {{ .Release.Name }} ports: - - name: http - port: 3000 + - port: 80 protocol: TCP - targetPort: 3000 - + targetPort: 80 diff --git a/charts/brokencrystals/templates/bc-prod-proxy-deployment.yaml b/charts/brokencrystals/templates/bc-prod-proxy-deployment.yaml deleted file mode 100644 index 7b7cfa2c..00000000 --- a/charts/brokencrystals/templates/bc-prod-proxy-deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "brokencrystals.fullname" . }}-nodejs-proxy - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "brokencrystals.fullname" . }}-nodejs-proxy -spec: - selector: - matchLabels: - app: {{ include "brokencrystals.fullname" . }}-nodejs-proxy - template: - metadata: - labels: - app: {{ include "brokencrystals.fullname" . }}-nodejs-proxy - spec: - containers: - - name: {{ include "brokencrystals.fullname" . }}-nodejs-proxy-app - image: neuralegion/brokencrystals-proxy-http:{{ .Values.images.client }} - env: - - name: URL - value: "https://{{ .Values.ingress.url }}" - - name: DATABASE_HOST - value: "{{ include "brokencrystals.fullname" . }}-postgres" - - name: DATABASE_SCHEMA - value: "bc" - - name: DATABASE_USER - value: "bc" - - name: DATABASE_PASSWORD - value: "bc" - - name: DATABASE_PORT - value: "5432" - - name: DATABASE_DEBUG - value: "true" - - name: AWS_BUCKET - value: "https://neuralegion-open-bucket.s3.amazonaws.com" - - name: GOOGLE_MAPS_API - value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ" - - name: JWT_PRIVATE_KEY_LOCATION - value: "config/keys/jwtRS256.key" - - name: JWT_PUBLIC_KEY_LOCATION - value: "config/keys/jwtRS256.key.pub.pem" - - name: JWT_SECRET_KEY - value: "1234" - - name: JWK_PRIVATE_KEY_LOCATION - value: "config/keys/jwk.key.pem" - - name: JWK_PUBLIC_KEY_LOCATION - value: "config/keys/jwk.pub.key.pem" - - name: JWK_PUBLIC_JSON - value: "config/keys/jwk.pub.json" - - name: JKU_URL - value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" - - name: X5U_URL - value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - mountPath: /etc/nginx/conf.d/default.conf - subPath: default.conf - readOnly: true - resources: - requests: - cpu: 500m - memory: 50Mi - livenessProbe: - httpGet: - path: / - port: 80 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 - volumes: - - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - configMap: - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ include "brokencrystals.fullname" . }}-nodejs-proxy - namespace: {{ .Release.Namespace }} -spec: - selector: - app: {{ include "brokencrystals.fullname" . }}-nodejs-proxy - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - diff --git a/charts/brokencrystals/templates/config.yaml b/charts/brokencrystals/templates/config-postgres.yaml similarity index 100% rename from charts/brokencrystals/templates/config.yaml rename to charts/brokencrystals/templates/config-postgres.yaml diff --git a/charts/brokencrystals/templates/ingress.yaml b/charts/brokencrystals/templates/ingress.yaml index ce82b9f0..c3a34800 100644 --- a/charts/brokencrystals/templates/ingress.yaml +++ b/charts/brokencrystals/templates/ingress.yaml @@ -2,20 +2,20 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "brokencrystals.fullname" . }}-prod + name: {{ include "brokencrystals.fullname" . }} namespace: {{ .Release.Namespace }} annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" nginx.ingress.kubernetes.io/ssl-redirect: "false" {{ if eq .Values.ingress.cert "" }} - cert-manager.io/cluster-issuer: letsencrypt-cf-prod + cert-manager.io/cluster-issuer: letsencrypt-cf {{ end }} spec: tls: - hosts: - {{ .Values.ingress.url }} - secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-prod-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} + secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} rules: - host: {{ .Values.ingress.url }} http: @@ -24,7 +24,7 @@ spec: pathType: Prefix backend: service: - name: {{ include "brokencrystals.fullname" . }}-nodejs-proxy + name: {{ .Release.Name }} port: number: 80 @@ -39,13 +39,13 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" {{ if eq .Values.ingress.cert "" }} - cert-manager.io/cluster-issuer: letsencrypt-cf-prod + cert-manager.io/cluster-issuer: letsencrypt-cf {{ end }} spec: tls: - hosts: - auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }} - secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-prod-keycloak-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} + secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-keycloak-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} rules: - host: auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }} http: @@ -54,6 +54,6 @@ spec: pathType: Prefix backend: service: - name: {{ include "brokencrystals.fullname" . }}-keycloak + name: {{ .Release.Name }}-keycloak-keycloak port: - number: 8080 \ No newline at end of file + number: 8080 diff --git a/charts/brokencrystals/templates/keycloak-deployment.yaml b/charts/brokencrystals/templates/keycloak-deployment.yaml index 26589a90..3eaabcef 100644 --- a/charts/brokencrystals/templates/keycloak-deployment.yaml +++ b/charts/brokencrystals/templates/keycloak-deployment.yaml @@ -1,79 +1,12 @@ --- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "brokencrystals.fullname" . }}-keycloak -spec: - selector: - matchLabels: - app: {{ include "brokencrystals.fullname" . }}-keycloak - template: - metadata: - labels: - app: {{ include "brokencrystals.fullname" . }}-keycloak - spec: - containers: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - image: jboss/keycloak:latest - resources: - requests: - cpu: 100m - memory: 500Mi - livenessProbe: - httpGet: - path: / - port: 8080 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 - - env: - - name: DB_VENDOR - value: "POSTGRES" - - name: DB_ADDR - value: "{{ include "brokencrystals.fullname" . }}-keycloak-db" - - name: DB_DATABASE - value: "keycloak" - - name: DB_SCHEMA - value: "public" - - name: DB_PASSWORD - value: "password" - - name: KEYCLOAK_USER - value: "admin" - - name: KEYCLOAK_PASSWORD - value: "Pa55w0rd" - - name: KEYCLOAK_IMPORT - value: "/opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled" - - name: PROXY_ADDRESS_FORWARDING - value: "true" - - name: KEYCLOAK_FRONTEND_URL - value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/" - - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - mountPath: /opt/jboss/keycloak/imports/realm-export.json - subPath: realm-export.json - readOnly: true - - volumes: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - configMap: - name: {{ include "brokencrystals.fullname" . }}-keycloak ---- -kind: Service apiVersion: v1 +kind: Service metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak - namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }}-keycloak spec: selector: - app: {{ include "brokencrystals.fullname" . }}-keycloak + app: {{ .Release.Name }} ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - + - protocol: TCP + port: 8080 + targetPort: 8080 diff --git a/charts/brokencrystals/templates/keycloak-postgres-deployment.yaml b/charts/brokencrystals/templates/keycloak-postgres-deployment.yaml index 91d718cb..1fe83b21 100644 --- a/charts/brokencrystals/templates/keycloak-postgres-deployment.yaml +++ b/charts/brokencrystals/templates/keycloak-postgres-deployment.yaml @@ -2,21 +2,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak-db + name: {{ .Release.Name }}-keycloak-postgres namespace: {{ .Release.Namespace }} labels: - app: {{ include "brokencrystals.fullname" . }}-keycloak-db + app: {{ include "brokencrystals.fullname" . }}-keycloak-postgres spec: selector: matchLabels: - app: {{ include "brokencrystals.fullname" . }}-keycloak-db + app: {{ include "brokencrystals.fullname" . }}-keycloak-postgres template: metadata: labels: - app: {{ include "brokencrystals.fullname" . }}-keycloak-db + app: {{ include "brokencrystals.fullname" . }}-keycloak-postgres spec: containers: - - name: {{ include "brokencrystals.fullname" . }}-keycloak-db + - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres image: postgres:12.2-alpine livenessProbe: tcpSocket: @@ -35,19 +35,17 @@ spec: cpu: 100m memory: 50Mi restartPolicy: Always - --- kind: Service apiVersion: v1 metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak-db + name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres namespace: {{ .Release.Namespace }} spec: selector: - app: {{ include "brokencrystals.fullname" . }}-keycloak-db + app: {{ include "brokencrystals.fullname" . }}-keycloak-postgres ports: - name: postgres-keycloak port: 5432 protocol: TCP targetPort: 5432 - diff --git a/charts/brokencrystals/templates/nginx-proxy-config.yaml b/charts/brokencrystals/templates/nginx-proxy-config.yaml index c4eed89b..e7d488b3 100644 --- a/charts/brokencrystals/templates/nginx-proxy-config.yaml +++ b/charts/brokencrystals/templates/nginx-proxy-config.yaml @@ -23,24 +23,24 @@ data: } location /api { - proxy_pass http://{{ include "brokencrystals.fullname" . }}-nodejs:3000; + proxy_pass http://127.0.0.1:3000; } location /swagger { - proxy_pass http://{{ include "brokencrystals.fullname" . }}-nodejs:3000; + proxy_pass http://127.0.0.1:3000; } location /graphiql { - proxy_pass http://{{ include "brokencrystals.fullname" . }}-nodejs:3000; + proxy_pass http://127.0.0.1:3000; } location /graphql { - proxy_pass http://{{ include "brokencrystals.fullname" . }}-nodejs:3000; + proxy_pass http://127.0.0.1:3000; } location /put.raw { rewrite put.raw /api/file/raw?path=./gil.txt break; - proxy_pass http://{{ include "brokencrystals.fullname" . }}-nodejs:3000; + proxy_pass http://127.0.0.1:3000; } location ~* ^/(config\.js|config\.json|\.htaccess|\.env|\.nginx\.conf|\.robots\.txt)$ { diff --git a/charts/brokencrystals/values.yaml b/charts/brokencrystals/values.yaml index 6a9a7082..3b879e65 100644 --- a/charts/brokencrystals/values.yaml +++ b/charts/brokencrystals/values.yaml @@ -1,7 +1,7 @@ ingress: - url: brokencrystals.dev.vuln.nexploit.app + url: k3s.brokencrystals.nexploit.app cert: "" authlevel: "." images: - main: latest + main: experimental client: latest